WSO2's API Vision: Unifying Control, Empowering Developers
3 Tips to Stay Safe Online in 2017
1. 3 Tips to Stay Safe Online in 2017
For business owners, executives,
and high net worth individuals.
2. Today’s Speaker:
Bret Piatt, CEO & Chairman at Jungle Disk
Currently, as Chief Executive Officer of Jungle Disk, Bret is a hands-on leader
who stays actively involved in product development and customer service.
Prior to Jungle Disk, Bret was the General Manager
of Rackspace Cloud Office, a 300 person SaaS
division of Rackspace (NYSE:RAX) serving over
90,000 customers.
• Additional roles at Rackspace included Senior Director,
Corporate Strategy & Development and Product Line
Leader for Security & Compliance Services.
Before Rackspace, Bret spent nearly a decade at
AT&T (NYSE:T) as a Network and Security Engineer,
Security Network Operations Center Manager, and
Associate Director – Security Services where he
lead the Managed Premises Firewall business into
the Gartner MSSP Leadership Quadrant.
4. Speed of Business Takes Us All Online
The Internet has provided a revolution in productivity & risk
Productivity
1. Instant access to research data
(Google) vs. published paper
periodicals (e.g. The Old Farmer’s
Almanac).
2. Digital documents with legal digital
signatures vs. paper records, filing
cabinets, and wet ink signatures.
3. Online portals or mobile apps
providing 24/7 access to services
with financial or confidential
records.
Risk
1. Drive-by-download or fake
website leading to account
hijacking, ransomware, or other
spyware infection.
2. Data breaches and broad scale
records disclosures through online
attacks.
3. Account hijacking and financial
fraud or privacy violations through
spear phishing or man-in-the-
middle attacks.
“Productivity is grounded in the PC. How would you
run ‘USA Today’ without PCs? Run a hospital without
PCs?”
– Michael Dell, CEO – Dell Technologies
6. What is Ransomware?
Malware that kidnaps your files for ransom
Definition from US-CERT:
• Ransomware is a type of malware that infects computer systems, restricting users’ access to the
infected systems. Ransomware variants have been observed for several years and often attempt to
extort money from victims by displaying an on-screen alert. Typically, these alerts state that the user’s
systems have been locked or that the user’s files have been encrypted. Users are told that unless a
ransom is paid, access will not be restored. The ransom demanded from individuals varies greatly but
is frequently $200–$400 dollars and must be paid in virtual currency, such as Bitcoin.
Examples of Ransomware:
Stopping Ransomware
7. How can ransomware affect my
business?
Scared people, eroded customer trust, & direct costs
“CryptoLocker ransomware writers collected $30 million
in a mere 100 days. These figures represent a
conservative estimate of the number of ransoms
collected by the CryptoLocker gang.”
– Dell SecureWorks
“The number of reported
security incidents rose 48%
this year to 42.8 million–the
equivalent of 117,339 attacks
per day.”
– PwC US, with CIO & CSO Magazine
Stopping Ransomware
8. 1. Use a network security
solution that blocks malware
and attack vectors before
they reach your computers.
2. Use host based security built
into the operating system as
a second line of defense (ex.
Windows Defender).
3. Have a data backup in place if #1 and #2 fail so you can restore – even
paying the ransom isn’t a guarantee your files come back.
Multiple layers of protection are recommended:
Stopping Ransomware
Three Steps to Stop Ransomware
Don’t let hackers kidnap your data on your computer
10. What is a Drive-by download?
Automatic attacks without user action
Definition from Wikipedia:
• Drive-by download means two things, each concerning the
unintended download of computer software from the Internet:
• Downloads which a person authorized but without understanding the consequences (e.g. downloads which install an
unknown or counterfeit executable program, ActiveX component, or Java applet) automatically.
• Any download that happens without a person's knowledge, often a computer virus, spyware, malware, or crimeware.[1]
Examples from ExtremeTech & HBR:
Preventing Drive-by-Downloads
11. How do I avoid becoming a drive-by
victim?
Automatic defense to block automatic attacks
1. Use a network security solution
with content filtering that
includes malware detection.
2. Install an ad blocker in your web
browser (ex. Adblock Plus open
source project).
3. Use host based security built
into the operating system as a
second line of defense (ex.
Windows Defender).
Being “smart” and not clicking on suspicious links is no
longer enough:
Preventing Drive-by-Downloads
13. Spear Phishing vs. Spear Fishing
Attackers are getting smarter, we have to as well.
Spear Phishing is a highly targeted and context aware social
engineering attack. They tried Jungle Disk in December 2016!
Set your
mail client
to show full
address!
Spear
Fishing
Why does the
attacker put, “Sent
from my iPad”?
It provides the
person reading it a
reason why the
signature doesn’t
exactly match your
normal one.
Catching Spear Phishing Attacks
14. How do I protect myself from spear
phishing?
Be aware, don’t hurry on anything you’ll regret
1. Be cautious and use a separate
channel to verify sensitive topics or
financial transactions.
2. Setup controls to require multiple
people to authorize access to critical
infrastructure or new payee or to
change wire transfer / account #s on
existing accounts.
3. Have a network content filtering and
anti-malware service that blocks
malicious downloads from dangerous
links.
Phishing is no longer just the infamous “419” scams with the
dead prince you’re related to.
Catching Spear Phishing Attacks
15. CLOSING TIPS
1. Turn on operating system updates & security
2. Install an ad-blocker in your web browser
3. Be cautious replying to emails, especially approvals
16. Bret Piatt, CEO of Jungle
Disk
bret@jungledisk.com
https://www.jungledisk.com
Questions?