Reading Room | Insights, Newsletters, Presentations, Resources

<!DOCTYPE html> <html lang="en"> <head>  <script async src="https://www.googletagmanager.com/gtag/js?id=G-EY64M9QQ17"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-EY64M9QQ17'); </script> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1">  <title>Reading Room | Insights, Newsletters, Presentations, Resources | Cyber Risk GmbH</title> <meta name="description" content="Explore the Cyber Risk GmbH Reading Room for monthly newsletters, expert presentations, and insights into the latest challenges and opportunities in cybersecurity, compliance, and risk management."> <meta name="keywords" content="cybersecurity resources, compliance insights, risk management newsletters, cybersecurity presentations, risk management opportunities, Cyber Risk GmbH reading room, cybersecurity news, compliance updates, board training insights, cybersecurity Switzerland"> <script type="application/ld+json"> { "@context": "https://schema.org", "@type": "BreadcrumbList", "itemListElement": [ { "@type": "ListItem", "position": 1, "name": "Index", "item": "https://www.cyber-risk-gmbh.com" }, { "@type": "ListItem", "position": 2, "name": "About Us", "item": "https://www.cyber-risk-gmbh.com/About.html" }, { "@type": "ListItem", "position": 3, "name": "Training", "item": "https://www.cyber-risk-gmbh.com/Training.html" }, { "@type": "ListItem", "position": 4, "name": " Reading Room", "item": "https://www.cyber-risk-gmbh.com/Reading_Room.html" }, { "@type": "ListItem", "position": 5, "name": " Impressum", "item": " https://www.cyber-risk-gmbh.com/Impressum.html " } ] } </script> <script type="application/ld+json"> { "@context": "https://schema.org", "@type": "Organization", "name": "Cyber Risk GmbH", "url": "https://www.cyber-risk-gmbh.com", "logo": "https://www.cyber-risk-gmbh.com/Cyber_Risk_GmbH_Logo.jpg", "sameAs": [ "https://www.linkedin.com/company/71474270/admin/page-posts/published/", "https://x.com/Cyber_Risk_GmbH" ], "contactPoint": { "@type": "ContactPoint", "telephone": "+41-79-5058960", "contactType": "Customer Service", "areaServed": "Worldwide", "availableLanguage": "English" }, "founder": { "@type": "Person", "name": "George Lekatis" }, "description": "Cyber Risk GmbH is a leading provider of cyber risk and compliance training in Switzerland and worldwide.", "address": { "@type": "PostalAddress", "streetAddress": "Dammstrasse 16", "addressLocality": "Horgen", "addressRegion": "Canton of Zürich", "postalCode": "8810", "addressCountry": "CH" } } </script> <link rel="apple-touch-icon" sizes="180x180" href="apple-touch-icon.png"> <link rel="icon" type="image/png" sizes="32x32" href="favicon-32x32.png"> <link rel="icon" type="image/png" sizes="16x16" href="favicon-16x16.png"> <link rel="shortcut icon" type="image/x-icon" href="favicon.ico"> <link rel="manifest" href="manifest.json"> <meta name="msapplication-TileImage" content="mstile-150x150.png"> <meta name="theme-color" content="#ffffff">  <link href="css/bootstrap.min.css" rel="stylesheet"> <link href="css/style.css" rel="stylesheet">  <link href="https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css" rel="stylesheet"> <link href="https://fonts.googleapis.com/css2?family=Montserrat:wght@100;200;300;400;500;600;700;800;900&display=swap" rel="stylesheet">  <link rel="stylesheet" href="css/owl.carousel.css"> <link rel="stylesheet" href="css/owl.theme.default.css">  <script src="js/jquery.min.js"></script> <script src="js/owl.carousel.js"></script> <style> .wrapper-banner { background: url("https://www.cyber-risk-gmbh.com/Cyber_Risk_GmbH_Reading_Room3.jpg"); background-size: cover; background-position: center; } </style> <link rel="stylesheet" href="./style2.css"> <style> body { color: black; } </style> <style> a:link { color: blue; background-color: transparent; text-decoration: none; } a:visited { color: blue; background-color: transparent; text-decoration: none; } a:hover { color: red; background-color: transparent; text-decoration: underline; } a:active { color: blue; background-color: transparent; text-decoration: underline; } </style> </head> <body>  <div class="wrapper-menu"> <nav id="header" class="navbar navbar-fixed-top"> <div id="header-container" class="container navbar-container"> <div