How to Social Engineer Your Users Into More Secure Behavior
In spite of all the spectacular news stories about advanced persistent threats and targeted hacks from nation-states, the most common security challenge facing enterprises today continues to be social engineering. Successful hackers understand that the user is the weakest link in the security chain. Email phishing campaigns have proven to be the path of least resistance for getting unsuspecting individuals to download and install their malicious software. Getting users to identify phishing attacks and training them not to click on links in email messages is not a trivial task.
In this webinar, you’ll learn the strategies and techniques that social engineers are finding success with. You’ll also learn how to
implement an effective security awareness program that focuses on preventing socially engineered attacks and how to validate the results of your training with simulate phishing campaigns.
RecordedJan 12 201841 mins
Your place is confirmed, we'll send you email reminders
2019 promises to be the biggest year yet when it comes to not only the sheer volume of cyberthreats but also the new ways your users may be targeted. How prepared are YOUR users in standing up to them?
On this episode of On the Air, we’ll talk about the top threats your users will be facing in 2019 and the training and testing you’ll need to deliver to make sure they’re ready for them. We’ll be talking with IT pros from the Spiceworks Community as well as an expert from KnowBe4.
Here’s what we’ll discuss:
- Cryptojacking, vishing, and other big threats to watch out for in 2019
- Training and testing your users across multiple attack vectors, like email phishing and social engineering
- How to set up honeypots and other low-cost proactive measures
What really makes a “strong” password? And why are your end-users tortured with them in the first place? How do hackers crack your passwords with ease? And what can/should you do about your authentication methods?
In this unique webinar, you will learn about the recent NIST controversy and related password cracking problems. The “combatants” will be on the one side KnowBe4's Chief Hacking Officer, Kevin Mitnick with decades of first-hand “red-side” penetration testing experience, and on the other side, Roger Grimes, KnowBe4's Data-Driven Defense Evangelist with decades of experience on the blue team. The referee will be Perry Carpenter, KnowBe4's Chief Evangelist and Strategy Officer.
They will provide an in-the-trenches view of authentication hacking, so that you get some insights about the truth of the effectiveness of passwords, various password management guidelines, and even stronger authentication systems using multiple factors.
Erich Kron, Justin Ong, Tory Dombrowski, Robyn Edwards
This is the true story of two IT pros who got sick of their users clicking on everything and wanted to teach them a lesson… in a good way. Find out what happens, when people stop being polite, and start getting real. The Real World: Security Awareness Training!
In this webinar we talk to two IT pros from the Spiceworks Community about their experiences and lessons learned in designing and delivering a security awareness training plan to their users.
What we're discussing:
- Designing a program specific to your industry and organization
- Managing Up: best practices for training executives and other higher ups
- How to deal with problematic users and repeat offenders
So many of today’s cyberattacks are based on tried and true methods of social engineering, many dating back as much as 30 years. But attacking a victim’s machine for the sole purpose of mining cryptocurrency, installing ransomware or otherwise monetizing your network really is a 21st Century breach.
The problems, of course, are still the same: loss of productivity, potential data loss, and quite frankly, who wants a criminal mucking around in your network?
This webcast looks at how companies can train their staffs — and senior management — to recognize a potential phishing, visihing, smishing or other attacks, as well as techniques security teams can use to test their staffs on how well they understand the training they’ve received.
Erich Kron, Tim Wilson (Dark Reading), Chris Hadnagy, Ryan MacDougall
While hackers and cyber attackers are continually developing more sophisticated methods for penetrating enterprise systems, most of their exploits begin with a simple step: fooling users into breaking security policy. These "social engineering" attacks – including phishing, social networking scams, and online "watering holes" – are designed to trick your users into giving up their passwords or opening email attachments that contain malware. But how can enterprises prevent this sort of attack? Can users be trained to recognize such exploits and avoid them? In this webcast, experts discuss the most effective methods of defending against social engineering attacks.
Cryptomining infections are growing exponentially this year. Bad guys are hijacking your network processing power to steal your workstation and server resources. They are using various families of malware trying to stay under your radar.
Trying to maximize their criminal profits, they now infiltrate your network and use malicious code to determine the most lucrative attack–cryptomining or ransomware–making these attacks more dangerous than ever. To add insult to injury, they often leave whole libraries of hacking tools and backdoors behind.
Join Erich Kron, KnowBe4's Security Awareness Advocate, and learn more about the combined Ransomware / Cryptomining threat along with real-world examples of how criminals attack your users and network through innovative and devious tactics.
You’ll learn about:
- Cryptomining and what the real danger is to you
- The combined cryptomining / ransomware threat
- How this type of malware spreads
- What you can do to protect your network
KnowBe4's Chief Hacking Officer, Kevin Mitnick, shows a two-factor authentication exploit based on a credentials phishing attack using a typo-squatting domain. Once the user falls for this social engineering tactic and enters their credentials, the 2FA token gets intercepted and it's trivial to hack into the LinkedIn account.
