SlideShare a Scribd company logo

The Unpleasant Truths of Modern Business Cybersecurity

Download as PPTX, PDF
Global Knowledge Training
Global Knowledge Training

The document discusses cybersecurity challenges facing modern businesses. It notes a gap between perceived security and realities of modern threats. While companies invest in security systems and staff, attackers still frequently succeed due to human errors like poor training. The document examines case studies like the Target breach to show how lack of ongoing training for both security professionals and end users undermine defenses. It discusses pros and cons of outsourcing security versus training internal staff. The presenter argues all organizations must make ongoing training and awareness programs a priority to close security gaps.

Technology
1 of 36
The Unpleasant Truths of Modern Business Cybersecurity Phillip D. Shade phill.shade@gmail.com
© 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 2 Phillip “Sherlock” Shade (Phill) phill.shade@gmail.com  Certified instructor and internationally recognized network security and forensics expert with more than 30 years of experience  Retired US Navy and the founder of Merlion’s Keep Consulting, a professional services company specializing in network and forensics analysis  A member of the Global Cyber Response Team (GCRT), FBI InfraGard, Computer Security Institute, and the IEEE and volunteer at Cyber Warfare Forum Initiative  Holds numerous certifications, including Certified Network Expert (CNX)-Ethernet, CCNA, Certified Wireless Network Administrator (CWNA), and WildPackets Certified Network Forensics Analysis Expert (WNAX)
© 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 3 Thank You for Joining Us Today
© 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 4 Another Day, Another Hacking Victim Inquiries begin into nude celebrity photo leaks By Associated Press Updated: 16:39 EST, 1 September 2014
© 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 5 …and Most Recently
© 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 6 A Simple, Unavoidable Truth Perception Remember, the odds are dramatically in an attacker’s favor. Since an attacker only needs to get one attack through, you need to stop all attacks. Reality
© 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 7 Poll #1 How Many of You have been hacked or had a Computer Virus?
© 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 8 Today’s Agenda 1. The current gap between what we think is secure and modern realities 2. Training and equipping current cyber professionals 3. The impact of not having trained personnel and end-user awareness training 4. The pros and cons of hiring outside vs. training internal personnel
Case Study 1: Current Gap Between What We Think is Secure and Modern Realities
© 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 10 I Have an IT Security Staff: I’m Secure... Cisco ASR 2015
© 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 11 Some Sobering Statistics Unisys Security Insights United States 2015 The rise of Cyber Espionage and Cyber Crime are interesting as both lead to a corresponding increase in the number of financial fraud reports.
© 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 12 The News Gets Even Better 2015 Data Breach Investigations Report (DBIR)
Case Study 2: Training and Equipping Current Cyber Professionals
© 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 14 Poll #2 How Many of You had one or More Credit / Debit Cards replaced because of the Target Breach?
© 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 15 Target - Setting the Stage  The company has bought, installed, and configured a state-of-the-art cybersecurity suite centered around a powerful Universal Threat Management (UTM) system  While the initial security staff received comprehensive training by the system vendor, as well as ongoing technical and system update support, subsequent new- hires received cursory training  The senior, well-trained staff delegated the less desirable weekend and late-night shifts to the junior, less-trained personnel
© 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 16 Scene of the Crime
© 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 17 Forensic Reconstruction of the Crime HVAC Contractor PoS Server (Stolen Credentials) 1 2 3 4 Sold online5
© 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 18 So Where did They End up?
© 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 19 The Bad News - Results of the Investigation 1. Three separate teams were brought in to perform independent investigations 2. The forensic investigation revealed some shocking facts: a. The UTM system was properly configured and operating correctly b. The security system actually detected the initial breach c. Log file analysis revealed that the poorly trained system operator disabled the alarms to deal with other issues The Good News: Target Data Hack Optioned for Big Screen Movie 3/21/14 9:40am - jezebel.com/target-data-hack-optioned-for-big-screen-movie-1548629671
© 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 20 Economic Impact  $40 million in penalties and numerous lawsuits  Consumer credit monitoring  Stock price collapsed by more than 11.3 percent The Wall Street Journal
Case Study 3: Impact of Not Having Trained Personnel and End User Awareness Training
© 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 22 Cybersecurity Skills Crisis
