Reading room



Our monthly newsletter

November 2021

October 2021

September 2021

July 2021

June 2021

May 2021

April 2021

March 2021

February 2021

January 2021

November 2020

October 2020

September 2020

July 2020

June 2020

May 2020

April 2020

March 2020

February 2020

January 2020


Presentations, articles, papers, news


1. Presentation at the CEO corner and the CISO/DPO Cyber Day in Luxemburg, organized by PwC Luxembourg. At the CEO Corner, Christina was invited for an executive briefing on the highly personalized, social engineering threats targeting CEOs and the Board of Directors, in an interactive, in-person session among a small group of select executives and CEOs. During the CISO/DPO Cyber Day, Christina presented the evolving nature of social engineering attacks, what we should expect in the future, and how weaponizing psychology is currently a threat to information security. She recommended Target Vulnerability Assessments that will assist high value targets avoid or better identify and respond to weaponized psychology attacks against them or their organization.


Christina Lekati Presentation at the CEO corner and the CISO/DPO Cyber Day in Luxemburg, organized by PwC Luxembourg



2. Keynote Presentation for SecIT by Heise. In this presentation, Christina Lekati discussed the psychological elements and behavioural science involved in facilitating users to adopt better cybersecurity habits. She talked about the drivers of motivation, people’s perception of risk and reward, the psychology of wilful compliance, but also about common mistakes in the process. This presentation aided security managers and executives to more effectively communicate and implement the necessary cybersecurity policies and procedures that employees need to practice within their organization.


Christina Lekati Heise



3. "Judging By the Cover; Profiling and Targeting Through Social Media". Presentation at the Social Engineering Village at DEF CON 29. The presentation demonstrated how attackers gather information through social media and utilize them to manipulate and victimize their targets, ultimately leading to a security breach.


Christina Lekati DEFCON



4. Interview for the TAZ Newspaper (In German): Jeder hat eine Schwachstelle. Betrüger bauen Vertrauen auf, um an Daten oder Geld zu kommen. Welche Tricks sie dafür nutzen, erklärt Sicherheitstrainerin Christina Lekati.

https://taz.de/Sicherheitsexpertin-ueber-Social-Engineering/!5711020/


Christina Lekati, Interview for the TAZ Newspaper



5. SANS Summit Talk for the Open Source Intelligence Summit (Washington DC): “Judging By The Cover - Profiling Through Social Media”. The talk demonstrates how attackers gather information on their targets through social media and utilize them to manipulate and victimize them – ultimately leading to a security breach. If you have a SANS account you may find the slides of the presentation by visiting:

https://www.sans.org/cyber-security-summit/archives


Christina Lekati SANS


6. Interview for Golem.de (In German): Social Engineering: Die unterschätzte Gefahr. Die größten Schwachstellen in technischen Systemen sind bis heute Menschen. Social Engineers machen sich ihre Sorglosigkeit zunutze - und finden auf sozialen Netzwerken alles, was sie für einen erfolgreichen Angriff brauchen.

https://www.golem.de/news/social-engineering-die-unterschaetzte-gefahr-1908-142812.html


Christina Lekati, Interview for Golem.de



7. Interview for the Dot Magazine: “Creating a “Human Firewall” for IT Security”. Psychologist and social engineer Christina Lekati from Cyber Risk GmbH explains the psychological basis of phishing and how to arm staff with effective defenses.

https://www.dotmagazine.online/issues/securing-the-future/human-firewall-for-it-security


Christina Lekati, Interview for the Dot Magazine



8. Interview for the ECO Association - Europe’s Largest Internet Association (In German): Social Engineering: Mitarbeiter stärker für IT-Security sensibilisieren. Mitarbeiter müssen lernen, wie sie auf diese Anfragen in einer angemessenen Weise reagieren können. Dies geschieht durch intensive Schulung. Sie müssen verstehen, dass das Thema: Sicherheit geteilte Verantwortung bedeutet und, dass sie eben einen Teil dieser Verantwortung mittragen.

https://www.eco.de/news/social-engineering-unwissenheit-am-meisten-ausgenutzt/


Christina Lekati, Interview for the ECO Association

9. Conference Presentation at Hacktivity: "Social Engineering Through Social Media". The talk demonstrates how attackers gather information on their targets through social media and utilize them to manipulate and victimize them – ultimately leading to a security breach. https://www.youtube.com/watch?v=D8Z69AsSFn0&t=577s


Christina Lekati, Conference Presentation at Hacktivity

10. Conference Presentation at ElBsides Hamburg: "When Your Biggest Threat is on Your Payroll – Drivers and Enablers of Insider Threat Activities". The talk discusses the organizational factors enabling insider threat operations and countermeasures against them, by combining the lessons learned on insider activity prevention from the fields of counterintelligence, psychology, and cyber-security.

https://www.youtube.com/watch?v=5ovY0YlLZNU&t=2208s


Christina Lekati, Conference Presentation at ElBsides Hamburg


11. Cyber Terror Campaigns Against High Value Individuals and Public Figures: https://www.cyber-risk-gmbh.com/Cyber_Terror_Campaigns_Against_High_Value_Individuals_and_Public_Figures.html



12. How Psychology and Behavioural Science Can Help You Build Your Cybersecurity Culture: https://www.cyber-risk-gmbh.com/How_Psychology_and_Behavioural_Science_Can_Help_You_Build_Your_Cybersecurity_Culture.html



13. Wie Psychologie und Verhaltenswissenschaft ihnen beim Aufbau ihrer Cybersecurity-Kultur helfen können: https://www.cyber-risk-gmbh.com/Wie_Psychologie_und_Verhaltenswissenschaft_ihnen_beim_Aufbau_ihrer_Cybersecurity_Kultur_helfen_koennen.html



14. Psychological Exploitation of Social Engineering Attacks: https://www.cyber-risk-gmbh.com/Psychological_Exploitation_of_Social_Engineering_Attacks.html



15. Psychologische Ausnutzung von Social-Engineering-Angriffen: https://www.cyber-risk-gmbh.com/Psychologische_Ausnutzung_von_Social_Engineering_Angriffen.html







Our Services

Cyber security is ofter boring for employees. We can make it exciting.


Online Cybersecurity Training

Online Training

Recorded on-demand training and live webinars.

In-house Cybersecurity Training

In-house Training

Engaging training classes and workshops.

Social Engineering Cybersecurity Training

Social Engineering

Developing the human perimeter to deal with cyber threats.


For the Board Cybersecurity Training

For the Board

Short and comprehensive briefings for the board of directors.


Cybersecurity Assessment

Assessments

Open source intelligence (OSINT) reports and recommendations.


High Value Targets Cybersecurity Training

High Value Targets

They have the most skilled adversaries. We can help.





Which is the next step?

1

You contact us

2

We discuss

3

Our proposal

4

Changes and approval

5

We deliver







Cyber Risk GmbH, Cyber Risk Awareness and Training