SlideShare a Scribd company logo

Cyber security awareness for end users

NetWatcher
NetWatcher

This presentation is used to train end users in SMBs on cyber security issues

Technology
1 of 28
Cyber 101 Training For SMB End Users Http://Defensative.com www.Defensative.comwww.Defensative.com
62% of Cyber Attacks are aimed at Small Business -- Verizon Cyber Crime Survey >50% of small-to-medium sized businesses had experienced at least one data breach -- Ponemon Institute www.Defensative.com
• Money – Ransom-ware • Your companies data – Personally Identifiable Info (PII) – Protected Health Information (PHI) – CC Numbers and/or Financial Info – Intellectual property – copyrights, trademarks & patents, business plans, customer lists, etc. • Your data & access to your customers networks… – The Target breach happened due to an HVAC vendor (more) What are they after? www.Defensative.com
Everyoneisatarget… http://www.databreaches.net/ https://www.privacyrights.org/data-breach http://www.heritage.org/research/reports/2014/10/cyber-attacks-on-us-companies-in-2014
www.Defensative.com What Is A Breach Going to Cost Your Company? A National Cyber Security Alliance study showed that 36 percent of cyber attacks are conducted against SMBs. Of those, up to 60 percent go out of business within six months of an attack.
• Anti-Virus – Necessary but… – 92% of infosec professionals have totally lost confidence in antivirus (here) • “.. a crypting service takes a bad guy’s piece of malware and scans it against all of the available antivirus tools on the market today — to see how many of them detect the code as malicious. The service then runs some custom encryption routines to obfuscate the malware so that it hardly resembles the piece of code that was detected as bad by most of the tools out there. And it repeats this scanning and crypting process in an iterative fashion until the malware is found to be completely undetectable by all of the antivirus tools on the market.” (here) -- Brian Krebs • Firewall – Necessary as a first line of defense but… www.Defensative.com Isn’t a firewall and Anti-Virus enough?
You can have all the Prevention tools (Anti-Virus, Firewalls, Automatic Patching, Backups, Robust Password Protection etc..) and still be vulnerable to employees going to bad websites, clicking on bad links or compromised attachments and allowing the bad guy through the firewall where they can introduce code onto your network that can Sniff your traffic, Copy your data &/or Control your devices… You are the weakest link • Do you have an Android phone? Have you connected it to your companies WIFI? Have you downloaded misc apps… You might just be the problem… Your are the weakest link…
You probably have received a fake email or text message with a website created to look like it’s from an authentic company. What it will do: • Trick you into giving them information by asking you to update, validate or confirm your account. It is often presented in a manner than seems official and intimidating, to encourage you to take action. • Convince you to download Malware Did you know 39 Percent of Employees Admit to Opening Suspicious Emails www.Defensative.com How Will You Be Attacked: Phishing (social engineering) – The #1 attack vector! www.Defensative.com Example:
www.Defensative.com Example Phishing Phone call www.Defensative.com Great article on how to recognize Phishing… Click this link if video does not play…
• Pharming • Cross Site Scripting • Denial of Service • SQL Injection • Dictionary Attack • Botnets • Scanning **see appendix for details www.Defensative.com Other ways you will get hacked… www.Defensative.com
www.Defensative.com Example of items you should see referenced in your companies employee policy doc’s about cyber security: • Use of encryption • Email (corporate and personal) • Use of social networking • Password Construction Guidelines • Security Response Plan • Remote Access • Wireless Communication • Bring Your Own Device To Work (BYOD) Here are some detailed examples: • Sample Policy (here) • SANS (here) Are you aware of your companies Corporate Cyber Policy?
Examples: • PCI-DSS • FINRA • HIPAA www.Defensative.com Does your company have to comply with Regulatory/Policy mandates? If so they are subject to Big Fines If they are not in compliance so don’t get them in trouble…
Unfortunately many websites and services today still offer un-encrypted login. With un-encrypted login, the password is NOT encrypted and considered "cleartext" and can be easily decoded! www.Defensative.com What You Must Do – use HTTPS More here, and here
Software vendors such as Adobe, Microsoft, Oracle and others produce frequent security patches that plug holes that can be exploited by bad actors. If you don't install these patches on a regular basis on your hosts, desktops, laptops and phones your infrastructure will be at risk and will eventually be compromised. CVE Details is a good place to keep up on the patches. They consolidate vulnerability data from the National Vulnerability Database (NVD ) and www.exploit-db.com . Another great site is Mitre's CVE site here . Here are 2 examples to give you some perspective on how many vulnerabilities a software can contain: • Here is a list of Adobe Flash vulnerabilities. • Here is a list of Oracle Java vulnerabilities. • Here is a simple chart that shows how many vulnerabilities have been published over the years in the Windows 7 OS www.Defensative.com What You Must Do – Keep Software up to date