class="navbar-header"> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> Toggle navigation </button> <a id="brand" class="navbar-brand" href="https://www.cyber-risk-gmbh.com/"> <img src="images/logo/CyberRisk5FINALFINAL.png" alt="Cyber Risk GmbH, Cyber Risk Awareness and Training" width="240" class="img-responsive">  </a> </div> <div id="navbar" class="collapse navbar-collapse"> <ul class="nav navbar-nav"> <li><a style = "color:#070579" href="https://www.cyber-risk-gmbh.com/About.html" target="_blank">About</a></li> <li><a style = "color:#070579" href="https://www.cyber-risk-gmbh.com/Training.html" target="_blank">Training</a></li> <li><a style = "color:#070579" href="https://www.cyber-risk-gmbh.com/Board.html" target="_blank">For The Board</a></li> <li><a style = "color:#070579" href="https://www.cyber-risk-gmbh.com/Assessment.html" target="_blank">Assessment</a></li> <li><a style = "color:#070579" href="https://www.cyber-risk-gmbh.com/Reading_Room.html" target="_blank">Reading Room</a></li> <li><a style = "color:#070579" href="https://www.cyber-risk-gmbh.com/Contact.html" target="_blank">Contact</a></li> <li><a style = "color:#070579" href="https://www.cyber-risk-gmbh.com/Cyber_Risk_Links.html" target="_blank">Cyber Risk Links</a></li> <li><a style = "color:#070579" href="https://www.cyber-risk-gmbh.com/Impressum.html" target="_blank">Impressum</a> </ul> </div>  </div>  </nav>  </div> <div class="container-fluid wrapper-banner"> <div class="container"> <div class="top-banner"> </div> </div> </div> <div class="container-fluid projects-wrapper"> <div class="container"> <div class="row"> <div class="section-title"> <h3>Cyber Risk GmbH - Reading room</h3> </div> </div> Our monthly newsletter <a href="Cyber_Risk_Compliance_News_Alerts_October_2024.pdf" target="_blank">October 2024 (6.22 MB, 94 pages)</a> <a href="Cyber_Risk_Compliance_News_Alerts_September_2024.pdf" target="_blank">September 2024 (5.45 MB, 79 pages)</a> <a href="Cyber_Risk_Compliance_News_Alerts_June_2024.pdf" target="_blank">June 2024 (5.03 MB, 100 pages)</a> <a href="Cyber_Risk_Compliance_News_Alerts_May_2024.pdf" target="_blank">May 2024 (6.84 MB, 94 pages)</a> <a href="Cyber_Risk_Compliance_News_Alerts_April_2024.pdf" target="_blank">April 2024 (6.67 MB, 114 pages)</a> <a href="Cyber_Risk_Compliance_News_Alerts_March_2024.pdf" target="_blank">March 2024</a> <a href="Cyber_Risk_Compliance_News_Alerts_February_2024.pdf" target="_blank">February 2024</a> <a href="Cyber_Risk_Compliance_News_Alerts_January_2024.pdf" target="_blank">January 2024</a> <a href="https://www.cyber-risk-gmbh.com/Cyber_Risk_and_Compliance_News_and_Alerts_November_2023.pdf" target="_blank">November 2023</a> <a href="https://www.cyber-risk-gmbh.com/Cyber_Risk_and_Compliance_News_and_Alerts_October_2023.pdf" target="_blank">October 2023</a> <a href="https://www.cyber-risk-gmbh.com/Cyber_Risk_in_Switzerland_September_2023.pdf" target="_blank">September 2023</a> <a href="https://www.cyber-risk-gmbh.com/Cyber_Risk_in_Switzerland_July_2023.pdf" target="_blank">July 2023</a> <a href="https://www.cyber-risk-gmbh.com/Cyber_Risk_in_Switzerland_June_2023.pdf" target="_blank">June 2023</a> <a href="https://www.cyber-risk-gmbh.com/Cyber_Risk_in_Switzerland_May_2023.pdf" target="_blank">May 2023</a> <a href="https://www.cyber-risk-gmbh.com/Cyber_Risk_in_Switzerland_April_2023.pdf" target="_blank">April 2023</a> <a href="https://www.cyber-risk-gmbh.com/Cyber_Risk_in_Switzerland_March_2023.pdf" target="_blank">March 2023</a> <a href="https://www.cyber-risk-gmbh.com/Cyber_Risk_in_Switzerland_February_2023.pdf" target="_blank">February 2023</a> <a href="https://www.cyber-risk-gmbh.com/Cyber_Risk_in_Switzerland_January_2023.pdf" target="_blank">January 2023</a> <a href="https://www.cyber-risk-gmbh.com/Cyber_Risk_in_Switzerland_November_2022.pdf" target="_blank">November 2022</a> <a href="https://www.cyber-risk-gmbh.com/Cyber_Risk_in_Switzerland_October_2022.pdf" target="_blank">October 2022</a> <a href="https://www.cyber-risk-gmbh.com/Cyber_Risk_in_Switzerland_September_2022.pdf" target="_blank">September 2022</a> <a href="https://www.cyber-risk-gmbh.com/Cyber_Risk_in_Switzerland_July_2022.pdf" target="_blank">July 2022</a> <a href="https://www.cyber-risk-gmbh.com/Cyber_Risk_in_Switzerland_June_2022.pdf" target="_blank">June 