SlideShare a Scribd company logo

Jisc cyber security posture survey

Download as PPTX, PDF
Jisc
Jisc

Part of the 'Swimming with sharks - don't be phish food' session at Digifest 2019.

Education
1 of 25
© 2018 Khipu Networks Limited. All Rights Reserved. JISC CYBER SECURITY POSTURE SURVEY 2018 Next-Generation Networking and Advanced Cyber Security GOAL: ZERO VULNERABILITY INFRASTRUCTURE
www.khipu-networks.com © 2017 Khipu Networks Limited. All Rights Reserved. • Founded in 2005 & privately owned • Identified the need for secure network access “BYOD” • UK/I, SA & international coverage INTERNATIONAL CYBER SECURITY COMPANY • Round the clock network & security operation services • Pro-active support “KARMA” & managed services • Project, service delivery & account management teams OUTSTANDING CUSTOMER SATISFACTION • Customer references across all sectors • Year on year growth • Over 500 customers globally PROVEN BUSINESS • Quality assured: ISO9001, 27001, 14011 & OHSA 18001 • Highest partner, support & technical accreditations • Extensive investment in training & development CERTIFIED TO DELIVER Who We Are? Next-Generation Networking and Cyber Security
www.khipu-networks.com © 2017 Khipu Networks Limited. All Rights Reserved. Real-life statistics Cyber Attacks - Reduce Your Risk 60% 21% 85% 66% 25% Increase in phishing attacks Emails get through spam filters Have suffered a phishing attack Have suffered a spear-phishing attack Have been successfully phished Q4 2017 Q3 2018 240%increase 300,000 150,000 0 New phishing websites The number one vehicle for ransomware attacks & malware Phishing attacks The most effective way to deliver malware Email attachments The 3rd most effective way to deliver malware Email web-links OPENED 30%
www.khipu-networks.com © 2017 Khipu Networks Limited. All Rights Reserved. Endpoints PC’s, Laptops, Mobile & BYOD Applications Email, CRM, office, SaaS & specific apps Infrastructure Network, security & systems User Staff, Visitors & Contractors Typical Environment Cyber Attacks - Reduce Your Risk Financial Loss Confidential Data leakage (personal & business) Crippled IT systems & operations Damage to reputation - blacklisting, bad press Fines from ICO COMPLETE DISRUPTION TO YOUR ORGANISATION Accountability, stress & frustration
www.khipu-networks.com © 2017 Khipu Networks Limited. All Rights Reserved. In the press Cyber Attacks - Reduce Your Risk SPEAR PHISHING ATTACK
www.khipu-networks.com © 2017 Khipu Networks Limited. All Rights Reserved. Phishing Vulnerability Risk Assessment Cyber Attacks - Reduce Your Risk USERS • Do they open phishing emails, how many? • Do they share confidential information via a website, how many? IDENTIFY YOUR VULNERABILITIES TO PHISHING ATTACKS - “RISK FACTOR” INFRASTRUCTURE • Are email systems, spam, firewalls identifying & blocking phishing attacks? • Are they capable of or been configured properly to protect your organisation? PROCESSES • How does the organisation (users, IT helpdesk teams etc) react? • Are your processes including awareness inductions effective? DEVICES • What operating systems and web browsers (incl. plug-ins) are being used? • Are they sanctioned by your organisation, are they up to date, are they vulnerable? LAYER OF DEFENCE FIRST LAST USERS
www.khipu-networks.com © 2017 Khipu Networks Limited. All Rights Reserved. Simulated Phishing Services Cyber Attacks - Reduce Your Risk EMAILS • Customised to meet customer requirements & scenarios • Link to phishing website • Download an attachment (PDF, .doc, .xl etc) WEBSITE • Customised web pages incl. domain, intranet, website • Capture different types of information to test users • Drive-by attack (BEEF) OPTIONS • SMS (smishing) attack: Personal or business details • USB malware attack • Ransomware simulation • Vishing (social engineering)* DEDICATED SERVICE DELIVERY TEAM Project management Cyber security specialists Account managers
www.khipu-networks.com © 2017 Khipu Networks Limited. All Rights Reserved. Awareness Training Services Cyber Attacks - Reduce Your Risk EMAILS • The simulation; why, the risks, what to do (customisable) • Link to education awareness landing page WEBSITE & CONTENT • Customisable education page to raise awareness • What is phishing, what to do, top tips, video, quizzes (recorded) • Facts, statistics, glossaries, Infographics, how to protect • Video awareness library (incl. customised video) TRAINING “CYBER SECURITY 101” • Classroom-based: Work & home life phishing & CS awareness • Onsite (no limitation to attendees), offsite or virtual* • Cyber security best practise workshops (onsite) DEDICATED SERVICE DELIVERY TEAM Project management Cyber security specialists Account managers
www.khipu-networks.com © 2017 Khipu Networks Limited. All Rights Reserved. Awareness Training Services Cyber Attacks - Reduce Your Risk DEDICATED SERVICE DELIVERY TEAM Project management Cyber security specialists Account managers EMAILS • The simulation; why, the risks, what to do etc (customisable) • Link to education awareness landing page WEBSITE & CONTENT • Customisable education page to raise awareness • What is phishing, what to do, top tips, video, quizzes (recorded) • Facts, statistics, glossaries, Infographics, how to protect • Video awareness library (incl. customised video) TRAINING “CYBER SECURITY 101” • Classroom-based: Work & home life phishing & CS awareness • Onsite (no limitation to attendees), offsite or virtual* • Cyber security best practise workshops (onsite)
www.khipu-networks.com © 2017 Khipu Networks Limited. All Rights Reserved. Reporting Services Stats Cyber Attacks - Reduce Your Risk
© 2018 Khipu Networks Limited. All Rights Reserved. Some of what you’ll learn in the Classroom Training: 3 Key Take Aways Cyber Attacks - Reduce Your Risk • How Do You Know It’s a Scam? • Social Media – Friend or Foe? • Building a Better Password
© 2018 Khipu Networks Limited. All Rights Reserved. Sophisticated Real-life Phishing Attacks Cyber Attacks - Reduce Your Risk
© 2018 Khipu Networks Limited. All Rights Reserved. If it’s too good to be true… Cyber Attacks - Reduce Your Risk
© 2018 Khipu Networks Limited. All Rights Reserved. A whole country could be a target Cyber Attacks - Reduce Your Risk
© 2018 Khipu Networks Limited. All Rights Reserved. They’re not just target email accounts… Cyber Attacks - Reduce Your Risk
© 2018 Khipu Networks Limited. All Rights Reserved. So, How do you know? Cyber Attacks - Reduce Your Risk •Check the To: & From: Fields •Attachments: Always suspicious •Grammer and Speling not quiet right •Aggressive or threatening in nature Grammar and Spelling not quite right
© 2018 Khipu Networks Limited. All Rights Reserved. Would You Click on This? Cyber Attacks - Reduce Your Risk     Who is it From:? Who is it To:? Suspicious Attachment? Grammar, Spelling, Threatening
© 2018 Khipu Networks Limited. All Rights Reserved. Social Media – Friend or Foe? Cyber Attacks - Reduce Your Risk Social Media = Think Before you Post Does it reveal personal data? Will it hurt you or your family? Will it hurt your career? Will it trigger a negative reaction?
© 2018 Khipu Networks Limited. All Rights Reserved. Social Media – Friend or Foe? Cyber Attacks - Reduce Your Risk Staying Safe Guidelines Don't reveal too much Be careful of those self revealing games / quizzes Review your Privacy Settings (Especially after updates) Be careful what you click on. (Do a search instead)
© 2018 Khipu Networks Limited. All Rights Reserved. Building a Better Password Cyber Attacks - Reduce Your Risk BIGGER is better!
© 2018 Khipu Networks Limited. All Rights Reserved. Building a Better Password Cyber Attacks - Reduce Your Risk Create a complex password from a phase: • String TWO or THREE words together (sleepingbeautyisgreat) (S133p!ngB34uTy1sGr3at) Use a favourite phrase, quote or line from a song (e.g. “My very eager mother just served us nine pizzas!!”) My=Mercury, Very=Venus, Eager=Earth, Mother=Mars, Just=Jupiter, Served=Saturn Us=Uranus, Nine=Neptune, Pizzas=Pluto MyV3mjsu9P!!
© 2018 Khipu Networks Limited. All Rights Reserved. Building a Better Password Cyber Attacks - Reduce Your Risk CRACKING PASSWORDS: (123456) (MyV3mjsu9P!!) (sleepingbeautyisgreat) (S133p!ngB34uTy1sGr3at)
© 2018 Khipu Networks Limited. All Rights Reserved. Final Thoughts on Passwords Cyber Attacks - Reduce Your Risk
www.khipu-networks.com © 2017 Khipu Networks Limited. All Rights Reserved. KHIPU are competent trainers, who kept the audience attentive and interested. The content was pitched at a relevant level and had more than enough ‘food for thought’. The feedback that I had from the attendees was very positive and all felt the course worthwhile. As an employer, I also feel that this education will really help reduce the risk of an employee inadvertently compromising our network and they can no longer say that no-one told us. Very highly recommended. Chris Adcock Chief Finance Officer - Duchy of Lancaster TESTINOMIAL
www.khipu-networks.com © 2017 Khipu Networks Limited. All Rights Reserved. THANKS FOR LISTENING HAPPY TO TAKE YOUR QUESTIONS imai@khipu-networks.com @KhipuNetworks Khipu Networks www.khipu-networks.com

