Successfully reported this slideshow.
Your SlideShare is downloading. ×

Cyber Security Seminar

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad

Check these out next

1 of 51 Ad

More Related Content

Slideshows for you (19)

Advertisement

Similar to Cyber Security Seminar (20)

Recently uploaded (20)

Advertisement

Cyber Security Seminar

  1. 1. Chamber Forum Workshop TITLE: CYBERSECURITY CONFERENCE Chamber Forum Facilitator: Quadri Consulting LTD Jeremy Quadri Date: 10.12.2015
  2. 2. ABOUT THE CHAMBER OF COMMERCE • INDEPENDENT AND NOT-FOR-PROFIT ORGANISATION • LINKS TO OVER 5,000 LOCAL BUSINESSES FROM FTSE 100 COMPANIES TO BUSINESS CONSULTANTS. • FACILITATE BROAD RANGE OF MONTHLY EVENTS; E.G. • BUSINESS BREAKFASTS, CONFERENCES, MASTERCLASSES • MEMBERSHIP INCLUDES 12 HOURS FREE ONE-TO-ONE BUSINESS MENTORING • ADVERTISING AND SPONSORSHIP OPPORTUNITIES
  3. 3. Jeremy Quadri - Director of Quadri Consulting Ltd - Director of TopDevCentral Ltd - BEng (Hons) Degree - Electrical & Electronics Engineerv1992 - IT Security Professional at Cable&Wireless Since 1998 - CISSP Certified (372063) - Certified Ethical Hacker Certification - Offensive Security Certified Professional certification (OSCP) - CompTIA SY0-301 Security+ - InfoSec Institute Web Application Security Certified - OWASP - Testing Secure Web Applications
  4. 4. TopDevCentral Ltd  Custom Software Development  Team augmentation  Data Warehousing/Big Data  BI Development  Project Rescue Quadri Consulting Ltd  Vulnerability Scanning  Penetration Testing  Professional Services  Threat Management  Awareness Training  BI Development Services
  5. 5. Why Are We Here?  What is Cybersecurity?  Who’s responsibility is it to keep cyber safe?  The Government or the private sector ?  Why YOU may become the next victim?  Who is doing the attacking?  What do they attack?  Why do they attack?  How to protect yourself, your family, and your business!
  6. 6. WHY THIS IS IMPORTANT ~ A LITTLE HISTORY~  90% of large organisation and 74% of small businesses reported some form of data breach  Online attacks have grown by 66% since 2009.  Cyber crime costs the UK economy £27bn a year  158 new malware created EVERY MINUTE : PandaLabs One for each one of us • Facebook Sees 600,000 Compromised Logins Per Day :TechCrunch
  7. 7. UK HACKED SITES
  8. 8. Hackers Don't Have Rules, Regulations They Don’t Have To Meet Compliance Such as PCI, Data Protection, ISO 27001 Etc...
  9. 9. COMMON FALSE RATIONALES? • There’s Nothing A Hacker Would Want On My PC. • I Don’t Store Sensitive Information On My PC. • I Only Use It For Checking E-mails. • My Company Isn’t Big Enough To Worry About Hackers? • Online Stores Will Keep Our Details Safe
  10. 10. How Valuable Is A Hacked Workstation
  11. 11. Websites & Blogs WordPress is used by 60.9% of all the websites. 1. Use the latest version of core and plugins. 2. Use strong passwords. For more security enable a 2-factor plugin 3. Get DDOS protection?
  12. 12. CLIENT SIDE ATTACK DEMO
  13. 13. WHATAN ATTACK MIGHT LOOK LIKE
  14. 14. Your data has been encrypted by ransomware malware/virus?
  15. 15. What is Bitcoin? Bitcoin vs USD chart statistics Your data has been encrypted by ransomware malware/virus?
  16. 16. HELPFUL TIP #6: WHAT TO DO IF BREACHED 1. Reboot your computer, choose safe mode. (Can someone tell me how to boot into safe mode — (press & hold the F8 key) 2. Install a Good Anti-virus 3. Run a Scan With Anti-Virus 4. Bios infected seek professional help
  17. 17. DARK WEB 1.ORIGINAL UK PASSPORTS : HTTP://VFQND6MIECCQYIIT.ONION/ 2.RENT A HACKER: HTTP://2OGMRLFZDTHNWKEZ.ONION/ 3.ASSASSIN FOR HIRE IN EUROPE: HTTP://YBP4OEZFHK24HXMB.ONION/ 4.EUROPEAN BASED ARMS-DEALER: HTTP://2KKA4F23PCXGQKPV.ONION/ 5.EU DRUG SALE: HTTP://S5Q54HFWW56OV2XC.ONION/ 6.COUNTERFEITS CURRENCY: HTTP://Y3FPIEIEZY2SIN4A.ONION/, HTTP://SLA2TCYPJZ774DNO.ONION/ 7.BUY A PAYPAL ACCOUNT & CLONED CARDS : What sort of things can you find on the deep web