Examples: • BitTorrent - you have no control over what the BitTorrent user is downloading and you don't want to end up like this guy . ( or these people ) • TOR – You don’t know who is sniffing on the exit nodes (example) • TFTP – It’s all in clear text (more) • Misc Android Apps – 97% of mobile malware is on Android (more) (example) www.Defensative.com What You Must Do – Don’t use risky software
• Use Secure Passwords (more) • Use throw away passwords on non-mission critical sites • Understand Password Managers may not be that secure (example) • Change Default Passwords! (more) • If available enable two factor authentication (example) www.Defensative.com What You Must Do – Passwords…
Here are 7 Tips to Prevent Mobile Malware • Understand the mobile risks - A mobile device is a computer and should be protected like one. If you access the corporate network with their mobile device you should understand the risk imposed by downloading applications and accessing website that are not from trusted sources. You need to also know the value of keeping your operating system on the device up to date with the latest security patches from the manufacturer/mobile provider and operating system vendor. • Only access corporate data via Wi-Fi over a secure tunnel as over the air networks are exposed to malicious capturing of wireless traffic. There are several mobile Virtual Private Networking technologies (VPN) that can be deployed that can allow users to connect through these secure tunnels. • Understand your companies Bring Your Own Device to work (BYOD) policies • Ask your company if they have a Mobile Device Management (MDM) platform and Mobile Application Management Platforms from companies like Good and others. • Encrypt your devices - It is very difficult for someone to break in a steal data on an encrypted device (this goes for the SIM card as well). • If you use Android then use anti-malware software www.Defensative.com What You Must Do – Your phone…
• Change the default password and keep the firmware up to date on your home internet router • Don’t connect to random WIFI’s (example) • Don’t allow others to download programs to computers or phones that will connect to your companies network. Here is a Minecraft example. • Use a Virtual Private Network (VPN) (example, example) www.Defensative.com What You Must Do – Home Networks & Public WIFI’s…
Pornography and Malware… They go together. (more) Visitors to Pornhub.com, the 63rd most popular website in the world (and 41st in the US) have a 53% chance of coming into contact with malware www.Defensative.com What You Must Do – Explicit Sites
Great advice from SecurityMetrics (here) • Disconnect from the Internet by pulling the network cable from the router to stop the bleeding of data. Do not turn off your computer/phone/tablet • Follow your company cyber security policy step by step plan. The company will usually: – Document all network changes, notification/detection dates, and people/agencies involved in the breach – Segregate all hardware devices in the payment process, or devices suspected of being compromised (if possible) from other business critical devices. – Quarantine instead of deleting. – Preserve firewall settings and firewall logs – Restrict Internet traffic to only business critical servers and ports outside of the credit card processing environment. – Disable (do not delete) remote access capability and wireless access points. – Call a PFI. Once the breach is contained by steps 1-7, consult with a forensic PFI to plan a compromise analysis. www.Defensative.com What You Must Do – Know what you should do if you suspect you have been compromised
Appendix www.Defensative.com
You or one of your employees may be pointed to a malicious and illegitimate website by redirecting the legitimate URL. Even if the URL is entered correctly, it can still be redirected to a fake website. What it can do: • Convince you that the site is real and legitimate by looking almost identical to the actual site down to the smallest details. You may even enter your personal information and unknowingly give it to someone with malicious intent. • Convince you to download Malware. www.Defensative.com How Will You Be Attacked: Pharming
You or one of your employees opens a website that has embed hidden scripts, mainly in the web content, to steal information such as cookies and the information within the cookie (eg passwords, billing info). www.Defensative.com How Will You Be Attacked: XSS Cross Site Scripting
A bad actor will attempt to make one of your network resources unavailable to its intended users by saturating the target with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. www.Defensative.com How Will You Be Attacked: Denial of Service (DOS)
A bad actor may try to get valuable information from your website by exploiting vulnerabilities in the sites databases. www.Defensative.com How Will You Be Attacked: SQL Injection
www.Defensative.com A brute force attempt to guess your network assets passwords, by using common words and letter combinations, such as “Password” or “abc123”. How Will You Be Attacked: Dictionary Attack
A collection of software robots, or 'bots', that creates an army of infected computers (known as ‘zombies') that are remotely controlled by the originator. Yours may be one of them and you may not even know it. What they can do: • Send emails on your behalf • Spread all types of malware • Can use your computer as part of a denial of service attack against other systems How Will You Be Attacked: Botnets
Your hosts are being scanned daily by server farms all over the world looking for current vulnerabilities (example: Heartbleed) that you may not have patched yet… What they can do: • Take control of your company…. How Will You Be Attacked: Scanning