2022</a> <a href="https://www.cyber-risk-gmbh.com/Cyber_Risk_in_Switzerland_May_2022.pdf" target="_blank">May 2022</a> <a href="https://www.cyber-risk-gmbh.com/Cyber_Risk_in_Switzerland_April_2022.pdf" target="_blank">April 2022</a> <a href="https://www.cyber-risk-gmbh.com/Cyber_Risk_in_Switzerland_March_2022.pdf" target="_blank">March 2022</a> <a href="https://www.cyber-risk-gmbh.com/Cyber_Risk_in_Switzerland_February_2022.pdf" target="_blank">February 2022</a> <a href="https://www.cyber-risk-gmbh.com/Cyber_Risk_in_Switzerland_January_2022.pdf" target="_blank">January 2022</a> <hr> <div class="container-fluid projects-wrapper"> <div class="container"> <div class="row"> <div class="section-title"> <h3>Cyber Risk GmbH, some of our clients</h3> <div class="logos"> <div class="logos-slide"> <img src="Logos/XMA8.png" alt="" > <img src="Logos/SYGNIA5.jpg" alt="" > <img src="Logos/DELL3.jpg" alt="" > <img src="Logos/VW.jpg" alt="" > <img src="Logos/Bosch9.png" alt="" > <img src="Logos/Swisslife3.JPG" alt="" > <img src="Logos/Coop3.png" alt="" > <img src="Logos/CEPI3.png" alt="" > <img src="Logos/ATLAS8.png" alt="" > <img src="Logos/INSIG8.png" alt="" > <img src="Logos/SANT8.png" alt="" > <img src="Logos/NTT38.png" alt="" > <img src="Logos/EIB15.PNG" alt="" > <img src="Logos/SC8.JPG" alt="" > <img src="Logos/schindler.jpg" alt="" > <img src="Logos/AO9.png" alt="" > <img src="Logos/GS300.JPG" alt="" > <img src="Logos/DB8.png" alt="" > <img src="Logos/TM8.png" alt="" > <img src="Logos/OK8.png" alt="" > <img src="Logos/PWC5.JPG" alt="" > <img src="Logos/Fujitsu.png" alt="" > <img src="Logos/HO5.JPG" alt="" > <img src="Logos/FIN22.png" alt="" > <img src="Logos/SAN8.png" alt="" > <img src="Logos/BAH9.png" alt="" > <img src="Logos/AT32.png" alt="" > <img src="Logos/WINS25.png" alt="" > <img src="Logos/SKY12.png" alt="" > <img src="Logos/RB78.png" alt="" > <img src="Logos/WU8.png" alt="" > <img src="Logos/TDC.JPG" alt="" > <img src="Logos/BH18.png" alt="" > <img src="Logos/DeepSec_Conference7.png" alt="" > <img src="Logos/DC12.png" alt="" > <img src="Logos/BROAD8.png" alt="" > <img src="Logos/LEMON8.PNG" alt="" > <img src="Logos/SIK8.PNG" alt="" > <img src="Logos/KUMO8.PNG" alt="" > <img src="Logos/VEST8.PNG" alt="" > <img src="Logos/MOXA8.PNG" alt="" > <img src="Logos/TIET8.PNG" alt="" > <img src="Logos/UNI8.PNG" alt="" > <img src="Logos/BCC11.PNG" alt="" > <img src="Logos/SN8.PNG" alt="" > <img src="Logos/KYN8.PNG" alt="" > <img src="Logos/PG8.PNG" alt="" > <img src="Logos/MER8.PNG" alt="" > <img src="Logos/LIB8.PNG" alt="" > <img src="Logos/ALI8.PNG" alt="" > <img src="Logos/USA8.PNG" alt="" > <img src="Logos/MAR8.PNG" alt="" > <img src="Logos/ABB8.PNG" alt="" > <img src="Logos/INSI8.PNG" alt="" > </div> </div> <script> var copy = document.querySelector(".logos-slide").cloneNode(true); document.querySelector(".logos").appendChild(copy); </script> <hr> Presentations, articles, papers, news 1. Christina Lekati, interview, Schweizer Radio und Fernsehen (SRF): “Social Engineers und ihr Lieblingsnetzwerk”. Beim Social Engineering geht es darum, Menschen zu manipulieren, um an Infos oder Geld zu kommen. Kaum ein Hackerangriff kommt heute ohne eine gute Portion «Human Hacking» aus. Wie funktioniert es, was kann man dagegen tun und welche Rolle spielt LinkedIn? <a href="https://www.srf.ch/audio/digital-podcast/social-engineers-und-ihr-lieblingsnetzwerk?id=12484536" target="_blank">https://www.srf.ch/audio/digital-podcast/social-engineers-und-ihr-lieblingsnetzwerk?id=12484536</a> <img src="Christina_Lekati_SRF_2.JPG" alt="Christina Lekati, Schweizer Radio und Fernsehen (SRF)" width="656" height="265" class="img-responsive"> 2. Black Hat Asia 2024, Singapore - Christina Lekati and Samuel Lolagar lead the class: “Fundamentals of Cyber Investigations and Human Intelligence”. In this class, participants learn a comprehensive methodology for gathering in-depth information on a human target, following three intelligence disciplines: • Open-source intelligence (OSINT), • Social media intelligence (SOCMINT), a sub-brunch of OSINT, • Human intelligence (HUMINT), and particularly, virtual HUMINT. <a