Frequently Asked Questions
What constitutes a security breach?
Circumvention of protective measures inside of an organization whether it be a government entity, non-profit, academic institute and/or private company to unlawfully gain access to proprietary information.
What type of information may be sought during a security breach?
Information of perceived value such as trade secrets, customer personnel data and employee records.
What are “threat actors”?
They are individuals or members of a group who attempt to breach the security of a targeted organization. Such threat actors may include foreign intelligence agencies, organized criminal groups, activist groups, terrorist organizations and/or industrial competitors.
Why are certain organizations targeted while others are not?
Organizations are assessed based upon the value of information they hold as well as the level of difficulty in conducting the breach. Organizations perceived as having weak security protocols (soft targets) will typically be chosen over those which are considered more challenging (hard targets).
What is an “insider threat”?
It is a threat stemming from an employee or contractor who facilitates a security breach. Such insiders may decide to directly
undertake the breach, or they may be unwittingly manipulated by outside threat actors to facilitate the breach?
What is social engineering?
Techniques utilized by threat actors to manipulate insiders to undertake actions which meet the objectives of the social engineer while often times compromising the insider and/or the targeted organization.
What percentage of security breaches involve social engineering?
More than 90 percent of successful security breaches are initiated by social engineering.
What are the four communication channels (attack vectors) utilized by social engineers?
They are phishing (e-mail), smishing (SMS), vishing (telephonic) and face-to-face interaction.
What is “elicitation”?
It is the acquisition of sensitive information by a social engineer during a conversation with an unsuspecting individual. Such information may include proprietary information from the target organization, or it may provide invaluable personality assessment information regarding the insider which will be leveraged by the social engineer in developing a
strategy for manipulation.
Can security breaches be prevented?
While not all security breaches can be prevented, an organization can significantly minimize risk by establishing effective security awareness programs.
Which individuals within an organization can best benefit from security awareness training?
All staff employees from entry level up to senior management, as well as contractors can benefit.
What is the difference between the online training offered by Counterintelligence Institute and workshops conducted at client sites?
Both of them cover the same concepts. While the online course is available on demand thereby providing greater flexibility in reaching more employees and/or contractors, the onsite workshop is tailored to the specific threats potentially faced by the client.
Is Warmka available as a conference speaker?
Peter is frequently a feature or guest speaker at a variety of venues interested in this topic. For more information, please send a query via the Contact page on this website.