The Impossible Task of Security in the Age of Sophisticated Social Engineering
The Challenge of Security for Humans
Now on demand, in the lead up to BlackHat and DefCon conferences I am talking to one of the leaders in that space and especially Social Engineering Chris Hadnagy (@HumanHacker), CEO & Co-Founder of Social-Engineering.com (@SocEngineerInc) and author of several books on the topic including a new one due out this summer ”Social Engineering – The Science of Human Hacking”.
Episode NOW on Demand
You can hear a little of the history of how Chris arrived in this role, his early experience at DefCon when he was asked to be a judge for the nascent Social Engineering village. Thanks to some help from the Electronic Frontier Foundation (EFF) this early experience became the foundation of the now infamous and wildly popular Social-Engineer Capture The Flag (SECTF) from Defcon18 onward and set to be 6,000 sq ft of space for this year’s DefCon26.
We talk about the challenges of securing enterprises that are staffed by hundreds and thousands of people who all represent a potential path into the organization and how you address that and the importance of emotion in the context of social engineering. Even for a highly experienced social engineer like Chris, as he puts it:
“I can get anyone listening to click on a phish if I know your motivation and the right time and the right emotional content
I’ve sent 13 Million phishing emails in my career and wrote 4 books one of them specifically on Phishing and I clicked on an actual real Phish” ……But I have been phished
Incremental Steps to Secure Against Social Engineering Attacks
Listen in to find out the one incremental step you can take to help mitigate the ever-increasing onslaught of social engineering attacks. And hear how these attacks are becoming even more precise (Spear Phishing) using publicly available information based on research by the attackers which should “scare the living daylights out of everyone listening”
Just because you only have $400 in your account does not mean you are not a target for an attack.
“They don’t care about your $400 – they care about your credit rating and your identity”
Read this recent post – Healthcare Security in Crisis to pick up some tips from the Social-Engineering team for protecting patient data.
Sadly Healthcare data holds the keys to so many kingdoms and as a result has a big target painted on its back – hear the 2 key pieces of advice that Chris has for Healthcare and listen along to the show.
About the Show
For years Dr. Nick van Terheyden aka Dr. Nick, has served as a voice on the impact of new technologies on healthcare, earning a reputation as a leading authority on where the future of medicine is going. Combining powers of observation and real world experience, Dr. Nick has seen many predictions come true and makes the case that innovations in healthcare can be accomplished incrementally, not just by moonshot events. Tune in to hear Dr. Nick: The Incredmentalist and his guests discuss what the future of healthcare looks like, how we will get there, and what it will take to improve healthcare for all.
This article was originally published on the Dr. Nick – The Incrementalist blog and is republished here with permission.