Awareness training and “social engineering”

Protection against espionage attacks

About “social engineering”

Attacks on IT structures are being planned and executed with increasing professionalism. In the past frequent emails were sent to companies’ addresses which were in the public domain. As in the pre-Internet era of the infamous faxes and letters from Nigeria, there was the assumption that someone somewhere would react to the spam emails and would open the malware in the attachment.

The term “social engineering” is now applied very often to the manipulation of people used to gain access to the required information. A precise definition of the term is often unclear. Awareness seminars generally refer to “the human weaknesses and susceptibilities” which aggressors successfully exploit. But this definition is inadequate. Providing staff with “creative” methods for generating complex passwords goes no more than part of the way towards protection against adept social engineering.

The term “social engineering” is now applied very often to the manipulation of people used to gain access to the required information. A precise definition of the term is often unclear. Awareness seminars generally refer to “the human weaknesses and susceptibilities” which aggressors successfully exploit. But this definition is inadequate. Providing staff with “creative” methods for generating complex passwords goes no more than part of the way towards protection against adept social engineering.

Zielsetzung und Zielgruppe des Seminars

Social engineering relies on the application of psychological techniques used to exercise influence with the goal of manipulating the target person. These techniques and their effect are explained in the seminar. The seminar also demonstrates the process adopted by aggressors to infiltrate a system in spite of sophisticated IT security measures. Knowledge of the methodology of social engineering significantly reduces the chances of success. Familiarity with the mechanisms of psychological manipulation can be developed and incorporated into companies’ defence strategies with relatively little expense. Participants learn how they can recognise and effectively counteract social engineering using simple techniques.

The seminar’s target group

All persons who have access to the company are targets of social engineering. They do not have to be employees: sub-contract staff such as cleaning, security and reception personnel supply valuable information or they themselves become part of an infiltration attack.

The content and implementation of the seminar

The following topics are covered with the participants in our seminars:

  • Ways of identifying target persons in the company
  • Techniques used to make contact with target persons
  • Manipulation techniques using targeted communication and what is called “cold reading“
  • Ways of protecting against attacks at a structural and personal level

 

The seminar is fine-tuned to match the relevant target group. Research and development staff and IT specialists are “contacted” by attackers in a different way from that adopted for a receptionist. Group-specific attack scenarios are adopted and incorporated into the seminar design and the seminar’s exercises.

Participants learn in detail about the subtle methods used by attackers to contact target persons and finally to corrupt them. Role play communication techniques are then used in small groups to present ways of identifying and protecting against attackers.

The training courses can take the form of in-house courses in your premises or wherever you choose.

The standard training course normally starts at 9.00 am and finishes at 5.00 pm.

Bis zu 12 Teilnehmer sind möglich.

Up to 12 participants can be accommodated.

Please contact us for an offer to meet your specific needs.

To the Flyer Download