Lisa Bock illustrates how trusted insiders such as current and former employees pose the greatest security threat to an organization. Lisa discusses best practices to limit this threat, including using the principle of least privilege, setting policies on when employees can access assets, and limiting access to trusted partners.
- [Voiceover] Organizations spend a large portion…of their security budget on protecting from external attacks…such as phishing attacks, malware, botnets, and rootkits.…However, current and former employees…pose the greatest cyber security threat to an organization.…An insider is someone on the inside of an organization,…such as an employee, a subcontractor, or intern.…An insider is more trusted and, once authenticated,…has access to company assets and network…and can generally move freely about the building.…
While an insider attack many times attempts…to try and cause harm or damage to a system,…insider attacks are not always malicious.…Attacks can include making a mistake,…for example, deleting an essential folder,…circumventing security measures in order to complete a task,…for example, asking someone to let you in…because you forgot your key card,…or changing the integrity of a system…to get it to do something more useful,…such as jailbreak your smart phone.…
A large percentage of the social engineering…
In this course, cybersecurity expert Lisa Bock discusses the methods a hacker might use, including embedding malicious links and attachments in emails and using mobile devices and social media to deploy an attack. She discusses the concept of "misuse of trust"—how hackers use charm, power, and influence to penetrate an organization—and why you need to be extra cautious with the disgruntled employee. Finally, Lisa discusses countermeasures security professionals can take to address these attacks.
Note: This course maps to the Social Engineering competency of the Certified Ethical Hacking exam. Review the exam objectives at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.
- Visualizing the victim
- Recognizing an attack
- Using charm, power, and influence
- Manipulating with social media
- Preventing insider attacks
- Stealing identities
- Pen testing with social engineering
- Taking countermeasures