SlideShare a Scribd company logo

Airport IT&T 2013 John McCarthy

Russell Publishing
Russell Publishing
TechnologyBusiness
1 of 31
Download to read offline
Social Engineering Managing the Human Element Dr John McCarthy Cyber Research Fellow Cranfield University, UK Defence Academy & Vice President of Cyber Security, ServiceTec Global Services
Social Engineering Managing the Human Element Dr John McCarthy Ph.D. B.Sc. (hons) MBCS Vice President of Cyber Security ServiceTec International Inc./ServiceTec Research Fellow at Cranfield University / UK Defence Academy
Partners  Cyber-Physical Systems Research Centre based at Cranfield and sponsored by ServiceTec  University of Nebraska  Federal Aviation Authority  Joint Information Operations Warfare Centre, Vulnerability Assessment Branch (JVAB) USA
The Problem
What is Social Engineering  Social engineering is a methodology that allows an attacker to bypass technical controls by attacking the human element in an organisation.  Social engineering attacks are likely to increase, and it is becoming increasingly important for organizations to address this issue.
Phishing to Honeypots  In the context of cybersecurity we often think of complex computer systems, sophisticated hackers and hacking techniques.  All too often the human element in cybersecurity is overlooked. Many criminal gangs utilize social engineering techniques and the crossover from traditional criminal activities into the cyber world is increasingly common
Social Engineering Attacks Cost  In the past two years, 48% of large businesses have suffered from socially engineered attacks at least 25 times, resulting in losses of between $25,000 and $100,000 per incident  Attackers' primary motivation is stealing financial information, Extracting trade secrets, or revenge
Who is the enemy?  Cyber terrorist  Disgruntled employees  Hacktivists  Kiddies  Cyber criminals  Foreign governments  Organised crime
Cultural Background It wont happen to me………
Catch Me If You Can  Frank Abagnale, who, before his 19th birthday, successfully performed cons worth millions of dollars by posing as a Pan American World Airways pilot, a Georgia doctor, and a Louisiana parish prosecutor.  His primary crime was check fraud; he became so skilful that the FBI eventually turned to him for help in catching other check forgers
Everyday Social Engineering
Stereotypes Dorothea Puente  At the age of sixty, police discovered Puente was killing off her boarders and collecting the insurance money.  Seven bodies buried in her back yard.
Are you easily persuaded?
Attack Vectors
Phishing Attacks  Nigerian 419 email scam  DHL delivery  Tax refund  An other bank notice  PayPal  Cracking websites of companies or organizations and destroying their reputation (twitter etc)
Socially Open to all……….  The primary tool used for social engineering attacks is the phishing email  Followed by using social networking sites that disclose employees' personal details
Targeted Malware  Targeted malware that is, in some cases, just hours old  Found a USB drive in the car park, great! A freebie!  Combating this type of APT can be incredibly difficult, because all it takes is one employee to open a seemingly innocuous--yet really malicious--attachment, and the business can be compromised
Common Attack Entry Points  Customer Service  Tech Support  Delivery Person  Tailgating
Information Gathering Techniques  Research  Professional gangs can spend months gathering information from the web and employees  Dumpster Diving  Poor disposal of confidential data
Traditional Sources Websites  You can find information about the company, what they do, the products and services they provide, physical locations, job openings, contact numbers, bios on the executives or board of directors. Public Servers  A company's publicly reachable servers. Fingerprinting servers for their OS, application, and IP information can tell you a great deal about their infrastructure.
Traditional Sources  Social media is a technology that many companies have recently embraced. User sites such as blogs, wikis, and online videos may provide information about the target company  A disgruntled employee that's blogging about his company's problems may be susceptible to a sympathetic ear from someone with similar opinions or problems  Public data may be generated by entities inside and outside the target company. This data can consist of quarterly reports, government reports, analyst reports, earnings posted for publicly traded companies, etc.
Non-Traditional  Industry experts or subject matter experts can provide detailed information about an area without providing anything regarding the target company  "When in Rome, do what the Romans do" Engaging in activities or frequenting places that employees from the target company also do/visit is an excellent opportunity to elicit information. Proximity to the employees provides opportunities for conversation, eavesdropping, or possibly even covert cloning of RFID cards
Influencing Others  Reciprocity, Obligation, Concession  Want a bar of chocolate?  Scarcity, Authority, Commitment and Consistency, Liking, Consensus or Social Proof, Framing  In his book, "Influence: The Psychology of Persuasion", Dr. Robert Cialdini states, "Social Proof - People will do things that they see other people are doing. For example, in one experiment, one or more confederates would look up into the sky; bystanders would then look up into the sky to see what they were seeing. At one point this experiment aborted, as so many people were looking up that they stopped traffic."  Manipulation of Incentive  Financial Social Ideological
Towards a Solution
Lets build a bigger better wall
Just Say No……………..
We cannot live in isolation  Social media has become a necessary part of business  Sharing of information and the access to information is now expected  We need to understand the risks
Cybersecurity Culture  Mitigation of social engineering begins with good policy and awareness training  Most important of which is creating a cybersecurity culture within an organization  This must start at the top and work down
Countermeasures  Establishing frameworks of trust on an employee/personnel level (i.e., specify and train personnel when/where/why/how sensitive information should be handled)  Identifying which information is sensitive and evaluating its exposure to social engineering and breakdowns in security systems (building, computer system, etc.)  Establishing security protocols, policies, and procedures for handling sensitive information  Training employees in security protocols relevant to their position. (e.g., in situations such as tailgating, if a person's identity cannot be verified, then employees must be trained to politely refuse.)
Countermeasures  Performing unannounced, periodic tests of the security framework  Reviewing the above steps regularly: no solutions to information integrity are perfect  Using a waste management service that has dumpsters with locks on them, with keys to them limited only to the waste management company and the cleaning staff  Locating the dumpster either in view of employees such that trying to access it carries a risk of being seen or caught or behind a locked gate or fence where the person must trespass before they can attempt to access the dumpster
“ (As) the media characterizes social engineering, hackers will call up and ask for a password. I have never asked anyone for their password Kevin Mitnick Email: john.mccarthy@servicetec.com www.airportcybersecurity.com Airport Cyber Security Podcast ”

