Reading room

Our monthly newsletter

November 2021

October 2021

September 2021

July 2021

June 2021

May 2021

April 2021

March 2021

February 2021

January 2021

November 2020

October 2020

September 2020

July 2020

June 2020

May 2020

April 2020

March 2020

February 2020

January 2020

Presentations, articles, papers, news

1. Presentation at the CEO corner and the CISO/DPO Cyber Day in Luxemburg, organized by PwC Luxembourg. At the CEO Corner, Christina was invited for an executive briefing on the highly personalized, social engineering threats targeting CEOs and the Board of Directors, in an interactive, in-person session among a small group of select executives and CEOs. During the CISO/DPO Cyber Day, Christina presented the evolving nature of social engineering attacks, what we should expect in the future, and how weaponizing psychology is currently a threat to information security. She recommended Target Vulnerability Assessments that will assist high value targets avoid or better identify and respond to weaponized psychology attacks against them or their organization.

2. Keynote Presentation for SecIT by Heise. In this presentation, Christina Lekati discussed the psychological elements and behavioural science involved in facilitating users to adopt better cybersecurity habits. She talked about the drivers of motivation, people’s perception of risk and reward, the psychology of wilful compliance, but also about common mistakes in the process. This presentation aided security managers and executives to more effectively communicate and implement the necessary cybersecurity policies and procedures that employees need to practice within their organization.

3. "Judging By the Cover; Profiling and Targeting Through Social Media". Presentation at the Social Engineering Village at DEF CON 29. The presentation demonstrated how attackers gather information through social media and utilize them to manipulate and victimize their targets, ultimately leading to a security breach.

4. Interview for the TAZ Newspaper (In German): Jeder hat eine Schwachstelle. Betrüger bauen Vertrauen auf, um an Daten oder Geld zu kommen. Welche Tricks sie dafür nutzen, erklärt Sicherheitstrainerin Christina Lekati.

https://taz.de/Sicherheitsexpertin-ueber-Social-Engineering/!5711020/

5. SANS Summit Talk for the Open Source Intelligence Summit (Washington DC): “Judging By The Cover - Profiling Through Social Media”. The talk demonstrates how attackers gather information on their targets through social media and utilize them to manipulate and victimize them – ultimately leading to a security breach. If you have a SANS account you may find the slides of the presentation by visiting:

https://www.sans.org/cyber-security-summit/archives

6. Interview for Golem.de (In German): Social Engineering: Die unterschätzte Gefahr. Die größten Schwachstellen in technischen Systemen sind bis heute Menschen. Social Engineers machen sich ihre Sorglosigkeit zunutze - und finden auf sozialen Netzwerken alles, was sie für einen erfolgreichen Angriff brauchen.

https://www.golem.de/news/social-engineering-die-unterschaetzte-gefahr-1908-142812.html

7. Interview for the Dot Magazine: “Creating a “Human Firewall” for IT Security”. Psychologist and social engineer Christina Lekati from Cyber Risk GmbH explains the psychological basis of phishing and how to arm staff with effective defenses.

https://www.dotmagazine.online/issues/securing-the-future/human-firewall-for-it-security

8. Interview for the ECO Association - Europe’s Largest Internet Association (In German): Social Engineering: Mitarbeiter stärker für IT-Security sensibilisieren. Mitarbeiter müssen lernen, wie sie auf diese Anfragen in einer angemessenen Weise reagieren können. Dies geschieht durch intensive Schulung. Sie müssen verstehen, dass das Thema: Sicherheit geteilte Verantwortung bedeutet und, dass sie eben einen Teil dieser Verantwortung mittragen.

https://www.eco.de/news/social-engineering-unwissenheit-am-meisten-ausgenutzt/

9. Conference Presentation at Hacktivity: "Social Engineering Through Social Media". The talk demonstrates how attackers gather information on their targets through social media and utilize them to manipulate and victimize them – ultimately leading to a security breach. https://www.youtube.com/watch?v=D8Z69AsSFn0&t=577s

10. Conference Presentation at ElBsides Hamburg: "When Your Biggest Threat is on Your Payroll – Drivers and Enablers of Insider Threat Activities". The talk discusses the organizational factors enabling insider threat operations and countermeasures against them, by combining the lessons learned on insider activity prevention from the fields of counterintelligence, psychology, and cyber-security.

https://www.youtube.com/watch?v=5ovY0YlLZNU&t=2208s

11. Cyber Terror Campaigns Against High Value Individuals and Public Figures: https://www.cyber-risk-gmbh.com/Cyber_Terror_Campaigns_Against_High_Value_Individuals_and_Public_Figures.html

12. How Psychology and Behavioural Science Can Help You Build Your Cybersecurity Culture: https://www.cyber-risk-gmbh.com/How_Psychology_and_Behavioural_Science_Can_Help_You_Build_Your_Cybersecurity_Culture.html

13. Wie Psychologie und Verhaltenswissenschaft ihnen beim Aufbau ihrer Cybersecurity-Kultur helfen können: https://www.cyber-risk-gmbh.com/Wie_Psychologie_und_Verhaltenswissenschaft_ihnen_beim_Aufbau_ihrer_Cybersecurity_Kultur_helfen_koennen.html

14. Psychological Exploitation of Social Engineering Attacks: https://www.cyber-risk-gmbh.com/Psychological_Exploitation_of_Social_Engineering_Attacks.html

15. Psychologische Ausnutzung von Social-Engineering-Angriffen: https://www.cyber-risk-gmbh.com/Psychologische_Ausnutzung_von_Social_Engineering_Angriffen.html

Our Services

Cyber security is ofter boring for employees. We can make it exciting.

Which is the next step?