© 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 23 Security is a moving target  Just like building a computer or network, security training requires constant updates  Unfortunately, too many organizations consider “security” to be a bullet point on a presentation to  This becomes even worse at the user level  Many users are given a security brief once—when they are hired—and little or no refresher training
© 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 24 Sources of a Network Security Breach federal-cybersecurity-survey-2015
© 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 25 Causes of Insider-Based Breaches federal-cybersecurity-survey-2015
© 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 26 Time to Meet the Hacker’s Best Friend: YOU
© 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 27 Your Gaming Data is Valuable Value of Personal Data Costs 2015 - Gartner
© 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 28 How Can We Fix This?  Commitment of resources from the top down!  Annual training, certification, and penetration testing for security professionals  Certified Ethical Hacking (CEH)  Certified Security Information Professional (CISSP)  Network forensics training  Periodic basic security training for user personnel  Tips of the month  Banner screens  Posters  Audits
© 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 29 OK, I’m Scared. What Do I Do?  Layers of Security  Firewall/Anti-Virus/Anti-Malware tools  Encrypt your traffic: Consider VPNs and use HTTPs for your browser sessions  Encrypt your data: VeraCrypt, Microsoft BitLocker, or Apple FileVault  Passwords are the weak point in any system  Change them often  Don’t use an online password storage service  Disable automatic updates on unneeded programs  Select “notify me to install updates” instead  Pay attention to the behavior of your computer so you can recognize when something is wrong
Case Study 4: Pros and Cons of Hiring Outside vs. Training Internal Personnel
© 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 31 To Outsource or Not to Outsource  To many IT personnel, the idea of handing over control of network security to an outsider is controversial to say the least  However, recent studies indicate the practice may be growing as companies place net cost over in-house control of security  Says Gavan Egan, VP sales at Verizon: “Nothing is ever as simple as it seems. Part of the complexity of security is that its requirements are interwoven throughout the whole business. It’s not just hardware; it’s business processes and structures, it’s staff and attitudes, and it’s data.”
© 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 32 Factors to be Considered Factors for:  Reduce administrative, office, and operational overhead to recruit, screen, train, schedule, manage, and pay personnel  Increase efficiency and productivity by concentrating on core business functions  Improve management and quality due to focus of the contractor  Increase ability to define service requirements  Leverage contractors’ project management experience, security expertise and investment in people, equipment and technology  Minimize requirements to track and implement changing standards Factors against:  Tighter control, supervision, and the ability to control, correct, and modify negative behaviors  Better training; maintaining in-house provides more extensive and continuous training to security personnel  Employee loyalty; in-house security operations create a much stronger sense of ownership vs. perceived “outsiders.”  Culture integration; it’s easier to achieve a high level of integration of a companies culture and values  Experience and familiarity with existing infrastructure, policies, and procedures
© 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 33 A Final Example
© 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 34 Some Final Thoughts  You Control What You Choose to Click Most end-user threats are targeted specifically in hopes that you will click on a harmful link, attachment, picture, video, or icon in an email or web page, including social media applications  STOP, and THINK, BEFORE you CLICK You need to be aware, alert, and diligent; always look for the signs that someone may be trying to gain access to your network
© 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 35 Phill Shade: phill.shade@gmail.com Merlion’s Keep Consulting: merlions.keep@gmail.com International: info@cybersecurityinstitute.eu Instructor Contact Information
© 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 36 Learn More Recommended Global Knowledge Courses  Network Forensics using Wireshark  Cybersecurity Foundations  CEH v8  ECSA v8  CASP Prep Course  Security+ Prep Course  Fundamentals of Information Systems Security Request an On-Site Delivery  We can tailor our courses to meet your needs  We can deliver them in a private setting Visit Our Knowledge Center  Assessments  Blog  Case Studies  Demos  Lab Topologies  Special Reports  Twitter  Videos  Webinars  White Papers

Recommended

Webinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the TrenchesWebinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the TrenchesWithum
 
Webinar: Understanding the Cyber Threat Landscape for Nonprofits
Webinar: Understanding the Cyber Threat Landscape for NonprofitsWebinar: Understanding the Cyber Threat Landscape for Nonprofits
Webinar: Understanding the Cyber Threat Landscape for NonprofitsWithum
 
