We continue to read stories about complex attacks against big organizations; attacks which used malware, rootkits and technical attacks to penetrate and compromise those victims, stealing valuable organization information. The reality is that many of those compromises involved phishing and social engineering attacks as a crucial part of that compromise, by attacking the person instead of, or along with, the technology.
In this dynamic, interactive session, we will discuss both social engineering and phishing attacks, and how they are used together, as well as part of a bigger attack. During the session, we will not just discuss, but demonstrate real-life examples of each, using attacks which resulted in actual compromises of real companies. We will talk about why the attacks work and how to recognize when a person is under attack. We will discuss (and demonstrate) steps to help make attendees less vulnerable to such attacks. This will enable attendees to apply immediate, practical guidance to improve their own personal security, and to take these lessons back to their organizations.
- Social engineering/phishing are often parts of a bigger attack.
- Discuss why social engineering and phishing are so successful.
- Demonstrate how to recognize social engineering and phishing attacks.
- Actually be able to apply demonstrated techniques by the end of the session, and be immediately able to improve your personal security, as well as that of your organization.
About Jon Heimerl
Jon Heimerl is the manager of the threat intelligence communication team for global security company NTT Security. He has worked in the security field since starting with the CIA in 1984 and has been a programmer, a system and network administrator, a systems engineer, a security consultant, and a product manager. He has done everything from write a device driver in assembler to manage a worldwide network for the U.S. Intelligence Community. His consulting experience includes security assessments, awareness training, social engineering and physical security assessments, which have including scaling walls, crawling under raised computer floors, and even picking a lock with a Coke from Burger King.