Hi [[ session.user.profile.firstName ]]

Social Engineering: My Friend, My Enemy

It’s always nice to find a kindred spirit — someone who knows what you know and likes what you like. The problem today is that kindred spirit whom you think is your friend might well be your worst enemy. One of the most effective tools attackers use to breach everything from high-security networks and physical installations to your most closely held secrets is social engineering. This webinar looks at how social engineering works, why it works as well as it does, how to identify an attack and what to do if you think you’ve been compromised.
Recorded Feb 22 2018 31 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Erich Kron CISSP, Security Awareness Advocate
Presentation preview: Social Engineering: My Friend, My Enemy

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • 12 Ways to Defeat Multi-Factor Authentication Recorded: Apr 22 2019 62 mins
    Roger Grimes
    Everyone knows that multi-factor authentication (MFA) is more secure than a simple login name and password, but too many people think that MFA is a perfect, unhackable solution. It isn't!

    Join Roger A. Grimes, KnowBe4's Data-Driven Defense Evangelist, and security expert with over 30-years experience, for this webinar where he will explore 12 ways hackers can and do get around your favorite MFA solution.

    The webinar includes a (pre-filmed) hacking demo by KnowBe4's Chief Hacking Officer Kevin Mitnick, and real-life successful examples of every attack type. It will end by telling you how to better defend your MFA solution so that you get maximum benefit and security.

    You'll learn about the good and bad of MFA, and become a better computer security defender in the process, including:

    - 12 ways hackers get around multi-factor authentication
    - How to defend your multi-factor authentication solution
    - The role humans play in a blended-defense strategy
  • Human Firewalls: Fact or Fiction Recorded: Apr 10 2019 112 mins
    Erich Kron, Mitch Parker, Dominick Frazier
    Looking at the current cyber attacks it's clear that ransomware, phishing, CEO Fraud / W-2 scams are on the rise costing organizations billions of dollars in 2018 alone. It got us thinking what security measures are actually effective with this ever-changing threat landscape? Are technological defenses enough? Is it really necessary or feasible for you to train and test users to the point of becoming a human firewall? Is a human firewall even helpful if antivirus, firewalls, email security, etc. are already in place?

    Join our team of experts as we discuss the advantages and disadvantages of a technology-only approach and whether end users can actually be trained to the point of reducing organizational risk. Learn the facts, so you can decide how best to invest your time and money to make sure your organization gets the best bang out of your security budget buck.
  • Security Awareness: Securing the Human Layer Recorded: Apr 5 2019 59 mins
    Roger Grimes, Scott Lowe
    It’s common knowledge that humans are the leading cause of IT security incidents. Whether accidental or intentional, a human-centric root cause lies at the center of literally every security incident.

    You can’t just eliminate all the humans, so security professionals are left to find reasonable measures to ensure that the human element of their organizations can act as a bulwark of security rather than as a catalyst for disaster. This is easier said than done and requires constant vigilance.

    Human security is not a “one and done” effort. It’s an ongoing process often including automated security awareness training and simulated phishing. How do you make it happen? What steps can you take to get there? What are the real problems that need to be solved? Most importantly, do your employees really understand their critical role in protecting your organization?
  • Top 5 IT Security Myths Your CISO Believes Are True… BUSTED! Recorded: Mar 20 2019 64 mins
    Roger Grimes, Erich Kron
    Facts are facts… but what happens when IT security pros take myths at face value?

    That got us thinking… what if we whip out our magnifying glasses, pull out the trench coats and use our research skills to differentiate fact from fiction? That's exactly what we did for this interactive webinar where we dug deep to help you decide how to invest your time and money wisely, how to implement worthwhile defenses, and what holes to plug so your organization gets the best bang for your security budget buck.

    Listen in as Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, and Erich Kron, KnowBe4’s Security Awareness Advocate, uncover the truth behind the Top 5 IT Security Myths. They’re stating facts and slinging stats. Then the audience decides whether each myth is confirmed or BUSTED!
  • An Inside View Into the Methods & Exploits of Kevin Mitnick Recorded: Mar 14 2019 63 mins
    Kevin Mitnick, Perry Carpenter
    Many of the world's most reputable organizations rely on Kevin Mitnick, the World's Most Famous Hacker and KnowBe4's Chief Hacking Officer, to uncover their most dangerous security flaws. Kevin’s experience as a security consultant and his vast knowledge of social engineering are part of what help you train your users to stay a step ahead of the bad guys.

