Social Engineering is a practice we use almost every day of our lives. It is apparent in how we interact with our families, our friends, strangers and even those coworkers we don't really like. It's really just the practice of dealing with other humans. By studying these interactions, attackers can become very adept at using these skills to manipulate people into actions that benefit them. Phishing, smishing, vishing are all tools of the trade that attackers use. The psychology used in these attacks to bypass critical thinking is becoming more and more advanced. By leveraging techniques like focus redirection and exploting the way our brain filters can be tricked in to perceiving a different reality, attackers are outpacing our best efforts to defend ourselves. Fear, anxiety and outrage are all being used to spread ransomware and other types of malware, scam people and organizations out of money and disrupt business. It’s no wonder that social engineering and phishing are the most common way that successful breaches get started. This session will look at the things social engineers use to trick users into performing the kinds of actions that lead to security breaches and ways to identify and counteract these attacks. It will also discuss recent real-world attacks and the social engineering tricks that made them effective. Topics include: - The Perception vs. Reality Dilemma - Focus redirection - Psychology behind the attacks - Identifying and developing defensive practices

Erich Kron is a veteran information security professional with over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the US Army's 2nd Regional Cyber Center-Western Hemisphere and holds CISSP, CISSP-ISSAP, MCITP and ITIL v3 certifications, among others. Erich has worked with information security professionals around the world to provide the tools, training and educational opportunities to succeed in Information Security.

Back to BSides Columbus Ohio 2019 video list