Data breach-response-planning-laying-the-right-foundation
Data breach-response-planning-laying-the-right-foundationData breach-response-planning-laying-the-right-foundation
Data breach-response-planning-laying-the-right-foundationBradley Arant Boult Cummings LLP
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?centralohioissa
 
Cybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsCybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsAbdul-Hakeem Ajijola
 
Data Breach Guide 2013
Data Breach Guide 2013Data Breach Guide 2013
Data Breach Guide 2013- Mark - Fullbright
 
Cybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsCybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsPaul Feldman
 
CRI Cyber Board Briefing
CRI Cyber Board Briefing CRI Cyber Board Briefing
CRI Cyber Board Briefing OCTF Industry Engagement
 

Recommended

Webinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the TrenchesWebinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the TrenchesWithum
 
Webinar: Understanding the Cyber Threat Landscape for Nonprofits
Webinar: Understanding the Cyber Threat Landscape for NonprofitsWebinar: Understanding the Cyber Threat Landscape for Nonprofits
Webinar: Understanding the Cyber Threat Landscape for NonprofitsWithum
 
Data breach-response-planning-laying-the-right-foundation
Data breach-response-planning-laying-the-right-foundationData breach-response-planning-laying-the-right-foundation
Data breach-response-planning-laying-the-right-foundationBradley Arant Boult Cummings LLP
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?centralohioissa
 
Cybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsCybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsAbdul-Hakeem Ajijola
 
Data Breach Guide 2013
Data Breach Guide 2013Data Breach Guide 2013
Data Breach Guide 2013- Mark - Fullbright
 
Cybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsCybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsPaul Feldman
 
CRI Cyber Board Briefing
CRI Cyber Board Briefing CRI Cyber Board Briefing
CRI Cyber Board Briefing OCTF Industry Engagement
 
Protecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksProtecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksThis account is closed
 
Prevent & Protect
Prevent & ProtectPrevent & Protect
Prevent & ProtectMike McMillan
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsColleen Beck-Domanico
 
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...Withum
 
Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesCybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesJohn Rapa
 
Cyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate BoardsCyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate BoardsCheffley White
 
Case Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityCase Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityPECB
 
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye, Inc.
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmDavid Sweigert
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentationEthan S. Burger
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to knowNathan Desfontaines
 
Cloud Computing Legal for Pennsylvania Bar Association
Cloud Computing Legal for Pennsylvania Bar AssociationCloud Computing Legal for Pennsylvania Bar Association
Cloud Computing Legal for Pennsylvania Bar AssociationAmy Larrimore
 
Not-For-Profit Risks in the COVID-19 Environment
Not-For-Profit Risks in the COVID-19 EnvironmentNot-For-Profit Risks in the COVID-19 Environment
Not-For-Profit Risks in the COVID-19 EnvironmentCitrin Cooperman
 
PACE-IT, Security+2.9: Goals of Security Controls
PACE-IT, Security+2.9: Goals of Security ControlsPACE-IT, Security+2.9: Goals of Security Controls
PACE-IT, Security+2.9: Goals of Security ControlsPace IT at Edmonds Community College
 
Hybrid Technology
Hybrid TechnologyHybrid Technology
Hybrid TechnologyGFI Software
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The BoardPaul Melson
 
College Presentation
College PresentationCollege Presentation
College Presentationscottfrost
 
Forensic3e ppt ch13
Forensic3e ppt ch13Forensic3e ppt ch13
Forensic3e ppt ch13Skillspire LLC
 
DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014- Mark - Fullbright
 
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1cGene Kim
 
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?CA Technologies
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should KnowIBM Security
 

More Related Content

What's hot

Protecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksProtecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksThis account is closed
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsColleen Beck-Domanico
 
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...Withum
 
Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesCybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesJohn Rapa
 
Cyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate BoardsCyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate BoardsCheffley White
 
Case Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityCase Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityPECB
 
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye, Inc.
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmDavid Sweigert
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentationEthan S. Burger
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to knowNathan Desfontaines
 
Cloud Computing Legal for Pennsylvania Bar Association
Cloud Computing Legal for Pennsylvania Bar AssociationCloud Computing Legal for Pennsylvania Bar Association
Cloud Computing Legal for Pennsylvania Bar AssociationAmy Larrimore
 