href="https://www.blackhat.com/asia-24/training/schedule/#fundamentals-of-cyber-investigations-and-human-intelligence-35822" target="_blank">https://www.blackhat.com/asia-24/training/schedule/#fundamentals-of-cyber-investigations-and-human-intelligence-35822</a> <img src="Black_Hat_Asia_2024_Christina_Lekati.png" width="655" height="262" alt="Christina Lekati Black Hat Asia 2024" class="img-responsive"> 3. Christina Lekati, October 2023, presentation at the Swiss Cyber Storm (Bern, Switzerland): “Targeting Key Individuals, Profiling, and Weaponizing Psychology.” Targeted social engineering attacks that weaponize psychology have become tools employed by State-sponsored adversaries and cybercriminals. They want to infiltrate organizations, steal information, recruit insiders, and move to other critical infrastructure entities. What must individuals with privileged access to information or systems do? <a href="https://www.youtube.com/watch?v=_qbJvjsRAPo" target="_blank">https://www.youtube.com/watch?v=_qbJvjsRAPo</a> <img src="Swiss_Cyber_Storm_Christina_Lekati_1.jpg" width="692" height="461" alt="Swiss Cyber Storm Christina Lekati" class="img-responsive"> 4. Christina Lekati, November 2023, 2 days training at the DeepSec Conference in Vienna, Austria: “Security Intelligence: Practical Social Engineering and Open-source Intelligence for Security Teams” In this rapidly evolving threat landscape, security professionals and penetration testers / red teamers must understand better how social engineering works, and how to identify and disrupt attack verticals. <a href="https://deepsec.net/schedule.html" target="_blank">https://deepsec.net/schedule.html</a> <img src="DeepSec_Christina_Lekati.png" width="698" height="354" alt="DeepSec Christina Lekati" class="img-responsive"> 5. Christina Lekati, October 2023, interview for the Swiss “Inside IT” News Platform: "Man muss sich immer fragen: Dürfen Kriminelle das wissen?" Am Ende hängt doch alles am Menschen: Wenn man sein Passwort weitergibt, die Zweifaktor-Authentifizierung ausschaltet oder Geld an Kriminelle überweist, nützt ein ausgeklügeltes Sicherheitssystem wenig. Und auch wenn es abgedroschen klingt: Der Faktor "Mensch" wird oft noch unterschätzt, besonders wenn man sich vergegenwärtigt, wie viele heikle Informationen im Netz publiziert sind. Und wie einfach diese mittlerweile mit den richtigen Tools und Methoden gesammelt werden können – raffiniertere Google-Befehle genügen bereits für erstaunliche Resultate. Wenn die Angreifer dann noch über grosse Ressourcen verfügen, wird es richtig düster. Wie das geht, weiss Christina Lekati, Spezialistin für Social Engineering und Open Source Intelligence (OSINT). An der diesjährigen Swiss Cyber Storm in Bern wird sie über den "Human Factor" sprechen. Wir haben uns im Vorfeld mit ihr unterhalten. <a href="https://www.inside-it.ch/man-muss-sich-immer-fragen-duerfen-kriminelle-das-wissen-20231012" target="_blank">https://www.inside-it.ch/man-muss-sich-immer-fragen-duerfen-kriminelle-das-wissen-20231012</a> <img src="Inside_IT_Christina_Lekati_1.jpg" width="702" height="651" alt="Inside IT Christina Lekati" class="img-responsive"> 6. Black Hat Asia 2023. Christina Lekati and Samuel Lolagar lead the class: “Fundamentals of Cyber Investigations and Human Intelligence” at Marina Bay Sands, Singapore. In this class, participants learn a comprehensive methodology for gathering in-depth information on a human target, following three intelligence disciplines: • Open-source intelligence (OSINT), • Social media intelligence (SOCMINT), a sub-brunch of OSINT, • Human intelligence (HUMINT), and particularly, virtual HUMINT. <a href="https://www.blackhat.com/asia-23/training/schedule/#fundamentals-of-cyber-investigations--human-intelligence-29747" target="_blank">https://www.blackhat.com/asia-23/training/schedule/#fundamentals-of-cyber-investigations--human-intelligence-29747</a> <img src="Christina_Lekati_Black_Hat_Asia_2023.jpg" alt="Christina Lekati, Black Hat Asia 2023" width="656" height="265" class="img-responsive"> 7. Presentation at the Insomni’hack conference in Lausanne, Switzerland, in 2023: “Targeted Social Engineering Attacks: Weaponizing Psychology”. Targeted social engineering attacks that weaponize psychology have become tools employed by cybercriminals to infiltrate organizations in the public and private