03-29, 10:30–11:00 (Europe/Ljubljana), P1
While human attack vectors are now generally acknowledged to “be a thing” in INFOSEC, there are two immediate points we should make:
(a) Human attack vectors have been seen to be important in abstract for at least forty years – with overused phrases of humans being the weakest link of security. However, it is becoming clearer and clearer that understanding human attack vectors concretely is still elusive to the general (managerial) population.
(b) There is a substantial amount of gatekeeping in our field, where only spending weeks on obscure code and finding a 0-day or the ability to script Metasploit is considered “true” hacking, while exploiting human inability to premeditate is not. We are expected to bow to the technological supremacy of techno nerds and not point out that the threat model in both cases often remains the same.
In the talk, I will explore this curious divide in INFOSEC through examples and we will further look empirically at how lack of familiarity with concepts we pay lip service to, but in some cases do not understand fully, leads to potentially disastrous (or at least tragically amusing) fails in security.
Dr David Modic is an assistant professor, Director of Studies, and PI for various defence projects. David teaches INFOSEC and his main interest are human attack vectors. He is an EU-registered expert and an EDF reviewer, specialising in Information Security, Cyber Warfare, the psychology of security, and the ethics of intelligent systems.
Dr. Modic holds national and EU security clearance up to SECRET and is affiliated with Cambridge University, where he is a Senior Non-Residential Member of King's College and a former research associate at the Computer Laboratory. At Cambridge, he was also the former CamCERT Social Engineering Special Advisor.
He consults governments and organisations on cybercrime and security, in Brazil, Estonia, Lithuania, Slovenia, the UK, and various businesses.