Reading room



Our monthly newsletter

July 2021

June 2021

May 2021

April 2021

March 2021

February 2021

January 2021

November 2020

October 2020

September 2020

July 2020

June 2020

May 2020

April 2020

March 2020

February 2020

January 2020

November 2019

October 2019

September 2019

June 2019

May 2019

April 2019

March 2019

February 2019

January 2019


Presentations, articles, papers


1. Interview for the TAZ Newspaper (In German): Jeder hat eine Schwachstelle. Betrüger bauen Vertrauen auf, um an Daten oder Geld zu kommen. Welche Tricks sie dafür nutzen, erklärt Sicherheitstrainerin Christina Lekati.

https://taz.de/Sicherheitsexpertin-ueber-Social-Engineering/!5711020/




2. SANS Summit Talk for the Open Source Intelligence Summit (Washington DC): “Judging By The Cover - Profiling Through Social Media”. The talk demonstrates how attackers gather information on their targets through social media and utilize them to manipulate and victimize them – ultimately leading to a security breach. If you have a SANS account you may find the slides of the presentation by visiting:

https://www.sans.org/cyber-security-summit/archives




3. Interview for Golem.de (In German): Social Engineering: Die unterschätzte Gefahr. Die größten Schwachstellen in technischen Systemen sind bis heute Menschen. Social Engineers machen sich ihre Sorglosigkeit zunutze - und finden auf sozialen Netzwerken alles, was sie für einen erfolgreichen Angriff brauchen.

https://www.golem.de/news/social-engineering-die-unterschaetzte-gefahr-1908-142812.html




4.Interview for the Dot Magazine: “Creating a “Human Firewall” for IT Security”. Psychologist and social engineer Christina Lekati from Cyber Risk GmbH explains the psychological basis of phishing and how to arm staff with effective defenses.

https://www.dotmagazine.online/issues/securing-the-future/human-firewall-for-it-security




5. Interview for the ECO Association- Europe’s Largest Internet Association (In German): Social Engineering: Mitarbeiter stärker für IT-Security sensibilisieren. Mitarbeiter müssen lernen, wie sie auf diese Anfragen in einer angemessenen Weise reagieren können. Dies geschieht durch intensive Schulung. Sie müssen verstehen, dass das Thema: Sicherheit geteilte Verantwortung bedeutet und, dass sie eben einen Teil dieser Verantwortung mittragen.

https://www.eco.de/news/social-engineering-unwissenheit-am-meisten-ausgenutzt/




6. Conference Presentation at Hacktivity: "Social Engineering Through Social Media". The talk demonstrates how attackers gather information on their targets through social media and utilize them to manipulate and victimize them – ultimately leading to a security breach. https://www.youtube.com/watch?v=D8Z69AsSFn0&t=577s




7. Conference Presentation at ElBsides Hamburg: "When Your Biggest Threat is on Your Payroll – Drivers and Enablers of Insider Threat Activities". The talk discusses the organizational factors enabling insider threat operations and countermeasures against them, by combining the lessons learned on insider activity prevention from the fields of counterintelligence, psychology, and cyber-security.

https://www.youtube.com/watch?v=5ovY0YlLZNU&t=2208s




8. The National strategy for the protection of Switzerland against cyber risks (NCS) for 2018 to 2022, adopted by the Federal Council on 18 April 2018: https://www.isb.admin.ch/isb/en/home/ikt-vorgaben/strategien-teilstrategien/sn002-nationale_strategie_schutz_schweiz_cyber-risiken_ncs.html



9a. Switzerland’s Security 2018 - Situation Report 2018 of the Federal Intelligence Service (FIS): https://www.newsd.admin.ch/newsd/message/attachments/52216.pdf



9b.Switzerland’s Security 2019 - Situation Report 2018 of the Federal Intelligence Service (FIS): https://www.newsd.admin.ch/newsd/message/attachments/57076.pdf



10a. Bundesamt für Verfassungsschutz (BfV), Electronic Attacks with an Intelligence Background: http://www.verfassungsschutz.bayern.de/mam/spionageabwehr/content/publication-2014-07-electronic-attacks.pdf



10b. Bundesamt für Verfassungsschutz (BfV), Cyber attacks controlled by intelligence services: https://www.verfassungsschutz.de/embed/publication-2018-05-cyber-attacks-controlled-by-intelligence-services.pdf



11. Hybrid CoE, The European Centre of Excellence for Countering Hybrid Threats:
https://www.hybridcoe.fi/publication-tags/strategic-analysis/



12. MELANI, Content for Entreprises:
https://www.melani.admin.ch/melani/en/home/unternehmen.html



13. Swiss Governmental Computer Emergency Response Team (GovCERT):
https://www.govcert.admin.ch



14. FIRST, Forum of Incident Response and Security Teams:
http://www.first.org/members/teams/govcert-ch



15. Latest News, from the Federal Data Protection and Information Commissioner:
https://www.edoeb.admin.ch/edoeb/en/home/latest-news/aktuell_news.html



16. Our Catalog - Instructor-led training in Switzerland, Liechtenstein and Germany: https://www.cyber-risk-gmbh.com/Cyber_Risk_GmbH_Catalog_2020.pdf






Our Services

Cyber security is ofter boring for employees. We can make it exciting.


Online Training

Recorded on-demand training and live webinars.

In-house Training

Engaging training classes and workshops.

Social Engineering

Developing the human perimeter to deal with cyber threats.


For the Board

Short and comprehensive briefings for the board of directors.


Assessments

Open source intelligence (OSINT) reports and recommendations.


High Value Targets

They have the most skilled adversaries. We can help.





Which is the next step?

1

You contact us

2

We meet and discuss

3

Our proposal

4

Changes and approval

5

We deliver







Cyber Risk GmbH, Cyber Risk Awareness and Training in Switzerland, Germany, Liechtenstein