Recommended

Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDmitriy Scherbina
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalAtlantic Training, LLC.
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Jay Nagar
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeAtlantic Training, LLC.
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security AwarenessSurya Bathulapalli
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awarenessMichel Bitter
 
Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End UsersCommunity IT Innovators
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness PresentationCristian Mihai
 

Recommended

Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDmitriy Scherbina
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalAtlantic Training, LLC.
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Jay Nagar
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeAtlantic Training, LLC.
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security AwarenessSurya Bathulapalli
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awarenessMichel Bitter
 
Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End UsersCommunity IT Innovators
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness PresentationCristian Mihai
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
Cyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProCyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProRonald Soh
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101mateenzero
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation sweetpeace1
 
Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data BreachesCyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data BreachesParsons Behle & Latimer
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...David Menken
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity AwarenessJoshuaWisniewski3
 
Information Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing SudanInformation Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing SudanAhmed Musaad
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYVaishak Chandran
 
Cyber Security Awareness Training
Cyber Security Awareness TrainingCyber Security Awareness Training
Cyber Security Awareness TrainingBuy Custom Papers
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Programdavidcurriecia
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness trainingAbdalrhmanTHassan
 
Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber Security Infotech
 
BASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESSBASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESSMd Abu Syeem Dipu
 
Social Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness BriefingSocial Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness BriefingDepartment of Defense
 

More Related Content

What's hot

Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Cyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProCyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProRonald Soh
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101mateenzero
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation sweetpeace1
 
Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data BreachesCyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data BreachesParsons Behle & Latimer
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...David Menken
 
Information Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing SudanInformation Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing SudanAhmed Musaad
 
Cyber Security Awareness Training
Cyber Security Awareness TrainingCyber Security Awareness Training
Cyber Security Awareness TrainingBuy Custom Papers
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Programdavidcurriecia
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness trainingAbdalrhmanTHassan
 
Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber Security Infotech
 

What's hot (20)

Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
Cyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProCyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-Pro
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation
 
Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data BreachesCyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity Awareness
 
Information Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing SudanInformation Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing Sudan
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Cyber Security Awareness Training
Cyber Security Awareness TrainingCyber Security Awareness Training
Cyber Security Awareness Training
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
 
Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)
 

Viewers also liked

BASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESSBASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESSMd Abu Syeem Dipu
 
Social Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness BriefingSocial Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness BriefingDepartment of Defense
 
Cyber Security Awareness (Reduce Personal & Business Risk)
Cyber Security Awareness (Reduce Personal & Business Risk)Cyber Security Awareness (Reduce Personal & Business Risk)
Cyber Security Awareness (Reduce Personal & Business Risk)Gian Gentile
 
General Awareness On Cyber Security
General Awareness On Cyber SecurityGeneral Awareness On Cyber Security
General Awareness On Cyber SecurityDominic Rajesh
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetWatcher
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentationBijay Bhandari
 
