SlideShare a Scribd company logo

SECURITY AND SOCIAL ENGINEERING.ppt

Download as PPT, PDF
P
pixvilx

This document discusses social engineering and how to protect against it. Social engineering involves manipulating people to gain access to sensitive information. It is a common way for criminals to steal data from organizations. The document outlines various social engineering tactics like pretexting and phishing used to fool victims into providing passwords, financial details, or other personal information. It emphasizes that security is everyone's responsibility and provides tips for protecting yourself such as using strong passwords, multi-factor authentication, recognizing inappropriate requests, and reporting any security concerns.

Devices & Hardware
1 of 11
SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say Something! 1
Objectives Understand the principles of social engineering Define the goals of social engineering Recognize the signs of social engineering Identify ways to protect yourself from social engineering Security is Everyone's Responsibility – See Something, Say Something! 2
What is Social Engineering 1. At its core it is manipulating a person into knowingly or unknowingly giving up information; essentially 'hacking' into a person to steal valuable information. • Psychological manipulation • Trickery or Deception for the purpose of information gathering Security is Everyone's Responsibility – See Something, Say Something! 3
What is Social Engineering 2. It is a way for criminals to gain access to information systems. The purpose of social engineering is usually to secretly install spyware, other malicious software or to trick persons into handing over passwords and/or other sensitive financial or personal information Security is Everyone's Responsibility – See Something, Say Something! 4
What is Social Engineering 3. Social engineering is one of the most effective routes to stealing confidential data from organizations, according to Siemens Enterprise Communications, based in Germany. In a recent Siemens test, 85 percent of office workers were duped by engineering. “Most employees are utterly unaware that they are being manipulated,” says Colin Greenlees, security and counter-fraud consultant at Siemens. Security is Everyone's Responsibility – See Something, Say Something! 5
What are they looking for • Obtaining simple information such as your pet's name, where you're from, the places you've visited; information that you'd give out freely to your friends. – Think of yourself as a walking computer, full of valuable information about yourself. You've got a name, address, and valuables. Now categorize those items like a business does. Personally identifiable data, financial information, cardholder data, health insurance data, credit reporting data, and so on… Security is Everyone's Responsibility – See Something, Say Something! 6
What are they looking for • Take a close look at some of the 'secure' sites you log into. Some have a 'secret question' you have to answer, if you cannot remember your username or password. The questions seem pretty tough for an outsider looking into trying to hack into your account. What's the name of your first pet? What is your maiden name? When was your mother/father born? Where were you born? Do these sound familiar? Security is Everyone's Responsibility – See Something, Say Something! 7
Tactics 1. Pretexting – Creating a fake scenario 2. Phishing – Send out bait to fool victims into giving away their information 3. Fake Websites – Molded to look like the real thing. Log in with real credentials that are now compromised 4. Fake Pop-up – Pops up in front of real web site to obtain user credentials Security is Everyone's Responsibility – See Something, Say Something! 8
Protecting Yourself A security aware culture can help employees identify and repel social engineering attacks  Recognize inappropriate requests for information  Take ownership for corporate security  Understand risk and impact of security breeches  Social engineering attacks are personal  Password management  Two factor authentication  Physical security  Understand what information you are putting on the Web for targeting at social network sites Google Twitter MySpace Facebook Personal Blogs LinkedIn Security is Everyone's Responsibility – See Something, Say Something! 9
Protecting Yourself 1. Network defenses to repel virus • Virus protection (McAfee, Norton, Symantec, etc…) • Email attachment scanning • Firewalls, etc… 2. Organizations must decide what information is sensitive 3. Security must be periodically tested 4. Contact your security office immediately if you have any concerns at work Security is Everyone's Responsibility – See Something, Say Something! 10
Security is Everyone's Responsibility – See Something, Say Something! 11

Recommended

Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Scott Wright
 
Users guide
Users guideUsers guide
Users guide
Darren Thomas
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Ncell
 
Ict lec#9
Ict lec#9Ict lec#9
Ict lec#9
amberkhan59
 
Social Engineering and What to do About it
Social Engineering and What to do About itSocial Engineering and What to do About it
Social Engineering and What to do About it
Aleksandr Yampolskiy
 
Internet security
Internet securityInternet security
Internet security
Mohamed El-malki
 
