Threats - Inside & Out


Education Level: Intermediate

4413 - Beyond The Spear: What Can Organizations Do To Deal With Spear Phishing

Monday, September 25
4:30 PM - 5:30 PM

Spear phishing is commonly characterized as a social engineering attack vector. Which causes organizations to tag this vector as “un-mitigatable,” stating that as long as they have employees, they will always be vulnerable. Which drives them to minimize the investment put in combatting this threat.

Today’s reality, however, is that there are a wide range of controls, process and roles organizations can set in place to control this attack vector. In our talk, we’ll give an overview of the attack itself, first taking the point of view of an attacker, and discuss the platforms and infrastructure required to support an attack successful attack campaign. In addition, we will discuss the false pretenses sophisticated attackers take on, and what separates them from their unsuccessful peers.

The second half of the presentation switches to the defender's point of view. We will discuss the range of controls the market currently offers to detect, monitor, prevent and complicate such an attack vector, and what’s the level of investment these controls normally take from an organization.

We will discuss the weight that every control holds within the bigger picture of an unfolding attack.
The basis for this talk is taken from our practice’s experience of conducting red team assessments that include social engineering for the last decade, we will share from our personal attacker experience what works, and what doesn’t. We will conclude by talking about how the future state of spear phishing and next-generation controls might look like.

Learning Objectives:

Johnny Deutsch

Senior Manager

Johnny Deutsch is a senior manager at the Advanced Security Center part of the Advisory Services practice of Ernst & Young LLP in Houston.

This cutting-edge security team is dedicated to the simulation of advanced cyber attacks on EY’s clients, with the intention of helping them understand how do attackers cause the marerilization of actual buisness risks with thier attacks. In his postion, Johnny has led hundreds of red teams and penetration testing assessments for some of world's largest firms.

Johnny comes from the defense industry, and has served for more than seven years as a cyberwarfare intelligence officer at the rank of captain in the Israeli technological intelligence unit (the Israeli DARPA). He is an international public speaker and has given talks about cybersecurity at several international conferences, such as:
Troopers, Germany; DeepINTEL, Austria; Toorcon, USA; GrrCon, USA; DeepSec, Austria; and the RSA Conference, USA.


Send Email for Johnny Deutsch


4413 - Beyond The Spear: What Can Organizations Do To Deal With Spear Phishing

Attendees who have favorited this

Please enter your access key

The asset you are trying to access is locked. Please enter your access key to unlock.

Send Email for Beyond The Spear: What Can Organizations Do To Deal With Spear Phishing