The Impossible Task of Security in the Age of Sophisticated Social Engineering

by Dr Nick

The Incrementalist Graphic Chris Hadgny

The Challenge of Security for Humans

In the lead up to BlackHat and DefCon conferences I am talking to one of the leaders in that space and especially Social Engineering Chris Hadnagy (@HumanHacker), CEO & Co-Founder of Social-Engineering.com (@SocEngineerInc) and author of several books on the topic including a new one due out this summer ”Social Engineering – The Science of Human Hacking”

You can hear a little of the history of how Chris arrived in this role, his early experience at DefCon when he was asked to be a judge for the nascent Social Engineering village. Thanks to some help from the Electronic Frontier Foundation (EFF) this early experience became the foundation of the now infamous and wildly popular Social-Engineer Capture The Flag (SECTF) from Defcon18 onward and set to be 6,000 sq ft of space for this year’s DefCon26.

We talk about the challenges of securing enterprises that are staffed by hundreds and thousands of people who all represent a potential path into the organization and how you address that and the importance of emotion in the context of social engineering. Even for a highly experienced social engineer like Chris, as he puts it:

“I can get anyone listening to click on a phish if I know your motivation and the right time and the right emotional content

I’ve sent 13 Million phishing emails in my career and wrote 4 books one of them specifically on Phishing and I clicked on an actual real Phish” ……But I have been phished

Incremental Steps to Secure Against Social Engineering Attacks

Listen in to find out the one incremental step you can take to help mitigate the ever-increasing onslaught of social engineering attacks. And hear how these attacks are becoming even more precise (Spear Phishing) using publicly available information based on research by the attackers which should “scare the living daylights out of everyone listening”

Just because you only have $400 in your account does not mean you are not a target for an attack

“They don’t care about your $400 – they care about your credit rating and your identity”

Read this recent post – Healthcare Security in Crisis to pick up some tips from the Social-Engineering team for protecting patient data

Sadly Healthcare data holds the keys to so many kingdoms and as a result has a big target painted on its back – hear the 2 key pieces of advice that Chris has for Healthcare and listen along to the show


Listen live at 4:00 AM, 12:00 Noon or 8:00 PM ET, Monday through Friday for the next two weeks at HealthcareNOW Radio. After that, you can listen on demand (See podcast information below.) Join the conversation on Twitter at #TheIncrementalist.


 

Listen along on HealthcareNowRadio or on SoundCloud


You can also follow me here on medium, on twitter, or on facebook or Sign up to receive my posts each week