Ethical Dilemmas/Issues in CyberWorld
Ethical Dilemmas/Issues in CyberWorldEthical Dilemmas/Issues in CyberWorld
Ethical Dilemmas/Issues in CyberWorld
Rownel Cerezo Gagani
 
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptxCYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
BarakaMuyengi
 

Recommended

Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Scott Wright
 
Users guide
Users guideUsers guide
Users guide
Darren Thomas
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Ncell
 
Ict lec#9
Ict lec#9Ict lec#9
Ict lec#9
amberkhan59
 
Social Engineering and What to do About it
Social Engineering and What to do About itSocial Engineering and What to do About it
Social Engineering and What to do About it
Aleksandr Yampolskiy
 
Internet security
Internet securityInternet security
Internet security
Mohamed El-malki
 
Ethical Dilemmas/Issues in CyberWorld
Ethical Dilemmas/Issues in CyberWorldEthical Dilemmas/Issues in CyberWorld
Ethical Dilemmas/Issues in CyberWorld
Rownel Cerezo Gagani
 
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptxCYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
BarakaMuyengi
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness Presentation
Jamie Proctor-Brassard
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
OWASP Foundation
 
The Major Types of Cybercrime
The Major Types of CybercrimeThe Major Types of Cybercrime
The Major Types of Cybercrime
Rubi Orbeta
 
Security and the Service Desk
Security and the Service DeskSecurity and the Service Desk
Security and the Service Desk
NorthCoastHDI
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
AbdalrhmanTHassan
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badbanerjeea
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyRussell Publishing
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scams
ronpoul
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scams
ronpoul
 
computer law.pptx
computer law.pptxcomputer law.pptx
computer law.pptx
MouradAKenk
 
What is social engineering & why it is important
What is social engineering & why it is importantWhat is social engineering & why it is important
What is social engineering & why it is important
Vikram Khanna
 
Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015
Lawley Insurance
 
Cyber crime ethics and un ethics
Cyber crime ethics and un ethicsCyber crime ethics and un ethics
Cyber crime ethics and un ethics
Muhammad Umar Farooq
 
Internet Safety.pptx
Internet Safety.pptxInternet Safety.pptx
Internet Safety.pptx
AljunMisa
 
Internet secutity ppt by vaishnavi khandelwal
Internet secutity ppt by vaishnavi khandelwalInternet secutity ppt by vaishnavi khandelwal
Internet secutity ppt by vaishnavi khandelwal
VaishnaviKhandelwal6
 
I’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextI’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take Next
Brian Pichman
 
Information Security
Information SecurityInformation Security
Information SecurityChief Optimist
 
Unveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity postureUnveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity posture
Lourdes Paloma Gimenez
 
THE IMPORTANCE OF CYBERSECURITY TO MANKIND
THE IMPORTANCE OF CYBERSECURITY TO MANKINDTHE IMPORTANCE OF CYBERSECURITY TO MANKIND
THE IMPORTANCE OF CYBERSECURITY TO MANKIND
ReinIgnacioUrolaza
 
Expert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessExpert FSO Insider Threat Awareness
Expert FSO Insider Threat Awareness
Eric Schiowitz
 
VPN rulez, I am using it again. Yes, it is.
VPN rulez, I am using it again. Yes, it is.VPN rulez, I am using it again. Yes, it is.
VPN rulez, I am using it again. Yes, it is.
pixvilx
 
VPN rulez, yiou a holes in the dark I can use it
VPN rulez, yiou a holes in the dark I can use itVPN rulez, yiou a holes in the dark I can use it
VPN rulez, yiou a holes in the dark I can use it
pixvilx
 

More Related Content

Similar to SECURITY AND SOCIAL ENGINEERING.ppt

National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness Presentation
Jamie Proctor-Brassard
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
OWASP Foundation
 
The Major Types of Cybercrime
The Major Types of CybercrimeThe Major Types of Cybercrime
The Major Types of Cybercrime
Rubi Orbeta
 
Security and the Service Desk
Security and the Service DeskSecurity and the Service Desk
Security and the Service Desk
NorthCoastHDI
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
AbdalrhmanTHassan
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badbanerjeea
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyRussell Publishing
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scams
ronpoul
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scams
ronpoul
 
computer law.pptx
computer law.pptxcomputer law.pptx
computer law.pptx
MouradAKenk
 
