{"id":91673,"date":"2020-08-05T11:00:35","date_gmt":"2020-08-05T18:00:35","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=91673"},"modified":"2023-05-15T22:58:06","modified_gmt":"2023-05-16T05:58:06","slug":"afternoon-cyber-tea-social-engineering-human-threat-cybersecurity","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/08\/05\/afternoon-cyber-tea-social-engineering-human-threat-cybersecurity\/","title":{"rendered":"Afternoon Cyber Tea: Revisiting social engineering: The human threat to cybersecurity"},"content":{"rendered":"

Most of us know \u2018Improv\u2019 through film, theatre, music or even live comedy. It may surprise you to learn that the skills required for improvisational performance art, can also make you a good hacker? In cybersecurity, while quite a bit of focus is on the technology that our adversaries use, we must not forget that most cybersecurity attacks start with a non-technical, social engineering campaign\u2014and they can be incredibly sophisticated. It is how attackers were able to pivot quickly and leverage COVID themed lures wreak havoc during the onset of the global pandemic. To dig into how social attacks like these are executed, and why they work time and again, I spoke with Rachel Tobac on a recent episode Afternoon Cyber Tea with Ann Johnson<\/a>.<\/p>\n

Rachel Tobac is the CEO of SocialProof Security and a white-hat hacker, who advises organizations on how to harden their defenses against social engineering. Her study of neuroscience and Improv have given her deep insight into how bad actors use social psychology to convince people to break policy. I really appreciate how she is able to break down the steps in a typical social engineering campaign to illustrate how people get tricked.<\/p>\n

In our conversation, we also talked about why not all social engineering campaigns feel \u201cphishy.\u201d Hackers are so good at doing research and building rapport that the interaction often feels legitimate to their targets. However, there are techniques you can use, like multi-factor authentication and two-factor communication, to reduce your risk. We also discussed emerging threats, like deep fake videos, attacks on critical infrastructure, and how social engineering techniques could be used against driverless cars. To learn why you should take social engineering seriously and how to protect your organization, listen to Afternoon Cyber Tea with Ann Johnson: Revisiting social engineering: The human threat to cybersecurity on Apple Podcasts<\/a> or Podcast One<\/a>.<\/p>\n

What\u2019s next<\/h2>\n

In this important cyber series, I talk with cybersecurity influencers about trends shaping the threat landscape and explore the risk and promise of systems powered by AI, Internet of Things (IoT), and other emerging tech.<\/p>\n

You can listen to Afternoon Cyber Tea with Ann Johnson on:<\/h2>\n