If only we could configure and patch the humans in our organizations against social engineering. It would make a massive difference in cyber security incidents. Kevin Mitnick was purported to say, “Social engineering bypasses all technologies, including firewalls”. We’ve come a long way since firewalls were the primary security technology, but the principal holds true. No matter how secure you architect your environment, no matter how many security technologies you deploy, if the attacker finds the right person and successfully manipulates them, they will get through.
And social engineering is not just about non-technical end-users. IT folks and yes, even cyber-security pros, get engineered too. We are all vulnerable to psychological manipulation. If we get hit with the right combination of plausibility and stressors on the wrong day, even those of us informed and aware of social engineering can find ourselves getting lead down the garden path before, hopefully, something makes us frown and say “Wait a minute…”
Many attacks today are neither strictly cyber or social engineering; today’s sophisticated, determined attackers have the resources and people to take a multi-disciplinary approach that targets both technical components and the humans of an organization.
On my next real-training-for-free session, my long-time friend, colleague and former fellow MVP, Roger Grimes, is joining me to discuss social engineering. Roger is passionate about this subject; in fact, he left an illustrious career at Microsoft years ago when he realized how big a problem social engineering is.
We will go over some of these most recent high profile social engineering attacks which are amazing, and we’ll discuss today’s most common and other up-and-coming types of social engineering such as:
- AI Deepfakes
- Pretexting
- Vishing
- Phishing & Spear Phishing
- Water-Holing
- Whaling
- Smishing
- Tailgaiting/Piggybacking
- Quid Pro Quo
- Diversion Theft
But what we’ll really focus on is what you can do both personally, as a professional, and as an organization to defend against social engineering.
In particular, some of Roger’s talking points include:
- Quick 2-step behavior modification that can defeat 99% of social engineering
- What you can do to best defeat social engineering for you, your family, your friends, your company
- What your company can do to defeat social engineering (e.g., aggressive training, simulated phishing, plus phishing-resistant MFA, password managers, long passwords)
Please join us for this special, no sponsor presentation session. If you don’t already know Roger, I believe you’ll enjoy getting to hear him.
Please join us for this real training for free session.