Social Engineering Training: Awareness and Defence



Overview

In this social engineering training course, managers and employees learn to understand, identify and respond to social engineering attacks. The program provides with the knowledge necessary to recognize the most typical and frequently used types of attacks, and explains how to respond. During the course, attendees learn why security should supersede convenience at all times, and why policy needs to be diligently followed. Defense mechanisms and countermeasures are included in each section. We can tailor the course to meet specific requirements. No previous knowledge is required.


Target Audience

The program is beneficial to managers and employees working in companies and organizations of the public and the private sector.


Duration

One hour to one day, depending on the needs, the content of the program and the case studies. We always tailor the program to the needs of each client.


Instructor

Christina Lekati, psychologist, social engineering training expert. To learn about her you may visit: https://www.cyber-risk-gmbh.com/About_Christina_Lekati.html


Christina Lekati, Social Engineering Training Expert

Course Synopsis:

Introduction.

1. Security is not a technical issue alone.

2. The importance of cultivating and maintaining security habits.

3. Non-technical means that protect your infrastructure.

4. Having multiple layers of security.


Social Engineering.

1. What is social engineering.

2. Why social engineering is a primary attack vector – and why it is likely you will encounter it, too.

3. How does social engineering work?

4. What do attackers prey upon?

5. The numbers game vs. highly tailored and targeted attacks.


Who is the attacker?

1. Possible adversaries: competitors, employees, individuals, small groups, insiders, service providers, criminal organizations, nation states.

2. Social engineering is a business, and a full-time profession.


The Social Engineering Kill-chain.

1. Reconnaissance: The research phase used to identify and select targets.

2. Targeting: Who is the most vulnerable person to attack? What is the biggest vulnerability of the target?

3. Pretexting: The attacker’s cover story.

4. Establishing trust with the target.

5. Manipulating, exploiting and victimizing.

6. Case studies.


Typical Social Engineering Attacks from a Distance.

1. Phishing Emails.

2. Spear Phishing.

3. Vishing.

4. Smishing.

5. Watering Holes.

6. Spoofing.

7. Baiting.

8. Whaling phishing.

9. Emotional triggers that will make you want to respond - but you shouldn’t.

10. Case studies.

11. Defence.


Is your social media content making you a target?

1. Social media is a primary source of information for attackers.

2. How your social media content can be used against you.

3. Cybersecurity hygiene advice for social media.

4. Attacks through social media.

5. Examples.

6. Defense.


In-Person attacks and manipulation techniques.

1. USB traps.

2. Emotional elicitation & exploitation.

3. Time pressure.

4. Authority.

5. Likeability.

6. Intimidation.

7. Reciprocity.

8. Impersonation.

9. Pity & Helpfulness.

10. Commitment & Consistency.

11. Reverse Social Engineering.

12. Examples & Case Studies.

13. Defence.


Physical security.

1. Why social engineers will try to enter your establishment.

2. What assets can be stolen/ compromised?

3. Gaining unauthorized access to physical spaces.

4. Tailgating and bypassing physical security measures.

5. Locked does NOT mean secure - lockpicking capabilities.

6. Defence.


Identifying a social engineering attack.

1. Identifying manipulation and deceit.

2. Emotional triggers, emotional exploitation & what to do about it.

3. Verifying intentions - subtly.

4. Case studies.

5. Responding to and deterring a social engineering attack.


Policies & Procedures.

1. Convenience vs security.

2. What policies? What procedures? Why?

3. Using & applying policy to your advantage: escaping manipulation and uncomfortable situations.

4. Visitor policy best practices.

5. Disgruntled employees.

6. Best practices for third party vendors entering the establishment.


Developing information security habits.

1. Developing and internalizing everyday security habits.

2. Maintaining helpfulness without compromising security.

3. Establishing healthy boundaries in communication.


Concluding Remarks.

Our ultimate goal is to develop and strengthen an essential layer of organizational security, the human one (or as commonly called “the human firewall”), that will support and protect the assets of a company or organization.


For more information, you may contact us.


Terms and conditions

You may visit: https://www.cyber-risk-gmbh.com/Terms.html


You may also read:

https://www.cyber-risk-gmbh.com/Psychological_Exploitation_of_Social_Engineering_Attacks.html

https://www.cyber-risk-gmbh.com/Psychologische_Ausnutzung_von_Social_Engineering_Angriffen.html




Cyber Security Training

Cyber security is ofter boring for employees. We can make it exciting.


Online Cybersecurity Training

Online Training

Recorded on-demand training and live webinars.

More
In-house Cybersecurity Training

In-house Training

Engaging training classes and workshops.

More
Social Engineering Cybersecurity Training

Social Engineering Cybersecurity Training

Developing the human perimeter to deal with cyber threats.

More
For the Board Cybersecurity Training

For the Board

Short and comprehensive briefings for the board of directors.

More
Cybersecurity Assessment

Assessments

Open source intelligence (OSINT) reports and recommendations.

More
High Value Targets Cybersecurity Training

High Value Targets

They have the most skilled adversaries. We can help.

More




Which is the next step?

1

You contact us

2

We discuss

3

Our proposal

4

Changes and approval

5

We deliver







Cyber Risk GmbH, Cyber Risk Awareness and Training