Speakers
Synopsis
Every day, hackers and cybercriminals are looking for the easiest target. If you think your organisation is not worth being the target of these bad actors, think again. As the saying goes, “Keep your friends close and your enemies closer.” In order to effectively defend ourselves and our organisations against an attacker, we need to understand their mindset and how they operate.
In this session, Chantelle (Psyber) and Evan (NSB Cyber) will pull back the curtain on cybercrime and take you on their own cybersecurity attack journey as they target a small enterprise. From digital reconnaissance to social engineering attacks, you will gain first hand insight into real-world attackers, and most importantly, what you can do to protect any small-to-medium enterprise or not-for-profit against these threats.
Introduction (3 minutes)
Briefly introduce our speakers (Chantelle and Evan), and recent real-life attacks on SMEs and NFPs.
Establish our fictional small enterprise target, X, including reasons for their selection as a valuable target.
Explain the objective: using digital reconnaissance and social engineering techniques to hack target X.
Engage the audience and get them excited for what they’re about to learn. Note that it’s a blend of digital reconnaissance, threat intelligence and social engineering tactics.
Digital Reconnaissance (6 minutes)
Introduce digital reconnaissance, and explain how it is used by bad actors to gather information and effectively target any small-to-medium enterprise or not-for-profit organisation.
Showcase the breadth and depth of information gathered through digital reconnaissance, such as company data, employee personal data, credentials etc, and how this is used for malicious purposes.
Live Hacking Demonstration (6 minutes):
Run a highly-targeted and sophisticated phishing attack on X leveraging the above information, i.e. creating an email address using employee data and embedding a malicious link.
Once successfully deployed, showcase the common next steps of a hacker.
Discuss the consequences of this attack for X, such as reputational damage, data theft and financial loss
Practical Cybersecurity Strategies (5 minutes)
Back-track to each stage of the attack, and showcase how X could have mitigated against these threats.
Emphasise tangible and practical strategies any SME or NFP can implement to strengthen their cybersecurity and implement proactive measures.
Reinforce the importance for continuous employee awareness and a culture of cybersecurity.
