Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Thinking like a criminal – Cybersecurity 101

624 views

Published on

This webinar will explore and explain the basics of Cybercrimes and how they take place in your company. Further, the session will also present how criminals penetrate in your system and what you can do to prevent it.

Main points covered:

• How cybercriminals make money
• 9 areas needed for true cover
• A layered security approach

Presenter:

Our presenter for this webinar, Nick Ioannou is an IT professional, blogger, author and public speaker on cloud and security issues, with over 20 years’ corporate experience, including 14 years using cloud/hosted software as a service (SaaS) systems. As an early adopter of cloud systems, he has been paying for the privilege of bug testing them ever since, going through the pain points and making sure others don’t have to. He is also the author of “Internet Security Fundamentals” and contributing author of “Managing Cybersecurity Risk”.

Link of the recorded session published on YouTube: https://www.youtube.com/watch?v=3E0eyDlhLro&feature=youtu.be

Published in: Education
  • Real Ways To Make Money, Most online opportunities are nothing but total scams! ♣♣♣ https://tinyurl.com/y4urott2
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Thinking like a criminal – Cybersecurity 101

  1. 1. How cyber criminals make money
  2. 2. Fraud Extortion Theft Unauthorized Use How cyber criminals make money
  3. 3.  No Legacy Apps  Cloud First (where practical)  No Front Facing Services  Email In The Cloud  Database In The Cloud  Licencing In The Cloud My IT strategy – know what you are defending
  4. 4. Backups Antivirus Patch Mgt Email Filtering Web Filtering Admin Privilege Access Control 6 basic areas to cover
  5. 5. MonitoringForensics 9 areas for true cover
  6. 6. Are you buying this? When you really need these! Spend your security budget wisely
  7. 7. Office 365 Advanced Threat Protection Exchange Server Rules 2 step verification logins Our cyber defences cost £22 per person per month
  8. 8. Our Cyber Defences EMAIL INTERNETEMAIL LINKATTACHMENT USERS COMPUTER Sophos Intercept X SERVER Exchange Server Rules Office 365 Advanced Threat Protection
  9. 9. EMAIL INTERNET 24% LINK 31% ATTACHMENT 28% USB DEVICE / MEMORY CARD 3% YOUR COMPUTER How Does Malware Arrive? SOCIAL MEDIA 4% Ransomware Infections BUSINESS APPS 1% UNKNOWN 9%
  10. 10. Our Cyber Defenses EMAIL INTERNET LINK ATTACHMENT USERS COMPUTER Layer 7 UTM Firewall Web Proxy / HTTP-HTTPS Filter Hosted Email Filter ADVANCED THREAT PROTECTION Safe Attachments Filter Safe Links Real-time Filter Compliance Archive Reporting & Analytics Ratcliffe Groves Partnership – August 2017 Sophos Intercept X Endpoint Security Ancillary Anti-Ransomware Least Privilege & Application Control Malware Prevention DNS Filtering Exchange Server Rules Email & Internet Security Systems ADVANCED THREAT PROTECTION SERVER Managed Server Endpoint Security
  11. 11. EMAIL LINKATTACHMENT Hosted Email Filter Safe Attachments Filter Safe Links Real-time Filter Compliance Archive Reporting & Analytics Exchange Server Rules ADVANCED THREAT PROTECTION ADVANCED THREAT PROTECTION INTERNETUSERS COMPUTER Protecting email with layered security
  12. 12. Protecting internet access with layered security USERS COMPUTER INTERNET Web Proxy / HTTP-HTTPS Filter DNS Filtering REMOTE USER Layer 7 UTM Firewall
  13. 13. USERS COMPUTER Sophos Intercept X Endpoint Security Ancillary Anti-Ransomware Least Privilege & Application Control Malware Prevention Protecting user’s computers with layered security
  14. 14. Protecting servers with managed security SERVER Managed Server Endpoint Security
  15. 15. Stopping EXTORTION Payments you are forced into making 
  16. 16. Application whitelisting & rights management
  17. 17. Multiple anti-ransomware systems Sophos Intercept X
  18. 18. Emails are still the main infection route Over 7742 emails blocked as spam Over 11,658 emails rejected So far in April 2017
  19. 19. Stopping FRAUD Payments you are tricked into making
  20. 20. attachments that include your full name in the filename only your name in the To field your name at the top of the email (e.g. FAO / Dear …) a mix of genuine links as well as fake ones unique and plausible reference numbers an email footer from a real business unsubscribe links valid customer support numbers and email address a hook that is relevant to you – something that needs urgent action to convince you to open the attachment or click the link information about a recent personal event, e.g. holiday location information about a recent business event the words urgent, private, confidential Quarterly staff security awareness training
  21. 21. Filtering HTTP and HTTPS traffic
  22. 22. Stopping THEFT Your data transferred to the criminals
  23. 23. Passwords are not enough - enable two-step verification
  24. 24. Stopping UNAUTHORISED USE OF YOUR COMPUTER 
  25. 25. Monitoring
  26. 26. IT WORKS TODAY Doesn’t mean it’ll work tomorrow
  27. 27. National Vulnerability Database – May 2017 179 known vulnerabilities in last 3 months 927 73 20 49 1 2446 known vulnerabilities in last 3 years 232699 383 631 485 16 AUTOMATED EXPLOIT KITS ARE SOLD AS A WEB SERVICE BY CRIMINALS TO OTHER CRIMINALS 40% infection rate if clicked We are still at risk due to software vulnerabilities
  28. 28. $30 a month to check malware with 35 antivirus engines Free to use – reports findings Pay to use – findings not reported
  29. 29. Compromising an update gives criminals total access
  30. 30. Forensics & remediation
  31. 31. Know what a file is really called Tick Show/hide – File name extensions John.SmithCV.pdf Invoice-22102016.docx Photos.zip John.SmithCV.pdf.js Invoice-22102016.docx.lnk Photos.zip.exe Don’t forget the basics
  32. 32.  Monthly security reviews  Have a realistic per person budget  Invest in staff awareness training  Layer up solutions to make your budget go further  Looks for gaps in your security  Encourage a no blame culture  Review the market for better products Don’t stay still
  33. 33. ISO 27032 Training Courses  ISO/IEC 27032 Introduction 1 Day Course  ISO/IEC 27032 Foundation 2 Days Course  ISO/IEC 27032 Lead Implementer 5 Days Course  ISO/IEC 27032 Lead Auditor 5 Days Course Exam and certification fees are included in the training price. https://www.pecb.com/iso-iec-27032-training-courses| www.pecb.com/events
  34. 34. THANK YOU ? nick.ioannou@rgp.uk.com https://www.rgp.uk.com/ https://www.linkedin.com/in/nick-ioannou/ 07803085249 Questions?

×