Cyber security
Cyber securityCyber security
Cyber securitySiblu28
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security pptLipsita Behera
 
Cyber 101 for smb execs v1
Cyber 101 for smb execs v1Cyber 101 for smb execs v1
Cyber 101 for smb execs v1NetWatcher
 
National Cyber Security Awareness Month - Michael Kaiser
National Cyber Security Awareness Month - Michael KaiserNational Cyber Security Awareness Month - Michael Kaiser
National Cyber Security Awareness Month - Michael KaiserIT-oLogy
 
READ - Risk Exposure Awareness and Deflection - creating an organization-wide...
READ - Risk Exposure Awareness and Deflection - creating an organization-wide...READ - Risk Exposure Awareness and Deflection - creating an organization-wide...
READ - Risk Exposure Awareness and Deflection - creating an organization-wide...Global Risk Forum GRFDavos
 
Cyber security-awareness-for-social-media-users - Devsena Mishra
Cyber security-awareness-for-social-media-users - Devsena MishraCyber security-awareness-for-social-media-users - Devsena Mishra
Cyber security-awareness-for-social-media-users - Devsena MishraDevsena Mishra
 
Cyber Security Awareness October 2014
Cyber Security Awareness October 2014Cyber Security Awareness October 2014
Cyber Security Awareness October 2014Donald E. Hester
 
Digital strategy - security
Digital strategy - securityDigital strategy - security
Digital strategy - securityNansje
 

Viewers also liked (20)

BASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESSBASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESS
 
Social Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness BriefingSocial Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness Briefing
 
Cyber Security Awareness (Reduce Personal & Business Risk)
Cyber Security Awareness (Reduce Personal & Business Risk)Cyber Security Awareness (Reduce Personal & Business Risk)
Cyber Security Awareness (Reduce Personal & Business Risk)
 
General Awareness On Cyber Security
General Awareness On Cyber SecurityGeneral Awareness On Cyber Security
General Awareness On Cyber Security
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
 
Cyber 101 for smb execs v1
Cyber 101 for smb execs v1Cyber 101 for smb execs v1
Cyber 101 for smb execs v1
 
IT Security Awareness - How to?
IT Security Awareness - How to?IT Security Awareness - How to?
IT Security Awareness - How to?
 
Avoid the Legal Traps of Relocating Jobs
Avoid the Legal Traps of Relocating JobsAvoid the Legal Traps of Relocating Jobs
Avoid the Legal Traps of Relocating Jobs
 
Net Generation
Net GenerationNet Generation
Net Generation
 
National Cyber Security Awareness Month - Michael Kaiser
National Cyber Security Awareness Month - Michael KaiserNational Cyber Security Awareness Month - Michael Kaiser
National Cyber Security Awareness Month - Michael Kaiser
 
READ - Risk Exposure Awareness and Deflection - creating an organization-wide...
READ - Risk Exposure Awareness and Deflection - creating an organization-wide...READ - Risk Exposure Awareness and Deflection - creating an organization-wide...
READ - Risk Exposure Awareness and Deflection - creating an organization-wide...
 
C-Sec Pro
C-Sec Pro C-Sec Pro
C-Sec Pro
 
Cyber safety 101
Cyber safety 101Cyber safety 101
Cyber safety 101
 
Cyber security-awareness-for-social-media-users - Devsena Mishra
Cyber security-awareness-for-social-media-users - Devsena MishraCyber security-awareness-for-social-media-users - Devsena Mishra
Cyber security-awareness-for-social-media-users - Devsena Mishra
 
Cyber Security Awareness October 2014
Cyber Security Awareness October 2014Cyber Security Awareness October 2014
Cyber Security Awareness October 2014
 
Digital strategy - security
Digital strategy - securityDigital strategy - security
Digital strategy - security
 

Similar to Cyber security awareness for end users

I’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextI’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextBrian Pichman
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and youArt Ocain
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataAccellis Technology Group
 
ITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security SeminarITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security SeminarDaniel Versola
 