sector, steal sensitive information, recruit insiders, and help threat actors breach an organization's security. This presentation covers some of the most recent social engineering techniques and case studies. <a href="https://www.youtube.com/watch?v=SfBj0xnd_XI" target="_blank">https://www.youtube.com/watch?v=SfBj0xnd_XI</a> <img src="Christina_Lekati_Insomnihack_2023.jpg" alt="Christina Lekati, Presentation at the Insomni’hack conference in Lausanne, Switzerland, in 2023" width="655" height="493" class="img-responsive"> 8. Featured for her presentation at the Insomni’hack conference in LeTemps, one prominent newspaper in Switzerland, March 2023. “The Insomni'hack conference, organized at EPFL, highlights ultra-sophisticated phishing techniques. Explanations from cybersecurity specialist Christina Lekati” <a href="https://www.letemps.ch/economie/hackers-usent-psychologie-fine-pieger-leurs-victimes" target="_blank">https://www.letemps.ch/economie/hackers-usent-psychologie-fine-pieger-leurs-victimes</a> <img src="Christina_Lekati_LeTemps_2023.jpg" alt="Christina Lekati, LeTemps newspaper, Switzerland, March 2023" width="652" height="674" class="img-responsive"> 9. Article for Golem.de (in German): “ChatGPT und die Zukunft des Social Engineering”. <a href="https://www.golem.de/news/e-mail-phishing-mit-ki-chatgpt-und-die-zukunft-des-social-engineering-2305-173296.html" target="_blank">https://www.golem.de/news/e-mail-phishing-mit-ki-chatgpt-und-die-zukunft-des-social-engineering-2305-173296.html</a> <img src="Christina_Lekati_Golem_2023.jpg" alt="Christina Lekati, Article for Golem.de (in German): “ChatGPT und die Zukunft des Social Engineering”" width="648" height="512" class="img-responsive"> 10. Article for Heise’s iX Magazine (in German): “Sicherheitsrisiko Mitarbeiter: Mit Psychologie Cybersecurity-Kultur Schärfen Der Mensch ist das schwächste Glied in der IT-Security-Kette. Psychologisches Know-how hilft beim Aufbau einer Cybersecurity-Kultur.” <a href="https://www.heise.de/hintergrund/Sicherheitsrisko-Mitarbeiter-Mit-Psychologie-Cybersecurity-Kultur-schaerfen-7187096.html" target="_blank">https://www.heise.de/hintergrund/Sicherheitsrisko-Mitarbeiter-Mit-Psychologie-Cybersecurity-Kultur-schaerfen-7187096.html</a> <img src="1_Heise_iX_Magazine.jpg" alt="Christina Lekati, “Sicherheitsrisiko Mitarbeiter: Mit Psychologie Cybersecurity-Kultur Schärfen Der Mensch ist das schwächste Glied in der IT-Security-Kette. Psychologisches Know-how hilft beim Aufbau einer Cybersecurity-Kultur.” " width="650" height="308" class="img-responsive"> 11. Expert opinion for an article of Die Zeit (in German): “Hier Spricht die Polizei". Telefonbetrüger geben sich als Beamte von Europol aus, um Geld zu erbeuten. Unsere Autorin hat mit einigen gesprochen – und mit einem Opfer, das mehr als 30.000 Euro verloren hat. <a href="https://www.zeit.de/2022/25/telefon-betrug-europol-polizei" target="_blank">https://www.zeit.de/2022/25/telefon-betrug-europol-polizei</a> <img src="2_DieZeit.jpg" alt="Christina Lekati, Expert opinion for an article of Der Zeit (in German) " width="650" height="308" class="img-responsive"> 12. Podcast Interview for Hensoldt Analytics: “Social Engineering and the Protection of High-Value Targets.” In this podcast episode we discuss the risks posed by social engineering, and how OSINT can be used for the protection of high-value targets. <a href="https://www.youtube.com/watch?v=d2do-JGzw8c&list=PLfodXJHGJlWm06UItlJ-hNAhvF1CZxy9r&index=7" target="_blank">https://www.youtube.com/watch?v=d2do-JGzw8c&list=PLfodXJHGJlWm06UItlJ-hNAhvF1CZxy9r&index=7</a> <img src="3_Hensoldt_Analytics_Podcast.jfif" alt="Christina Lekati, Hensoldt Analytics, “Social Engineering and the Protection of High-Value Targets” " width="650" height="308" class="img-responsive"> 13. Article for Feedly’s Threat Intelligence Community “Ahead”: “Social Engineering Kill-Chain: Predicting, Minimizing, & Disrupting Attack Verticals.” Protecting an organization from social engineering attacks is NOT an easy, or one-dimensional task. This is an asymmetric game in which information, knowledge, & strategy are paramount. But how do threat actors build their attack strategy, and how can we inform ours? This article explains and breaks down the typical social