Recommended

Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareCyren, Inc
 
Webinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyWebinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyCyren, Inc
 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Imperva
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingCyren, Inc
 
Webinar: A deep dive on phishing, today's #1 business threat
Webinar: A deep dive on phishing, today's #1 business threatWebinar: A deep dive on phishing, today's #1 business threat
Webinar: A deep dive on phishing, today's #1 business threatCyren, Inc
 
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowCyren, Inc
 
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats Report
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats ReportWebinar: Insights from CYREN's 2015 Q2 Cyber Threats Report
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats ReportCyren, Inc
 
Avoiding Sophisticated Targeted Breach Critical Guidance Healthcare
Avoiding Sophisticated Targeted Breach Critical Guidance HealthcareAvoiding Sophisticated Targeted Breach Critical Guidance Healthcare
Avoiding Sophisticated Targeted Breach Critical Guidance HealthcareCybereason
 

Recommended

Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareCyren, Inc
 
Webinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyWebinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyCyren, Inc
 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Imperva
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingCyren, Inc
 
Webinar: A deep dive on phishing, today's #1 business threat
Webinar: A deep dive on phishing, today's #1 business threatWebinar: A deep dive on phishing, today's #1 business threat
Webinar: A deep dive on phishing, today's #1 business threatCyren, Inc
 
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowCyren, Inc
 
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats Report
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats ReportWebinar: Insights from CYREN's 2015 Q2 Cyber Threats Report
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats ReportCyren, Inc
 
Avoiding Sophisticated Targeted Breach Critical Guidance Healthcare
Avoiding Sophisticated Targeted Breach Critical Guidance HealthcareAvoiding Sophisticated Targeted Breach Critical Guidance Healthcare
Avoiding Sophisticated Targeted Breach Critical Guidance HealthcareCybereason
 
2016_AZCWR_Vanguard_keynote_presentation
2016_AZCWR_Vanguard_keynote_presentation2016_AZCWR_Vanguard_keynote_presentation
2016_AZCWR_Vanguard_keynote_presentationRichard Larkins
 
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Jason Trost
 
Honeynet architecture
Honeynet architectureHoneynet architecture
Honeynet architectureamar koppal
 
Modern Honey Network at Bay Area Open Source Security Hackers
Modern Honey Network at Bay Area Open Source Security HackersModern Honey Network at Bay Area Open Source Security Hackers
Modern Honey Network at Bay Area Open Source Security HackersJason Trost
 