Recommended

Insiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest LinkInsiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest LinkRichard Common
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringCyber Agency
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkJahangirnagar University
 
Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"abercius24
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0Murray Security Services
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and BadTzar Umang
 
Social engineering
Social engineeringSocial engineering
Social engineeringAlexander Zhuravlev
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering OWASP Foundation
 

Recommended

Insiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest LinkInsiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest LinkRichard Common
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringCyber Agency
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkJahangirnagar University
 
Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"abercius24
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0Murray Security Services
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and BadTzar Umang
 
Social engineering
Social engineeringSocial engineering
Social engineeringAlexander Zhuravlev
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering OWASP Foundation
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?JamRivera1
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Social engineering tales
Social engineering tales Social engineering tales
Social engineering tales Ahmed Musaad
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageMarin Ivezic
 
Social engineering
Social engineeringSocial engineering
Social engineeringankushmohanty
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringPaul Devassy, CPP
 
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskRob Ragan
 
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010Jason Hong
 
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Jason Hong
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesPraetorian
 
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksStrengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksFitCEO, Inc. (FCI)
 
Social Engineering Techniques
Social Engineering TechniquesSocial Engineering Techniques
Social Engineering TechniquesNeelu Tripathy
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...ABHAY PATHAK
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacksRamiro Cid
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessRobin Rafique
 
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015Robert Craig
 
Social engineering
Social engineering Social engineering
Social engineering Vîñàý Pãtêl
 
Malicious Insiders
Malicious InsidersMalicious Insiders
Malicious Insidersgjohansen
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselCasey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counselbugcrowd
 

More Related Content

What's hot

Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?JamRivera1
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Social engineering tales
Social engineering tales Social engineering tales
Social engineering tales Ahmed Musaad
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageMarin Ivezic
 
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskRob Ragan
 
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010Jason Hong
 
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Jason Hong
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesPraetorian
 
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksStrengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksFitCEO, Inc. (FCI)
 
Social Engineering Techniques
Social Engineering TechniquesSocial Engineering Techniques
Social Engineering TechniquesNeelu Tripathy
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...ABHAY PATHAK
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacksRamiro Cid
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessRobin Rafique
 
