Social Engineering – Threats & Concerns Avisek Ghosh, CISA CISSP Sr. Manager – Corporate Security Cognizant Technology Solutions.

Slides:



Advertisements
Similar presentations
Chapter 1 Business Driven Technology
Advertisements

SOCIAL ENGINEERING ATTACKS GOWTHAM RAM RAJARAM VIGNESH SELVAKUMAR SELLAMUTHU.
Social Engineering And You Steve Otto. Social Engineering n Social Engineering - Getting people to do things they ordinarily wouldn’t do for a stranger.
1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do To Avoid Becoming a Victim?
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.
Aleksandra Kurbatova IVCM.  What is social engineering?  Types  Pretexting  …  Summary  Conclusion.
SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.
Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.
Internet Phishing Not the kind of Fishing you are used to.
Social Engineering Networks Reid Chapman Ciaran Hannigan.
CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.
1 An Overview of Computer Security computer security.
The Art of Deception - Controlling Human Element of Security - Shohei Hagiwara November 17th, 2009.
Social Engineering Jero-Jewo. Case study Social engineering is the act of manipulating people into performing actions or divulging confidential information.
Management of Technology (OM476) Project Selection March 20, 2006 S. Fisher.
Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
Social Engineering UTHSC Information Security Team.
Social Engineering Provide brief background about ourselves i.e. what were are going to school for Ask students what they think social engineering is before.
Module 02: 1 Introduction to Computer Security and Information Assurance Objectives Recognize that physical security and cyber security are related Recognize.
The Role of People in Security
Information Systems Security Computer System Life Cycle Security.
Chapter 4.  Can technology alone provide the best security for your organization?
What does “secure” mean? Protecting Valuables
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.
CIS Computer Security Kasturi Pore Ravi Vyas.
Introduction to Computer Ethics
Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.
James McQuillen. Data protection Act 1998 The main aim of it is to protect people's fundamental rights and freedom to a particular right to privacy of.
Topic 5: Basic Security.
P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST
Chapter 10 Information Systems Development. Learning Objectives Upon successful completion of this chapter, you will be able to: Explain the overall process.
JMU GenCyber Boot Camp Summer, Introduction to Reconnaissance Information gathering – Social engineering – Physical break-in – Dumpster diving Scanning.
The Art of Deception: Controlling the Human Element of Security by Kevin D. Mitnick, William L. Simon, Steve Wozniak Kevin D. MitnickWilliam L. SimonSteve.
The Environment of Management
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
PHISHING PRESENTED BY: ARQAM PASHA. AGENDA What is Phishing? Phishing Statistics Phishing Techniques Recent Examples Damages Caused by Phishing How to.
Sources of Network Intrusion Security threats from network intruders can come from both internal and external sources.  External Threats - External threats.
IDENTITY THEFT Nicholas Michalak. Agenda What is Identity Theft? Background of Identity Theft Legislation Against it Different types and Examples What.
Designed By: Jennifer Gohn.  “Getting people to do things they wouldn’t ordinarily do for a stranger” –Kevin Mitnick  There are several different.
Issues for Computer Users, Electronic Devices, Computer and Safety.
BP Centro Introduction and market entry to North-East Europe.
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
WHAT YOU NEED TO KNOW Chevron Federal Credit Union Great Rates. Personal Service. chevronfcu.org  
JANELL LAYSER Training Manual. AWARENESS! Social Engineers are out there, and everyone should be prepared to deal with them! They can contact you by phone,
Chapter 1 Market-Oriented Perspectives Underlie Successful Corporate, Business, and Marketing Strategies.
Social Engineering: The Human Element of Computer Security
Social Engineering Dr. X.
Edexcel GCSE Cyber security threats Computer Science 1CP1
Add video notes to lecture
Social Engineering Brock’s Cyber Security Awareness Committee
The Art of Social Engineering
Social Engineering Charniece Craven COSC 316.
Information Security.
Social Engineering: The Art of Manipulation
Information Security 101 Richard Davis, Rob Laltrello.
Social Engineering Brock’s Cyber Security Awareness Committee
Cybersecurity Awareness
Robert Leonard Information Security Manager Hamilton
The Art of Deception.
Social Engineering No class today! Dr. X.
Objectives Telecommunications and Network Physical and Personnel
Lorenzo Biasiolo 3°AI INFORMATION SECURITY.
Business Compromise and Cyber Threat
Social Engineering Humans are often the weakest point in security
Presentation transcript:

