Cyber attacks in the area of economic or industrial espionage against German and international companies are increasingly being strategically organized and carried out. Many companies usually arm themselves against possible attacks at great financial and technical expense. While in such a secured system the attacker is stopped at a certain point, there are no limits for humans. In this scenario, the human being remains the No. 1 risk factor, as the attacker can obtain the desired information without much use of technical means.
According to a recent study by the digital association Bitkom (Bundesverband Informationswirtschaft, Telekommunikation und neue Medien e.V.), 51% of all companies in Germany have been victims of digital industrial espionage, sabotage or data theft in the past two years. Almost one-fifth (19%) of the companies surveyed also registered a significant number of social engineering attacks. According to the study, only 20% of the perpetrators obtained company data through digital attacks, but 80% through human manipulation. (Bitkom, 2018)
Purely "human" factors such as good faith and helpfulness, but also hierarchies within the company structure, manipulation by management or individual employees who are responsible for access to sensitive data or business processes due to their function, play a decisive role.
The damage caused by cybercrime is serious: Germany ranks third among the top ten economic powers after the USA (108 billion U.S. dollars) and China (60 billion U.S. dollars), with total damage of around 51 billion U.S. dollars! And the trend is upward. (Allianz, 2018)
The training is primarily aimed at security managers or consultants, members of management, accounting and IT administrators. After the lecture, they will be able to evaluate the dangers of a social engineering attack for their company as well as to critically question an existing security solution, taking into account the dangers of a social engineering attack.
For this purpose, it is necessary to familiarize the participants of the event with the possibilities, means, forms and dangers of social engineering. To achieve this goal, the following questions will be explained:
- What is social engineering?
- Why does social engineering work?
- Forms and characteristics of social engineering?
- Legal aspects of social engineering?
- How does the attacker prepare?
- How can I recognize an attack?
- Security culture and guidelines for warding off social engineering as an important pillar of securing one's existence.
- What preventive measures can I implement in my company?
- ISMS (Integrated Security and Management Systems) and Compliance - making it understandable and readable.
With this basic introduction to social engineering, you will be able to identify the threat situation and the resulting risk potential and evaluate them accordingly. This will enable management to devote the necessary and required attention to the appropriate security solutions and effectively protect the company from a perfidious social engineering attack.
Schedule of the seminar day
The training usually takes place from 09.30h - approx. 16.00h in the conference rooms of the Kastens Hotel Luisenhof in Hannover. The five star hotel is only approx. 300 m away from the main station of Hanover. The participants are offered a high-quality catering in the context of the seminar, which is naturally contained in the seminar package.
The seminar and training day is structured in two units:
- Part 1: (09.30h - 12.00h) Introduction to the topic: Sociological and psychological aspects of Social Engineering
- Part 2: (ca. 13.00h - 16.00h) Social Engineering from the IT perspective with practical examples - discussion and outlook
The seminars can also be held at your premises as in-house training, or at any other location. Please contact us for an individual offer.
"If you know the enemy and yourself, you need not fear the outcome of a hundred battles." Sunzi