The Case for EDR: What's In Your Toolkit
The Case for EDR: What's In Your ToolkitThe Case for EDR: What's In Your Toolkit
The Case for EDR: What's In Your ToolkitDawn Yankeelov
 
From Mirai to Monero – One Year’s Worth of Honeypot Data
From Mirai to Monero – One Year’s Worth of Honeypot DataFrom Mirai to Monero – One Year’s Worth of Honeypot Data
From Mirai to Monero – One Year’s Worth of Honeypot DataDefCamp
 
9 Top Bug Bounty Programs
9 Top Bug Bounty Programs9 Top Bug Bounty Programs
9 Top Bug Bounty ProgramsHackerOne
 
Aaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseAaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & Defensecentralohioissa
 
Aaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseAaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseJason Luttrell, CISSP, CISM
 
Cybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxCybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxAfsanaMumal2
 
Cybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxCybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxsanap6
 
Cybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxCybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxinstaeditz009
 
Cybersecurity Awareness Overview- BSBXCS402.pptx
Cybersecurity Awareness Overview- BSBXCS402.pptxCybersecurity Awareness Overview- BSBXCS402.pptx
Cybersecurity Awareness Overview- BSBXCS402.pptxitsamuamit11
 
Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3Caston Thomas
 
Leveraging Compliance to “Help” Prevent a Future Breach
Leveraging Compliance to “Help” Prevent a Future BreachLeveraging Compliance to “Help” Prevent a Future Breach
Leveraging Compliance to “Help” Prevent a Future BreachKevin Murphy
 
How to improve resilience and respond better to Cyber Attacks with ISO 22301?
How to improve resilience and respond better to Cyber Attacks with ISO 22301?How to improve resilience and respond better to Cyber Attacks with ISO 22301?
How to improve resilience and respond better to Cyber Attacks with ISO 22301?PECB
 
Clear and present danger: Cyber Threats and Trends 2017
Clear and present danger: Cyber Threats and Trends 2017Clear and present danger: Cyber Threats and Trends 2017
Clear and present danger: Cyber Threats and Trends 2017Morakinyo Animasaun
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
Building a Culture of Innovation at Amazon: Driving Customer Success
Building a Culture of Innovation at Amazon: Driving Customer SuccessBuilding a Culture of Innovation at Amazon: Driving Customer Success
Building a Culture of Innovation at Amazon: Driving Customer SuccessAmazon Web Services
 
NEDMA18 Keynote: Cyber Security – what you need to know, what you need to do
NEDMA18 Keynote: Cyber Security – what you need to know, what you need to doNEDMA18 Keynote: Cyber Security – what you need to know, what you need to do
NEDMA18 Keynote: Cyber Security – what you need to know, what you need to doNew England Direct Marketing Association, Inc.
 
Cyber Resilency VANCOUVER, BC Nov 2017
Cyber Resilency VANCOUVER, BC Nov 2017 Cyber Resilency VANCOUVER, BC Nov 2017
Cyber Resilency VANCOUVER, BC Nov 2017 Kevin Murphy
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountImperva
 

More Related Content

What's hot

2016_AZCWR_Vanguard_keynote_presentation
2016_AZCWR_Vanguard_keynote_presentation2016_AZCWR_Vanguard_keynote_presentation
2016_AZCWR_Vanguard_keynote_presentationRichard Larkins
 
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Jason Trost
 
Honeynet architecture
Honeynet architectureHoneynet architecture
Honeynet architectureamar koppal
 
Modern Honey Network at Bay Area Open Source Security Hackers
Modern Honey Network at Bay Area Open Source Security HackersModern Honey Network at Bay Area Open Source Security Hackers
Modern Honey Network at Bay Area Open Source Security HackersJason Trost
 
The Case for EDR: What's In Your Toolkit
The Case for EDR: What's In Your ToolkitThe Case for EDR: What's In Your Toolkit
The Case for EDR: What's In Your ToolkitDawn Yankeelov
 
From Mirai to Monero – One Year’s Worth of Honeypot Data
From Mirai to Monero – One Year’s Worth of Honeypot DataFrom Mirai to Monero – One Year’s Worth of Honeypot Data
From Mirai to Monero – One Year’s Worth of Honeypot DataDefCamp
 
9 Top Bug Bounty Programs
9 Top Bug Bounty Programs9 Top Bug Bounty Programs
9 Top Bug Bounty ProgramsHackerOne
 

What's hot (7)

2016_AZCWR_Vanguard_keynote_presentation
2016_AZCWR_Vanguard_keynote_presentation2016_AZCWR_Vanguard_keynote_presentation
2016_AZCWR_Vanguard_keynote_presentation
 
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
 
Honeynet architecture
Honeynet architectureHoneynet architecture
Honeynet architecture
 
Modern Honey Network at Bay Area Open Source Security Hackers
Modern Honey Network at Bay Area Open Source Security HackersModern Honey Network at Bay Area Open Source Security Hackers
Modern Honey Network at Bay Area Open Source Security Hackers
 
The Case for EDR: What's In Your Toolkit
The Case for EDR: What's In Your ToolkitThe Case for EDR: What's In Your Toolkit
The Case for EDR: What's In Your Toolkit
 
From Mirai to Monero – One Year’s Worth of Honeypot Data
From Mirai to Monero – One Year’s Worth of Honeypot DataFrom Mirai to Monero – One Year’s Worth of Honeypot Data
From Mirai to Monero – One Year’s Worth of Honeypot Data
 
9 Top Bug Bounty Programs
9 Top Bug Bounty Programs9 Top Bug Bounty Programs
9 Top Bug Bounty Programs
 

Similar to Jisc cyber security posture survey

Aaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseAaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & Defensecentralohioissa
 
Aaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseAaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseJason Luttrell, CISSP, CISM
 
Cybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxCybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxAfsanaMumal2
 
Cybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxCybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxsanap6
 
Cybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxCybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxinstaeditz009
 
Cybersecurity Awareness Overview- BSBXCS402.pptx
Cybersecurity Awareness Overview- BSBXCS402.pptxCybersecurity Awareness Overview- BSBXCS402.pptx
Cybersecurity Awareness Overview- BSBXCS402.pptxitsamuamit11
 
Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3Caston Thomas
 
Leveraging Compliance to “Help” Prevent a Future Breach
Leveraging Compliance to “Help” Prevent a Future BreachLeveraging Compliance to “Help” Prevent a Future Breach
Leveraging Compliance to “Help” Prevent a Future BreachKevin Murphy
 
How to improve resilience and respond better to Cyber Attacks with ISO 22301?
How to improve resilience and respond better to Cyber Attacks with ISO 22301?How to improve resilience and respond better to Cyber Attacks with ISO 22301?
How to improve resilience and respond better to Cyber Attacks with ISO 22301?PECB
 
Clear and present danger: Cyber Threats and Trends 2017
Clear and present danger: Cyber Threats and Trends 2017Clear and present danger: Cyber Threats and Trends 2017
Clear and present danger: Cyber Threats and Trends 2017Morakinyo Animasaun
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
Building a Culture of Innovation at Amazon: Driving Customer Success
Building a Culture of Innovation at Amazon: Driving Customer SuccessBuilding a Culture of Innovation at Amazon: Driving Customer Success
Building a Culture of Innovation at Amazon: Driving Customer SuccessAmazon Web Services
 
Cyber Resilency VANCOUVER, BC Nov 2017
Cyber Resilency VANCOUVER, BC Nov 2017 Cyber Resilency VANCOUVER, BC Nov 2017
Cyber Resilency VANCOUVER, BC Nov 2017 Kevin Murphy
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountImperva
 
Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessLucy Denver
 
Operating at Scale: Preparing for the Journey
Operating at Scale: Preparing for the JourneyOperating at Scale: Preparing for the Journey
Operating at Scale: Preparing for the JourneyAmazon Web Services
 
The seven habits of highly successful builders - AWS Summit Cape Town 2018
The seven habits of highly successful builders - AWS Summit Cape Town 2018The seven habits of highly successful builders - AWS Summit Cape Town 2018
The seven habits of highly successful builders - AWS Summit Cape Town 2018Amazon Web Services
 

Similar to Jisc cyber security posture survey (20)

Aaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseAaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & Defense
 
Aaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseAaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & Defense
 
Cybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxCybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptx
 
Cybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxCybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptx
 
Cybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptxCybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptx
 
Cybersecurity Awareness Overview- BSBXCS402.pptx
Cybersecurity Awareness Overview- BSBXCS402.pptxCybersecurity Awareness Overview- BSBXCS402.pptx
Cybersecurity Awareness Overview- BSBXCS402.pptx
 
Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3
 
Leveraging Compliance to “Help” Prevent a Future Breach
Leveraging Compliance to “Help” Prevent a Future BreachLeveraging Compliance to “Help” Prevent a Future Breach
Leveraging Compliance to “Help” Prevent a Future Breach
 
How to improve resilience and respond better to Cyber Attacks with ISO 22301?
How to improve resilience and respond better to Cyber Attacks with ISO 22301?How to improve resilience and respond better to Cyber Attacks with ISO 22301?
How to improve resilience and respond better to Cyber Attacks with ISO 22301?
 
Clear and present danger: Cyber Threats and Trends 2017
Clear and present danger: Cyber Threats and Trends 2017Clear and present danger: Cyber Threats and Trends 2017
Clear and present danger: Cyber Threats and Trends 2017
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 
Building a Culture of Innovation at Amazon: Driving Customer Success
Building a Culture of Innovation at Amazon: Driving Customer SuccessBuilding a Culture of Innovation at Amazon: Driving Customer Success
Building a Culture of Innovation at Amazon: Driving Customer Success
 
NEDMA18 Keynote: Cyber Security – what you need to know, what you need to do
NEDMA18 Keynote: Cyber Security – what you need to know, what you need to doNEDMA18 Keynote: Cyber Security – what you need to know, what you need to do
NEDMA18 Keynote: Cyber Security – what you need to know, what you need to do
 
Cyber Resilency VANCOUVER, BC Nov 2017
Cyber Resilency VANCOUVER, BC Nov 2017 Cyber Resilency VANCOUVER, BC Nov 2017
Cyber Resilency VANCOUVER, BC Nov 2017
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked account
 
Threat Landscape Lessons from IoTs and Honeynets
Threat Landscape Lessons from IoTs and Honeynets Threat Landscape Lessons from IoTs and Honeynets
Threat Landscape Lessons from IoTs and Honeynets
 
Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your Business
 
Operating at Scale: Preparing for the Journey
Operating at Scale: Preparing for the JourneyOperating at Scale: Preparing for the Journey
Operating at Scale: Preparing for the Journey
 
Making Office 365_SharePoint Strategic_SPC18.pdf
Making Office 365_SharePoint Strategic_SPC18.pdfMaking Office 365_SharePoint Strategic_SPC18.pdf
Making Office 365_SharePoint Strategic_SPC18.pdf
 
The seven habits of highly successful builders - AWS Summit Cape Town 2018
The seven habits of highly successful builders - AWS Summit Cape Town 2018The seven habits of highly successful builders - AWS Summit Cape Town 2018
The seven habits of highly successful builders - AWS Summit Cape Town 2018
 

More from Jisc

Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...Jisc
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxJisc
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxJisc
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Jisc
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...Jisc
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptxJisc
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxJisc
 
The Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxThe Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxJisc
 
Are we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxAre we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxJisc
 
JiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJisc
 
UWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxUWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxJisc
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber EssentialsJisc
 
MarkChilds.pptx
MarkChilds.pptxMarkChilds.pptx
MarkChilds.pptxJisc
 
RStrachanOct23.pptx
RStrachanOct23.pptxRStrachanOct23.pptx
RStrachanOct23.pptxJisc
 
ISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptxISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptxJisc
 
FerrellWalker.pptx
FerrellWalker.pptxFerrellWalker.pptx
FerrellWalker.pptxJisc
 

More from Jisc (20)

Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptx
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptx
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptx
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptx
 
The Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxThe Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptx
 
Are we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxAre we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptx
 
JiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptx
 
UWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxUWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptx
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber Essentials
 
MarkChilds.pptx
MarkChilds.pptxMarkChilds.pptx
MarkChilds.pptx
 
RStrachanOct23.pptx
RStrachanOct23.pptxRStrachanOct23.pptx
RStrachanOct23.pptx
 
ISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptxISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptx
 
FerrellWalker.pptx
FerrellWalker.pptxFerrellWalker.pptx
FerrellWalker.pptx
 

Recently uploaded

microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPoojaSen20
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 

Recently uploaded (20)

microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptx
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.Compdf
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 

Jisc cyber security posture survey

  • 1. © 2018 Khipu Networks Limited. All Rights Reserved. JISC CYBER SECURITY POSTURE SURVEY 2018 Next-Generation Networking and Advanced Cyber Security GOAL: ZERO VULNERABILITY INFRASTRUCTURE
  • 2. www.khipu-networks.com © 2017 Khipu Networks Limited. All Rights Reserved. • Founded in 2005 & privately owned • Identified the need for secure network access “BYOD” • UK/I, SA & international coverage INTERNATIONAL CYBER SECURITY COMPANY • Round the clock network & security operation services • Pro-active support “KARMA” & managed services • Project, service delivery & account management teams OUTSTANDING CUSTOMER SATISFACTION • Customer references across all sectors • Year on year growth • Over 500 customers globally PROVEN BUSINESS • Quality assured: ISO9001, 27001, 14011 & OHSA 18001 • Highest partner, support & technical accreditations • Extensive investment in training & development CERTIFIED TO DELIVER Who We Are? Next-Generation Networking and Cyber Security
  • 3. www.khipu-networks.com © 2017 Khipu Networks Limited. All Rights Reserved. Real-life statistics Cyber Attacks - Reduce Your Risk 60% 21% 85% 66% 25% Increase in phishing attacks Emails get through spam filters Have suffered a phishing attack Have suffered a spear-phishing attack Have been successfully phished Q4 2017 Q3 2018 240%increase 300,000 150,000 0 New phishing websites The number one vehicle for ransomware attacks & malware Phishing attacks The most effective way to deliver malware Email attachments The 3rd most effective way to deliver malware Email web-links OPENED 30%
  • 4. www.khipu-networks.com © 2017 Khipu Networks Limited. All Rights Reserved. Endpoints PC’s, Laptops, Mobile & BYOD Applications Email, CRM, office, SaaS & specific apps Infrastructure Network, security & systems User Staff, Visitors & Contractors Typical Environment Cyber Attacks - Reduce Your Risk Financial Loss Confidential Data leakage (personal & business) Crippled IT systems & operations Damage to reputation - blacklisting, bad press Fines from ICO COMPLETE DISRUPTION TO YOUR ORGANISATION Accountability, stress & frustration
  • 5. www.khipu-networks.com © 2017 Khipu Networks Limited. All Rights Reserved. In the press Cyber Attacks - Reduce Your Risk SPEAR PHISHING ATTACK
  • 6. www.khipu-networks.com © 2017 Khipu Networks Limited. All Rights Reserved. Phishing Vulnerability Risk Assessment Cyber Attacks - Reduce Your Risk USERS • Do they open phishing emails, how many? • Do they share confidential information via a website, how many? IDENTIFY YOUR VULNERABILITIES TO PHISHING ATTACKS - “RISK FACTOR” INFRASTRUCTURE • Are email systems, spam, firewalls identifying & blocking phishing attacks? • Are they capable of or been configured properly to protect your organisation? PROCESSES • How does the organisation (users, IT helpdesk teams etc) react? • Are your processes including awareness inductions effective? DEVICES • What operating systems and web browsers (incl. plug-ins) are being used? • Are they sanctioned by your organisation, are they up to date, are they vulnerable? LAYER OF DEFENCE FIRST LAST USERS
  • 7. www.khipu-networks.com © 2017 Khipu Networks Limited. All Rights Reserved. Simulated Phishing Services Cyber Attacks - Reduce Your Risk EMAILS • Customised to meet customer requirements & scenarios • Link to phishing website • Download an attachment (PDF, .doc, .xl etc) WEBSITE • Customised web pages incl. domain, intranet, website • Capture different types of information to test users • Drive-by attack (BEEF) OPTIONS • SMS (smishing) attack: Personal or business details • USB malware attack • Ransomware simulation • Vishing (social engineering)* DEDICATED SERVICE DELIVERY TEAM Project management Cyber security specialists Account managers
