Embed Size (px)
DESCRIPTION
Presentation with voice over: Discussion of how Social Engineers can target a business as part of preparation for a cyber attack and how this gives us more opportunities to prevent or limit the affect of the attack through proper policy, use of resources and training.
Citation preview
Social Engineering, Insider and Cyber ThreatMike Gillespie – MD Advent IM Ltd The UKs Leading Independent, Holistic Security Consultancy
coming up
what we mean by Social Engineering and Insider Threat
what this means to Cyber Threat
buildings and technology, combined with people, offer cyber terrorists and criminals not only more targets, but more tools
serious cyber crime can start before anyone logs onto anything
people are our weakest link and cross security disciplines
our attitude to security and security awareness training needs to evolve
joining the dots and the holistic approach
preparation is everything – even in cyberspace
Social Engineering & Insider Threat
some images courtesy of freedigitalphotos.net
Social Engineering & Insider Threat
some images courtesy of freedigitalphotos.net
what does this mean for cyber threat and crime?
Intelligence gathering
Greater chance of cyber success
what does this mean for cyber threat and crime?
Followed target into building or
pose as contractor
Watched building to
select target
‘Bumped into’ target
and engaged in
conversation – trust gained
‘Borrowed’ their mobile
device
Researched target and
‘friends’ via social
networks
…and/or their pass
card
Gained access to
server
The cyber attack technically starts here…
Joining the dots and the holistic approach
• Realistic holistic Threat and Risk Assessments that don’t isolate ‘cyber’
• Realistic appropriate action and policies• C-level commitment and leadership• Top down security culture health• Holistic Security Awareness Training for all staff • Regular refreshers as part of the virtuous security cycle
security evolution
Joining the dots…27001 in words…
• Continuous improvement (PDCA)• Ensure and Assure• Confidentiality, Integrity, Availability• Risk based• Proportionate• Governance• Compliance
the standard…
• Asset management• HR• Physical security• Communications and Operations• Access Control• System Development• DR, BCM and Incident Management• Compliance
Establish the ISMS
Maintain & improve the
ISMS
Monitor & review the
ISMS
Implement & operate the ISMS
Development, maintenance
& improvement
cycle
plan
act
check
do
Info
rmati
on s
ecur
ity
requ
irem
ents
and
exp
ecta
tions
Man
aged
Info
rmati
on s
ecur
ity
ISO27001 in pictures…
And so…
people are our weakest link and cross security disciplines
buildings and technology, combined with people, offer cyber terrorists and criminals not only more targets, but more tools
serious cyber crime can start before anyone logs onto anything
our attitude to security and security awareness training needs to evolve
thank youSocial Engineering, Insider and Cyber Threat
www.advent-im.co.ukwww.adventim.wordpress.com
@Advent_IMwww.linkedin.com/company/advent-im
0121 559 66990207 100 1124
