Small- and Medium-Sized (SMB) Employee Cybersecurity Training Seminar
TOPIC 1: SOCIAL ENGINEERING
• Define social engineering the bugs in the human hardware that makes us susceptible to exploit
• Video reviews and related discussions on the topics of cognitive biases and the power of pretexting
• Common social engineering threat vectors such as waterholes, phishing and spear-phishing, quid-pro-quo, tailgating, ‘round the corner, and baiting.
• Common tactics, techniques and procedures used by threat actors including Google dorking, Maltego and Kali Linux
TOPIC 2: PHISHING, SPEAR-PHISHING, WHALING & RANSOMWARE
• The difference between phishing, spear-phishing, and whaling
• A deep dive into the anatomy of a spear-phishing attack & characteristics of a malicious email, text and phone call
• Video review discussion on the topic of voice phishing (vishing)
• The underground marketplace (Dark Web) and the anonymity and commerce tools used by these merchants of mayhem
• What ransomware is and a discussion on recent ransomware attacks
• What to do if a victim or ransomware and a discussion on the organization’s decision to pay or not pay
• How to minimize the risk of a ransomware attack
"We humans are the first and last line of defense against cybercriminals."
TOPIC 3: CYBERCRIMINAL PSYCHOLOGY
• Cybercrime defined and the role of forensic psychology and offender profiling
• An exploration of offender profiling, its approaches, and its methods
TOPIC 4: INSIDER THREATS
• How insider threats happen
• The three personas of compromised insiders: malicious actors, negligent actors, and compromised agents
• What to do when you believe an employee is compromised
TOPIC 5: EXTERNAL THREAT ACTORS
• A series of deep dives on the major global threat actors and the related open source intelligence available to help understand motivations
• The complexities of vulnerabilities introduced by the internet-of-things (IoT) and bring-your-own-device (BYOD)