Not-For-Profit Risks in the COVID-19 Environment
Not-For-Profit Risks in the COVID-19 EnvironmentNot-For-Profit Risks in the COVID-19 Environment
Not-For-Profit Risks in the COVID-19 EnvironmentCitrin Cooperman
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The BoardPaul Melson
 
College Presentation
College PresentationCollege Presentation
College Presentationscottfrost
 
DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014- Mark - Fullbright
 
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1cGene Kim
 

What's hot (20)

Protecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksProtecting Your Business From Cyber Risks
Protecting Your Business From Cyber Risks
 
Prevent & Protect
Prevent & ProtectPrevent & Protect
Prevent & Protect
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial Institutions
 
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
 
Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesCybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial Services
 
Cyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate BoardsCyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate Boards
 
Case Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityCase Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information Security
 
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firm
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentation
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to know
 
Cloud Computing Legal for Pennsylvania Bar Association
Cloud Computing Legal for Pennsylvania Bar AssociationCloud Computing Legal for Pennsylvania Bar Association
Cloud Computing Legal for Pennsylvania Bar Association
 
Not-For-Profit Risks in the COVID-19 Environment
Not-For-Profit Risks in the COVID-19 EnvironmentNot-For-Profit Risks in the COVID-19 Environment
Not-For-Profit Risks in the COVID-19 Environment
 
PACE-IT, Security+2.9: Goals of Security Controls
PACE-IT, Security+2.9: Goals of Security ControlsPACE-IT, Security+2.9: Goals of Security Controls
PACE-IT, Security+2.9: Goals of Security Controls
 
Hybrid Technology
Hybrid TechnologyHybrid Technology
Hybrid Technology
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The Board
 
College Presentation
College PresentationCollege Presentation
College Presentation
 
Forensic3e ppt ch13
Forensic3e ppt ch13Forensic3e ppt ch13
Forensic3e ppt ch13
 
DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014
 
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
 

Similar to The Unpleasant Truths of Modern Business Cybersecurity

Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?CA Technologies
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should KnowIBM Security
 
How to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdfHow to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdfMetaorange
 
How to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptxHow to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptxMetaorange
 
Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise Mourad Khalil
 
How to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber ResilientHow to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber ResilientAccenture Operations
 
Information and Cyber Warfare
Information and Cyber WarfareInformation and Cyber Warfare
Information and Cyber WarfareSwapnil Jagtap
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsIBM Security
 
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive DataX-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive DataIBM Security
 
Broadening Your Cybersecurity Mindset
Broadening Your Cybersecurity MindsetBroadening Your Cybersecurity Mindset
Broadening Your Cybersecurity MindsetCSI Solutions
 
Focused agile audit planning using analytics
Focused agile audit planning using analyticsFocused agile audit planning using analytics
Focused agile audit planning using analyticsJim Kaplan CIA CFE
 
Case study financial_services
Case study financial_servicesCase study financial_services
Case study financial_servicesG. Subramanian
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)Sarah Jarvis
 
Ensuring Cyber Security Resilience with a Skilled Workforce
Ensuring Cyber Security Resilience with a Skilled Workforce Ensuring Cyber Security Resilience with a Skilled Workforce
Ensuring Cyber Security Resilience with a Skilled Workforce Zeshan Sattar
 
Security Everywhere: A Growth Engine for the Digital Economy
Security Everywhere: A Growth Engine for the Digital EconomySecurity Everywhere: A Growth Engine for the Digital Economy
Security Everywhere: A Growth Engine for the Digital EconomyCisco Russia
 
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM Security
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?PECB
 
Is cyber security now too hard for enterprises?
Is cyber security now too hard for enterprises? Is cyber security now too hard for enterprises?
Is cyber security now too hard for enterprises? Pierre Audoin Consultants
 
How Training and Consulting Companies Can Position CISSP, CISM and CRISC
How Training and Consulting Companies Can Position CISSP, CISM and CRISCHow Training and Consulting Companies Can Position CISSP, CISM and CRISC
How Training and Consulting Companies Can Position CISSP, CISM and CRISCITpreneurs
 

