Thank Mark Zuckerberg and Kim Kardashian West for waking up the average consumer to the types of risks they face from using technology and social media, says social engineering expert Sharon Conheady.
"For the most part, if you break down the actual social engineering attacks, it's the same thing we've been seeing for years and years," Conheady says in an interview with Information Security Media Group at Black Hat Europe 2016 in London. But there was a sea change in the public's understanding of related concerns thanks, in part, to Facebook CEO Mark Zuckerberg revealing in June via Instagram that he covers his laptop webcam with tape to deter anyone who might be attempting to remotely spy on him, says Conheady, who heads London-based computer security firm First Defence Information Security.
Mass awareness was further bolstered when reality television star Kim Kardashian West was robbed at gunpoint at a luxury apartment in Paris in October. Two men dressed as police officers stole a box containing jewelry worth an estimated $6.7 million, French police say. "It was really the celebrity who was targeted, with possessions that had been seen and noticed via social media, and it was these goods that the attackers targeted," Paris police department spokeswoman Johanna Primevert told CNN following the robbery.
Kardashian West has 87 million Instagram followers and 49 million Twitter followers. Privacy is not a trait most would associate with her brand-building efforts.
Conheady says the robbery woke people up to the danger of oversharing. "Suddenly, people realized, if you post all this information on social media, it can be used against you," she says. "This is what security experts have been saying for years now."
In this interview (see audio link below photo), Conheady discusses:
- The need for individuals to understand how information they share can be used against them;
- The danger posed by sharing or revealing metadata;
- The recent move by Admiral Insurance to provide discounts to first-time car owners who share access to their Facebook page with the insurer;
- How employees in enterprises too often reveal more than they should.
In addition to leading First Defence Information Security, Conheady is also a partner in The Risk Avengers, a consultancy. She's previously served as a professional services director for vulnerability management firm Outpost24 and worked as a penetration tester for Ernst & Young, among other roles. She specializes in the human side of security and has social engineered her way into dozens of organizations, including company offices, sports stadiums, government facilities and more. Conheady is the author of Social Engineering in IT Security: Tools, Tactics, and Techniques.