Cyber Security and GDPR Made Easy
Cyber Security and GDPR Made EasyCyber Security and GDPR Made Easy
Cyber Security and GDPR Made EasyChristoanSmit
 
The Threat Is Real. Protect Yourself.
The Threat Is Real. Protect Yourself.The Threat Is Real. Protect Yourself.
The Threat Is Real. Protect Yourself.Teri Radichel
 
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?TechSoup
 
Cyber Security for Financial Planners
Cyber Security for Financial PlannersCyber Security for Financial Planners
Cyber Security for Financial PlannersMichael O'Phelan
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyMichael Davis
 
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptxCYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptxBarakaMuyengi
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorDavid Perkins
 
Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksSecuring Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksHokme
 

Similar to Cyber security awareness for end users (20)

Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
 
I’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextI’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take Next
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and you
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
ITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security SeminarITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security Seminar
 
Cyber Security and GDPR Made Easy
Cyber Security and GDPR Made EasyCyber Security and GDPR Made Easy
Cyber Security and GDPR Made Easy
 
The Threat Is Real. Protect Yourself.
The Threat Is Real. Protect Yourself.The Threat Is Real. Protect Yourself.
The Threat Is Real. Protect Yourself.
 
Information security
Information securityInformation security
Information security
 
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial Institutions
 
Cyber Security for Financial Planners
Cyber Security for Financial PlannersCyber Security for Financial Planners
Cyber Security for Financial Planners
 
Data security
Data security Data security
Data security
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and Privacy
 
CyberCrime attacks on Small Businesses
CyberCrime attacks on Small BusinessesCyberCrime attacks on Small Businesses
CyberCrime attacks on Small Businesses
 
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptxCYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your Favor
 
Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksSecuring Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP Leaks
 

Recently uploaded

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 

Recently uploaded (20)