  18. 18. HELPFUL TIP #1: BACKUP YOUR DATA 1. Run Daily Backups of Critical Data 2. Automated Offsite BackupsAre Invaluable 3. Check / Test Your Data Backups Monthly (Minimum) 50% of SMB’s Have No Backup & Disaster Recovery Plan Only 28% Have Tested Their Plan
  19. 19. HELPFUL TIP #1: BACKUP YOUR DATA
  20. 20. Why is Payment card data an attractive target to hackers
  21. 21. HELPFUL TIP #2: BANK CARD RULES • LOOKOUT FOR THE HTTPS LOCK ICON • AVOID SHOPPING OVER OPEN WI-FI • SECURE YOUR HOME NETWORK • DISABLE PHONE WI-FI & BLUETOOTH WHEN NOT IN USE • STICK TO REPUTABLE RETAILERS ONLY
  22. 22. How They Get Paid
  23. 23. REAL VALUE? One prominent credential seller in the underground reported: • iTunes accounts for $8 • Fedex.com, Continental.com and United.com accounts for USD $6 • Groupon.com accounts fetch $5 • $4 buys hacked credentials at registrar and hosting provider Godaddy.com, as well as wireless providers Att.com, Sprint.com, Verizonwireless.com, and Tmobile.com • Active accounts at Facebook and Twitter retail for just $2.50 each 93% of companies that lose their data - file for bankruptcy within 1 year [National Archives]
  24. 24. “3D PRINTING AND CREDIT CARD SKIMMERS!”
  25. 25. HELPFUL TIP #3: MULTIPLE BANK ACCOUNTS One Account for Payroll and Taxes – NO DEBIT OR CREDIT CARDS ASSOCIATED WITH THIS ACCOUNT 2. 3. 4. Check for padlock when shopping online 5. Place your hand over the keyboard when entering your pin One Account for Operations & Expenses Don't let your card's out of your site when shopping
  26. 26. Password Examples Social
  27. 27. Password Hacking Demo
  28. 28. HELPFUL TIP #4: PASSWORD RULES 1. DON’T SHARE PASSWORDS – This includes your “IT Guy” – Type your password for them One Password Per Account 2. 3. No Password POST-IT NOTES! 4. Change Your Password Every 60 Days 5. Use a phrase with numbers and characters: “I Only Have Eyes For You” ”!0hE4uAug” 6. Use a password manager
  29. 29. HELPFUL TIP #5: WINDOWS FIREWALL & UAC 1. Re-Enable Windows Firewall 2. Install CurrentAntiVirus Software (and keep it current please) 3. Enable UserAccess Control (UAC) -- We know it is considered obnoxious, but it really does work to help prevent attacks against your workstation >> Control Panel> UserAccounts 4. Seek professional help to secure your business network
  30. 30. HELPFUL TIP #7: WORK SMARTER 1. Name 2. Address 3. Phone 4. DOB? 5. Education (College/High School) 6. Mother’s Maiden Name? 7. Mothers fathers name 8. Friends names 9. Children’s names 10. Children's school 11. Children's DOB 12. Pets name 13. Browsing habits (websites, services, hobbies, likes, etc… 14. Don't include passport photograph's on social media
  31. 31. SOCIAL MEDIA AND PHISHING 1. Know who is authorized to add content 2. Type of content allowed 3. Who has access 4. Who has login info 5. Which sites are used 6. Employee Termination Policy According to a Microsoft study, phishing via social Networks grew from 8.3% in 2010 to 84.5% in 2011 (increasing steadily since then) Find out what percentage of your employees are Phish- prone™ with our free test https://www.knowbe4.com/phishing-security-test-offer
  32. 32. PHONE HACKING DEMO
  33. 33. If You Allow Users To Access • Corporate E-mail • Corporate Data • Remote Access To Corp Network Then You MUST have Mobile Device Management and use a policy to ensure You Can Wipe Your Corporate Data If The Device Is Lost Or Stolen.
  34. 34. -Install Tracker application on your smartphone, it could help trace your device if stolen -London: Most Of Crimes Reported Are Phone Theft