Quantum computing is a game-changer and will have a huge impact on the way we do business, safeguard data, explore space, and even predict weather events. Yet, some experts say in the not so distant future quantum computers will break existing public key cryptography forever.
On that digital day of reckoning, every stored secret protected by traditional public key crypto will be broken forever; including TLS, digital certificates, PKI, SSH, RSA, most wireless networks, VPNs, online financial transactions, and even bitcoin and blockchain. All of it made worthless in a second…
The bad guys will be able to use more secrets against you than ever before, especially in increasingly sophisticated spear-phishing attacks. Attend this exclusive event to learn what you can do to prepare.
•Why quantum computing is different than traditional binary computing
•How close quantum computers are to breaking traditional public key cryptography
•What defenses you can deploy after public key cryptography is broken
•How to prepare your users - your best, last line of defense
The quantum computing break is coming. Will you be ready?
The bad guys are getting very creative, impersonating an executive in your organization and asking for financial reports or they ask employees in payroll to make changes to bank accounts. According to the FBI, their efforts have earned them an estimated $12 billion through Business Email Compromise also know as CEO fraud scams. And to make things worse, these attackers can be working on multiple potential victims at the same time.
In the event you'll learn:
~ The truth about Business Email Compromise
~ How to defend against these attacks using technical and non-technical controls
~ Why building a human firewall is your best layer of defense
Invoice fraud, escrow redirection, payroll fraud, and simple wire transfer fraud are all tools in the attacker's arsenal. Defending against these types of phishing attacks is possible by layering technical and non-technical controls.
Watch this on-demand webinar, as we take an in-depth look at how the latest attacks work and the psychology and mechanics behind them. We also discuss defensive measures you can take now to defend your organization against these attacks.
Bob Bragdon, Perry Carpenter, Randy Trzeciak, Christopher Leone
Get an exclusive look into the results of the CSO 2018 US State of Cybercrime survey, with moderator Bob Bragdon, SVP and Publisher of CSOonline.com. Join Bob and guests from the U.S. Secret Service, the Software Engineering Institute at Carnegie Mellon University, and and KnowBe4, a leading security awareness training and simulated phishing provider. This lively and revealing discussion examines the latest 2018 cybercrime findings, including: the number of security events, major causes, and their impact; what CIOs and CSOs can do to better secure their organizations; and a close-up look at the state of security awareness training.
Kevin Mitnick, the world's most famous hacker and KnowBe4's Chief Hacking Officer, along with Perry Carpenter, KnowBe4’s Chief Evangelist and Strategy Officer, share social engineering insights and experiences.
As the author of four best-selling books on the art of social engineering, Kevin is famous for his use of deception, intrusion, and invisibility as a tradecraft. The secrets he shares will help you defend against social engineering threats posed by the bad guys and keep them from manipulating your unsuspecting users.
Key topics covered will include:
- How social engineering has changed over time
- Some of the cleverest social engineering techniques
- Common ways malicious actors find information to use in spear phishing campaigns
- Psychology of a social engineering exploit and how an organization can protect its users
Watch along as Kevin exposes the dirty little secrets of social engineering.
No matter how much security technology we purchase, we still face a fundamental security problem: people. This webinar will explore the different levers that social engineers and scam artists pull to make us more likely to do their bidding.
Join Stu Sjouwerman, CEO at KnowBe4, and Perry Carpenter, Chief Evangelist and Strategy Officer at KnowBe4, as they provide fun and engaging examples of mental manipulation in everyday life: from the tactics used by oily car dealers, to sophisticated social engineering and online scams. Additionally, We'll look at how to ethically use the very same levers when educating our users.
- The Perception Vs. Reality Dilemma
- Understanding the OODA (Observe, Orient, Decide, Act) Loop
- How social engineers and scam artists achieve their goals by subverting - OODA Loop's different components
- How we can defend ourselves and our organizations
Most companies have huge gaps in their computer security defenses, and can be compromised at will by a determined hacker. The industry even has a term for it: “Assume Breach”.
But it doesn’t have to be that way!
Join Roger A. Grimes, a 30-year computer security consultant and author of 10 books, for this on-demand webinar where he explores the latest research on what’s wrong with current network defenses and how they got this way. Roger will teach you what most organizations are doing wrong, why, and how to fix it. You’ll leave this webinar with a fresh perspective and an action plan to improve the efficiency and effectiveness of your current computer security defenses.
Roger will teach you:
- What most companies are doing wrong, why, and how to fix it
- An action plan to improve the effectiveness of your computer security defenses
- How to create your “human firewall”
Everyone knows that two-factor authentication (2FA) is more secure than a simple login name and password, but too many people think that 2FA is a perfect, unhackable solution. It isn't!
Join Roger A. Grimes, KnowBe4's Data-Driven Defense Evangelist, and security expert with over 30-years experience, for this webinar where he will explore 12 ways hackers can and do get around your favorite 2FA solution.