    Wouldn’t it be great if you had insight into the latest threats and could find out “What would Kevin do”? Now you can!

    In this webinar you will:

    - Watch an exclusive demo of a shocking Outlook Exchange exploit
    - Find out how these vulnerabilities may affect your organization
    - Learn what you can do to stop the bad guys (What Would Kevin Do)
  • Hidden In Plain Sight: Open Source Intelligence on the Rise Recorded: Mar 12 2019 33 mins
    Erich Kron, Stephen Lawton
    It’s all out there in the open — essentially the ways and means for bad actors to attack your company. There’s even a label for it: Open Source Intelligence.

    This is the underlying data that will help attackers create convincing attack emails with personal information and details about a target’s life so detailed that the attack appears to come from your best friend.

    This 20/20 webcast looks at how attackers use details about you either to attack you or to attacker others and make them think it’s from you — and what you can do about it.
  • Levers of Human Deception: The Science and Methodology Behind Social Engineering Recorded: Mar 7 2019 51 mins
    Erich Kron, David Littman
    No matter how much security technology we purchase, we still face a fundamental security problem: people. This webinar will explore the different levers that social engineers and scam artists pull to make us more likely to do their bidding.

    Join Erich Kron, Security Awareness Advocate for KnowBe4, as he provides fun and engaging examples of mental manipulation in everyday life: from the tactics used by oily car dealers, to sophisticated social engineering and online scams. Additionally, We'll look at how to ethically use the very same levers when educating our users.

    Key Takeaways:
    The Perception Vs. Reality Dilemma
    - Understanding the OODA (Observe, Orient, Decide, Act) Loop
    - How social engineers and scam artists achieve their goals by subverting - OODA Loop's different components
    - How we can defend ourselves and our organizations
  • The Real World: New-School Security Awareness Training... From the Trenches Recorded: Feb 13 2019 63 mins
    Erich Kron, KnowBe4's Security Awareness Advocate & Tory Dombrowski, IT Manager at Takeform
    This is the true story of an IT Manager who was tired of his users clicking on everything and wanted to teach them a lesson… in a good way. Find out what happens, when you stop being polite and start getting real. New-school Security Awareness Training!

    In this "From the Trenches" event, we’ll talk with Tory Dombrowski, IT Manager at Takeform and KnowBe4 customer, about his experiences and lessons learned while designing and delivering a security awareness training plan for his users.

    Erich Kron, KnowBe4's Security Awareness Advocate, and Tory will dive deep to share best practices and creative ideas, so you know what to expect when executing your own program.

    In this webinar you'll learn:
    Why it's so important to empower your users to become a "human firewall"
    What it's really like to get executive buy-in and implement security awareness training and simulated phishing

    The good, the bad and the truly hilarious results of training and testing your users
  • 10 Incredible Ways You Can Be Hacked Through Email & How To Stop The Bad Guys Recorded: Jan 24 2019 68 mins
    Roger Grimes, Data-Driven Defense Evangelist
    Email is still the #1 attack vector the bad guys use. A whopping 91% of cyberattacks start with a phishing email, but email hacking is much more than phishing and launching malware!

    Join Roger A. Grimes, KnowBe4's Data-Driven Defense Evangelist and security expert with over 30-years of experience, for this webinar where he will explore 10 ways hackers use social engineering to trick your users into revealing sensitive data or enabling malicious code to run. Plus, he'll share a (pre-filmed) hacking demo by KnowBe4's Chief Hacking Officer Kevin Mitnick.

    Roger will teach you:

    •How silent malware launches, remote password hash capture, and how rogue rules work
    •Why rogue documents, establishing fake relationships and getting you to compromise your ethics are so effective
    •Details behind clickjacking and web beacons
    •Actionable steps on how to defend against them all

    If all you were worried about were phishing attempts, think again!
  • Spiceworks On The Air: 2019 Cyberthreat User Prep Guide Recorded: Dec 13 2018 63 mins
    Roger Grimes, Justin Ong, Dave Tutweiler
    2019 promises to be the biggest year yet when it comes to not only the sheer volume of cyberthreats but also the new ways your users may be targeted. How prepared are YOUR users in standing up to them?

    On this episode of On the Air, we’ll talk about the top threats your users will be facing in 2019 and the training and testing you’ll need to deliver to make sure they’re ready for them. We’ll be talking with IT pros from the Spiceworks Community as well as an expert from KnowBe4.

