Presentation is loading. Please wait.

Presentation is loading. Please wait.

Social Engineering – Threats & Concerns Avisek Ghosh, CISA CISSP Sr. Manager – Corporate Security Cognizant Technology Solutions.

Published byTeresa Welch Modified over 9 years ago

Similar presentations

Presentation on theme: "Social Engineering – Threats & Concerns Avisek Ghosh, CISA CISSP Sr. Manager – Corporate Security Cognizant Technology Solutions."— Presentation transcript:

1 Social Engineering – Threats & Concerns Avisek Ghosh, CISA CISSP Sr. Manager – Corporate Security Cognizant Technology Solutions

2 Introduction A company may have –Purchased the best security technologies that money can buy, –Recruited the best trained security team –Hired security guards from the best security firm in the business. The company is still totally Vulnerable because of the Human Factor - Security's weakest link. ( Kevin D. Mitnick)

3 What is Social Engineering ? Social engineering involves the use of social skills to manipulate people to garner information they would normally not disclose. It can also be defined as an art of deception. The process preys upon two common characteristic traits: –Acceptance of authority –Willingness to cooperate with others

4 What are the broad types ? Phishing The process of attempting to acquire sensitive information such as usernames, passwords and other confidential details, by imitating a genuine internet or intranet portal Vishing This technique uses a rogue Interactive voice response (IVR) system to recreate a legitimate-sounding copy of a bank or other institution's IVR system. A typical system will reject log-ins continually, ensuring the victim enters PINs or passwords multiple times, often disclosing several different passwords Tailgating A common scenario, wherein, one or more persons follow an authorized person through a secured door or other entrance when the authorized person opens the door legitimately Dumpster Diving The practice of sifting through trash to find items that have been discarded by their owners, but which may have useful information. Shoulder Surfing Direct observation techniques, such as looking over someone's shoulder, to get information such as passwords, PINs, security codes, and similar data. Eavesdropping The act of secretly listening to the private conversation of others without their consent Pretexting The act in which an individual lies to obtain privileged data of an individual to impersonate.

5 What constitutes an attack ? Physical Aspects In the workplaceOver the phoneTrash AreaOn-line PortalsOut of Office Psychological Aspect PersuasionImpersonationFriendliness

6 Can I Identify an attacker ? Unfortunately, Almost anyone is potentially capable of mounting a social engineering attack It is not easy to decipher a Social engineering attack Characteristic Traits: Refusal to give contact information, Rushing, Name-dropping, Intimidation on questioning, Committing Small mistakes Requesting forbidden information

7 What can be the impact ? Impact can be a loss of any of the below: Confidential Information Corporate Reputation & Brand Customers Norton / Symantec Cyber Crime Report 2011

8 What do I do ? People Process Technology Solution is simple and age old PPT The three building blocks for any Firm Our priorities are wrongly set Investments to be made in the right pockets Awareness needs to be the key tactical as well as strategic Goal 

9 Technology - Important It is only as good as the people who use it and the process which defines its usage or boundaries Will technology add value? - is no longer a question but rather a factual statement. We need to maintain the balance between investment and requirement.

10 Process – Very Important Defines what People and Technology do to make a system work A flawed process leads to the other two components failing, though they might be the best in themselves individually This needs to be defined at the early stages Has a bad habit of defining itself, if not managed and defined properly

11 People – Most Important Core building block to each and everything in an Organization, They control processes, control technologies as well as manage other people Any flaw in the People component will indirectly affect all the three components in the long run It is highly important that people are trained in their respective fields to take informed decisions. It is also important that right people are mapped to the right systems as wrong mappings can crash the whole system.

12 To Summarize Social Engineering attacks mainly target People / your employees Every such attack has a physical and a psychological aspects All Social engineering attacks and attackers have visible trends Impacts of any such attacks can be multidimensional Organization’s security is only as strong as it’s weakest employee Technology is only as good as the employee who uses it and the processes which define it’s usage Prioritized focus on People is the call of the day: –Awareness –Trainings –Role mappings

13 THANK YOU The (Indian software) industry needs to ensure that the high levels of security and data protection become a strategic differentiator - Lakshmi (Vice Chairman)

Download ppt "Social Engineering – Threats & Concerns Avisek Ghosh, CISA CISSP Sr. Manager – Corporate Security Cognizant Technology Solutions."

Similar presentations

Chapter 1 Business Driven Technology

Chapter 1 Business Driven Technology
SOCIAL ENGINEERING ATTACKS GOWTHAM RAM RAJARAM VIGNESH SELVAKUMAR SELLAMUTHU.

SOCIAL ENGINEERING ATTACKS GOWTHAM RAM RAJARAM VIGNESH SELVAKUMAR SELLAMUTHU.
Social Engineering And You Steve Otto. Social Engineering n Social Engineering - Getting people to do things they ordinarily wouldn’t do for a stranger.

Social Engineering And You Steve Otto. Social Engineering n Social Engineering - Getting people to do things they ordinarily wouldn’t do for a stranger.
1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do To Avoid Becoming a Victim?

1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do To Avoid Becoming a Victim?
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.

Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.
Aleksandra Kurbatova 111611 IVCM.  What is social engineering?  Types  Pretexting  …  Summary  Conclusion.

Aleksandra Kurbatova IVCM.  What is social engineering?  Types  Pretexting  …  Summary  Conclusion.
SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.

SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.
Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.

Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Social Engineering Networks Reid Chapman Ciaran Hannigan.

Social Engineering Networks Reid Chapman Ciaran Hannigan.
CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
The Art of Deception - Controlling Human Element of Security - Shohei Hagiwara November 17th, 2009.

The Art of Deception - Controlling Human Element of Security - Shohei Hagiwara November 17th, 2009.
Social Engineering Jero-Jewo. Case study Social engineering is the act of manipulating people into performing actions or divulging confidential information.

Social Engineering Jero-Jewo. Case study Social engineering is the act of manipulating people into performing actions or divulging confidential information.
Management of Technology (OM476) Project Selection March 20, 2006 S. Fisher.

Management of Technology (OM476) Project Selection March 20, 2006 S. Fisher.
Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”

Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?

DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?

Similar presentations

Ads by Google