  • 8. www.khipu-networks.com © 2017 Khipu Networks Limited. All Rights Reserved. Awareness Training Services Cyber Attacks - Reduce Your Risk EMAILS • The simulation; why, the risks, what to do (customisable) • Link to education awareness landing page WEBSITE & CONTENT • Customisable education page to raise awareness • What is phishing, what to do, top tips, video, quizzes (recorded) • Facts, statistics, glossaries, Infographics, how to protect • Video awareness library (incl. customised video) TRAINING “CYBER SECURITY 101” • Classroom-based: Work & home life phishing & CS awareness • Onsite (no limitation to attendees), offsite or virtual* • Cyber security best practise workshops (onsite) DEDICATED SERVICE DELIVERY TEAM Project management Cyber security specialists Account managers
  • 9. www.khipu-networks.com © 2017 Khipu Networks Limited. All Rights Reserved. Awareness Training Services Cyber Attacks - Reduce Your Risk DEDICATED SERVICE DELIVERY TEAM Project management Cyber security specialists Account managers EMAILS • The simulation; why, the risks, what to do etc (customisable) • Link to education awareness landing page WEBSITE & CONTENT • Customisable education page to raise awareness • What is phishing, what to do, top tips, video, quizzes (recorded) • Facts, statistics, glossaries, Infographics, how to protect • Video awareness library (incl. customised video) TRAINING “CYBER SECURITY 101” • Classroom-based: Work & home life phishing & CS awareness • Onsite (no limitation to attendees), offsite or virtual* • Cyber security best practise workshops (onsite)
  • 10. www.khipu-networks.com © 2017 Khipu Networks Limited. All Rights Reserved. Reporting Services Stats Cyber Attacks - Reduce Your Risk
  • 11. © 2018 Khipu Networks Limited. All Rights Reserved. Some of what you’ll learn in the Classroom Training: 3 Key Take Aways Cyber Attacks - Reduce Your Risk • How Do You Know It’s a Scam? • Social Media – Friend or Foe? • Building a Better Password
  • 12. © 2018 Khipu Networks Limited. All Rights Reserved. Sophisticated Real-life Phishing Attacks Cyber Attacks - Reduce Your Risk
  • 13. © 2018 Khipu Networks Limited. All Rights Reserved. If it’s too good to be true… Cyber Attacks - Reduce Your Risk
  • 14. © 2018 Khipu Networks Limited. All Rights Reserved. A whole country could be a target Cyber Attacks - Reduce Your Risk
  • 15. © 2018 Khipu Networks Limited. All Rights Reserved. They’re not just target email accounts… Cyber Attacks - Reduce Your Risk
  • 16. © 2018 Khipu Networks Limited. All Rights Reserved. So, How do you know? Cyber Attacks - Reduce Your Risk •Check the To: & From: Fields •Attachments: Always suspicious •Grammer and Speling not quiet right •Aggressive or threatening in nature Grammar and Spelling not quite right
  • 17. © 2018 Khipu Networks Limited. All Rights Reserved. Would You Click on This? Cyber Attacks - Reduce Your Risk     Who is it From:? Who is it To:? Suspicious Attachment? Grammar, Spelling, Threatening
  • 18. © 2018 Khipu Networks Limited. All Rights Reserved. Social Media – Friend or Foe? Cyber Attacks - Reduce Your Risk Social Media = Think Before you Post Does it reveal personal data? Will it hurt you or your family? Will it hurt your career? Will it trigger a negative reaction?
  • 19. © 2018 Khipu Networks Limited. All Rights Reserved. Social Media – Friend or Foe? Cyber Attacks - Reduce Your Risk Staying Safe Guidelines Don't reveal too much Be careful of those self revealing games / quizzes Review your Privacy Settings (Especially after updates) Be careful what you click on. (Do a search instead)
  • 20. © 2018 Khipu Networks Limited. All Rights Reserved. Building a Better Password Cyber Attacks - Reduce Your Risk BIGGER is better!
  • 21. © 2018 Khipu Networks Limited. All Rights Reserved. Building a Better Password Cyber Attacks - Reduce Your Risk Create a complex password from a phase: • String TWO or THREE words together (sleepingbeautyisgreat) (S133p!ngB34uTy1sGr3at) Use a favourite phrase, quote or line from a song (e.g. “My very eager mother just served us nine pizzas!!”) My=Mercury, Very=Venus, Eager=Earth, Mother=Mars, Just=Jupiter, Served=Saturn Us=Uranus, Nine=Neptune, Pizzas=Pluto MyV3mjsu9P!!
  • 22. © 2018 Khipu Networks Limited. All Rights Reserved. Building a Better Password Cyber Attacks - Reduce Your Risk CRACKING PASSWORDS: (123456) (MyV3mjsu9P!!) (sleepingbeautyisgreat) (S133p!ngB34uTy1sGr3at)
  • 23. © 2018 Khipu Networks Limited. All Rights Reserved. Final Thoughts on Passwords Cyber Attacks - Reduce Your Risk
  • 24. www.khipu-networks.com © 2017 Khipu Networks Limited. All Rights Reserved. KHIPU are competent trainers, who kept the audience attentive and interested. The content was pitched at a relevant level and had more than enough ‘food for thought’. The feedback that I had from the attendees was very positive and all felt the course worthwhile. As an employer, I also feel that this education will really help reduce the risk of an employee inadvertently compromising our network and they can no longer say that no-one told us. Very highly recommended. Chris Adcock Chief Finance Officer - Duchy of Lancaster TESTINOMIAL
  • 25. www.khipu-networks.com © 2017 Khipu Networks Limited. All Rights Reserved. THANKS FOR LISTENING HAPPY TO TAKE YOUR QUESTIONS imai@khipu-networks.com @KhipuNetworks Khipu Networks www.khipu-networks.com