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015Robert Craig
 
Malicious Insiders
Malicious InsidersMalicious Insiders
Malicious Insidersgjohansen
 

What's hot (20)

Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social engineering tales
Social engineering tales Social engineering tales
Social engineering tales
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionage
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
 
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
 
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case Studies
 
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksStrengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
 
Social Engineering Techniques
Social Engineering TechniquesSocial Engineering Techniques
Social Engineering Techniques
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
 
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
 
Social engineering
Social engineering Social engineering
Social engineering
 
Malicious Insiders
Malicious InsidersMalicious Insiders
Malicious Insiders
 

Similar to Airport IT&T 2013 John McCarthy

Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselCasey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counselbugcrowd
 
Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Bala Guntipalli ♦ MBA
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCybAnastaciaShadelb
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of securityMatthew Pascucci
 
Insider threats
Insider threatsInsider threats
Insider threatsizoologic
 
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfgalagirishp
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badbanerjeea
 
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING ijmvsc
 
Insider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdfInsider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdframsetl
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
Data security concepts chapter 2
Data security concepts chapter 2Data security concepts chapter 2
Data security concepts chapter 2Nickkisha Farrell
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection RecommendationsAlienVault
 
I’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextI’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextBrian Pichman
 
White Paper: Social Engineering and Cyber Attacks: The Psychology of Deception
White Paper: Social Engineering and Cyber Attacks: The Psychology of DeceptionWhite Paper: Social Engineering and Cyber Attacks: The Psychology of Deception
White Paper: Social Engineering and Cyber Attacks: The Psychology of DeceptionEMC
 
Learn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf SecurityLearn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf SecurityAardwolf Security
 

Similar to Airport IT&T 2013 John McCarthy (20)

Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
 
Insider threats
Insider threatsInsider threats
Insider threats
 
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdf
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
 
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
 
Amir bouker
Amir bouker Amir bouker
Amir bouker
 
Insider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdfInsider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdf
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
 
Data security concepts chapter 2
Data security concepts chapter 2Data security concepts chapter 2
Data security concepts chapter 2
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection Recommendations
 
I’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextI’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take Next
 
White Paper: Social Engineering and Cyber Attacks: The Psychology of Deception
White Paper: Social Engineering and Cyber Attacks: The Psychology of DeceptionWhite Paper: Social Engineering and Cyber Attacks: The Psychology of Deception
White Paper: Social Engineering and Cyber Attacks: The Psychology of Deception
 
Learn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf SecurityLearn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf Security
 

More from Russell Publishing

Stephen Thomas, QPM Assistant Chief Constable, Operations, British Transport ...
Stephen Thomas, QPM Assistant Chief Constable, Operations, British Transport ...Stephen Thomas, QPM Assistant Chief Constable, Operations, British Transport ...
Stephen Thomas, QPM Assistant Chief Constable, Operations, British Transport ...Russell Publishing
 
Robin Forrest, International Relations, SNCF Security
Robin Forrest, International Relations, SNCF SecurityRobin Forrest, International Relations, SNCF Security
Robin Forrest, International Relations, SNCF SecurityRussell Publishing
 
Richard Aaroe, CEO, WaveTrainSystems (WTS)
Richard Aaroe, CEO, WaveTrainSystems (WTS)Richard Aaroe, CEO, WaveTrainSystems (WTS)
Richard Aaroe, CEO, WaveTrainSystems (WTS)Russell Publishing
 
Peter Guy, Operational Security & Continuity Planning Manager, Network Rail
Peter Guy, Operational Security & Continuity Planning Manager, Network RailPeter Guy, Operational Security & Continuity Planning Manager, Network Rail
Peter Guy, Operational Security & Continuity Planning Manager, Network RailRussell Publishing
 
Martyn Guiver, Head of Crime Management, Northern Rail
Martyn Guiver, Head of Crime Management, Northern RailMartyn Guiver, Head of Crime Management, Northern Rail
Martyn Guiver, Head of Crime Management, Northern RailRussell Publishing
 
