In this masterclass, Tyler will:
Unravel the intricacies of what hacking will look like in 2024
Shed light on the latest techniques and strategies employed by cybercriminals
Equip you with the knowledge and tools needed to up your defense game and elevate your clients' security to new heights
36. 1. Next Gen Social Engineering
• “Synthetic Media” (image, video, audio and text)
– AI Image generation
– Deepfakes
– Voice Cloning
– Text
37.
38.
39. Voice Clone – What do we say?
• Anything that works in a phishing email
• Get me some gift cards
• Funds transfer, credit card payment, bank info
• We’re almost done with your loan application, just one more thing
• I have a new cell phone number, then “Hey did you get my
voicemail”
• Text your MFA code to a test
• Leave Keys, access tokens, computers, phone, tablet
• Someone will be there soon to grab X…
• Leave where you are
• Go somewhere specific
• ANYTHING
40. Text Cloning
• Scrape your blog
– Draft an email
• Scrape social media
– How do you talk to relatives
– How do you talk to Spouse
• Chatbot / SMS automation
– Voice recordings
– Romance scams
• Perfect English, no more typos
• Perfect industry lingo and references
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55. What Can MSPs Do About it…
• Awareness & Education
• Educate your clients
– AI, Voicecloning, Deepfakes
• Continue your education
– Understand your adversary
62. • Cyber Insurance Carriers continue to focus on
a core set of critical Security Controls as a
primary requirement when evaluating a
prospective insureds
• Prospective insureds should have strong
responses for all control areas.
• Priority may vary slightly from one insurance
carrier to another, based on insured’s industry
sector, size, and Cyber profile.
• Poor responses in one or more controls may
result in declination, refusal to quote,
elimination or co-insurance on ransomware
coverage
66
Critical Controls for Cyber Insurability
MFA EDR PAM
Tested Backups
Segregated
Backups
Service Accounts
OT Security
Cloud & Email
Security
Vendor Risk
Management
Tabletop
Exercises
Network
Segmentation
# of Domain
Admins
IR/BC/DR
Planning
24/7 Monitoring
Vulnerability
Management
Cyber
Awareness &
Training