    Here’s what we’ll discuss:
    - Cryptojacking, vishing, and other big threats to watch out for in 2019
    - Training and testing your users across multiple attack vectors, like email phishing and social engineering
    - How to set up honeypots and other low-cost proactive measures
  • The Future of Passwords... Perhaps Recorded: Dec 12 2018 33 mins
    Roger Grimes, Stephen Lawton
    Passwords have been with us for some 50 years now and still is used for a variety of mission-critical and highly classified projects and devices. That said, there is a case to be made that the password is obsolete and should simply be eliminated.

    This webcast looks at how we got here and where we’re headed with passwords – if anywhere at all.
  • End of Year - The Perfect Storm for Phishing Attacks Recorded: Dec 10 2018 55 mins
    Erich Kron, Michael Osterman, David Littman
    Phishing, spearphishing and Business Email Compromise (BEC) attacks are forecasted to grow exponentially in 2019. But…the end of 2018 poses the perfect storm trifecta of threats: the holidays, start of tax season and a very busy time for end of year transactions. We are bringing together two of the industry’s top thought leaders in the email security space, Michael Osterman, Principal Analyst of Osterman Research and Erich Kron, Security Awareness Advocate of KnowBe4 to update us on what to look out for in 2018 and how to head into 2019 unscathed. In this webcast we cover:

    - Things to look out for specifically this time of year w/the holidays, tax season, W2 fraud, end of year, etc.
    - Predictions for 2019 phishing/email malware attacks
    - Really strange 1-off experiences that we’ve seen that you should be aware of
    - How to prepare yourself and build your human firewall and reinforce the weakest link of most organizations

    Watch for an information packed session with research and analysis you can’t get anywhere else on this topic!
  • The Pesky Password Problem: How Hackers and Defenders Battle For Network Control Recorded: Dec 4 2018 66 mins
    Kevin Mitnick, Roger Grimes, Perry Carpenter
    What really makes a “strong” password? And why are your end-users tortured with them in the first place? How do hackers crack your passwords with ease? And what can/should you do about your authentication methods?

    In this unique webinar, you will learn about the recent NIST controversy and related password cracking problems. The “combatants” will be on the one side KnowBe4's Chief Hacking Officer, Kevin Mitnick with decades of first-hand “red-side” penetration testing experience, and on the other side, Roger Grimes, KnowBe4's Data-Driven Defense Evangelist with decades of experience on the blue team. The referee will be Perry Carpenter, KnowBe4's Chief Evangelist and Strategy Officer.

    They will provide an in-the-trenches view of authentication hacking, so that you get some insights about the truth of the effectiveness of passwords, various password management guidelines, and even stronger authentication systems using multiple factors.
  • The Real World: Security Awareness Training Recorded: Nov 30 2018 44 mins
    Erich Kron, Justin Ong, Tory Dombrowski, Robyn Edwards
    This is the true story of two IT pros who got sick of their users clicking on everything and wanted to teach them a lesson… in a good way. Find out what happens, when people stop being polite, and start getting real. The Real World: Security Awareness Training!

    In this webinar we talk to two IT pros from the Spiceworks Community about their experiences and lessons learned in designing and delivering a security awareness training plan to their users.

    What we're discussing:
    - Designing a program specific to your industry and organization
    - Managing Up: best practices for training executives and other higher ups
    - How to deal with problematic users and repeat offenders
  • The training field: Create a human firewall with security awareness training Recorded: Nov 6 2018 33 mins
    Erich Kron, Stephen Lawton
    So many of today’s cyberattacks are based on tried and true methods of social engineering, many dating back as much as 30 years. But attacking a victim’s machine for the sole purpose of mining cryptocurrency, installing ransomware or otherwise monetizing your network really is a 21st Century breach.

    The problems, of course, are still the same: loss of productivity, potential data loss, and quite frankly, who wants a criminal mucking around in your network?

