A few key points from the presentation I gave yesterday on the protection of high-value targets and the #psychology of #socialengineering attacks (a thread).

But first, a big thank you to @CtgIntelligence for having me once again and for the great conference and organization!
A high-value target can be anyone with priviledged access and organizational influence (business leaders, CxOs, teams with access to sensitive info, etc.), anyone with high levels of exposure and influence (politicians, celebrities, athletes, etc), or high net-worth individuals
Their threat/vulnerability assessments should be handled on a more individual basis as they are typically the ones receiving the most tailored social engineering approaches -and the ones that most need to be aware of those.

Blanket assessments and trainings will not suffice
In covert social engineering attacks, high-value targets (HVTs) often fall victims to threat actors that find a way to entice them into the development of an ongoing, long-term relationship, through which they gain escalating trust priviledges...
...in order to elicit confidential information, covertly influence decisions, or plant seeds of doubt. The psychological effects of online interactions are as strong as the offline ones. Alternatively,they simply deliver convincing spear phishing emails & end the operation faster
In overt attacks, "trolls for hire" or " #disinformation for hire" services may be employed to affect the target's morale, performance and decision-making capabilities (especially before important events).
It is a form of psychological warfare, and a hit below the belt
High-value targets cannot avoid the threats resulting from their exposure. Yet their security is not only the security team's responsibility. It is also their own.
No security or close protection professional is going to be with them at all times or assess their interactions
Social exposure will inevitably lead to security & personal info leaks, especially when the HVT is not aware of essential security guidelines.
And although the example below is rare, there are many other, more explicit leaks, on a topic that is otherwise basic #OPSEC practice
It is a good practice for security professionals & high value targets to work together and identify vulnerabilities, limit them, and prepare the person that is in the spotlight to deal with threats & contingencies.
It is a sensitive task, make sure to follow this last advice:
You can follow @ChristinaLekati.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.