Download Handout - PDF
https://mc-e5b0d581-4409-4340-bc8b-9266-cdn-endpoint.azureedge.net/-/media/project/nuernberg-messe/it-sa/itsa365/actions/2021/2021-10-itsa-expo/handout-d/ho_mi_d_11_45_ecos.pdf
When handling their data, companies and public authorities often use graduated security measures. What is particularly important and critical is also particularly well protected. For information that is (supposedly) less worthy of protection, on the other hand, the level of security may be lower. An approach that makes sense from a commercial and operational point of view and is a foundation of common information security management systems.
IT security expert Gerald Richter shows how even supposedly unimportant data can be used to obtain information that allows cyber criminals to attack and compromise the IT infrastructure of companies and public authorities. Home office workstations are a particularly good starting point. The information obtained, which may be collected over a longer period of time, then allows conclusions to be drawn about structures, relationships and habits within the organization. These can then form the basis for the successful execution of social engineering attacks, for example, but also for compromising less important user accounts, which in turn serve as a starting point for further propagation in the IT infrastructure.
Translated with www.DeepL.com/Translator (free version)