Similar to The Unpleasant Truths of Modern Business Cybersecurity (20)

Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
 
How to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdfHow to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdf
 
How to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptxHow to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptx
 
Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise
 
How to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber ResilientHow to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber Resilient
 
Information and Cyber Warfare
Information and Cyber WarfareInformation and Cyber Warfare
Information and Cyber Warfare
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
 
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive DataX-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
 
Broadening Your Cybersecurity Mindset
Broadening Your Cybersecurity MindsetBroadening Your Cybersecurity Mindset
Broadening Your Cybersecurity Mindset
 
Focused agile audit planning using analytics
Focused agile audit planning using analyticsFocused agile audit planning using analytics
Focused agile audit planning using analytics
 
Case study financial_services
Case study financial_servicesCase study financial_services
Case study financial_services
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
 
Ensuring Cyber Security Resilience with a Skilled Workforce
Ensuring Cyber Security Resilience with a Skilled Workforce Ensuring Cyber Security Resilience with a Skilled Workforce
Ensuring Cyber Security Resilience with a Skilled Workforce
 
Security Everywhere: A Growth Engine for the Digital Economy
Security Everywhere: A Growth Engine for the Digital EconomySecurity Everywhere: A Growth Engine for the Digital Economy
Security Everywhere: A Growth Engine for the Digital Economy
 
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?
 
Is cyber security now too hard for enterprises?
Is cyber security now too hard for enterprises? Is cyber security now too hard for enterprises?
Is cyber security now too hard for enterprises?
 
How Training and Consulting Companies Can Position CISSP, CISM and CRISC
How Training and Consulting Companies Can Position CISSP, CISM and CRISCHow Training and Consulting Companies Can Position CISSP, CISM and CRISC
How Training and Consulting Companies Can Position CISSP, CISM and CRISC
 

More from Global Knowledge Training

PAN-OS - Network Security/Prevention Everywhere
PAN-OS - Network Security/Prevention EverywherePAN-OS - Network Security/Prevention Everywhere
PAN-OS - Network Security/Prevention EverywhereGlobal Knowledge Training
 
How To Troubleshoot Group Policy in Windows 10
How To Troubleshoot Group Policy in Windows 10How To Troubleshoot Group Policy in Windows 10
How To Troubleshoot Group Policy in Windows 10Global Knowledge Training
 
Why Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD WorkforceWhy Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD WorkforceGlobal Knowledge Training
 
Develop Your Skills with Unlimited Access to Red Hat Online Learning
Develop Your Skills with Unlimited Access to Red Hat Online LearningDevelop Your Skills with Unlimited Access to Red Hat Online Learning
Develop Your Skills with Unlimited Access to Red Hat Online LearningGlobal Knowledge Training
 
Exploring the Upgrade from VMware vSphere: Install, Configure, Manage 6 5 to 6 7
Exploring the Upgrade from VMware vSphere: Install, Configure, Manage 6 5 to 6 7Exploring the Upgrade from VMware vSphere: Install, Configure, Manage 6 5 to 6 7
Exploring the Upgrade from VMware vSphere: Install, Configure, Manage 6 5 to 6 7Global Knowledge Training
 
What’s Next For Your Azure Certification Journey
What’s Next For Your Azure Certification JourneyWhat’s Next For Your Azure Certification Journey
What’s Next For Your Azure Certification JourneyGlobal Knowledge Training
 
Cisco's Intent-Based Networking and the Journey to Software Defined Networks
Cisco's Intent-Based Networking and the Journey to Software Defined NetworksCisco's Intent-Based Networking and the Journey to Software Defined Networks
Cisco's Intent-Based Networking and the Journey to Software Defined NetworksGlobal Knowledge Training
 
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...Global Knowledge Training
 
The Essence of DevOps: What it Can Mean for You and Your Organization
The Essence of DevOps: What it Can Mean for You and Your OrganizationThe Essence of DevOps: What it Can Mean for You and Your Organization
The Essence of DevOps: What it Can Mean for You and Your OrganizationGlobal Knowledge Training
 
How to Make Agile Project Management Work in Your Organization
How to Make Agile Project Management Work in Your OrganizationHow to Make Agile Project Management Work in Your Organization
How to Make Agile Project Management Work in Your OrganizationGlobal Knowledge Training
 
