+ All Categories
Home > Documents > Copyright © 2011 IsecT Ltd. Social engineering Spot it and stop it September 2011 Security...

Copyright © 2011 IsecT Ltd. Social engineering Spot it and stop it September 2011 Security...

Date post: 26-Mar-2015
Category:
Upload: haley-barrett
View: 215 times
Download: 1 times
Share this document with a friend
Popular Tags:
13
Copyright © 2011 IsecT Ltd. Social engineering Spot it and stop it September 2011 Security awareness seminar
Transcript
Page 1: Copyright © 2011 IsecT Ltd. Social engineering Spot it and stop it September 2011 Security awareness seminar.

Cop

yrig

ht ©

201

1 Is

ecT

Ltd.

Social engineering

Spot it and stop it

September 2011

Security awareness

seminar

Page 2: Copyright © 2011 IsecT Ltd. Social engineering Spot it and stop it September 2011 Security awareness seminar.

Cop

yrig

ht ©

201

1 Is

ecT

Ltd.

Slide 2

Introduction

Social engineeringis a way of tricking people

into doing things they shouldn’t do, such as

disclosing secrets

Page 3: Copyright © 2011 IsecT Ltd. Social engineering Spot it and stop it September 2011 Security awareness seminar.

Cop

yrig

ht ©

201

1 Is

ecT

Ltd.

Slide 3

Blending-in

Page 4: Copyright © 2011 IsecT Ltd. Social engineering Spot it and stop it September 2011 Security awareness seminar.

Cop

yrig

ht ©

201

1 Is

ecT

Ltd.

Slide 4

Who are social engineers?• Kids, partners, friends

• Sales reps

• Hackers, virus writers

• Journalists

• Jilted lovers

• Industrial spies &unethical competitors

• Private investigators

• Spies

• Former, current orprospective employees

• Visitors, phone callers, emailers, chatters, gift givers, ‘friends’ …

Page 5: Copyright © 2011 IsecT Ltd. Social engineering Spot it and stop it September 2011 Security awareness seminar.

Cop

yrig

ht ©

201

1 Is

ecT

Ltd.

Slide 5

New tricks• Fake survey or prize draw• Discarded USB stick, CD, cellphone …• Note on the windshield, FAX, letter …• Fake maintenance worker, courier,

cleaner, auditor, customer, supplier, manager, executive assistant …

• Lottery win, inheritance or tax refund …

• Stuck in a hotel, wallet stolen, in a fix• “Friend” or “friend of a friend”• ‘Check out this cool video’ …• Fake job ad and interview

Page 6: Copyright © 2011 IsecT Ltd. Social engineering Spot it and stop it September 2011 Security awareness seminar.

Cop

yrig

ht ©

201

1 Is

ecT

Ltd.

Slide 6

How they do it

Search onlinee.g. Myspace &

Linkedin

Ask the victim’s friends & colleagues

Gather personal information about

the victim

Hack the victim’s PC

Use a virus

Exploit the informatione.g. to commit identity

theft

Page 7: Copyright © 2011 IsecT Ltd. Social engineering Spot it and stop it September 2011 Security awareness seminar.

Cop

yrig

ht ©

201

1 Is

ecT

Ltd.

Slide 7

Clues to watch out for

Have you ever been pestered by a persistent, pushy sales rep, trying hard to sell you something you really don’t want?

Parents of 7 year olds will probably appreciate their

ability to manipulate us into doing what they want

Page 8: Copyright © 2011 IsecT Ltd. Social engineering Spot it and stop it September 2011 Security awareness seminar.

Cop

yrig

ht ©

201

1 Is

ecT

Ltd.

Slide 8

Warning signs

• Unexpected callers or visitors probing your for information or acting suspiciously

• Unusual requests, FAXes, emails, text messages, Tweets or phone calls

• Probing, pushy or threatening behavior

• Name-dropping or using company slang out of context

• Evasive, defensive or aggressive reaction when asked to verify their identity

• Nervousness and other nonspecific clues

Page 9: Copyright © 2011 IsecT Ltd. Social engineering Spot it and stop it September 2011 Security awareness seminar.

Cop

yrig

ht ©

201

1 Is

ecT

Ltd.

Slide 9

DART them!

Delay

Authenticate

Resist

Transfer

Page 10: Copyright © 2011 IsecT Ltd. Social engineering Spot it and stop it September 2011 Security awareness seminar.

Cop

yrig

ht ©

201

1 Is

ecT

Ltd.

Slide 10

Front-line defenses

I just need to

confirm your

voicemail :

could you

reset your PIN

code to 1234

please?

Mmmm, sounds fishy … I’d better

refer this call to IT

Page 11: Copyright © 2011 IsecT Ltd. Social engineering Spot it and stop it September 2011 Security awareness seminar.

Cop

yrig

ht ©

201

1 Is

ecT

Ltd.

Slide 11

Other aspects

Human

facto

rs in

infor

mat

ion

secu

rity

PoliciesProceduresGuidelinesLaws & regulationsManagement instructions

Security instinctsTrust & assuranceSecurity culture

Psychology

Human threatsCheats & fraudsSocial engineersHackers & spies

Chinese whispers

Specifying ...… using ...

… managing …… & maintaining …

… technical controls

Technology use

Technical security

Page 12: Copyright © 2011 IsecT Ltd. Social engineering Spot it and stop it September 2011 Security awareness seminar.

Cop

yrig

ht ©

201

1 Is

ecT

Ltd.

Slide 12

Conclusion

• Be alert for the signs that someone might be socially engineering you, and DART (Delay, Authenticate, Resist and Transfer) them!

• Report possible social engineering incidents, suspicious calls and near misses to IT Help/Service Desk

• Help us create a stronger security culture

Page 13: Copyright © 2011 IsecT Ltd. Social engineering Spot it and stop it September 2011 Security awareness seminar.

Cop

yrig

ht ©

201

1 Is

ecT

Ltd.

Slide 13

Further information

Speak to your manager, call the IT Help/Service desk or contact

Information Security.

Discuss social engineering with your work colleagues and family.

Visit the intranet Security Zone.


Recommended