October is here, which means that it is Cyber Security Awareness Month! We would like to take this opportunity to help educate users on the importance of cyber resilience. We have partnered with Transport for London in a collaborative effort to raise awareness about the vital role of social engineering. This includes a deep-dive into the kill chain methodology, the use of different attack techniques as well as how to best protect networks from these attacks.
Our Security Consultant Sarka Pekarova will be presenting two sessions on the latest social engineering trends, showcasing how her human-hacking techniques can be used to manipulate people to share sensitive information. Through her own real-world experiences, she will examine how our understanding of the science behind emotions and decisions can be used to break into secured premises, convince people to hand over passwords, share sensitive files, and commit other acts that are not in their best interest.
The motivation behind the workshop is to create awareness on the main issues faced by organisations in regards to social engineering: the threat isn't necessarily the employees themselves, but the lack of awareness and potential impact of seemingly innocuous actions, focusing on how they improve this through training and cognisance. By increasing awareness of social engineering techniques as well as creating a company culture that values communication and education, it is possible for organisations to close the gap and guard against these attacks. "Staff training and education is a topic many talk about, but very few implement or emphasise. It is a top-down responsibility to find a way to make employees care about security and have the necessary tools to mitigate risks. I am happy to participate in this initiative of Transport for London, and motivated to educate their employees on how to protect their business", said Sarka.
Through the presentation, participants will be guided through the science of facial expressions, body language, and the psychology behind influence and persuasion. Sarka will then step over to the defensive side, providing in-depth details about the human hacker’s skill set to help participants identify and remedy their own system’s weaknesses. "It's important for organisations to understand what the current threats are and how these can affect their organisation. Penetration testing allows us to position and understand a company's weaknesses from an intruder’s perspective, fostering insightful and empirical knowledge that allows organisations to better understand their threat landscape and plan a successful training programme for their employees".