What is Cryptojacking and How Can I Protect Myself?
What is Cryptojacking and How Can I Protect Myself?What is Cryptojacking and How Can I Protect Myself?
What is Cryptojacking and How Can I Protect Myself?Global Knowledge Training
 
How the Channel Can Break Down the Barriers to Cloud Success
How the Channel Can Break Down the Barriers to Cloud Success How the Channel Can Break Down the Barriers to Cloud Success
How the Channel Can Break Down the Barriers to Cloud Success Global Knowledge Training
 

More from Global Knowledge Training (20)

Taking Advantage of Microsoft PowerShell
Taking Advantage of Microsoft PowerShell Taking Advantage of Microsoft PowerShell
Taking Advantage of Microsoft PowerShell
 
PAN-OS - Network Security/Prevention Everywhere
PAN-OS - Network Security/Prevention EverywherePAN-OS - Network Security/Prevention Everywhere
PAN-OS - Network Security/Prevention Everywhere
 
The Basics of Computer Networking
The Basics of Computer NetworkingThe Basics of Computer Networking
The Basics of Computer Networking
 
How To Troubleshoot Group Policy in Windows 10
How To Troubleshoot Group Policy in Windows 10How To Troubleshoot Group Policy in Windows 10
How To Troubleshoot Group Policy in Windows 10
 
Accelerating with Ansible
Accelerating with AnsibleAccelerating with Ansible
Accelerating with Ansible
 
Why Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD WorkforceWhy Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD Workforce
 
How to Maximize Your Training Budget
How to Maximize Your Training BudgetHow to Maximize Your Training Budget
How to Maximize Your Training Budget
 
Develop Your Skills with Unlimited Access to Red Hat Online Learning
Develop Your Skills with Unlimited Access to Red Hat Online LearningDevelop Your Skills with Unlimited Access to Red Hat Online Learning
Develop Your Skills with Unlimited Access to Red Hat Online Learning
 
Exploring the Upgrade from VMware vSphere: Install, Configure, Manage 6 5 to 6 7
Exploring the Upgrade from VMware vSphere: Install, Configure, Manage 6 5 to 6 7Exploring the Upgrade from VMware vSphere: Install, Configure, Manage 6 5 to 6 7
Exploring the Upgrade from VMware vSphere: Install, Configure, Manage 6 5 to 6 7
 
What’s Next For Your Azure Certification Journey
What’s Next For Your Azure Certification JourneyWhat’s Next For Your Azure Certification Journey
What’s Next For Your Azure Certification Journey
 
Cisco's Intent-Based Networking and the Journey to Software Defined Networks
Cisco's Intent-Based Networking and the Journey to Software Defined NetworksCisco's Intent-Based Networking and the Journey to Software Defined Networks
Cisco's Intent-Based Networking and the Journey to Software Defined Networks
 
How to Build a Winning Cybersecurity Team
How to Build a Winning Cybersecurity TeamHow to Build a Winning Cybersecurity Team
How to Build a Winning Cybersecurity Team
 
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
 
How to Build a Web Server with AWS Lambda
How to Build a Web Server with AWS LambdaHow to Build a Web Server with AWS Lambda
How to Build a Web Server with AWS Lambda
 
The Essence of DevOps: What it Can Mean for You and Your Organization
The Essence of DevOps: What it Can Mean for You and Your OrganizationThe Essence of DevOps: What it Can Mean for You and Your Organization
The Essence of DevOps: What it Can Mean for You and Your Organization
 
How to Migrate a Web App to AWS
How to Migrate a Web App to AWSHow to Migrate a Web App to AWS
How to Migrate a Web App to AWS
 
How to Make Agile Project Management Work in Your Organization
How to Make Agile Project Management Work in Your OrganizationHow to Make Agile Project Management Work in Your Organization
How to Make Agile Project Management Work in Your Organization
 
What is Cryptojacking and How Can I Protect Myself?
What is Cryptojacking and How Can I Protect Myself?What is Cryptojacking and How Can I Protect Myself?
What is Cryptojacking and How Can I Protect Myself?
 
