Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

What is the Cybersecurity plan for tomorrow?

1,740 views

Published on

What have been done so far and what are the plans for tomorrow.

Published in: Data & Analytics
  • Be the first to comment

What is the Cybersecurity plan for tomorrow?

  1. 1. CYBERSECURITY challenges Copyright 2016 © CYBER GATES Samvel Gevorgyan CEO, CYBER GATES MSc Cyber Security
  2. 2. Cybersecurity components CIA model  Confidentiality: Keep secret from those not authorized,  Integrity: Prevent unauthorized tampering,  Availability: Ensure authorized parties can access the data.  Identification: Who I claim to be (e.g. username, digital cert),  Authentication: How I prove it (password, signature),  Authorization: What is that person allowed to do e.g. role-based security. WWW.CYBERGATES.ORG IAA model
  3. 3. Cybersecurity elements Resources  People  Process  Technology  Policies and procedures  Roles and responsibilities  Risk management WWW.CYBERGATES.ORG Governance
  4. 4. Cybersecurity statistics statistics around the Worldwide Data breaches, by the dollar  $21,155: The average cost of a data breach, per day  $7.7 million: The average annualized cost to detect, respond to, and mitigate a breach globally. Malware and attack trends, by percentage  66%: The proportion of a survey of professionals who identified phishing and social engineering as top threats  20%: The scope of confirmed data breaches involving social engineering at one large telecom company. Cybersecurity spend: Follow the money  $75.4 billion: The estimated worldwide spending on cybersecurity in 2015  $19 billion: The proposed federal cybersecurity budget for 2016. WWW.CYBERGATES.ORG Source: https://techbeacon.com/resources/cybersecurity-2016-trend-report-ubm-ponemon-study
  5. 5. Web security attack statistics Over 4K hacked websites since 2011. Top attacks  Jan 2011 (379)  Jul 2012 (364)  Feb 2013 (275)  Feb 2014 (359)  Apr 2015 (129)  Dec 2016 (188) Attacks around the Worldwide  Over 1 Billion active websites (NetCraft reports)  Over 1 Million hacked websites / year (Zone-H reports) WWW.CYBERGATES.ORG Attacks in Armenia
  6. 6. Target websites of mass attacks Top 5 categories  Websites that use same CMS (WordPress, Joomla, etc.)  Websites built by the same developer(s)  Websites that use same technology, library or certain component  Websites hosted by the same Hosting Provider  Websites of agencies/companies working in the same industry WWW.CYBERGATES.ORG
  7. 7. Target websites of targeted attacks Top 5 categories  Online banks and financial institutions  Cloud services (dropbox, Gmail, iCloud, etc.)  Government agencies, hospitals  Hosting and Internet Service Providers (ISP)  Small outdated websites that are easy to hack WWW.CYBERGATES.ORG
  8. 8. Cybersecurity threads Common threads  Information Leakages  SQL Injection  Password bruteforce attacks  Phishing  Social Engineering  SPAM  Malicious softwares  Blacklists  Botnets  DoS/DDoS attacks  Ransomware WWW.CYBERGATES.ORG
  9. 9. Information Leakages  The revelation of the 1 billion accounts hack could have implications for the $4.8 billion sale of Yahoo to Verizon, which has yet to close  Around 167 million LinkedIn accounts are now for sale  Armenian telecom (vivacell, armentel, orange) databases are free to download  Armenian online banking system codes has been stolen by an employee WWW.CYBERGATES.ORG
  10. 10. SQL Injection  Smart homes can open the doors to unauthorized people  98% of Stolen Medical Records due to Hacking  Hackers use SQL Injection attacks against banks WWW.CYBERGATES.ORG Image source: http://www.asianmirror.lk/news/item/16544-commercial-bank-of-ceylon-hacked
  11. 11. Password bruteforce attacks  Hackers target websites or IoT devices with weak or default passwords  Authentication systems with no limits for login attempts WWW.CYBERGATES.ORG
  12. 12. Social Engineering & Phishing Phishing is a Social Engineering technique to steal confidential information about the victim such as user login credentials, credit card information, etc. through the use of fake login page. Why social engineering? - Hacking a human is much easier than hacking a business - Attackers prey on your human weakness WWW.CYBERGATES.ORG
  13. 13. SPAM WWW.CYBERGATES.ORG  Corporate emails used in forums and social networks  Corporate emails found in leaked sources  Email addresses found using dictionary based bruteforce attacks
  14. 14. Malicious software WWW.CYBERGATES.ORG  Cloacking: malicious code in a webpage displays porn for certain IP addresses  Malicious code redirects to a malicious website asking to update your system or displays an advertisement  Malicious software steals credentials  Malicious software spreads within your corporate network
  15. 15. Blacklists WWW.CYBERGATES.ORG  Realtime Blackhole Lists (RBL's) -Centralized databases to prevent SPAM  Google backlist -Site loses nearly 95% of its organic traffic -Modern web browsers display warning message when someone open your website
  16. 16. Botnets WWW.CYBERGATES.ORG  Your infected machine becomes a proxy server, spreads adwares or used for DoS/DDoS attacks  Make sure your device firmware does not have an in-build backdoor  Make sure you have already changed your device default password
  17. 17. Denial-of-service attack WWW.CYBERGATES.ORG  CloudFlare protects you from web-based denial-of-service attacks  BBC became the target of 602 Gbps DDoS attack  DDoS attack that disrupted internet was largest of its kind in history: Dyn published on Wednesday, Mirai was the “primary source of malicious attack traffic”
  18. 18. Ransomware WWW.CYBERGATES.ORG  A malicious software encrypts your files. You must pay to recover them.  Tens of thousands of variants of over 40 ransomware families including Locky, CryptoWall, TeslaCrypt, and Cerber.
  19. 19. Plan A: fixing the problem Reactive approaches  Computer Emergency Response Team (CERT) E-mail notifications about an incident Online support (SIP calls)  Support  Investigation (Digital Forensics)  Consultancy WWW.CYBERGATES.ORG
  20. 20. Plan B: avoiding the problem Proactive approaches  Testing Network/Host Vulnerability Assessment Penetration Testing Source Code Auditing  Protecting (WebShark, PinCat)  Training Corporate trainings University programs WWW.CYBERGATES.ORG
  21. 21. Swiss Army Knife to help you defend against hackers WWW.CYBERGATES.ORG
  22. 22. CYBER GATES  Corporate website www.cybergates.org  Company profile on Twitter www.twitter.com/CyberGatesLLC  Company fan page on Facebook www.facebook.com/Cyber.Gates.page  Company profile on LinkedIn www.linkedin.com/company/CyberGates-LLC  Company channel on Vimeo www.vimeo.com/CyberGates  Company channel on YouTube www.youtube.com/TheCyberGates Contacts

×