engineering kill-chain, and offers practical tips for a defense strategy. <a href="https://ahead.feedly.com/posts/social-engineering-kill-chain-predicting-minimizing-and-disrupting-attack-verticals" target="_blank">https://ahead.feedly.com/posts/social-engineering-kill-chain-predicting-minimizing-and-disrupting-attack-verticals</a> <img src="4_Feedly_Social_Engineering_Kill_Chain.jpg" alt="Christina Lekati, Feedly’s Threat Intelligence " width="650" height="308" class="img-responsive"> 14. Article for Feedly’s Threat Intelligence Community “Ahead”: “High Value Targets (HVT): Where Should You Focus Your Intelligence Collection & Analysis Efforts?” Ensuring the security of an HVT requires more than having adequate technical infrastructure or a close protection operative. That individual's public and private actions can directly impact their personal and organizational security. A protective intelligence report identifies weaknesses and informs the organization's security strategy. You may read the article for more details: <a href="https://ahead.feedly.com/posts/high-value-targets-focus-intelligence-collection" target="_blank">https://ahead.feedly.com/posts/high-value-targets-focus-intelligence-collection</a> <img src="5_Feedly_High_Value_Targets.jpg" alt="Christina Lekati, Article for Feedly’s Threat Intelligence" width="650" height="308" class="img-responsive"> 15. SANS Summit Talk for the Open-Source Intelligence Summit (Washington DC): “Protecting High-Value Individuals: An OSINT Workflow.” This presentation walks you through the workflow of a (sanitized) OSINT assessment case for a high value-target. This case revolves around a company executive a few days before moving into public announcements that were likely to trigger hacktivist groups. Cyber harassment can start from online platforms but it may also continue into the physical sphere of the targeted individual. Most often, the goal is either to influence the behavior of the target and make them resign, change their decisions and future behavior, or to cause significant psychological distress – that will ultimately affect their work performance. Knowing that harassment was a highly likely scenario, the company requested an OSINT assessment on this individual to help them eliminate or manage information that could pose a risk to the individual and ultimately affect his performance and the company. <a href="https://www.youtube.com/watch?v=rE4mORq9T5s" target="_blank">https://www.youtube.com/watch?v=rE4mORq9T5s</a> <img src="6_SANS_OSINT_Summit.jfif" alt="Christina Lekati, SANS Summit Talk for the Open-Source Intelligence Summit (Washington DC) " width="650" height="308" class="img-responsive"> 16. Interview for the State of OSINT. A community project that captures the views and experiences of some of the most renowned open-source intelligence practitioners. Read expert's views on the best (and worst) of OSINT, their favourite tools and techniques, and how they think the landscape is changing. <a href="https://stateofosint.com/posts/2022-christina-lekati/" target="_blank">https://stateofosint.com/posts/2022-christina-lekati/</a> <img src="7_State_of_OSINT.png" alt="Christina Lekati, Interview for the State of OSINT " width="650" height="308" class="img-responsive"> 17. Presentation at the CEO corner and the CISO/DPO Cyber Day in Luxemburg, organized by PwC Luxembourg. At the CEO Corner, Christina was invited for an executive briefing on the highly personalized, social engineering threats targeting CEOs and the Board of Directors, in an interactive, in-person session among a small group of select executives and CEOs. During the CISO/DPO Cyber Day, Christina presented the evolving nature of social engineering attacks, what we should expect in the future, and how weaponizing psychology is currently a threat to information security. She recommended Target Vulnerability Assessments that will assist high value targets avoid or better identify and respond to weaponized psychology attacks against them or their organization. <img src="Christina_Lekati_PwC_Luxemburg.jpg" alt="Christina Lekati Presentation at the CEO corner and the CISO/DPO Cyber Day in Luxemburg, organized by PwC Luxembourg" width="650" height="308" class="img-responsive"> 18. Keynote Presentation