When we think about protecting the organisation from threat actors we often think in terms of configuration, patching, hardening; basically using technical controls. But what can we do to ensure that we protect our intellectual property and sensitive data from access by a compromised employee? In this session, I will use recent real life scenarios to illustrate situations that are often overlooked when practicing vulnerability management today.

In the summer of 2020, hackers used social engineering to target a number of Twitter employees to gain access to internal systems and tools. They were able to compromise a number of high profile accounts - including Joe Biden and Elon Musk, among others, to post cryptocurrency scams and dupe Twitter users.

This isn’t the first time Twitter’s employees have been the source of their own exploitation. Nor is Twitter alone as numerous big companies have suffered similar incursions - including Snapchat, MySpace, and Uber.

How do we get ahead of these risks and deal with them preventatively rather than reactively?

Reducing exposure is no longer just about putting things in place to protect your network from an external attacker. What if the risk is already inside your network? How do you find it? How do you stop it? How do you deter it? It requires a mix of There is education; real-to-life tests; and security configurations that can be put into place to best protect against this kind of attack.

In this session, we will take a journey together through the before, during, and after an attack like this.

I will explain, step by step, how easily this kind of social engineering compromise exposure can happen. The session will outline: how to educate employees about being targeted in this way; how attackers utilise Insider Data, Bribery, and Manipulation to achieve their ultimate goal; and how to educate all employees, technical and non-technical about their awareness of this nature of the attack. Attendees will leave with a sanity check-list to share with employees to help them consider whether a communication is from a hacker or authentic.

During the session, I’ll also cover how, as a security professional, you can identify if an attack is happening - whether it is possible, and if it is not possible; and best practices can be employed to identify behavioural changes in employees, networks, logons among others.

By the time I have completed my presentation I hope to have awoken a curiosity in the listener that will lead them to re-assess their own practices and what they can do to change and improve their ‘human’ security against social engineering in the future.