Maybe your web presence is locked down like a fortress. You've personally vetted every line of code in the source of your core applications and third party addons. Your malware scanner is laser-precise and your firewall has a direct line to INTERPOL where you can livestream the prompt arrest of anyone who attacks your site.
Despite these efforts, you're still hackable. In fact, you've established the human element of your organization -- yourself, your colleagues, and your users -- as the most vulnerable point in your infrastructure. A firewall won't prevent someone from convincing your accountant to wire them money and two-factor authentication to your website can't stop someone from physically accessing a workstation in your office dressed as IT staff.
Join me in exploring a timeless category of attacks seldom discussed in the WordPress community. We'll talk about identifying common forms of social engineering, why there's such thing as "phishing drills", and why the most secure password is the one you don't even know.
Mikey is a researcher, writer, and speaker who specializes in malware identification and taxonomy. He is passionate about information security, data privacy, and the open source community. He holds a GWAPT certification and is a member of the GIAC Advisory Board.
As a Threat Analyst at Defiant, Mikey analyzes threat intelligence in order to provide up-to-date malware signatures and firewall rules to Wordfence users worldwide. Outside of his work he enjoys tabletop gaming and cooking, and dreams of starting a nonprofit to make DFIR more accessible to charities.
Find Mikey on Twitter at @heyitsmikeyv.
- General Lecture Session: Our own worst enemy: why the people running a website can be more vulnerable than the code it's built on