Marc Pearl, President & CEO, Homeland Security & Defense Business Council
Marc Pearl, President & CEO, Homeland Security & Defense Business CouncilMarc Pearl, President & CEO, Homeland Security & Defense Business Council
Marc Pearl, President & CEO, Homeland Security & Defense Business CouncilRussell Publishing
 
José Pires, Senior Security Advisor, International Union of Railways (UIC)
José Pires, Senior Security Advisor, International Union of Railways (UIC)José Pires, Senior Security Advisor, International Union of Railways (UIC)
José Pires, Senior Security Advisor, International Union of Railways (UIC)Russell Publishing
 
David Roney, Superintendent, Counter Terrorism, British Transport Police (BTP)
David Roney, Superintendent, Counter Terrorism, British Transport Police (BTP)David Roney, Superintendent, Counter Terrorism, British Transport Police (BTP)
David Roney, Superintendent, Counter Terrorism, British Transport Police (BTP)Russell Publishing
 
Daniel Berchtold, Head Business Unit Rail Automation, Schweizer Electronic
Daniel Berchtold, Head Business Unit Rail Automation, Schweizer ElectronicDaniel Berchtold, Head Business Unit Rail Automation, Schweizer Electronic
Daniel Berchtold, Head Business Unit Rail Automation, Schweizer ElectronicRussell Publishing
 
Antonio de Santiago Laporte, Industrial Technical Engineer, Madrid Metro & Co...
Antonio de Santiago Laporte, Industrial Technical Engineer, Madrid Metro & Co...Antonio de Santiago Laporte, Industrial Technical Engineer, Madrid Metro & Co...
Antonio de Santiago Laporte, Industrial Technical Engineer, Madrid Metro & Co...Russell Publishing
 
Thomas Kritzer, Head of Security & Service Department, Wiener Linien & Chair,...
Thomas Kritzer, Head of Security & Service Department, Wiener Linien & Chair,...Thomas Kritzer, Head of Security & Service Department, Wiener Linien & Chair,...
Thomas Kritzer, Head of Security & Service Department, Wiener Linien & Chair,...Russell Publishing
 

More from Russell Publishing (20)

Elisabeth sinclair
Elisabeth sinclairElisabeth sinclair
Elisabeth sinclair
 
Elisabeth sinclair
Elisabeth sinclairElisabeth sinclair
Elisabeth sinclair
 
Denis castanet
Denis castanetDenis castanet
Denis castanet
 
Tim gray
Tim grayTim gray
Tim gray
 
Kari rouhonen
Kari rouhonenKari rouhonen
Kari rouhonen
 
Gunther koller
Gunther kollerGunther koller
Gunther koller
 
David thomasson
David thomassonDavid thomasson
David thomasson
 
Carl bjorgan
Carl bjorganCarl bjorgan
Carl bjorgan
 
Johnny sorenson
Johnny sorensonJohnny sorenson
Johnny sorenson
 
Stephen Thomas, QPM Assistant Chief Constable, Operations, British Transport ...
Stephen Thomas, QPM Assistant Chief Constable, Operations, British Transport ...Stephen Thomas, QPM Assistant Chief Constable, Operations, British Transport ...
Stephen Thomas, QPM Assistant Chief Constable, Operations, British Transport ...
 
Robin Forrest, International Relations, SNCF Security
Robin Forrest, International Relations, SNCF SecurityRobin Forrest, International Relations, SNCF Security
Robin Forrest, International Relations, SNCF Security
 
Richard Aaroe, CEO, WaveTrainSystems (WTS)
Richard Aaroe, CEO, WaveTrainSystems (WTS)Richard Aaroe, CEO, WaveTrainSystems (WTS)
Richard Aaroe, CEO, WaveTrainSystems (WTS)
 
Peter Guy, Operational Security & Continuity Planning Manager, Network Rail
Peter Guy, Operational Security & Continuity Planning Manager, Network RailPeter Guy, Operational Security & Continuity Planning Manager, Network Rail
Peter Guy, Operational Security & Continuity Planning Manager, Network Rail
 
Martyn Guiver, Head of Crime Management, Northern Rail
Martyn Guiver, Head of Crime Management, Northern RailMartyn Guiver, Head of Crime Management, Northern Rail
Martyn Guiver, Head of Crime Management, Northern Rail
 
