2. Today's
Discussion MAIN POINTS
Definition of Cyberattack
Likelihood
Diligence & Prevention
Social Engineering
Phishing
Defense
MFA & SSO
Training & Testing
Presented by Patrick Kinsella, CTO
3. How We Define
a Cyberattack
GOALS: CREDENTIALS,
INFORMATION, MONEY
WHAT HACKERS LOOK
FOR: WEAK LINKS, POOR
CYBERSECURITY KNOWLEDGE/
PRACTICES
MAIN TYPES OF
ATTACKS: SOCIAL
ENGINEERING (AN EXAMPLE
OF WHICH YOU JUST
SAW) AND PHISHING
4. What is the Likelihood?
IF WE APPLY THE SAME DILIGENCE WE UTILIZE IN FACE-TO-
FACE INTERACTIONS, OUR RISKS DECREASE AND OUR
SECURITY STRENGTHENS
2“THERE ARE TWO TYPES OF
COMPANIES: THOSE THAT HAVE
BEEN HACKED, AND THOSE WHO
DON’T YET KNOW THEY HAVE
BEEN HACKED.”
Former CISCO CEO, John Chambers
145NUMBER OF CYBERATTACK
ATTEMPTS PER YEAR A BUSINESS
IS LIKELY TO EXPERIENCE
Cited by Accenture in 2019
63%OF THOSE ATTACKS WILL BE
SUCCESSFUL
Cited by KnowBe4
5. Why is
Diligence &
Prevention so
Important?
NEARLY 30% OF BREACHES
LEAD TO FRAUD OR
IDENTITY THEFT
Cited by KnowBe4
THE AVERAGE COST OF
CYBERCRIME IN 2018 WAS
$13 MILLION
Cited by Accenture
SPECIFICALLY, SOCIAL
ENGINEERING AND
PHISHING NOW COST ~$1.4
MILLION PER ATTACK
Cited by KnowBe4
6. What
is Social
Engineering?
A PSYCHOLOGICAL ATTACK
Uses deception to trick someone into
revealing information or performing an action,
like plugging in an infected USB stick
CAN OCCUR MULTIPLE WAYS
In person or be used over multiple platforms
SKILLS YOU NEED
Be skeptical, responsible, and knowledgeable in
order to stop them
7. In-Person
Attacks
• YOU ALREADY SAW ONE EXAMPLE
• CYBERCRIMINALS CAN ALSO USE THIS
TECHNIQUE TO SNEAK INTO YOUR OFFICE
• ONCE INSIDE, THEY CAN DOWNLOAD
FILES, UPLOAD VIRUSES, OR DESTROY
DOCUMENTS
• HOW TO STOP THEM: ASK FOR ID, LEAVE
DOOR LOCKED, HIDE IMPORTANT
INFORMATION
8. Social Engineering
STOPPING AN ATTACK
It isn't so different from stopping one
in-person
VISHING
SMISHING
Phone calls involving a spoofed number
and/or automated voicemail
Text messages from a number
pretending to be a specific company or
person
HOW TO STOP
Ask questions, reach out to a reliable
number/account to get confirmation,
hesitate before clicking links or sending
information
9. What is
Phishing?
• OFTEN ENCOMPASSES SOCIAL ENGINEERING
VIA EMAIL
• OVER 90% OF SUCCESSFUL CYBERATTACKS
RESULT FROM PHISHING
(HTTPS://WWW.KNOWBE4.COM/PHISHING)
• THE HACKER MIGHT PRETEND TO BE
SOMEONE YOU KNOW, LIKE A FRIEND OR
FAMILY MEMBER
• THEY COULD ALSO PRETEND TO BE YOUR
BANK, IT PROVIDER, OR COMPANY
• THEY’RE TRYING TO GAIN INFORMATION OR
GET YOU TO DO SOMETHING, LIKE CLICK ON
AN INFECTED LINK
11. Ways to
Identify
Phishing
APPLY THE SAME BASIC
STRATEGIES YOU WOULD
IN A FACE-TO-FACE
INTERACTION.
DO YOU KNOW THIS
PERSON? DO THEY HAVE
PROPER ID?
IF THEY DO SOMEHOW
GET PAST YOUR FIRST
DEFENSES, DO YOU HAVE
ADDITIONAL DEFENSES?
12. STEP 1
The best way to stop
an attack is to be
prepared and
proactive
STEP 2
Cybersecurity is a leadership
issue. If you’re not taking
security seriously, why
should anyone else in your
organization?
STEP 3
MFA, SSO, training,
and testing
How Can You Combat
Hackers?
13. MFA and SSO: Multi
Factor Authentication
and Single Sign On
OVER 80% OF HACKS ARE A RESULT
OF WEAK OR STOLEN PASSWORDS
GOOD PASSWORD POLICY
IS IMPORTANT, BUT IT NEEDS
ADDITIONAL DEFENSES
MFA AND SSO WORK TOGETHER TO
THWART ATTACKERS—IF YOU’RE NOT AN
EASY TARGET, THEY’RE LESS LIKELY TO
ATTACK
OVER 99% LESS LIKELY TO HAVE YOUR
INFORMATION COMPROMISED
14. Training
& Testing
• ABOUT 50% OF HACKS ARE
BLAMED ON EMPLOYEE
ERROR
• A SUCCESSFUL BREACH
ONLY REQUIRES ONE WEAK
LINK, SO YOU’LL NEED TO
FORTIFY YOUR COMPANY ON
ALL FRONTS
• ANNUAL CYBERSECURITY
AWARENESS TRAINING
• FREQUENT TESTING
• CONTINUE TO UTILIZE
IN PERSON THREAT
IDENTIFICATION METHODS
ONLINE
15. IN CONCLUSION:
• BAD ACTORS ARE ALWAYS COMING UP WITH
NEW STRATEGIES
• CULTIVATE A CULTURE OF CYBERSECURITY
• EDUCATION, ALERTNESS, AND DILIGENCE
16. 170 Chastain Meadows Ct.
Kennesaw, GA
HEADQUARTERS
678-695-5500
PHONE NUMBER
info@1path.com
EMAIL ADDRESS
Let's Talk
CONTACT US