To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Ik snap het!
Artwork

Tech Business Cyber Cybersecurity Intelligence Risk Security Nisos Investigative Threats
Inhoud geleverd door Nisos, Inc.. Alle podcastinhoud, inclusief afleveringen, afbeeldingen en podcastbeschrijvingen, wordt rechtstreeks geüpload en geleverd door Nisos, Inc. of hun podcastplatformpartner. Als u denkt dat iemand uw auteursrechtelijk beschermde werk zonder uw toestemming gebruikt, kunt u het hier beschreven proces https://nl.player.fm/legal volgen.
Player FM - Podcast-app
Ga offline met de app Player FM !
Get it on App Store Get it on Google Play

the CYBER5 »
Insider Threats and Social Engineering Tactics by Counterintelligence Institute’s Peter Warmka

32:06
 
Spelen
Spelen
Delen
 

MP3Thuis aflevering
Manage episode 357309543 series 3331602
Inhoud geleverd door Nisos, Inc.. Alle podcastinhoud, inclusief afleveringen, afbeeldingen en podcastbeschrijvingen, wordt rechtstreeks geüpload en geleverd door Nisos, Inc. of hun podcastplatformpartner. Als u denkt dat iemand uw auteursrechtelijk beschermde werk zonder uw toestemming gebruikt, kunt u het hier beschreven proces https://nl.player.fm/legal volgen.

In Episode 90 of TheCyber5, we are joined by Peter Warmka, founder of the Counterintelligence Institute. Warmka is a retired senior intelligence officer with the U.S. Central Intelligence Agency (CIA) where he specialized in clandestine HUMINT (human intelligence) collection. With 20+ years of breaching security overseas for a living, Warmka now teaches individuals and businesses about the strategy and tactics of “human hacking”.

Warmka highlights how insiders are targeted, the methods used by nationstates for committing crimes, and what organizations need to help focus their security training to prevent a breach.

Below are the three major takeaways:

  1. Prevalent open source techniques for targeting a person or company as an insider threat:

A website that defines the key personnel and mission statement of an organization provides critical context of how to target employees using social engineering techniques. Bad actors use job descriptions that provide critical targeting information about the enterprise and security technologies that are used so they may target potential technology vulnerabilities and subsequently penetrate the organization. Lastly, social media and open source content typically offer information about employees and companies that can be used for nefarious purposes.

  1. Employees are recruited for nation state espionage or crime:

Adversaries pose as executive recruiters through direct engagement and through hiring platforms to elicit sensitive company information. Employees allow themselves to be socially engineered from a spearphish. Threat actors will also go so far as to create deep fakes to help sell the impression that they are a senior company executive.

  1. Security awareness training should focus on verification:

There are several ways to defend yourself and your enterprise, but consistent education and training are tried and true successful methods for defense. However, annual videos for security training will not change employee behavior. They are too infrequent to modify human behavior. Employees need to be taught to be apprehensive about unsolicited outreach through email, phone call, social media, or SMS. Business procedures need to focus on quick and timely verification of suspicious activity. A policy of “trust but verify” is likely going to be too late.

  continue reading

91 afleveringen

#Tech #Business #Cyber #Cybersecurity #Intelligence #Risk #Security #Nisos #Investigative #Threats
Artwork

Insider Threats and Social Engineering Tactics by Counterintelligence Institute’s Peter Warmka

the CYBER5

published

Spelen Spelen
iconDelen
 
MP3Thuis aflevering
Manage episode 357309543 series 3331602
Inhoud geleverd door Nisos, Inc.. Alle podcastinhoud, inclusief afleveringen, afbeeldingen en podcastbeschrijvingen, wordt rechtstreeks geüpload en geleverd door Nisos, Inc. of hun podcastplatformpartner. Als u denkt dat iemand uw auteursrechtelijk beschermde werk zonder uw toestemming gebruikt, kunt u het hier beschreven proces https://nl.player.fm/legal volgen.

In Episode 90 of TheCyber5, we are joined by Peter Warmka, founder of the Counterintelligence Institute. Warmka is a retired senior intelligence officer with the U.S. Central Intelligence Agency (CIA) where he specialized in clandestine HUMINT (human intelligence) collection. With 20+ years of breaching security overseas for a living, Warmka now teaches individuals and businesses about the strategy and tactics of “human hacking”.

Warmka highlights how insiders are targeted, the methods used by nationstates for committing crimes, and what organizations need to help focus their security training to prevent a breach.

Below are the three major takeaways:

  1. Prevalent open source techniques for targeting a person or company as an insider threat:

A website that defines the key personnel and mission statement of an organization provides critical context of how to target employees using social engineering techniques. Bad actors use job descriptions that provide critical targeting information about the enterprise and security technologies that are used so they may target potential technology vulnerabilities and subsequently penetrate the organization. Lastly, social media and open source content typically offer information about employees and companies that can be used for nefarious purposes.

  1. Employees are recruited for nation state espionage or crime:

Adversaries pose as executive recruiters through direct engagement and through hiring platforms to elicit sensitive company information. Employees allow themselves to be socially engineered from a spearphish. Threat actors will also go so far as to create deep fakes to help sell the impression that they are a senior company executive.

  1. Security awareness training should focus on verification:

There are several ways to defend yourself and your enterprise, but consistent education and training are tried and true successful methods for defense. However, annual videos for security training will not change employee behavior. They are too infrequent to modify human behavior. Employees need to be taught to be apprehensive about unsolicited outreach through email, phone call, social media, or SMS. Business procedures need to focus on quick and timely verification of suspicious activity. A policy of “trust but verify” is likely going to be too late.

  continue reading

91 afleveringen

#Tech #Business #Cyber #Cybersecurity #Intelligence #Risk #Security #Nisos #Investigative #Threats

Alle afleveringen

×
 
Loading …

Welkom op Player FM!

Player FM scant het web op podcasts van hoge kwaliteit waarvan u nu kunt genieten. Het is de beste podcast-app en werkt op Android, iPhone en internet. Aanmelden om abonnementen op verschillende apparaten te synchroniseren.

 

Luister naar 500+ onderwerpen
Player FM - Podcast-app
Ga offline met de app Player FM !
Get it on App Store Get it on Google Play

Korte handleiding

Top-podcasts
Bureau Sport Podcast
De Koffiecorner
NOS Langs de Lijn Sportforum
Macro met Boot en Mujagić | BNR
FOKCAST
Somertijd
Schokkend Nieuws Podcast
Gremlins Strike Back
Digitaal | BNR
NOS Met het Oog op Morgen
Argos
Leven Zonder Stress
Wetenschap Vandaag | BNR
Radio Swammerdam
Echt Gebeurd
De Correspondent
De Nieuwe Willem
De moord op Patrick
De Blankenberge Tapes
Player FM logo
Hulp of Veelgestelde vragen | Verbeteren | Advertise
Kunst|Zakelijk|Komedie|Economie|Entertainment|Nieuws|Politiek|Religie
Wetenschap|Voetbal|Sport|Verhaal vertellen|Technologie|Waargebeurde verhalen
Copyright 2024 | Sitemap | Privacybeleid | Servicevoorwaarden | | auteursrechten
Episode being played series thumbnail
icon icon
Snelheid
Serie instellingen
1x
1x
Volume
100%
icon
icon icon
/

Bekijk Player FM in ...
Player FM
Browser
Chrome
Safari
Firefox