Editor's Notes

  1. Cyber Risk Service: Network visibility Goal: To understand your cyber security posture by identifying all applications including malware, their usage and risk, and ways hackers are attempting to breach your network Focus: Analyse network traffic to identify all activity, its risk and what cyber-attacks your current perimeter security systems are missing Outcome: Security Lifecycle Review that provides a complete picture of all applications and attacks on your network with key focus areas to help increase security. Recommendations for: Next-Gen Security  - Visibility and control users, content and threats Perimeter security ‘Best Practice Assessment’ services   Cyber Risk Service: Prevention Posture Assessment Goal: To have a consultative discussion about Risk/Threat Prevention across your entire architecture and define a direction toward achieving an expected result Focus: An interactive questionnaire that assesses the capabilities currently enabled in each area of your network in relation to the cyberattack lifecycle Outcome: Findings and Recommendation report across entire infrastructure, with a strategic alignment and shared vision between your organisation and KHIPU
  2. Then along comes an email with an attachment or link to a website The most simple attack method - just one-click and… Someone opens the attachment - malware / ransomware is injected into the network Or, the user goes to the URL, entering information which an attacker can then use to access the network - compromising your business. - financial loss, data leakage, reputational damage and even fines from the ICO. ARROWS / CROSSES destroying the network etc all businesses must implement pro-active prevention measures to protect against cyber-attacks that can result in financial loss,                                                 
  3. what the services does (as below) - what we can offer: Simulations, awareness and onsite training plus Value add + reporting service does: User Vulnerability Risk Assessment & Awareness Training – Identify your risk to phishing attacks The service identifies the ‘risk factor’ and how vulnerable the organisation is to phishing attacks: Users: Do they open phishing emails and how many could be compromised by providing information. Infrastructure: Are email systems, spam filters, firewalls etc configured correctly or capable of protecting against a phishing attack? Processes: How do users / IT helpdesk departments etc react to phishing emails? Devices: What operating systems, web browsers and plug-ins are being used, are they vulnerable? Prevention report: Highlighting “what is the risk” with best practice recommendations including training plans, solutions and services for on-going prevention and to reduce the risk of being compromised. Cyber Security Awareness Training: To educate the users on phishing; the risks, impact, how to identify and what to do (see below CSAT). KHIPU’s vulnerability assessment services enable organisations to understand their risks to cyber-attacks by highlighting the critical areas where they are vulnerable and could be compromised. Once the vulnerabilities are known, a best-practice approach to cyber security with recommendations for both on-going protection and future prevention can then be provided to reduce the exposure of a cyber-attack, mitigate the risk and simplify your cyber security strategy.
  4. • Assign a dedicated delivery team which includes; Project co-ordinator: To liaise with the customer on the SoW process, resources (for testing and approvals) and scheduling / logistics for the phishing campaigns and awareness training services. Cyber security team: For the design, testing and implementation of the simulated phishing campaign and awareness training service including: • Type of simulated phishing attack • Type of awareness training • Phishing email with a link to a website to capture information • Phishing website to capture information • Phishing email attachment document • Awareness emails • Awareness Training Landing page • “Cyber Security 101” classroom training (if purchased) They are also responsible for providing: • Best practise recommendations to the customers cyber security environment post the campaign. If required, assist with the implementation of the recommendations should the customer request this. • Plans for on-going phishing campaigns and training services based upon the results from previous campaigns. • Customer report detailing the entire campaign, results and the above points. •“Cyber Security 101” classroom training: This has been most effective in improving user’s awareness of phishing emails and is constantly being adapted to improve results. The 1.5 hour sessions, that can be hosted onsite, at our training centre and soon to be virtually / remotely (launch date Q2 2017), have the following agenda to support the simulated phishing campaigns based around work and home life. As customers have different requirements for classroom training as well as the logistics involved (e.g. co-ordinating attendees, availability etc) this service is quoted separately as an option. - Cybersecurity 101 – Video - Responsibility for Information - What is Phishing? - Phishing Facts; Real life attacks and threats to your personal and work life - Detecting and Avoiding; Phishing examples - Phishing DO’s & DON’Ts - Questions & Answers - Short Break - Cybersecurity Awareness Quiz service does: User Vulnerability Risk Assessment & Awareness Training – Identify your risk to phishing attacks The service identifies the ‘risk factor’ and how vulnerable the organisation is to phishing attacks: Users: Do they open phishing emails and how many could be compromised by providing information. Infrastructure: Are email systems, spam filters, firewalls etc configured correctly or capable of protecting against a phishing attack? Processes: How do users / IT helpdesk departments etc react to phishing emails? Devices: What operating systems, web browsers and plug-ins are being used, are they vulnerable? Prevention report: Highlighting “what is the risk” with best practice recommendations including training plans, solutions and services for on-going prevention and to reduce the risk of being compromised. Cyber Security Awareness Training: To educate the users on phishing; the risks, impact, how to identify and what to do (see below CSAT). KHIPU’s vulnerability assessment services enable organisations to understand their risks to cyber-attacks by highlighting the critical areas where they are vulnerable and could be compromised. Once the vulnerabilities are known, a best-practice approach to cyber security with recommendations for both on-going protection and future prevention can then be provided to reduce the exposure of a cyber-attack, mitigate the risk and simplify your cyber security strategy.
  5. • Assign a dedicated delivery team which includes; Project co-ordinator: To liaise with the customer on the SoW process, resources (for testing and approvals) and scheduling / logistics for the phishing campaigns and awareness training services. Cyber security team: For the design, testing and implementation of the simulated phishing campaign and awareness training service including: • Type of simulated phishing attack • Type of awareness training • Phishing email with a link to a website to capture information • Phishing website to capture information • Phishing email attachment document • Awareness emails • Awareness Training Landing page • “Cyber Security 101” classroom training (if purchased) They are also responsible for providing: • Best practise recommendations to the customers cyber security environment post the campaign. If required, assist with the implementation of the recommendations should the customer request this. • Plans for on-going phishing campaigns and training services based upon the results from previous campaigns. • Customer report detailing the entire campaign, results and the above points. •“Cyber Security 101” classroom training: This has been most effective in improving user’s awareness of phishing emails and is constantly being adapted to improve results. The 1.5 hour sessions, that can be hosted onsite, at our training centre and soon to be virtually / remotely (launch date Q2 2017), have the following agenda to support the simulated phishing campaigns based around work and home life. As customers have different requirements for classroom training as well as the logistics involved (e.g. co-ordinating attendees, availability etc) this service is quoted separately as an option. - Cybersecurity 101 – Video - Responsibility for Information - What is