Numerous advances in technology, specifically in the area of cryptography, telecommunications and computer security have failed to produce safer environments and do not offer adequate protection for information. The number, frequency and magnitude of information security breaches across the globe are on the rise as do the financial costs associated. It is safe to say that information security has never been a purely technical problem; it has become quite clear that technical solutions alone will not solve the issue.
There is a wealth of evidence to support the notion that the vast majority of information security breaches are caused by or have been allowed to materialise as a direct result of human errors, malicious insiders, disgruntled employees, social engineering, poorly configured systems, weak passwords and many others. We will discuss how a meaningful security culture can be developed in our organisations, including embedding positive security behaviours in the workplace. Accomplishing a culture of security is not an objective in itself, but this offers the quickest way to achieving effective and efficient information risk reduction.
After 20 years of Phishing history, companies still identify the human factor as the weakest link in their defense strategy. The human hackers have spent great efforts to bring their skills to perfection, so why aren't we? Current Security Awareness Programs may satisfy compliance requirements, but when it comes to spear-phishing attacks they are far away from being a silver-bullet. In this speech you're going to experience the human OS vulnerabilities and learn how to exploit decision-making from an attacker’s point of view. Knowing about the psychology behind those attacks will improve your ability to mitigate their risk.