    This webcast looks at how companies can train their staffs — and senior management — to recognize a potential phishing, visihing, smishing or other attacks, as well as techniques security teams can use to test their staffs on how well they understand the training they’ve received.
  • Understanding and Preventing the Latest Social Engineering Attacks Recorded: Nov 3 2018 63 mins
    Erich Kron, Tim Wilson (Dark Reading), Chris Hadnagy, Ryan MacDougall
    While hackers and cyber attackers are continually developing more sophisticated methods for penetrating enterprise systems, most of their exploits begin with a simple step: fooling users into breaking security policy. These "social engineering" attacks – including phishing, social networking scams, and online "watering holes" – are designed to trick your users into giving up their passwords or opening email attachments that contain malware. But how can enterprises prevent this sort of attack? Can users be trained to recognize such exploits and avoid them? In this webcast, experts discuss the most effective methods of defending against social engineering attacks.
  • Cryptomining, A New Major Headache With Hidden Risks Recorded: Oct 23 2018 56 mins
    Erich Kron
    Cryptomining infections are growing exponentially this year. Bad guys are hijacking your network processing power to steal your workstation and server resources. They are using various families of malware trying to stay under your radar.

    Trying to maximize their criminal profits, they now infiltrate your network and use malicious code to determine the most lucrative attack–cryptomining or ransomware–making these attacks more dangerous than ever. To add insult to injury, they often leave whole libraries of hacking tools and backdoors behind.

    Join Erich Kron, KnowBe4's Security Awareness Advocate, and learn more about the combined Ransomware / Cryptomining threat along with real-world examples of how criminals attack your users and network through innovative and devious tactics.

    You’ll learn about:

    - Cryptomining and what the real danger is to you
    - The combined cryptomining / ransomware threat
    - How this type of malware spreads
    - What you can do to protect your network
  • Kevin Mitnick Hacks LinkedIn Two-Factor Authentication Recorded: Oct 19 2018 7 mins
    Kevin Mitnick
    KnowBe4's Chief Hacking Officer, Kevin Mitnick, shows a two-factor authentication exploit based on a credentials phishing attack using a typo-squatting domain. Once the user falls for this social engineering tactic and enters their credentials, the 2FA token gets intercepted and it's trivial to hack into the LinkedIn account.
  • The Quantum Computing Break is Coming. Will You Be Ready? Recorded: Sep 26 2018 62 mins
    Roger Grimes, Data-Driven Defense Evangelist
    Quantum computing is a game-changer and will have a huge impact on the way we do business, safeguard data, explore space, and even predict weather events. Yet, some experts say in the not so distant future quantum computers will break existing public key cryptography forever.

    On that digital day of reckoning, every stored secret protected by traditional public key crypto will be broken forever; including TLS, digital certificates, PKI, SSH, RSA, most wireless networks, VPNs, online financial transactions, and even bitcoin and blockchain. All of it made worthless in a second…

    The bad guys will be able to use more secrets against you than ever before, especially in increasingly sophisticated spear-phishing attacks. Attend this exclusive event to learn what you can do to prepare.

    •Why quantum computing is different than traditional binary computing
    •How close quantum computers are to breaking traditional public key cryptography
    •What defenses you can deploy after public key cryptography is broken
    •How to prepare your users - your best, last line of defense

    The quantum computing break is coming. Will you be ready?
  • CEO Fraud: The Latest Business Email Compromise Scams Recorded: Sep 24 2018 63 mins
    David Littman, Erich Kron
    The bad guys are getting very creative, impersonating an executive in your organization and asking for financial reports or they ask employees in payroll to make changes to bank accounts. According to the FBI, their efforts have earned them an estimated $12 billion through Business Email Compromise also know as CEO fraud scams. And to make things worse, these attackers can be working on multiple potential victims at the same time.

    In the event you'll learn:

    ~ The truth about Business Email Compromise

    ~ How to defend against these attacks using technical and non-technical controls

    ~ Why building a human firewall is your best layer of defense

    Invoice fraud, escrow redirection, payroll fraud, and simple wire transfer fraud are all tools in the attacker's arsenal. Defending against these types of phishing attacks is possible by layering technical and non-technical controls.

    Watch this on-demand webinar, as we take an in-depth look at how the latest attacks work and the psychology and mechanics behind them. We also discuss defensive measures you can take now to defend your organization against these attacks.
Security Awareness Training
KnowBe4 is the world’s most popular integrated Security Awareness Training and Simulated Phishing platform. Realizing that the human element of security was being seriously neglected, KnowBe4 was created to help organizations manage the problem of social engineering, spear phishing, and ransomware attacks, through a comprehensive new-school awareness training approach. KnowBe4 trains employees to make smarter security decisions.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Social Engineering: My Friend, My Enemy
  • Live at: Feb 22 2018 7:00 pm
  • Presented by: Erich Kron CISSP, Security Awareness Advocate
  • From:
Your email has been sent.
or close