Today’s applications are configured to control access to valuable information by identifying who is requesting access. This identification process allows whoever is responsible for managing the information to make sure that only the right people can get to it. There are various methods for doing this, all of which fall under the category of Access Management. Access management consists of methods for identifying users, establishing that they are authorized to access the information and then managing any credentials that are issued. These processes make it possible to manage large groups of users and very valuable information. Security professionals make a living designing strong access management controls. And hackers make a living figuring out how to break them.
Threat actors employ a variety of techniques to acquire user accesses they are not entitled to. Once acquired they strive to escalate the assigned privileges in order to increase the value of their illegal access. The most valuable accounts to acquire are administrator accounts that come with elevated privileges to do things that normal users can’t do. Directly accessing databases, creating new accounts and moving laterally from server to server in a network are examples of activities that hackers work on achieving within both large and small organizations.
One of the most effective techniques hackers apply is convincing legitimate users to willingly give up information they use to gain access to systems and information they’re authorized to use. These techniques have been around for hundreds of years and fall into the category of Social Engineering. Being able to manipulate other people to do what they want is a core competency of the best hackers or scammers, whether used in person or online.
In this webinar, attendees will learn:
- What Access Management is.
- Access Management techniques and their strengths and weaknesses
- Social Engineering techniques
- Social Engineering scams
- How to protect yourself and your business.
Presenters:
Bruce Mirante, Cybersecurity State Coordinator CISA Region 9, joined the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) in January 2024. Bruce is part of CISA’s Region 9 and serves as the Cybersecurity State Coordinator to the State of Hawaii. In this role, Bruce builds strategic public and private sector relationships with state, local, tribal and private sector critical infrastructure entities, and serves as a principle point of contact to non-Federal organizations interested in engaging with the Federal government to prepare, manage and respond to cybersecurity incidents.
Prior to joining CISA, Bruce was with Matson Navigation Company serving with their network and information security group.
Bruce has been in Hawaii for the past forty years, working for the Federal government both as a contractor and a civilian employee. Bruce has also worked as an adjunct professor with the University of Hawaii system and other private colleges on Oahu.
Bruce holds several computer industry certifications with Cisco Systems, Comptia, Juniper and Microsoft.
Jasmine Lewis, FBI Special Agent
SA Jasmine Lewis is a Special Agent with the Federal Bureau of Investigation. She has worked for the FBI for over 5 years. SA Lewis works for the FBI Honolulu division Cyber Squad, focusing on cyber-criminal investigations.
Special Note: Due to the nature of some of the material, this webinar will not be recorded and the presentations will not be posted to the CyberHawaii website. Attendees must be present to hear the material.
————————————–
This session is the Fourth in the 2024 Fortify Cybersecurity Webinar Series, sponsored by CISA and CyberHawaii. This series was made possible by a grant from the Hawaii Department of Business, Economic Development and Tourism. Other supporters of this series include the State Office of Homeland Security, the FBI, Chamber of Commerce Hawai‘i, the Hawai‘i Defense Alliance and the University of Hawai‘i.