Phishing? - Phishing Facts; Real life attacks and threats to your personal and work life - Detecting and Avoiding; Phishing examples - Phishing DO’s & DON’Ts - Questions & Answers - Short Break - Cybersecurity Awareness Quiz service does: User Vulnerability Risk Assessment & Awareness Training – Identify your risk to phishing attacks The service identifies the ‘risk factor’ and how vulnerable the organisation is to phishing attacks: Users: Do they open phishing emails and how many could be compromised by providing information. Infrastructure: Are email systems, spam filters, firewalls etc configured correctly or capable of protecting against a phishing attack? Processes: How do users / IT helpdesk departments etc react to phishing emails? Devices: What operating systems, web browsers and plug-ins are being used, are they vulnerable? Prevention report: Highlighting “what is the risk” with best practice recommendations including training plans, solutions and services for on-going prevention and to reduce the risk of being compromised. Cyber Security Awareness Training: To educate the users on phishing; the risks, impact, how to identify and what to do (see below CSAT). KHIPU’s vulnerability assessment services enable organisations to understand their risks to cyber-attacks by highlighting the critical areas where they are vulnerable and could be compromised. Once the vulnerabilities are known, a best-practice approach to cyber security with recommendations for both on-going protection and future prevention can then be provided to reduce the exposure of a cyber-attack, mitigate the risk and simplify your cyber security strategy.
  6. • Assign a dedicated delivery team which includes; Project co-ordinator: To liaise with the customer on the SoW process, resources (for testing and approvals) and scheduling / logistics for the phishing campaigns and awareness training services. Cyber security team: For the design, testing and implementation of the simulated phishing campaign and awareness training service including: • Type of simulated phishing attack • Type of awareness training • Phishing email with a link to a website to capture information • Phishing website to capture information • Phishing email attachment document • Awareness emails • Awareness Training Landing page • “Cyber Security 101” classroom training (if purchased) They are also responsible for providing: • Best practise recommendations to the customers cyber security environment post the campaign. If required, assist with the implementation of the recommendations should the customer request this. • Plans for on-going phishing campaigns and training services based upon the results from previous campaigns. • Customer report detailing the entire campaign, results and the above points. •“Cyber Security 101” classroom training: This has been most effective in improving user’s awareness of phishing emails and is constantly being adapted to improve results. The 1.5 hour sessions, that can be hosted onsite, at our training centre and soon to be virtually / remotely (launch date Q2 2017), have the following agenda to support the simulated phishing campaigns based around work and home life. As customers have different requirements for classroom training as well as the logistics involved (e.g. co-ordinating attendees, availability etc) this service is quoted separately as an option. - Cybersecurity 101 – Video - Responsibility for Information - What is Phishing? - Phishing Facts; Real life attacks and threats to your personal and work life - Detecting and Avoiding; Phishing examples - Phishing DO’s & DON’Ts - Questions & Answers - Short Break - Cybersecurity Awareness Quiz service does: User Vulnerability Risk Assessment & Awareness Training – Identify your risk to phishing attacks The service identifies the ‘risk factor’ and how vulnerable the organisation is to phishing attacks: Users: Do they open phishing emails and how many could be compromised by providing information. Infrastructure: Are email systems, spam filters, firewalls etc configured correctly or capable of protecting against a phishing attack? Processes: How do users / IT helpdesk departments etc react to phishing emails? Devices: What operating systems, web browsers and plug-ins are being used, are they vulnerable? Prevention report: Highlighting “what is the risk” with best practice recommendations including training plans, solutions and services for on-going prevention and to reduce the risk of being compromised. Cyber Security Awareness Training: To educate the users on phishing; the risks, impact, how to identify and what to do (see below CSAT). KHIPU’s vulnerability assessment services enable organisations to understand their risks to cyber-attacks by highlighting the critical areas where they are vulnerable and could be compromised. Once the vulnerabilities are known, a best-practice approach to cyber security with recommendations for both on-going protection and future prevention can then be provided to reduce the exposure of a cyber-attack, mitigate the risk and simplify your cyber security strategy.
  7. Conclusion This section provides a detailed conclusion of the simulated campaign conducted including: • Explanation and interpretation of the results including ‘risk-factor’ • Observations from the phishing campaign and awareness training • Best practise recommendations: - Password management - Further (targeted) campaigns and supporting awareness training components - Awareness training plan - Perimeter security: Optimised configuration of the customers’ existing environment to protect against phishing attacks with options for replacement and complementary technologies. - Next stages; a plan for the short and long term simulated phishing campaigns (including targeted) and awareness training. - A best-practise cyber security workshop review (optional)
  8. In an ideal world… Your extensive investment into your environment should identify and protect against such cyber attacks Infrastructure: Should Identify and block emails and malware coming in, see unknown applications running on the network Endpoint: AV should identify and block malware at the device level and finally your Users: Should be trained to not open suspicious emails “don’t worry about it - we are protected” In an ideal world… but we do not live in one unfortunately all businesses must implement pro-active prevention measures to protect against cyber-attacks that can result in financial loss,                                                 
  9. In an ideal world… Your extensive investment into your environment should identify and protect against such cyber attacks Infrastructure: Should Identify and block emails and malware coming in, see unknown applications running on the network Endpoint: AV should identify and block malware at the device level and finally your Users: Should be trained to not open suspicious emails “don’t worry about it - we are protected” In an ideal world… but we do not live in one unfortunately all businesses must implement pro-active prevention measures to protect against cyber-attacks that can result in financial loss,                                                 
  10. In an ideal world… Your extensive investment into your environment should identify and protect against such cyber attacks Infrastructure: Should Identify and block emails and malware coming in, see unknown applications running on the network Endpoint: AV should identify and block malware at the device level and finally your Users: Should be trained to not open suspicious emails “don’t worry about it - we are protected” In an ideal world… but we do not live in one unfortunately all businesses must implement pro-active prevention measures to protect against cyber-attacks that can result in financial loss,                                                 
  11. In an ideal world… Your extensive investment into your environment should identify and protect against such cyber attacks Infrastructure: Should Identify and block emails and malware coming in, see unknown applications running on the network Endpoint: AV should identify and block malware at the device level and finally your Users: Should be trained to not open suspicious emails “don’t worry about it - we are protected” In an ideal world… but we do not live in one unfortunately all businesses must implement pro-active prevention measures to protect against cyber-attacks that can result in financial loss,                                                 
  12. Users – your last form of defence”   “Student and staff education is vital in the defence against ransomware”   “We often look but seldom see”