How the Channel Can Break Down the Barriers to Cloud Success
How the Channel Can Break Down the Barriers to Cloud Success How the Channel Can Break Down the Barriers to Cloud Success
How the Channel Can Break Down the Barriers to Cloud Success
 
How to Avoid Cloud Migration Pitfalls
How to Avoid Cloud Migration PitfallsHow to Avoid Cloud Migration Pitfalls
How to Avoid Cloud Migration Pitfalls
 

Recently uploaded

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 

Recently uploaded (20)

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

The Unpleasant Truths of Modern Business Cybersecurity

  • 1. The Unpleasant Truths of Modern Business Cybersecurity Phillip D. Shade phill.shade@gmail.com
  • 2. © 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 2 Phillip “Sherlock” Shade (Phill) phill.shade@gmail.com  Certified instructor and internationally recognized network security and forensics expert with more than 30 years of experience  Retired US Navy and the founder of Merlion’s Keep Consulting, a professional services company specializing in network and forensics analysis  A member of the Global Cyber Response Team (GCRT), FBI InfraGard, Computer Security Institute, and the IEEE and volunteer at Cyber Warfare Forum Initiative  Holds numerous certifications, including Certified Network Expert (CNX)-Ethernet, CCNA, Certified Wireless Network Administrator (CWNA), and WildPackets Certified Network Forensics Analysis Expert (WNAX)
  • 3. © 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 3 Thank You for Joining Us Today
  • 4. © 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 4 Another Day, Another Hacking Victim Inquiries begin into nude celebrity photo leaks By Associated Press Updated: 16:39 EST, 1 September 2014
  • 5. © 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 5 …and Most Recently
  • 6. © 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 6 A Simple, Unavoidable Truth Perception Remember, the odds are dramatically in an attacker’s favor. Since an attacker only needs to get one attack through, you need to stop all attacks. Reality
  • 7. © 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 7 Poll #1 How Many of You have been hacked or had a Computer Virus?
  • 8. © 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 8 Today’s Agenda 1. The current gap between what we think is secure and modern realities 2. Training and equipping current cyber professionals 3. The impact of not having trained personnel and end-user awareness training 4. The pros and cons of hiring outside vs. training internal personnel
  • 9. Case Study 1: Current Gap Between What We Think is Secure and Modern Realities
  • 10. © 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 10 I Have an IT Security Staff: I’m Secure... Cisco ASR 2015
  • 11. © 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 11 Some Sobering Statistics Unisys Security Insights United States 2015 The rise of Cyber Espionage and Cyber Crime are interesting as both lead to a corresponding increase in the number of financial fraud reports.
  • 12. © 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 12 The News Gets Even Better 2015 Data Breach Investigations Report (DBIR)
  • 13. Case Study 2: Training and Equipping Current Cyber Professionals
  • 14. © 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 14 Poll #2 How Many of You had one or More Credit / Debit Cards replaced because of the Target Breach?
  • 15. © 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 15 Target - Setting the Stage  The company has bought, installed, and configured a state-of-the-art cybersecurity suite centered around a powerful Universal Threat Management (UTM) system  While the initial security staff received comprehensive training by the system vendor, as well as ongoing technical and system update support, subsequent new- hires received cursory training  The senior, well-trained staff delegated the less desirable weekend and late-night shifts to the junior, less-trained personnel
  • 16. © 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 16 Scene of the Crime
  • 17. © 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 17 Forensic Reconstruction of the Crime HVAC Contractor PoS Server (Stolen Credentials) 1 2 3 4 Sold online5
  • 18. © 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 18 So Where did They End up?
  • 19. © 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 19 The Bad News - Results of the Investigation 1. Three separate teams were brought in to perform independent investigations 2. The forensic investigation revealed some shocking facts: a. The UTM system was properly configured and operating correctly b. The security system actually detected the initial breach c. Log file analysis revealed that the poorly trained system operator disabled the alarms to deal with other issues The Good News: Target Data Hack Optioned for Big Screen Movie 3/21/14 9:40am - jezebel.com/target-data-hack-optioned-for-big-screen-movie-1548629671
  • 20. © 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 20 Economic Impact  $40 million in penalties and numerous lawsuits  Consumer credit monitoring  Stock price collapsed by more than 11.3 percent The Wall Street Journal
  • 21. Case Study 3: Impact of Not Having Trained Personnel and End User Awareness Training