  35. 35. Where Do Employees Leave Your Corporate Data And Email? Put A Lock On Your Phone TODAY!
  36. 36. PERKELE: ANDROID MALWARE KIT 1. Can Help Defeat Multi-factor Authentication Used By Many Banks 2. Interacts With A Wide Variety Of Malware Already Resident On A Victim’s PC 3. WhenA Victim Visits His Bank’s Web Site, The Trojan Injects Malicious Code Prompting The User To Enter His Mobile Information, Including Phone Number And OS Type When the bank sends an SMS with a one-time code, Perkele intercepts that code and sends it to the attacker’s control server. Then the malicious script completes an unauthorized transaction.
  37. 37. THE MOST SECURE WAY TO COMMUNICATE 1. A LETTER SENT THROUGH SNAIL MAIL. (BY CONVENTIONAL POSTAL DELIVERY SERVICES) 2. OVERNIGHT PACKAGE SUCH AS FEDEX OR UPS. 3. A CALL MADE FROM ONE PREVIOUSLY UNUSED CELL PHONE TO ANOTHER PREVIOUSLY UNUSED CELL PHONE. 1. Tor 2. Red Phone  Free, Worldwide, Encrypted Phone Calls everything is end-to-end encrypted 3. Signal Desktop  [https://whispersystems.org/blog/signal- desktop/] Modern secure privacy tools Traditional
  38. 38. TOP 6 BEST ANTIVIRUS FOR ANDROID Anti-theft, lost phone check 1.Avast Mobile Security & Antivirus FREE 2. 360 Security – Antivirus FREE 4. CM Security Antivirus Applock by Cheetah Mobile — FREE 5. AVG Anti-Virus Security – FREE 6. Kaspersky -
  39. 39. Train Staff On Social Engineering! Know The Source Limit Telephone Information Sharing Physical Security Wireless “Hot Spots” & Hotel Internet Your Equipment @ Offsite Locations including Starbucks & Conferences Ability To Disable The Device If It’s Lost Or Stolen (LoJack, Encryption, Etc.) HELPFUL TIP #8: COMMON SENSE SECURITY
  40. 40. Use Malware protection Encrypt Your Hard Drive Use Email Hygiene Provider / Service Use Server Based Group Policies Use MSP to Manage Company Firewall(s) Establish Company-wide Data Policies HELPFUL TIP #9: ADVANCED SECURITY TIPS
  41. 41. All You Needed In The 80’s Tape Backup A Good Mullet An Afro
  42. 42. Patch Management Force Password Changes Implement Password Policies SecureALL Mobile Devices Review Workstation Security Review Network Security Enforce Content Filtering HELPFUL TIP #10: PATCHES, UPDATES, & YOUR NETWORK
  43. 43. WHAT’S NEXT ON CYBERCRIMINALS AGENDA? 1. WebsiteAccounts: Twitter, Facebook, Pinterest, YOUR WEBSITE 2. Home Automation Systems 3. Video Conferencing Systems 4. Video Surveillance Systems 5. Refrigerator and Other Network Appliances 6. HVAC Systems 7. 8. Automobiles, Phones, & Televisions All IOT ( internet of things ) ** Recent Paid Test Results In Disabled Brakes**
  44. 44. What’s Next on YOUR Agenda? Network Security Audit 1. Fill Out The Audit Contact Form 2. Business Development Will Schedule An On-site Pre-Audit Meeting 3. Engineer Will Be Scheduled For On- site Visit 4. Engineer and Business Development Will Discuss The Findings Of The Audit 5. Follow Up Client Meeting To Discuss RecommendationsAnd Findings Of The Audit
  45. 45. WHAT HAPPENS NEXT? ONE OF TWO THINGS HAPPENS 1. Do You have a security plan ? Can you implement it in house ? 3. Can you to outsource it ? 2. Analyse Plan Design Implement Operate Optimize
  46. 46. Analyse Plan Design Implement Operate Optimize WHAT HAPPENS NEXT? ONE OF TWO THINGS HAPPENS 2. You love the plan and ask us to get you protected ASAP. If that’s the case, we’ll knock it out of the park ... and that’s a promise.
  47. 47. QUESTIONS?
  48. 48. Founded 2013 About Quadri Consulting QUADRI CONSULTING LTD 3rd Floor 207 Regent Street London W1B 3HH UK www.quadriconsulting.com Phone+44-0800-044-5840
  49. 49. RECAP ON THE QUADRI CONSULTING LTD • NEXT WORKSHOP WILL BE MARCH 2016 ON THE SAME SUBJECT WITH MORE HACKING • BEERS, CONFERENCES, MASTERCLASSES • INCLUDES 1 HOUR FREE HACKING MENTORING • ADVERTISING AND SPONSORSHIP OPPORTUNITIES

×