Marc Pearl, President & CEO, Homeland Security & Defense Business Council
Marc Pearl, President & CEO, Homeland Security & Defense Business CouncilMarc Pearl, President & CEO, Homeland Security & Defense Business Council
Marc Pearl, President & CEO, Homeland Security & Defense Business Council
 
José Pires, Senior Security Advisor, International Union of Railways (UIC)
José Pires, Senior Security Advisor, International Union of Railways (UIC)José Pires, Senior Security Advisor, International Union of Railways (UIC)
José Pires, Senior Security Advisor, International Union of Railways (UIC)
 
David Roney, Superintendent, Counter Terrorism, British Transport Police (BTP)
David Roney, Superintendent, Counter Terrorism, British Transport Police (BTP)David Roney, Superintendent, Counter Terrorism, British Transport Police (BTP)
David Roney, Superintendent, Counter Terrorism, British Transport Police (BTP)
 
Daniel Berchtold, Head Business Unit Rail Automation, Schweizer Electronic
Daniel Berchtold, Head Business Unit Rail Automation, Schweizer ElectronicDaniel Berchtold, Head Business Unit Rail Automation, Schweizer Electronic
Daniel Berchtold, Head Business Unit Rail Automation, Schweizer Electronic
 
Antonio de Santiago Laporte, Industrial Technical Engineer, Madrid Metro & Co...
Antonio de Santiago Laporte, Industrial Technical Engineer, Madrid Metro & Co...Antonio de Santiago Laporte, Industrial Technical Engineer, Madrid Metro & Co...
Antonio de Santiago Laporte, Industrial Technical Engineer, Madrid Metro & Co...
 
Thomas Kritzer, Head of Security & Service Department, Wiener Linien & Chair,...
Thomas Kritzer, Head of Security & Service Department, Wiener Linien & Chair,...Thomas Kritzer, Head of Security & Service Department, Wiener Linien & Chair,...
Thomas Kritzer, Head of Security & Service Department, Wiener Linien & Chair,...
 

Recently uploaded

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

Recently uploaded (20)

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Airport IT&T 2013 John McCarthy

