A 3-hour workshop aimed at providing a more in-depth overview of all the security fundamentals at the user level and is targeted at staff who work with sensitive information. This course contains more technical details and practical examples from the real world as well as live hacking demonstrations. This course is ideally suited for people who work with sensitive information such as the accounts department, and first line support staff such as call centre staff.
Course Info Advanced level
In the context of information security, social engineering refers to the psychological manipulation of a person to perform an action or divulge confidential material. It is a fraudulent means to gather information or access a system and is often one of the many steps taken in a more complex fraud scheme. Social engineering tactics sometimes rely on an individual’s kindness and empathy, as well as their weaknesses, or can be blatantly deceitful and dishonest. This module aims to provide a good understanding of what social engineering is and provides several contexts of where and how it can be detected. It arms the participants with vigilance against social manipulation, whether it be physical or digital.
Phishing is a cyber-attack that uses disguised email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need — a request from their bank, for instance, or a note from someone in their company — and to click a link or download an attachment. What really distinguishes phishing is the form the message takes: the attackers masquerade as a trusted entity of some kind, often a real or plausibly real person, or a company the victim might do business with. It is the most widespread and malicious, with phishing messages and techniques becoming increasingly sophisticated. This module trains the participants to spot techniques used by hackers and to guide them to do several procedural checks before opening links or attachments.
Pharming attacks are typically widespread, where a hacker sends the same email to a multitude of recipients and waits to see which recipients take the bait.) Spear phishing attacks are onslaughts that are cleverly researched and that target an individuals’ weaknesses or Achilles heel (so to speak). With the advent of social media, people’s interests are publicly available to everyone for consumption. This makes the hacker’s task extremely easy when engineering a crafty spear-phishing attack. Whaling is a specific form of phishing that’s targeted at high-profile business executives, manager, and the like. It’s different from ordinary phishing in that with whaling, the emails or web pages serving the scam take on a more official or serious look and are usually targeting someone in particular. Examples of each attack are thoroughly explained in this module.
The greatest risk that individuals pose to organisations, is falling prey to ransomware attacks. These can be executed by hackers, physically or via attachments by email. Hackers will typically leave USB sticks, containing a few viral executable files, lying around the organization. Once launched and executed, the virus takes all the system files and encrypts them to the point that they are no longer recognizable, as shown in the image alongside. The hacker then requests payment in a currency (bitcoins) to receive a code to restore the files. This module explains the travesties that many organisations have suffered by falling victim to this kind of social engineering attack and also provides advice on how to protect against it.
Paying attention to physical security is extremely important in keeping your organisation secure. This module covers topics such as a clean board and desk policy, dumpster diving and upholding physical security controls within the organisation.
With the plethora of digital devices at our disposal, we are all exposed to cyber-crime in our own personal capacity. This module educates the participants on how to manage their devices, keep them updated with security patches and provides a basic understanding of the problems that may arise due to installation of unauthorised software, amongst many other items to protect themselves against.