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 

Cyber security awareness for end users

  • 1. Cyber 101 Training For SMB End Users Http://Defensative.com www.Defensative.comwww.Defensative.com
  • 2. 62% of Cyber Attacks are aimed at Small Business -- Verizon Cyber Crime Survey >50% of small-to-medium sized businesses had experienced at least one data breach -- Ponemon Institute www.Defensative.com
  • 3. • Money – Ransom-ware • Your companies data – Personally Identifiable Info (PII) – Protected Health Information (PHI) – CC Numbers and/or Financial Info – Intellectual property – copyrights, trademarks & patents, business plans, customer lists, etc. • Your data & access to your customers networks… – The Target breach happened due to an HVAC vendor (more) What are they after? www.Defensative.com
  • 5. www.Defensative.com What Is A Breach Going to Cost Your Company? A National Cyber Security Alliance study showed that 36 percent of cyber attacks are conducted against SMBs. Of those, up to 60 percent go out of business within six months of an attack.
  • 6. • Anti-Virus – Necessary but… – 92% of infosec professionals have totally lost confidence in antivirus (here) • “.. a crypting service takes a bad guy’s piece of malware and scans it against all of the available antivirus tools on the market today — to see how many of them detect the code as malicious. The service then runs some custom encryption routines to obfuscate the malware so that it hardly resembles the piece of code that was detected as bad by most of the tools out there. And it repeats this scanning and crypting process in an iterative fashion until the malware is found to be completely undetectable by all of the antivirus tools on the market.” (here) -- Brian Krebs • Firewall – Necessary as a first line of defense but… www.Defensative.com Isn’t a firewall and Anti-Virus enough?
  • 7. You can have all the Prevention tools (Anti-Virus, Firewalls, Automatic Patching, Backups, Robust Password Protection etc..) and still be vulnerable to employees going to bad websites, clicking on bad links or compromised attachments and allowing the bad guy through the firewall where they can introduce code onto your network that can Sniff your traffic, Copy your data &/or Control your devices… You are the weakest link • Do you have an Android phone? Have you connected it to your companies WIFI? Have you downloaded misc apps… You might just be the problem… Your are the weakest link…
  • 8. You probably have received a fake email or text message with a website created to look like it’s from an authentic company. What it will do: • Trick you into giving them information by asking you to update, validate or confirm your account. It is often presented in a manner than seems official and intimidating, to encourage you to take action. • Convince you to download Malware Did you know 39 Percent of Employees Admit to Opening Suspicious Emails www.Defensative.com How Will You Be Attacked: Phishing (social engineering) – The #1 attack vector! www.Defensative.com Example:
  • 9. www.Defensative.com Example Phishing Phone call www.Defensative.com Great article on how to recognize Phishing… Click this link if video does not play…
  • 10. • Pharming • Cross Site Scripting • Denial of Service • SQL Injection • Dictionary Attack • Botnets • Scanning **see appendix for details www.Defensative.com Other ways you will get hacked… www.Defensative.com
  • 11. www.Defensative.com Example of items you should see referenced in your companies employee policy doc’s about cyber security: • Use of encryption • Email (corporate and personal) • Use of social networking • Password Construction Guidelines • Security Response Plan • Remote Access • Wireless Communication • Bring Your Own Device To Work (BYOD) Here are some detailed examples: • Sample Policy (here) • SANS (here) Are you aware of your companies Corporate Cyber Policy?
  • 12. Examples: • PCI-DSS • FINRA • HIPAA www.Defensative.com Does your company have to comply with Regulatory/Policy mandates? If so they are subject to Big Fines If they are not in compliance so don’t get them in trouble…
  • 13. Unfortunately many websites and services today still offer un-encrypted login. With un-encrypted login, the password is NOT encrypted and considered "cleartext" and can be easily decoded! www.Defensative.com What You Must Do – use HTTPS More here, and here
  • 14. Software vendors such as Adobe, Microsoft, Oracle and others produce frequent security patches that plug holes that can be exploited by bad actors. If you don't install these patches on a regular basis on your hosts, desktops, laptops and phones your infrastructure will be at risk and will eventually be compromised. CVE Details is a good place to keep up on the patches. They consolidate vulnerability data from the National Vulnerability Database (NVD ) and www.exploit-db.com . Another great site is Mitre's CVE site here . Here are 2 examples to give you some perspective on how many vulnerabilities a software can contain: • Here is a list of Adobe Flash vulnerabilities. • Here is a list of Oracle Java vulnerabilities. • Here is a simple chart that shows how many vulnerabilities have been published over the years in the Windows 7 OS www.Defensative.com What You Must Do – Keep Software up to date
  • 15. Examples: • BitTorrent - you have no control over what the BitTorrent user is downloading and you don't want to end up like this guy . ( or these people ) • TOR – You don’t know who is sniffing on the exit nodes (example) • TFTP – It’s all in clear text (more) • Misc Android Apps – 97% of mobile malware is on Android (more) (example) www.Defensative.com What You Must Do – Don’t use risky software
