Many social engineering talks focus on the exploitation of trust relationship and the resulting compromise of corporate and personal assets. However, what happens after the pwnage is done? This session opens with the aftermath of a successful social engineering incident on a major automotive financing company. Attendees will learn of the methodical analysis of the interactions which led to the compromise of customer information, as well as employee and executive network credentials. The case study also illustrates how this organization was able to use the forensic analysis of social interactions to enhance its customer service business processes. This information was used to engage employees in protecting information with the associated business processes. Most importantly, the customer care process was transformed such that it was able to frustrate social engineers and enhance the experience of their customers. Attendees will learn: - How the incident response team used log information and incident investigation to determine the social nature of this incident. - How the incident response team employed Open Source Intelligence techniques to profile the social attack surface, narrowing the focus of their investigation. - How the incident response team worked with management to modify business processes to be resilient in the face of social exploits.
Name | Type | Role | |
---|---|---|---|
Steven F. Fox | Guest Star |