To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Got it!
Artwork

Tech Business Cyber Cybersecurity Intelligence Risk Security Nisos Investigative Threats
Content provided by Nisos, Inc.. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Nisos, Inc. or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

the CYBER5 »
Insider Threats and Social Engineering Tactics by Counterintelligence Institute’s Peter Warmka

32:06
 
Play
Playing
Share
 

MP3Episode home
Manage episode 357309543 series 3331602
Content provided by Nisos, Inc.. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Nisos, Inc. or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

In Episode 90 of TheCyber5, we are joined by Peter Warmka, founder of the Counterintelligence Institute. Warmka is a retired senior intelligence officer with the U.S. Central Intelligence Agency (CIA) where he specialized in clandestine HUMINT (human intelligence) collection. With 20+ years of breaching security overseas for a living, Warmka now teaches individuals and businesses about the strategy and tactics of “human hacking”.

Warmka highlights how insiders are targeted, the methods used by nationstates for committing crimes, and what organizations need to help focus their security training to prevent a breach.

Below are the three major takeaways:

  1. Prevalent open source techniques for targeting a person or company as an insider threat:

A website that defines the key personnel and mission statement of an organization provides critical context of how to target employees using social engineering techniques. Bad actors use job descriptions that provide critical targeting information about the enterprise and security technologies that are used so they may target potential technology vulnerabilities and subsequently penetrate the organization. Lastly, social media and open source content typically offer information about employees and companies that can be used for nefarious purposes.

  1. Employees are recruited for nation state espionage or crime:

Adversaries pose as executive recruiters through direct engagement and through hiring platforms to elicit sensitive company information. Employees allow themselves to be socially engineered from a spearphish. Threat actors will also go so far as to create deep fakes to help sell the impression that they are a senior company executive.

  1. Security awareness training should focus on verification:

There are several ways to defend yourself and your enterprise, but consistent education and training are tried and true successful methods for defense. However, annual videos for security training will not change employee behavior. They are too infrequent to modify human behavior. Employees need to be taught to be apprehensive about unsolicited outreach through email, phone call, social media, or SMS. Business procedures need to focus on quick and timely verification of suspicious activity. A policy of “trust but verify” is likely going to be too late.

  continue reading

91 episodes

#Tech #Business #Cyber #Cybersecurity #Intelligence #Risk #Security #Nisos #Investigative #Threats
Artwork

Insider Threats and Social Engineering Tactics by Counterintelligence Institute’s Peter Warmka

the CYBER5

published

Play Playing
iconShare
 
MP3Episode home
Manage episode 357309543 series 3331602
Content provided by Nisos, Inc.. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Nisos, Inc. or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

In Episode 90 of TheCyber5, we are joined by Peter Warmka, founder of the Counterintelligence Institute. Warmka is a retired senior intelligence officer with the U.S. Central Intelligence Agency (CIA) where he specialized in clandestine HUMINT (human intelligence) collection. With 20+ years of breaching security overseas for a living, Warmka now teaches individuals and businesses about the strategy and tactics of “human hacking”.

Warmka highlights how insiders are targeted, the methods used by nationstates for committing crimes, and what organizations need to help focus their security training to prevent a breach.

Below are the three major takeaways:

  1. Prevalent open source techniques for targeting a person or company as an insider threat:

A website that defines the key personnel and mission statement of an organization provides critical context of how to target employees using social engineering techniques. Bad actors use job descriptions that provide critical targeting information about the enterprise and security technologies that are used so they may target potential technology vulnerabilities and subsequently penetrate the organization. Lastly, social media and open source content typically offer information about employees and companies that can be used for nefarious purposes.

  1. Employees are recruited for nation state espionage or crime:

Adversaries pose as executive recruiters through direct engagement and through hiring platforms to elicit sensitive company information. Employees allow themselves to be socially engineered from a spearphish. Threat actors will also go so far as to create deep fakes to help sell the impression that they are a senior company executive.

  1. Security awareness training should focus on verification:

There are several ways to defend yourself and your enterprise, but consistent education and training are tried and true successful methods for defense. However, annual videos for security training will not change employee behavior. They are too infrequent to modify human behavior. Employees need to be taught to be apprehensive about unsolicited outreach through email, phone call, social media, or SMS. Business procedures need to focus on quick and timely verification of suspicious activity. A policy of “trust but verify” is likely going to be too late.

  continue reading

91 episodes

#Tech #Business #Cyber #Cybersecurity #Intelligence #Risk #Security #Nisos #Investigative #Threats

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Listen to 500+ topics
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

Quick Reference Guide

Top Podcasts
The Bill Simmons Podcast
PTI
First Take
Marketplace
Comedy of the Week
The Bugle
How Did This Get Made?
Doug Loves Movies
Planet Money
TED Talks Daily
NBC Nightly News with Lester Holt
The World This Hour
Daily Boost Motivation and Coaching
Radiolab
Science Friday
This American Life
Criminal
Sword and Scale
In The Dark
Player FM logo
Help/FAQ | Upgrade | Advertise
Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion
Science|Soccer|Sports|Storytelling|Technology|True Crime
Copyright 2024 | Sitemap | Privacy Policy | Terms of Service | | Copyright
Episode being played series thumbnail
icon icon
Speed
Series settings
1x
1x
Volume
100%
icon
icon icon
/

View Player FM in...
Player FM
Browser
Chrome
Safari
Firefox