  • 16. • Use Secure Passwords (more) • Use throw away passwords on non-mission critical sites • Understand Password Managers may not be that secure (example) • Change Default Passwords! (more) • If available enable two factor authentication (example) www.Defensative.com What You Must Do – Passwords…
  • 17. Here are 7 Tips to Prevent Mobile Malware • Understand the mobile risks - A mobile device is a computer and should be protected like one. If you access the corporate network with their mobile device you should understand the risk imposed by downloading applications and accessing website that are not from trusted sources. You need to also know the value of keeping your operating system on the device up to date with the latest security patches from the manufacturer/mobile provider and operating system vendor. • Only access corporate data via Wi-Fi over a secure tunnel as over the air networks are exposed to malicious capturing of wireless traffic. There are several mobile Virtual Private Networking technologies (VPN) that can be deployed that can allow users to connect through these secure tunnels. • Understand your companies Bring Your Own Device to work (BYOD) policies • Ask your company if they have a Mobile Device Management (MDM) platform and Mobile Application Management Platforms from companies like Good and others. • Encrypt your devices - It is very difficult for someone to break in a steal data on an encrypted device (this goes for the SIM card as well). • If you use Android then use anti-malware software www.Defensative.com What You Must Do – Your phone…
  • 18. • Change the default password and keep the firmware up to date on your home internet router • Don’t connect to random WIFI’s (example) • Don’t allow others to download programs to computers or phones that will connect to your companies network. Here is a Minecraft example. • Use a Virtual Private Network (VPN) (example, example) www.Defensative.com What You Must Do – Home Networks & Public WIFI’s…
  • 19. Pornography and Malware… They go together. (more) Visitors to Pornhub.com, the 63rd most popular website in the world (and 41st in the US) have a 53% chance of coming into contact with malware www.Defensative.com What You Must Do – Explicit Sites
  • 20. Great advice from SecurityMetrics (here) • Disconnect from the Internet by pulling the network cable from the router to stop the bleeding of data. Do not turn off your computer/phone/tablet • Follow your company cyber security policy step by step plan. The company will usually: – Document all network changes, notification/detection dates, and people/agencies involved in the breach – Segregate all hardware devices in the payment process, or devices suspected of being compromised (if possible) from other business critical devices. – Quarantine instead of deleting. – Preserve firewall settings and firewall logs – Restrict Internet traffic to only business critical servers and ports outside of the credit card processing environment. – Disable (do not delete) remote access capability and wireless access points. – Call a PFI. Once the breach is contained by steps 1-7, consult with a forensic PFI to plan a compromise analysis. www.Defensative.com What You Must Do – Know what you should do if you suspect you have been compromised
  • 22. You or one of your employees may be pointed to a malicious and illegitimate website by redirecting the legitimate URL. Even if the URL is entered correctly, it can still be redirected to a fake website. What it can do: • Convince you that the site is real and legitimate by looking almost identical to the actual site down to the smallest details. You may even enter your personal information and unknowingly give it to someone with malicious intent. • Convince you to download Malware. www.Defensative.com How Will You Be Attacked: Pharming
  • 23. You or one of your employees opens a website that has embed hidden scripts, mainly in the web content, to steal information such as cookies and the information within the cookie (eg passwords, billing info). www.Defensative.com How Will You Be Attacked: XSS Cross Site Scripting
  • 24. A bad actor will attempt to make one of your network resources unavailable to its intended users by saturating the target with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. www.Defensative.com How Will You Be Attacked: Denial of Service (DOS)
  • 25. A bad actor may try to get valuable information from your website by exploiting vulnerabilities in the sites databases. www.Defensative.com How Will You Be Attacked: SQL Injection
  • 26. www.Defensative.com A brute force attempt to guess your network assets passwords, by using common words and letter combinations, such as “Password” or “abc123”. How Will You Be Attacked: Dictionary Attack
  • 27. A collection of software robots, or 'bots', that creates an army of infected computers (known as ‘zombies') that are remotely controlled by the originator. Yours may be one of them and you may not even know it. What they can do: • Send emails on your behalf • Spread all types of malware • Can use your computer as part of a denial of service attack against other systems How Will You Be Attacked: Botnets
  • 28. Your hosts are being scanned daily by server farms all over the world looking for current vulnerabilities (example: Heartbleed) that you may not have patched yet… What they can do: • Take control of your company…. How Will You Be Attacked: Scanning