What is social engineering & why it is important
What is social engineering & why it is importantWhat is social engineering & why it is important
What is social engineering & why it is important
Vikram Khanna
 
Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015
Lawley Insurance
 
Cyber crime ethics and un ethics
Cyber crime ethics and un ethicsCyber crime ethics and un ethics
Cyber crime ethics and un ethics
Muhammad Umar Farooq
 
Internet Safety.pptx
Internet Safety.pptxInternet Safety.pptx
Internet Safety.pptx
AljunMisa
 
Internet secutity ppt by vaishnavi khandelwal
Internet secutity ppt by vaishnavi khandelwalInternet secutity ppt by vaishnavi khandelwal
Internet secutity ppt by vaishnavi khandelwal
VaishnaviKhandelwal6
 
I’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextI’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take Next
Brian Pichman
 
Unveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity postureUnveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity posture
Lourdes Paloma Gimenez
 
THE IMPORTANCE OF CYBERSECURITY TO MANKIND
THE IMPORTANCE OF CYBERSECURITY TO MANKINDTHE IMPORTANCE OF CYBERSECURITY TO MANKIND
THE IMPORTANCE OF CYBERSECURITY TO MANKIND
ReinIgnacioUrolaza
 
Expert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessExpert FSO Insider Threat Awareness
Expert FSO Insider Threat Awareness
Eric Schiowitz
 

Similar to SECURITY AND SOCIAL ENGINEERING.ppt (20)

National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness Presentation
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
 
The Major Types of Cybercrime
The Major Types of CybercrimeThe Major Types of Cybercrime
The Major Types of Cybercrime
 
Security and the Service Desk
Security and the Service DeskSecurity and the Service Desk
Security and the Service Desk
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthy
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scams
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scams
 
computer law.pptx
computer law.pptxcomputer law.pptx
computer law.pptx
 
What is social engineering & why it is important
What is social engineering & why it is importantWhat is social engineering & why it is important
What is social engineering & why it is important
 
Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015
 
Cyber crime ethics and un ethics
Cyber crime ethics and un ethicsCyber crime ethics and un ethics
Cyber crime ethics and un ethics
 
Internet Safety.pptx
Internet Safety.pptxInternet Safety.pptx
Internet Safety.pptx
 
Internet secutity ppt by vaishnavi khandelwal
Internet secutity ppt by vaishnavi khandelwalInternet secutity ppt by vaishnavi khandelwal
Internet secutity ppt by vaishnavi khandelwal
 
I’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextI’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take Next
 
Information Security
Information SecurityInformation Security
Information Security
 
Unveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity postureUnveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity posture
 
THE IMPORTANCE OF CYBERSECURITY TO MANKIND
THE IMPORTANCE OF CYBERSECURITY TO MANKINDTHE IMPORTANCE OF CYBERSECURITY TO MANKIND
THE IMPORTANCE OF CYBERSECURITY TO MANKIND
 
Expert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessExpert FSO Insider Threat Awareness
Expert FSO Insider Threat Awareness
 

More from pixvilx

VPN rulez, I am using it again. Yes, it is.
VPN rulez, I am using it again. Yes, it is.VPN rulez, I am using it again. Yes, it is.
VPN rulez, I am using it again. Yes, it is.
pixvilx
 
VPN rulez, yiou a holes in the dark I can use it
VPN rulez, yiou a holes in the dark I can use itVPN rulez, yiou a holes in the dark I can use it
VPN rulez, yiou a holes in the dark I can use it
pixvilx
 
Another brick another day, I am bored, but life is life
Another brick another day, I am bored, but life is lifeAnother brick another day, I am bored, but life is life
Another brick another day, I am bored, but life is life
pixvilx
 
Downloading filler for slides about nothing
Downloading filler for slides about nothingDownloading filler for slides about nothing
Downloading filler for slides about nothing
pixvilx
 
Fake slides for fake requests and that's it is
Fake slides for fake requests and that's it isFake slides for fake requests and that's it is
Fake slides for fake requests and that's it is
pixvilx
 
A peace of crap for system and nothing more
A peace of crap for system and nothing moreA peace of crap for system and nothing more
A peace of crap for system and nothing more
pixvilx
 
