Security management and compliance company, RandomStorm, is speaking at InfoSec Europe, the information security industry’s most high profile conference, which takes place at Earls Court, London on 29th and 30th April.
Gavin Watson, Senior Security Engineer and head of the RandomStorm Social Engineering Team, will present, “Social Engineering, a view from the dark side”in the Business Strategy Theatre, Wednesday 30th April, 1.20pm – 1.45pm.
The presentation will look at how organisations can perform structured tests that provide a comprehensive view of security vulnerabilities created by employees sharing too much information over the phone, via email and in person, as well as assessing weaknesses in policies and processes.
Gavin will provide examples from his book on the same topic, which is due to be published by Elsevier in June 2014. He will draw on real life scenarios to explain how organisations can train employees to recognise common social engineering tactics, to stop an attack in progress and how they can use frameworks to assess how well a social engineering pen test has been performed.
Two years ago, Gavin Watson was interviewed about social engineering techniques for a Channel 4 Dispatches documentary that investigated allegations that unregulated private investigators were selling personal data. Documentary film maker, Chris Atkins, demonstrated how researchers were able to buy mobile phone records; online bank statements; information on GP appointments; a national insurance number and details of benefits claims.
“An individual’s private data is only as secure as the businesses that handle it,” said Gavin Watson in the programme. “If you wanted to get hold of someone’s bank account details, you wouldn’t necessarily target that person as an individual. You could target the bank, or you could target their local gym, or you might target the council, or anyone who might have any interaction with those bank account details.”
“Employees of organisations that are entrusted with protecting our most sensitive data need to be made more aware of the social engineering risk and trained to thwart blaggers. Even with access controls and auditing technology in place, staff can be tricked into revealing too much information,” warns Watson.
Further information on Gavin’s presentation and the full schedule of talks can be found here: http://www.infosec.co.uk/en/Sessions/4692/So-you-think-your-organisation-is-secure-think-again-Social-Engineering-a-view-from-the-dark-sid
RandomStorm is a UK-based network security, vulnerability management and compliance company, focused on providing enterprise-level, proactive security management tools and services. RandomStorm’s experienced and certified security experts are able to offer customers a wide range of integrated world-class security vulnerability assessment and professional security services. Covering initial consultancy and gap analysis through to network and application testing, as well as managing client’s business compliance accreditation process, RandomStorm aims to work with organisations to ensure that their security investment is fully optimised on a 24/7/365 basis.
RandomStorm’s core products are supported by a range of complementary monitoring, alerting and remediation tools and services developed under the RandomStorm Open Source Initiative.
RandomStorm is a CESG CHECK security consultancy as well as a Qualified Security Assessor (QSA) and an Approved Scanning Vendor (ASV) for the Payment Card Industry Data Security Standard (PCI DSS). Please visit http://www.randomstorm.com for further information.