  • 1. Social Engineering Managing the Human Element Dr John McCarthy Cyber Research Fellow Cranfield University, UK Defence Academy & Vice President of Cyber Security, ServiceTec Global Services
  • 2. Social Engineering Managing the Human Element Dr John McCarthy Ph.D. B.Sc. (hons) MBCS Vice President of Cyber Security ServiceTec International Inc./ServiceTec Research Fellow at Cranfield University / UK Defence Academy
  • 3. Partners  Cyber-Physical Systems Research Centre based at Cranfield and sponsored by ServiceTec  University of Nebraska  Federal Aviation Authority  Joint Information Operations Warfare Centre, Vulnerability Assessment Branch (JVAB) USA
  • 5. What is Social Engineering  Social engineering is a methodology that allows an attacker to bypass technical controls by attacking the human element in an organisation.  Social engineering attacks are likely to increase, and it is becoming increasingly important for organizations to address this issue.
  • 6. Phishing to Honeypots  In the context of cybersecurity we often think of complex computer systems, sophisticated hackers and hacking techniques.  All too often the human element in cybersecurity is overlooked. Many criminal gangs utilize social engineering techniques and the crossover from traditional criminal activities into the cyber world is increasingly common
  • 7. Social Engineering Attacks Cost  In the past two years, 48% of large businesses have suffered from socially engineered attacks at least 25 times, resulting in losses of between $25,000 and $100,000 per incident  Attackers' primary motivation is stealing financial information, Extracting trade secrets, or revenge
  • 8. Who is the enemy?  Cyber terrorist  Disgruntled employees  Hacktivists  Kiddies  Cyber criminals  Foreign governments  Organised crime
  • 9. Cultural Background It wont happen to me………
  • 10. Catch Me If You Can  Frank Abagnale, who, before his 19th birthday, successfully performed cons worth millions of dollars by posing as a Pan American World Airways pilot, a Georgia doctor, and a Louisiana parish prosecutor.  His primary crime was check fraud; he became so skilful that the FBI eventually turned to him for help in catching other check forgers
  • 12. Stereotypes Dorothea Puente  At the age of sixty, police discovered Puente was killing off her boarders and collecting the insurance money.  Seven bodies buried in her back yard.
  • 13. Are you easily persuaded?
  • 15. Phishing Attacks  Nigerian 419 email scam  DHL delivery  Tax refund  An other bank notice  PayPal  Cracking websites of companies or organizations and destroying their reputation (twitter etc)
  • 16. Socially Open to all……….  The primary tool used for social engineering attacks is the phishing email  Followed by using social networking sites that disclose employees' personal details
  • 17. Targeted Malware  Targeted malware that is, in some cases, just hours old  Found a USB drive in the car park, great! A freebie!  Combating this type of APT can be incredibly difficult, because all it takes is one employee to open a seemingly innocuous--yet really malicious--attachment, and the business can be compromised
  • 18. Common Attack Entry Points  Customer Service  Tech Support  Delivery Person  Tailgating
  • 19. Information Gathering Techniques  Research  Professional gangs can spend months gathering information from the web and employees  Dumpster Diving  Poor disposal of confidential data
  • 20. Traditional Sources Websites  You can find information about the company, what they do, the products and services they provide, physical locations, job openings, contact numbers, bios on the executives or board of directors. Public Servers  A company's publicly reachable servers. Fingerprinting servers for their OS, application, and IP information can tell you a great deal about their infrastructure.
  • 21. Traditional Sources  Social media is a technology that many companies have recently embraced. User sites such as blogs, wikis, and online videos may provide information about the target company  A disgruntled employee that's blogging about his company's problems may be susceptible to a sympathetic ear from someone with similar opinions or problems  Public data may be generated by entities inside and outside the target company. This data can consist of quarterly reports, government reports, analyst reports, earnings posted for publicly traded companies, etc.
  • 22. Non-Traditional  Industry experts or subject matter experts can provide detailed information about an area without providing anything regarding the target company  "When in Rome, do what the Romans do" Engaging in activities or frequenting places that employees from the target company also do/visit is an excellent opportunity to elicit information. Proximity to the employees provides opportunities for conversation, eavesdropping, or possibly even covert cloning of RFID cards
  • 23. Influencing Others  Reciprocity, Obligation, Concession  Want a bar of chocolate?  Scarcity, Authority, Commitment and Consistency, Liking, Consensus or Social Proof, Framing  In his book, "Influence: The Psychology of Persuasion", Dr. Robert Cialdini states, "Social Proof - People will do things that they see other people are doing. For example, in one experiment, one or more confederates would look up into the sky; bystanders would then look up into the sky to see what they were seeing. At one point this experiment aborted, as so many people were looking up that they stopped traffic."  Manipulation of Incentive  Financial Social Ideological
  • 25. Lets build a bigger better wall
  • 27. We cannot live in isolation  Social media has become a necessary part of business  Sharing of information and the access to information is now expected  We need to understand the risks
  • 28. Cybersecurity Culture  Mitigation of social engineering begins with good policy and awareness training  Most important of which is creating a cybersecurity culture within an organization  This must start at the top and work down
  • 29. Countermeasures  Establishing frameworks of trust on an employee/personnel level (i.e., specify and train personnel when/where/why/how sensitive information should be handled)  Identifying which information is sensitive and evaluating its exposure to social engineering and breakdowns in security systems (building, computer system, etc.)  Establishing security protocols, policies, and procedures for handling sensitive information  Training employees in security protocols relevant to their position. (e.g., in situations such as tailgating, if a person's identity cannot be verified, then employees must be trained to politely refuse.)
  • 30. Countermeasures  Performing unannounced, periodic tests of the security framework  Reviewing the above steps regularly: no solutions to information integrity are perfect  Using a waste management service that has dumpsters with locks on them, with keys to them limited only to the waste management company and the cleaning staff  Locating the dumpster either in view of employees such that trying to access it carries a risk of being seen or caught or behind a locked gate or fence where the person must trespass before they can attempt to access the dumpster
  • 31. “ (As) the media characterizes social engineering, hackers will call up and ask for a password. I have never asked anyone for their password Kevin Mitnick Email: john.mccarthy@servicetec.com www.airportcybersecurity.com Airport Cyber Security Podcast ”