Mark Guntrip

HSSB - McCune Conference Room 6020
Tue, Jul 16 2:30pm - 3:15pm

We’ve long known that phishing and social engineering are the ways most organisations get compromised. Attackers know it’s much easier to find someone who will click than to find a working exploit for a modern operating system or browser. However, most organizations have very little idea which of their people receive sophisticated threats, targeted threats, or even large volumes of threats. We call these targets VAPs (Very Attacked People), and they may not be who you would expect.

Using research across thousands of organisations around the world, this presentation will focus on how to identify who the Very Attacked People (VAP) are within your organisation (hint: it’s probably not your VIPs), why they are targeted, and how they are being attacked. We will then provide meaningful steps a security professional can take to protect their people.

Three Takeaways:

How to identify who is being attacked in your organisation
How to use that data to better understand your adversaries
How to tailor a protection plan for your riskiest people

Session Skill Level

Session Track