for SecIT by Heise. In this presentation, Christina Lekati discussed the psychological elements and behavioural science involved in facilitating users to adopt better cybersecurity habits. She talked about the drivers of motivation, people’s perception of risk and reward, the psychology of wilful compliance, but also about common mistakes in the process. This presentation aided security managers and executives to more effectively communicate and implement the necessary cybersecurity policies and procedures that employees need to practice within their organization. <img src="Christina_Lekati_Heise.jpeg" alt="Christina Lekati Heise" width="600" height="308" class="img-responsive"> 19. DEF CON 29, presentation at the Social Engineering Village. "Judging By the Cover; Profiling and Targeting Through Social Media". The presentation demonstrated how attackers gather information through social media and utilize them to manipulate and victimize their targets, ultimately leading to a security breach. <img src="Christina_Lekati_DEFCON.JPG" alt="Christina Lekati DEFCON" width="600" height="308" class="img-responsive"> 20. Interview for the TAZ Newspaper (In German): Jeder hat eine Schwachstelle. Betrüger bauen Vertrauen auf, um an Daten oder Geld zu kommen. Welche Tricks sie dafür nutzen, erklärt Sicherheitstrainerin Christina Lekati. <a href="https://taz.de/Sicherheitsexpertin-ueber-Social-Engineering/!5711020/" target="_blank">https://taz.de/Sicherheitsexpertin-ueber-Social-Engineering/!5711020/</a> <img src="images/C1.png" alt="Christina Lekati, Interview for the TAZ Newspaper" width="600" height="308" class="img-responsive"> 21. SANS Summit Talk for the Open Source Intelligence Summit (Washington DC): “Judging By The Cover - Profiling Through Social Media”. The talk demonstrates how attackers gather information on their targets through social media and utilize them to manipulate and victimize them – ultimately leading to a security breach. If you have a SANS account you may find the slides of the presentation by visiting: <a href="https://www.sans.org/cyber-security-summit/archives" target="_blank">https://www.sans.org/cyber-security-summit/archives</a> <img src="images/C2.jpg" width="600" height="302" alt="Christina Lekati SANS" class="img-responsive"> 22. Interview for Golem.de (In German): Social Engineering: Die unterschätzte Gefahr. Die größten Schwachstellen in technischen Systemen sind bis heute Menschen. Social Engineers machen sich ihre Sorglosigkeit zunutze - und finden auf sozialen Netzwerken alles, was sie für einen erfolgreichen Angriff brauchen. <a href="https://www.golem.de/news/social-engineering-die-unterschaetzte-gefahr-1908-142812.html" target="_blank">https://www.golem.de/news/social-engineering-die-unterschaetzte-gefahr-1908-142812.html</a> <img src="images/C3.png" alt="Christina Lekati, Interview for Golem.de" width="600" height="334" class="img-responsive"> 23. Interview for the Dot Magazine: “Creating a “Human Firewall” for IT Security”. Psychologist and social engineer Christina Lekati from Cyber Risk GmbH explains the psychological basis of phishing and how to arm staff with effective defenses. <a href="https://www.dotmagazine.online/issues/securing-the-future/human-firewall-for-it-security" target="_blank">https://www.dotmagazine.online/issues/securing-the-future/human-firewall-for-it-security</a> <img src="images/C4.png" alt="Christina Lekati, Interview for the Dot Magazine" width="600" height="347" class="img-responsive"> 24. Interview for the ECO Association - Europe’s Largest Internet Association (In German): Social Engineering: Mitarbeiter stärker für IT-Security sensibilisieren. Mitarbeiter müssen lernen, wie sie auf diese Anfragen in einer angemessenen Weise reagieren können. Dies geschieht durch intensive Schulung. Sie müssen verstehen, dass das Thema: Sicherheit geteilte Verantwortung bedeutet und, dass sie eben einen Teil dieser Verantwortung mittragen. <a href="https://www.eco.de/news/social-engineering-unwissenheit-am-meisten-ausgenutzt/" target="_blank">https://www.eco.de/news/social-engineering-unwissenheit-am-meisten-ausgenutzt/</a> <img src="images/C5.png" alt="Christina Lekati, Interview for the ECO Association" width="600" height="337" class="img-responsive"> 