Human Factors
Facebook Twitter LinkedIn

Human Factors

Combined Session
Thursday, November 10, 2022 14:00—15:00
Location: Historic Kassenhalle

Know your enemy and know yourself, how to win at cyber warfare and turn you people from the weakest link to a defence mechanism

“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” ― Sun Tzu, The Art of War

Join this session to gain a deeper understanding of threat actors and the current threat landscape, in order to help you adapt and protect your organisation from cyber warfare. We know adversaries do not rest. Attacks are growing more destructive, causing mass disruption to organisations and society. Take away knowledge of Threat Actors, current attacks, strategies to defend your organisation and understand how your workforce puts you both at risk but can also be leveraged to be your first line of defence.

Connie McIntosh
Connie McIntosh
Named top 100 women in Cybersecurity worldwide by Cyber Defense Magazine. An International speaker, presenter, CTF judge and mentor in cybersecurity. Connie is a Product Security Leader in Ericsson...

Rethinking cybersecurity from the human element point of view

Over simplifying, IT security means defending the IT systems from threats procured by cybercriminals. Their targets are, for example, the manipulation of systems, the extorsion or exfiltration of data, and the interruption or alteration of services. However, what happens if we have humans instead of IT systems? Given that the scope of an attacker is always the same, as aforementioned, attacking a human is an entirely different process, and the attack tactics must change. This well-known fact involves social engineering and human sciences (e.g., psychologists or behavioural sciences instead of informatics). However, from the cyber security side of the coin, what does it imply dealing with humans? What does it mean, for example, to perform convincing penetration testing or vulnerability scanning to deeply test human weaknesses: it is not merely a problem of sending a phishing email and waiting for clicks. How can be done a threat analysis or threat intelligence on humans? Moreover, how can a company calculate the cyber risk that a human represents and how many effective ways to reduce it? If we fully put humans (either as employees or IT security operators) at the centre of cybersecurity, the questions become several.

The problem is complex because, by its nature, it is multicultural and requires different non-technical competencies. It includes experts in philosophy, political science, cyber sociology, pedagogy, acting performance, etc., collaborating with cybersecurity experts. Facing the human element of security is a genuinely multicultural and interconnected approach. Furthermore, humans are coincidentally “human” and not machines: there are also ethical and legal issues to consider, and their reactions change during the day. The talk will explore and present a comprehensive view of what happens when there are not the IT systems but the humans at the centre of cybersecurity.

Enrico Frumento
Enrico Frumento
Dr. Enrico Frumento is a Cybersecurity Senior Domain Specialist in the cybersecurity team at Cefriel a European and privately funded research and innovation project on ICT Security. He is the...

Only Those who know the Dangers can Protect Themselves.

How do cyber criminals go about a hacking attack and how easy is it to capture sensitive data? As the saying goes, "Keep your friends close, but your enemies closer," we take a look at how hackers and social engineers work with social pentester Graham Stanforth.

Graham Stanforth
Graham Stanforth
Graham, born April 3, 1972 in Chertsey, England, is Head of Business Line - Information Security Training for the Advisory & Training Services Division at DEKRA SE.He is currently tasked with...


On-Demand Access
Re-live CSLS 2022
Watch more than 90 sessions on-demand
Download all available presentations
Subscribe for updates
Please provide your email address