What constitutes a security breach?

Circumvention of protective measures inside of an organization whether it be a government entity, non-profit, academic institute and/or private company to unlawfully gain access to proprietary information.
 

 

What type of information may be sought during a security breach?

Information of perceived value such as trade secrets, customer personnel data and employee records.
 

​

What are threat actors?

They are individuals or members of a group who attempt to breach the security of a targeted organization. Such threat actors may include foreign intelligence agencies, organized criminal groups, activist groups, terrorist organizations and/or industrial competitors.

 

​

Why are certain organizations targeted while others are not?

​

Organizations are assessed based on the value of the information they hold as well as the level of difficulty in conducting the breach. Organizations perceived as having weak security protocols (soft targets) will typically be chosen over those which are considered more challenging (hard targets).

​

​

What is an insider threat?

​

It is a threat stemming from an employee or contractor who facilitates a security breach. Such insiders may decide to directly undertake the breach, or they may be unwittingly manipulated by outside threat actors to facilitate the breach.

​

​

What is human hacking, aka social engineering?

Techniques utilized by threat actors to manipulate insiders to undertake actions that meet the objectives of the social engineer while often times compromising the insider and/or the targeted organization.

​

What percentage of security breaches involve social engineering?

More than 90 percent of successful security breaches are initiated by social engineering.

​

 

What are the five communication channels (attack vectors) utilized by social engineers?

They are phishing (e-mail), smishing (SMS), spearphishing (social media), vishing (telephonic) and face-to-face interaction.

​
 

What threat does AI pose in social engineering operations?

​

AI can rapidly analyze vast amounts of personal data to create highly personalized and convincing social engineering attacks, increasing the effectiveness of human hacking efforts.

​

​

What is elicitation?

It is the acquisition of sensitive information by a social engineer during a conversation with an unsuspecting individual. Such information may include proprietary information from the target organization, or it may provide invaluable personality assessment information regarding the insider which will be leveraged by the social engineer in developing a strategy for manipulation.

​

​

Can security breaches be prevented?

While not all security breaches can be prevented, an organization can significantly minimize risk by establishing effective security awareness programs.

​

 

Which individuals within an organization can best benefit from security awareness training?

All staff employees from entry level up to senior management, as well as contractors, can benefit.

 

What is the difference between the online training offered by Counterintelligence Institute and workshops conducted at client sites?

Both of them cover the same concepts. While the online course is available on demand thereby providing greater flexibility in reaching more employees and/or contractors, the onsite workshop is tailored to the specific threats potentially faced by the client.

 

Is Peter Warmka available as a conference speaker?

Peter is a sought-after speaker who enjoys engaging with audiences worldwide. He brings
proven, real-world experience and insight to the stage with his engaging and interactive
presentations. He also offers his programs via webinars and other live stream presentations. For more information, please contact our office at 703-819-0091 or send a query via the Contact page on this website.