25. Conference Presentation at Hacktivity: "Social Engineering Through Social Media". The talk demonstrates how attackers gather information on their targets through social media and utilize them to manipulate and victimize them – ultimately leading to a security breach. <a href="https://www.youtube.com/watch?v=D8Z69AsSFn0&t=577s" target="_blank">https://www.youtube.com/watch?v=D8Z69AsSFn0&t=577s</a> <img src="images/C6A.png" alt="Christina Lekati, Conference Presentation at Hacktivity" width="600" height="305" class="img-responsive"> 26. Conference Presentation at ElBsides Hamburg: "When Your Biggest Threat is on Your Payroll – Drivers and Enablers of Insider Threat Activities". The talk discusses the organizational factors enabling insider threat operations and countermeasures against them, by combining the lessons learned on insider activity prevention from the fields of counterintelligence, psychology, and cyber-security. <a href="https://www.youtube.com/watch?v=5ovY0YlLZNU&t=2208s" target="_blank">https://www.youtube.com/watch?v=5ovY0YlLZNU&t=2208s</a> <img src="images/C7.jpg" alt="Christina Lekati, Conference Presentation at ElBsides Hamburg" width="600" height="400" class="img-responsive"> 27. Cyber Terror Campaigns Against High Value Individuals and Public Figures. <a href="https://www.cyber-risk-gmbh.com/Cyber_Terror_Campaigns_Against_High_Value_Individuals_and_Public_Figures.html" target="_blank">https://www.cyber-risk-gmbh.com/Cyber_Terror_Campaigns_Against_High_Value_Individuals_and_Public_Figures.html</a> 28. How Psychology and Behavioural Science Can Help You Build Your Cybersecurity Culture. <a href="https://www.cyber-risk-gmbh.com/How_Psychology_and_Behavioural_Science_Can_Help_You_Build_Your_Cybersecurity_Culture.html" target="_blank">https://www.cyber-risk-gmbh.com/How_Psychology_and_Behavioural_Science_Can_Help_You_Build_Your_Cybersecurity_Culture.html</a> 29. Wie Psychologie und Verhaltenswissenschaft ihnen beim Aufbau ihrer Cybersecurity-Kultur helfen können. <a href="https://www.cyber-risk-gmbh.com/Wie_Psychologie_und_Verhaltenswissenschaft_ihnen_beim_Aufbau_ihrer_Cybersecurity_Kultur_helfen_koennen.html" target="_blank">https://www.cyber-risk-gmbh.com/Wie_Psychologie_und_Verhaltenswissenschaft_ihnen_beim_Aufbau_ihrer_Cybersecurity_Kultur_helfen_koennen.html</a> 30. Psychological Exploitation of Social Engineering Attacks. <a href="https://www.cyber-risk-gmbh.com/Psychological_Exploitation_of_Social_Engineering_Attacks.html" target="_blank">https://www.cyber-risk-gmbh.com/Psychological_Exploitation_of_Social_Engineering_Attacks.html</a> 31. Psychologische Ausnutzung von Social-Engineering-Angriffen. <a href="https://www.cyber-risk-gmbh.com/Psychologische_Ausnutzung_von_Social_Engineering_Angriffen.html" target="_blank">https://www.cyber-risk-gmbh.com/Psychologische_Ausnutzung_von_Social_Engineering_Angriffen.html</a> <hr> Our new Youtube Channel We invite you to subscribe to the new YouTube Channel of Cyber Risk GmbH. We keep the message short and sweet, and we cover a difficult subject in 3-4 minutes. People like it when you get to the point. Appetizers rock. We hope they will make you want more. <a href="https://www.youtube.com/@CyberRiskGmbH" target="_blank">https://www.youtube.com/@CyberRiskGmbH</a> <img src="YouTube_Channel_Cyber_Risk_GmbH.JPG" width="1635" height="311" alt="YouTube Channel Cyber Risk GmbH" class="img-responsive"> <hr> </div> </div> </div> </div> </div> </div>  <script src="js/bootstrap.js"></script> <script> $(document).ready(function() { var owl = $('.cliend-logo'); owl.owlCarousel({ margin: 20, nav: true, loop: true, autoplay:true, autoplayTimeout:4000, responsive: { 0: { items: 1 }, 600: { items: 6 }, 1000: { items: 6 } } }) }) $(document).ready(function() { var owl = $('.testimonialstext'); owl.owlCarousel({ margin: 20, nav: true, loop: true, autoplay:true, autoplayTimeout:4000, responsive: { 0: { items: 1 }, 600: { items: 1 }, 1000: { items: 1 } } }) }) </script> <script> $(window).scroll(function() { if ($(document).scrollTop() > 50) { $('nav').addClass('shrink'); $('.add').hide(); } else { $('nav').removeClass('shrink'); $('.add').show(); } }); </script> </body> </html>

CINXE.COM

Reading Room | Insights, Newsletters, Presentations, Resources | Cyber Risk GmbH