Just another crapy slides for uploading 2
Just another crapy slides for uploading 2Just another crapy slides for uploading 2
Just another crapy slides for uploading 2
pixvilx
 
Finita la comedia of this crappy measures
Finita la comedia of this crappy measuresFinita la comedia of this crappy measures
Finita la comedia of this crappy measures
pixvilx
 
It's borring, your security measures, take them down
It's borring, your security measures, take them downIt's borring, your security measures, take them down
It's borring, your security measures, take them down
pixvilx
 
Crap slideshow for downloading, don't use it
Crap slideshow for downloading, don't use itCrap slideshow for downloading, don't use it
Crap slideshow for downloading, don't use it
pixvilx
 
Eh uh bla vix tuEh uh bla vix tuEh uh bla vix tuEh uh bla vix tuEh uh bla vix tu
Eh uh bla vix tuEh uh bla vix tuEh uh bla vix tuEh uh bla vix tuEh uh bla vix tuEh uh bla vix tuEh uh bla vix tuEh uh bla vix tuEh uh bla vix tuEh uh bla vix tu
Eh uh bla vix tuEh uh bla vix tuEh uh bla vix tuEh uh bla vix tuEh uh bla vix tu
pixvilx
 
Boring slides with crap on them, but I need download
Boring slides with crap on them, but I need downloadBoring slides with crap on them, but I need download
Boring slides with crap on them, but I need download
pixvilx
 
Missed me ? I am here again with my fake slides
Missed me ? I am here again with my fake slidesMissed me ? I am here again with my fake slides
Missed me ? I am here again with my fake slides
pixvilx
 
17.pptx
17.pptx17.pptx
17.pptx
pixvilx
 
16.pptx
16.pptx16.pptx
16.pptx
pixvilx
 
15.pptx
15.pptx15.pptx
15.pptx
pixvilx
 
14.pptx
14.pptx14.pptx
14.pptx
pixvilx
 
13.pptx
13.pptx13.pptx
13.pptx
pixvilx
 
12.pptx
12.pptx12.pptx
12.pptx
pixvilx
 
11.pptx
11.pptx11.pptx
11.pptx
pixvilx
 

More from pixvilx (20)

VPN rulez, I am using it again. Yes, it is.
VPN rulez, I am using it again. Yes, it is.VPN rulez, I am using it again. Yes, it is.
VPN rulez, I am using it again. Yes, it is.
 
VPN rulez, yiou a holes in the dark I can use it
VPN rulez, yiou a holes in the dark I can use itVPN rulez, yiou a holes in the dark I can use it
VPN rulez, yiou a holes in the dark I can use it
 
Another brick another day, I am bored, but life is life
Another brick another day, I am bored, but life is lifeAnother brick another day, I am bored, but life is life
Another brick another day, I am bored, but life is life
 
Downloading filler for slides about nothing
Downloading filler for slides about nothingDownloading filler for slides about nothing
Downloading filler for slides about nothing
 
Fake slides for fake requests and that's it is
Fake slides for fake requests and that's it isFake slides for fake requests and that's it is
Fake slides for fake requests and that's it is
 
A peace of crap for system and nothing more
A peace of crap for system and nothing moreA peace of crap for system and nothing more
A peace of crap for system and nothing more
 
Just another crapy slides for uploading 2
Just another crapy slides for uploading 2Just another crapy slides for uploading 2
Just another crapy slides for uploading 2
 
Finita la comedia of this crappy measures
Finita la comedia of this crappy measuresFinita la comedia of this crappy measures
Finita la comedia of this crappy measures
 
It's borring, your security measures, take them down
It's borring, your security measures, take them downIt's borring, your security measures, take them down
It's borring, your security measures, take them down
 
Crap slideshow for downloading, don't use it
Crap slideshow for downloading, don't use itCrap slideshow for downloading, don't use it
Crap slideshow for downloading, don't use it
 
Eh uh bla vix tuEh uh bla vix tuEh uh bla vix tuEh uh bla vix tuEh uh bla vix tu
Eh uh bla vix tuEh uh bla vix tuEh uh bla vix tuEh uh bla vix tuEh uh bla vix tuEh uh bla vix tuEh uh bla vix tuEh uh bla vix tuEh uh bla vix tuEh uh bla vix tu
Eh uh bla vix tuEh uh bla vix tuEh uh bla vix tuEh uh bla vix tuEh uh bla vix tu
 
