Recently, I was commissioned by an organisation of significant size and in a high-risk industry to demonstrate to the Board the vulnerability of its employees to criminal hackers using non-technical means. Using Open Source Intelligence to gather information on a selection of the most senior individuals in the organisation, I was able to reveal how easily and legitimately, I was able to engage with them, physically access their office building; and if had I intended to do so, use the insight to hack into the business. It was an ‘eye-opener’ for the Board!
This is what malicious social engineers do – they leverage the ‘Perfect Storm’ – created by the organisation’s culture, the employees’ frame of mind and lack of security awareness and the ready availability of detailed personal information, to use social engineering and the “human factor” to gain business sensitive information for their own financial gains.
“Many hackers see employees of
organisations as “the weakest link”
As the technology becomes more complex, many hackers see employees of organisations as “the weakest link”, but to what extent this is the case relies on many factors other than the mere fact of human beings working for an organisation. Several factors in organisations make firms more or less vulnerable to hackers, and it is possible to defend, mitigate and ‘patch’ your own human vulnerabilities.
I’m talking about this issue at the upcoming Cyber Threat Landscape for Law Firms on 23 February 2017:
- How an organisation can be “profiled” by a malicious criminal, who then uses the information to design a hack that is suited to the culture of the target company
- Explain why “culture” is an important element in the shape and nature of an attack, communicating the threat to employees and ultimately in the defence against attack
- Highlight my own “experiences” as an ethical Social Engineer and share some tricks, tactics and methods that I use to attack organisations via their people.
- Offer tips and guidance on how to “wake up the workforce” to the threat of Social Engineering, and how to maintain engagement of staff to prevent cyber threats
My presentation will be fast paced, humorous and revealing! Hope to see you there!
About Jenny Radcliffe
Jenny Radcliffe is an ethical expert in Social Engineering, negotiation, persuasion and influence, non-verbal communication and deception. She uses her skills to help clients – from global corporations and law enforcement to poker players, politicians and the security industry – to protect themselves from cyber criminals.