Organizations go into great lengths to protect highly sensitive and valuable information. However, they often neglect to properly train the individuals that handle them.
High value targets become by default high risk targets. For them, standard security awareness programs are not going to suffice. The way they are being targeted is anything but standard or usual. They are the recipients of the most sophisticated, tailored attacks, including state-sponsored attacks. These are attacks that are often well planned, well crafted, and employ advanced psychological techniques able to sway a target towards a desired (compromising) behavior without raising any alarms.
Are the managers and employees that handle an organisation’s most valuable assets equipped with the knowledge necessary to defend the organization and to protect themselves from well-funded, planned, and sophisticated attacks?
We recommend two complementary phases:
a) Open Source Intelligence (OSINT) collection and analysis. It includes the identification and analysis of points of vulnerability. We examine potential attack vectors based on how an adversary would exploit the available information. We try to answer questions such as: Are there visible physical locations that the subjects are frequenting? Are there visible personal information that can be exploited? How easily can an adversary approach the targets, online or offline? How vulnerable are the targets? And more, depending on the requirements of each case-scenario.
b) Tailored training. We present our findings, and we train managers and employees of the client organisation. We ensure they realize the impact of our findings, learn to recognize an attack, learn to respond to targeted psychological operations, improve their security habits, and much more.
The Open Source Intelligence (OSINT) Collection and Analysis covers:
• Intelligence collection from public sources of information (articles, conferences, interviews and more).
• Intelligence collection from personal social media accounts.
• Personal analysis of vulnerabilities based on the OSINT collection.
• Determination of possible attack vectors.
The training phase covers:
• Understanding the threat.
• Presentation of findings and attack case scenarios.
• Weaponized psychological principles used in attacks.
• The psychology of a target during an overt or covert approach.
• Tailored advice and best practice recommendations.
• Personal operational security (OPSEC) recommendations.
• Case studies.
Companies and organisations that are high value targets may contact us to discuss their needs. We will tailor our approach to the specific requirements of each client.
You may also read:
Cyber security is ofter boring for employees. We can make it exciting.
Recorded on-demand training and live webinars.
Engaging training classes and workshops.
Developing the human perimeter to deal with cyber threats.
Short and comprehensive briefings for the board of directors.
Open source intelligence (OSINT) reports and recommendations.
They have the most skilled adversaries. We can help.