The webinar includes a (pre-filmed) hacking demo by KnowBe4's Chief Hacking Officer Kevin Mitnick, and real-life successful examples of every attack type. It will end by telling you how to better defend your 2FA solution so that you get maximum benefit and security.
You'll learn about the good and bad of 2FA, and become a better computer security defender in the process, including:
- 12 ways hackers get around two-factor authentication
- How to defend your two-factor authentication solution
- The role humans play in a blended-defense strategy
Ransomware is spreading at an alarming pace and infecting networks across all industries and company sizes, primarily through phishing attacks. The cyber criminals behind the attacks are furiously innovating and keeping ahead of the defenses. In this session, we will have an interactive discussion related to the latest in ransomware threats and how to best protect your organization and yourself against this growing threat.
This session will educate attendees about the newest features of ransomware strains designed to evade detection and spread in new and creative ways. It will also discuss recent attacks and how the organizations could have better protected themselves.
The session will examine:
• Current phishing trends
• Ransomware and how it is infecting networks
• Effective mitigation strategies
• Recovering from an attack
Cyber security threats continue to proliferate and become more costly to businesses that suffer a data breach.
When it comes to combating these growing risks, most organizations continue to place more trust in technology-based solutions than on training their employees to be more aware of the threat landscape and able to recognize the red flags in cyber breach attempts.
Join Erich Kron, Security Awareness Advocate at KnowBe4, as he explains the emerging threats, the strengths and weaknesses that users bring to an organization's security culture, and strategies to fortify your organizations last layer of security, your users.
In this on-demand webinar you will learn:
- Current and emerging attack landscape and how organizations are coping
- Right and wrong approaches to changing employee behavior
- How to build a successful Security Awareness Training Program
Perry Carpenter, Chief Evangelist and Strategy Officer
The intersection between technology and human security is a difficult challenge for any organization to tackle, and although detection technologies are advancing, criminals are rapidly evolving their techniques and tactics to even greater levels of sophistication.
Their attacks are difficult to detect, and even security administrators themselves fall victim.
Join Perry Carpenter, Chief Evangelist and Strategy Officer at KnowBe4, as he explains the value of better understanding human nature, patterns and success practices when using technology to build a more secure operating environment. Hear practical advice on how to make both security and technology work with (rather than against) human nature to help reduce technology friction and simultaneously raise the security posture and resilience of the organization.
Topics Perry covers:
- Looking at the multi-dimensional nature of security
- Finding relevant intersections between technology and behavior
- Strategies to make awareness stick
- Brainstorming activities for planning your custom "Human Firewall"
With 91% of data breaches being the result of human error, security leaders, auditors, and regulators increasingly recognize that a more intentional focus on the human side of security is critical to the protection of organizations. However, organizations have been struggling with and debating the effectiveness of traditional security awareness and training.
Join Erich Kron, Security Awareness Advocate at KnowBe4, for this webinar "Making Awareness Stick: Secrets to a Successful Security Awareness Training Program" as he shares results-focused strategies and practical insight on how to build a world-class program.
Key topics covered in this webinar:
- Why awareness and training matters
- Key data points to help make the case for awareness in your organization
- Five secrets to making awareness work in 2018
- How to create your "Human Firewall"
Make this the year that you refuse to settle for mediocrity. Are you ready to go all-in?
The most persistent security challenge you face today is bad guys social engineering your users. Phishing campaigns continue to be hacker’s No. 1 preferred attack vector to get your unsuspecting users to download and install their malicious software.
Join security advocate, Erich Kron, for this live webinar. Erich will discuss brand-new research based on what your users are clicking and how you compare to your peers with new phishing benchmarks by industry.
Key topics covered in this webinar:
- New phishing benchmark data by industry
- Understanding the current phishing landscape
- Most clicked simulated phishing attacks
- Top 10 “In the Wild” reported phishing emails
- Actionable tips to create your “human firewall”
2017 was a Ransomware nightmare. If you've been in the IT trenches over the past year, you've probably noticed that ransomware attacks are accelerating, damages are more severe and there is no end in sight for 2018
Join Erich Kron CISSP, Security Awareness Advocate at KnowBe4 for the webinar “Ransomware Hostage Rescue Guide”. We will look at scary features of new ransomware strains, give actionable info that you need to prevent infections, and advise what to do when you are hit with ransomware.
Erich will cover these topics:
* What are new scary ransomware features in the wild?
* I’m infected, now what?
* Proven methods of protecting your organization
* Why the “human firewall” is so effective
KnowBe4 is the world’s most popular integrated Security Awareness Training and Simulated Phishing platform. Realizing that the human element of security was being seriously neglected, KnowBe4 was created to help organizations manage the problem of social engineering, spear phishing, and ransomware attacks, through a comprehensive new-school awareness training approach. KnowBe4 trains employees to make smarter security decisions.