Social Engineering – Threats & Concerns Avisek Ghosh, CISA CISSP Sr. Manager – Corporate Security Cognizant Technology Solutions

Introduction A company may have –Purchased the best security technologies that money can buy, –Recruited the best trained security team –Hired security guards from the best security firm in the business. The company is still totally Vulnerable because of the Human Factor - Security's weakest link. ( Kevin D. Mitnick)

What is Social Engineering ? Social engineering involves the use of social skills to manipulate people to garner information they would normally not disclose. It can also be defined as an art of deception. The process preys upon two common characteristic traits: –Acceptance of authority –Willingness to cooperate with others

What are the broad types ? Phishing The process of attempting to acquire sensitive information such as usernames, passwords and other confidential details, by imitating a genuine internet or intranet portal Vishing This technique uses a rogue Interactive voice response (IVR) system to recreate a legitimate-sounding copy of a bank or other institution's IVR system. A typical system will reject log-ins continually, ensuring the victim enters PINs or passwords multiple times, often disclosing several different passwords Tailgating A common scenario, wherein, one or more persons follow an authorized person through a secured door or other entrance when the authorized person opens the door legitimately Dumpster Diving The practice of sifting through trash to find items that have been discarded by their owners, but which may have useful information. Shoulder Surfing Direct observation techniques, such as looking over someone's shoulder, to get information such as passwords, PINs, security codes, and similar data. Eavesdropping The act of secretly listening to the private conversation of others without their consent Pretexting The act in which an individual lies to obtain privileged data of an individual to impersonate.

What constitutes an attack ? Physical Aspects In the workplaceOver the phoneTrash AreaOn-line PortalsOut of Office Psychological Aspect PersuasionImpersonationFriendliness

Can I Identify an attacker ? Unfortunately, Almost anyone is potentially capable of mounting a social engineering attack It is not easy to decipher a Social engineering attack Characteristic Traits: Refusal to give contact information, Rushing, Name-dropping, Intimidation on questioning, Committing Small mistakes Requesting forbidden information

What can be the impact ? Impact can be a loss of any of the below: Confidential Information Corporate Reputation & Brand Customers Norton / Symantec Cyber Crime Report 2011

What do I do ? People Process Technology Solution is simple and age old PPT The three building blocks for any Firm Our priorities are wrongly set Investments to be made in the right pockets Awareness needs to be the key tactical as well as strategic Goal 

Technology - Important It is only as good as the people who use it and the process which defines its usage or boundaries Will technology add value? - is no longer a question but rather a factual statement. We need to maintain the balance between investment and requirement.

Process – Very Important Defines what People and Technology do to make a system work A flawed process leads to the other two components failing, though they might be the best in themselves individually This needs to be defined at the early stages Has a bad habit of defining itself, if not managed and defined properly

People – Most Important Core building block to each and everything in an Organization, They control processes, control technologies as well as manage other people Any flaw in the People component will indirectly affect all the three components in the long run It is highly important that people are trained in their respective fields to take informed decisions. It is also important that right people are mapped to the right systems as wrong mappings can crash the whole system.

To Summarize Social Engineering attacks mainly target People / your employees Every such attack has a physical and a psychological aspects All Social engineering attacks and attackers have visible trends Impacts of any such attacks can be multidimensional Organization’s security is only as strong as it’s weakest employee Technology is only as good as the employee who uses it and the processes which define it’s usage Prioritized focus on People is the call of the day: –Awareness –Trainings –Role mappings

THANK YOU The (Indian software) industry needs to ensure that the high levels of security and data protection become a strategic differentiator - Lakshmi (Vice Chairman)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.