Boring slides with crap on them, but I need download
Boring slides with crap on them, but I need downloadBoring slides with crap on them, but I need download
Boring slides with crap on them, but I need download
 
Missed me ? I am here again with my fake slides
Missed me ? I am here again with my fake slidesMissed me ? I am here again with my fake slides
Missed me ? I am here again with my fake slides
 
17.pptx
17.pptx17.pptx
17.pptx
 
16.pptx
16.pptx16.pptx
16.pptx
 
15.pptx
15.pptx15.pptx
15.pptx
 
14.pptx
14.pptx14.pptx
14.pptx
 
13.pptx
13.pptx13.pptx
13.pptx
 
12.pptx
12.pptx12.pptx
12.pptx
 
11.pptx
11.pptx11.pptx
11.pptx
 

SECURITY AND SOCIAL ENGINEERING.ppt

  • 1. SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say Something! 1
  • 2. Objectives Understand the principles of social engineering Define the goals of social engineering Recognize the signs of social engineering Identify ways to protect yourself from social engineering Security is Everyone's Responsibility – See Something, Say Something! 2
  • 3. What is Social Engineering 1. At its core it is manipulating a person into knowingly or unknowingly giving up information; essentially 'hacking' into a person to steal valuable information. • Psychological manipulation • Trickery or Deception for the purpose of information gathering Security is Everyone's Responsibility – See Something, Say Something! 3
  • 4. What is Social Engineering 2. It is a way for criminals to gain access to information systems. The purpose of social engineering is usually to secretly install spyware, other malicious software or to trick persons into handing over passwords and/or other sensitive financial or personal information Security is Everyone's Responsibility – See Something, Say Something! 4
  • 5. What is Social Engineering 3. Social engineering is one of the most effective routes to stealing confidential data from organizations, according to Siemens Enterprise Communications, based in Germany. In a recent Siemens test, 85 percent of office workers were duped by engineering. “Most employees are utterly unaware that they are being manipulated,” says Colin Greenlees, security and counter-fraud consultant at Siemens. Security is Everyone's Responsibility – See Something, Say Something! 5
  • 6. What are they looking for • Obtaining simple information such as your pet's name, where you're from, the places you've visited; information that you'd give out freely to your friends. – Think of yourself as a walking computer, full of valuable information about yourself. You've got a name, address, and valuables. Now categorize those items like a business does. Personally identifiable data, financial information, cardholder data, health insurance data, credit reporting data, and so on… Security is Everyone's Responsibility – See Something, Say Something! 6
  • 7. What are they looking for • Take a close look at some of the 'secure' sites you log into. Some have a 'secret question' you have to answer, if you cannot remember your username or password. The questions seem pretty tough for an outsider looking into trying to hack into your account. What's the name of your first pet? What is your maiden name? When was your mother/father born? Where were you born? Do these sound familiar? Security is Everyone's Responsibility – See Something, Say Something! 7
  • 8. Tactics 1. Pretexting – Creating a fake scenario 2. Phishing – Send out bait to fool victims into giving away their information 3. Fake Websites – Molded to look like the real thing. Log in with real credentials that are now compromised 4. Fake Pop-up – Pops up in front of real web site to obtain user credentials Security is Everyone's Responsibility – See Something, Say Something! 8
  • 9. Protecting Yourself A security aware culture can help employees identify and repel social engineering attacks  Recognize inappropriate requests for information  Take ownership for corporate security  Understand risk and impact of security breeches  Social engineering attacks are personal  Password management  Two factor authentication  Physical security  Understand what information you are putting on the Web for targeting at social network sites Google Twitter MySpace Facebook Personal Blogs LinkedIn Security is Everyone's Responsibility – See Something, Say Something! 9
  • 10. Protecting Yourself 1. Network defenses to repel virus • Virus protection (McAfee, Norton, Symantec, etc…) • Email attachment scanning • Firewalls, etc… 2. Organizations must decide what information is sensitive 3. Security must be periodically tested 4. Contact your security office immediately if you have any concerns at work Security is Everyone's Responsibility – See Something, Say Something! 10
  • 11. Security is Everyone's Responsibility – See Something, Say Something! 11