  • 22. © 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 22 Cybersecurity Skills Crisis
  • 23. © 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 23 Security is a moving target  Just like building a computer or network, security training requires constant updates  Unfortunately, too many organizations consider “security” to be a bullet point on a presentation to  This becomes even worse at the user level  Many users are given a security brief once—when they are hired—and little or no refresher training
  • 24. © 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 24 Sources of a Network Security Breach federal-cybersecurity-survey-2015
  • 25. © 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 25 Causes of Insider-Based Breaches federal-cybersecurity-survey-2015
  • 26. © 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 26 Time to Meet the Hacker’s Best Friend: YOU
  • 27. © 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 27 Your Gaming Data is Valuable Value of Personal Data Costs 2015 - Gartner
  • 28. © 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 28 How Can We Fix This?  Commitment of resources from the top down!  Annual training, certification, and penetration testing for security professionals  Certified Ethical Hacking (CEH)  Certified Security Information Professional (CISSP)  Network forensics training  Periodic basic security training for user personnel  Tips of the month  Banner screens  Posters  Audits
  • 29. © 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 29 OK, I’m Scared. What Do I Do?  Layers of Security  Firewall/Anti-Virus/Anti-Malware tools  Encrypt your traffic: Consider VPNs and use HTTPs for your browser sessions  Encrypt your data: VeraCrypt, Microsoft BitLocker, or Apple FileVault  Passwords are the weak point in any system  Change them often  Don’t use an online password storage service  Disable automatic updates on unneeded programs  Select “notify me to install updates” instead  Pay attention to the behavior of your computer so you can recognize when something is wrong
  • 30. Case Study 4: Pros and Cons of Hiring Outside vs. Training Internal Personnel
  • 31. © 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 31 To Outsource or Not to Outsource  To many IT personnel, the idea of handing over control of network security to an outsider is controversial to say the least  However, recent studies indicate the practice may be growing as companies place net cost over in-house control of security  Says Gavan Egan, VP sales at Verizon: “Nothing is ever as simple as it seems. Part of the complexity of security is that its requirements are interwoven throughout the whole business. It’s not just hardware; it’s business processes and structures, it’s staff and attitudes, and it’s data.”
  • 32. © 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 32 Factors to be Considered Factors for:  Reduce administrative, office, and operational overhead to recruit, screen, train, schedule, manage, and pay personnel  Increase efficiency and productivity by concentrating on core business functions  Improve management and quality due to focus of the contractor  Increase ability to define service requirements  Leverage contractors’ project management experience, security expertise and investment in people, equipment and technology  Minimize requirements to track and implement changing standards Factors against:  Tighter control, supervision, and the ability to control, correct, and modify negative behaviors  Better training; maintaining in-house provides more extensive and continuous training to security personnel  Employee loyalty; in-house security operations create a much stronger sense of ownership vs. perceived “outsiders.”  Culture integration; it’s easier to achieve a high level of integration of a companies culture and values  Experience and familiarity with existing infrastructure, policies, and procedures
  • 33. © 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 33 A Final Example
  • 34. © 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 34 Some Final Thoughts  You Control What You Choose to Click Most end-user threats are targeted specifically in hopes that you will click on a harmful link, attachment, picture, video, or icon in an email or web page, including social media applications  STOP, and THINK, BEFORE you CLICK You need to be aware, alert, and diligent; always look for the signs that someone may be trying to gain access to your network
  • 35. © 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 35 Phill Shade: phill.shade@gmail.com Merlion’s Keep Consulting: merlions.keep@gmail.com International: info@cybersecurityinstitute.eu Instructor Contact Information
  • 36. © 2015 Global Knowledge Training LLC. All rights reserved. 10/15/2015 Page 36 Learn More Recommended Global Knowledge Courses  Network Forensics using Wireshark  Cybersecurity Foundations  CEH v8  ECSA v8  CASP Prep Course  Security+ Prep Course  Fundamentals of Information Systems Security Request an On-Site Delivery  We can tailor our courses to meet your needs  We can deliver them in a private setting Visit Our Knowledge Center  Assessments  Blog  Case Studies  Demos  Lab Topologies  Special Reports  Twitter  Videos  Webinars  White Papers