Editor's Notes

  1. January Target (retail). In January, Target announced an additional 70 million individuals’ contact information was taken during the December 2013 breach, in which 40 million customer’s credit and debit card information was stolen.[5] Neiman Marcus (retail). Between July and October 2013, the credit card information of 350,000 individuals was stolen, and more than 9,000 of the credit cards have been used fraudulently since the attack.[6] Sophisticated code written by the hackers allowed them to move through company computers, undetected by company employees for months. Michaels (retail). Between May 2013 and January 2014, the payment cards of 2.6 million Michaels customers were affected.[7] Attackers targeted the Michaels POS system to gain access to their systems. Yahoo! Mail (communications). The e-mail service for 273 million users was reportedly hacked in January, although the specific number of accounts affected was not released.[8] April Aaron Brothers (retail). The credit and debit card information for roughly 400,000 customers of Aaron Brothers, a subsidiary of Michaels, was compromised by the same POS system malware.[9] AT&T (communications). For two weeks AT&T was hacked from the inside by personnel who accessed user information, including social security information.[10] May eBay (retail). Cyber attacks in late February and early March led to the compromise of eBay employee log-ins, allowing access to the contact and log-in information for 233 million eBay customers.[11] eBay issued a statement asking all users to change their passwords. Five Chinese hackers indicted. Five Chinese nationals were indicted for computer hacking and economic espionage of U.S. companies between 2006 and 2014. The targeted companies included Westinghouse Electric (energy and utilities), U.S. subsidiaries of SolarWorld AG (industrial), United States Steel (industrial), Allegheny Technologies (technology), United Steel Workers Union (services), and Alcoa (industrial).[12] Unnamed public works (energy and utilities). According to the Department of Homeland Security, an unnamed public utility’s control systems were accessed by hackers through a brute-force attack[13] on employee’s log-in passwords.[14] June Feedly (communications). Feedly’s 15 million users were temporarily affected by three distributed denial-of-service attacks.[15] Evernote (technology). In the same week as the Feedly cyber attack, Evernote and its 100 million users faced a similar denial-of-service attack.[16] P.F. Chang’s China Bistro (restaurant). Between September 2013 and June 2014, credit and debit card information from 33 P.F. Chang’s restaurants was compromised and reportedly sold online.[17] August U.S. Investigations Services (services). U.S. Investigations Services, a subcontractor for federal employee background checks, suffered a data breach in August, which led to the theft of employee personnel information.[18] Although no specific origin of attack was reported, the company believes the attack was state-sponsored. Community Health Services (health care). At Community Health Service (CHS), the personal data for 4.5 million patients were compromised between April and June.[19] CHS warns that any patient who visited any of its 206 hospital locations over the past five years may have had his or her data compromised. The sophisticated malware used in the attack reportedly originated in China. The FBI warns that other health care firms may also have been attacked. UPS (services). Between January and August, customer information from more than 60 UPS stores was compromised, including financial data,[20] reportedly as a result of the Backoff malware attacks. Defense Industries (defense). Su Bin, a 49-year-old Chinese national, was indicted for hacking defense companies such as Boeing.[21] Between 2009 and 2013, Bin reportedly worked with two other hackers in an attempt to steal manufacturing plans for defense programs, such as the F-35 and F-22 fighter jets. September Home Depot (retail). Cyber criminals reportedly used malware to compromise the credit card information for roughly 56 million shoppers in Home Depot’s 2,000 U.S. and Canadian outlets.[22] Google (communications). Reportedly, 5 million Gmail usernames and passwords were compromised.[23] About 100,000 were released on a Russian forum site. Apple iCloud (technology). Hackers reportedly used passwords hacked with brute-force tactics and third-party applications to access Apple user’s online data storage, leading to the subsequent posting of celebrities’ private photos online.[24] It is uncertain whether users or Apple were at fault for the attack. Goodwill Industries International (retail). Between February 2013 and August 2014, information for roughly 868,000 credit and debit cards was reportedly stolen from 330 Goodwill stores.[25] Malware infected the chain store through infected third-party vendors. SuperValu (retail). SuperValu was attacked between June and July, and suffered another malware attack between late August and September.[26] The first theft included customer and payment card information from some of its Cub Foods, Farm Fresh, Shop ‘n Save, and Shoppers stores. The second attack reportedly involved only payment card data. Bartell Hotels (hotel). The information for up to 55,000 customers was reportedly stolen between February and May.[27] U.S. Transportation Command contractors (transportation). A Senate report revealed that networks of the U.S. Transportation Command’s contractors were successfully breached 50 times between June 2012 and May 2013.[28] At least 20 of the breaches were attributed to attacks originating from China. October J.P. Morgan Chase (financial). An attack in June was not noticed until August.[29] The contact information for 76 million households and 7 million small businesses was compromised. The hackers may have originated in Russia and may have ties to the Russian government. Dairy Queen International (restaurant). Credit and debit card information from 395 Dairy Queen and Orange Julius stores was compromised by the Backoff malware.[30] Snapsave (communications). Reportedly, the photos of 200,000 users were hacked from Snapsave, a third-party app for saving photos from Snapchat, an instant photo-sharing app.[31]