Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cybersecurity and data privacy

187 views

Published on

Cybersecurity and Privacy on the Internet.

Published in: Internet
  • Be the first to comment

Cybersecurity and data privacy

  1. 1. Cybersecurity and Privacy on Internet Katherine Cancelado
  2. 2. About me: Katherine Cancelado Consultant Cyber Risk Services Deloitte Dublin Tel: +353 1417 5723 Email: kcancelado@deloitte.ie Katherine is a Computer Science and Information Security Professional. She has always been interested in technology with a particular focus on cyber security over the last decade. She has over 3 years professional experience in penetration testing and vulnerability assessment. Additionally, Katherine has over 3 years experience as a network analyst, threat content creator and very recent experience in incident response for a multitude of global companies. Katherine lectured “Cyber Security“ at Javeriana University Colombia and has participated in numerous infrastructure and application penetration testing assignments, including: • Several web and network penetration tests for global organisations and financial services within South America, United Kingdom and Ireland • Worked as perimeter threat content creator for an American company in Colombia and United Kingdom • Penetration test, vulnerability assessment, incident response and forensics in the financial sector of a “Big 4” firm • Networking and system administration for an American company in Colombia Qualifications • MSc. In Cyber Security from “Universidad de la Rioja” Madrid, Spain • B.Eng. In Computer Science & Engineering from “Universidad Pontificia Bolivariana” Santander, Colombia • System Security Certified Practitioner - (ISC)² • Certified Digital Forensics Analyst – REDLIF Main industries • Bank, Financial and Insurance Companies • IT and Telecommunication • Education
  3. 3. Agenda • Women at work • Risks on Internet • Privacy, Cybersecurity and Data Privacy • What can you do? • Questions • References
  4. 4. Women at Work
  5. 5. Women at Work According to the United States Bureau of Labor Statistics, 46.8% of professional positions are held by women[1]. The table [2] on the right shows the different percentages of women employed in each professional sector. Cyberjutsu[3], a non-profit passionate about helping and empowering women to succeed in the Cybersecurity field also offer an interesting statistic. Only 11% of the information security workforce are women. The problem is not just the fact that women’s representation in computer science related subjects is low. It is that sometimes, the lack of computer and information security awareness leaves women vulnerable to cyber attack. Therefore driving the voice around cybersecurity and privacy, have never been more important for ourselves and our female peers. In the end, no matter what our role is, the data we look after/ manage is what makes us an ideal target. Women and Internet Professional Occupation Women Medical and health services 73.7% Human resources 73.3% Social and community service 67.4% Education 65.7% Public relationships and fundraising 59.2% Advertising and promotions 53.6% Lodging 53.5% Property, real state, and community association 50.9% Financial 49.6% Administrative services 47.7% Food services 47.1% Purchasing 44.8% Marketing and sales 43.2% General and operations 27.6% Computer and information systems 27.2% Cybersecurity 11% [1] https://www.bls.gov/cps/cpsaat11.htm [2] https://www.bls.gov/opub/ted/2016/39-percent-of-managers-in-2015-were-women.htm [3] http://womenscyberjutsu.org/
  6. 6. Information we manage The information we hold Personally Identifiable Information PII is any information that can be used to identify a person; for example, your name, address, date of birth, national insurance number, and so on. Protected Health Information PHI is defined by the Health Insurance Portability and Accountability Act (HIPPA) and comprises any data that can be used to associate a person's identity with their health care Financial Information Banking/ transaction history, credit rating Sensitive information: National Insurance Number/ PPSN, driving license, financial accounts, medical information, electoral record
  7. 7. Information is money!!!! According to Breach Level Index[4], data records have been found to be lost or stolen at the following frequencies: Every day: 4,504,712 Every hour: 187,696 Every minute: 3,218 Every second: 52 Even worse… Only 4% of these breaches were ‘secure breaches’ (encryption was used and the stolen data was rendered useless). 35.19% 15.46% 11.82% 11.46% 4.40% 3.48% 1.12% Technology Other Retail Government Financial Healthcare Education Data Records Stolen or Lost by Industry [4] Data Breach level Index http://breachlevelindex.com/
  8. 8. 8 Risks on Internet
  9. 9. Risk on Internet • Identity thief • Phishing • Fraud Social Engineering • Websites that appear to be something they are not. Phishing websites • Obfuscation, masking, iframes, clickjacking, injections Trojan websites File sharing and privacy • Viruses • Spyware • Adware Malicious Software Risk: The likelihood of “something bad” happening and causing financial and/ or reputational damage • Information Overshared • Peer to Peer (P2P) • Torrents
  10. 10. Cyber Security and Privacy
  11. 11. What is Privacy? [5] Privacy International – What is Privacy? https://www.privacyinternational.org/node/568
  12. 12. Cybersecurity and Data Privacy Cybersecurity is the conjunction of good practices, tools, concepts and measures taken to protect a system, platform or person. “Privacy is a fundamental right, essential to autonomy and the protection of human dignity, serving as the foundation upon which many other human rights are built.” [5] [5] Privacy International – What is Privacy? https://www.privacyinternational.org/node/568 Cybersecurity and data privacy are not the same, but should always be together.
  13. 13. What Can You Do?
  14. 14. What Can You Do? Personal information is like money Value it Protect it Common sense Share with care Anonymise your Internet use Check Secure Browsing Classify your data Examine privacy policies Uninstall unnecessary software Use encryption Not everything is visible! Remember that the Internet is an extension of our “real” life
  15. 15. What Can You Do At Home? Share with care Do not reveal personal information unnecessarily. Terms & Conditions may not apply to you. ;-) 02 01 Classify your data All data is not equal. Treat different life streams separately; home/ work, spouse/ children, private/ public. 04 03 05 06 Anonymise your Internet use Stop sharing your location and using add-ons. Connect anonymously. Uninstall unnecessary software Bloatware/ pre-installed or add- on software (e.g. toolbars) usually contains unwanted processes and should be removed. Secure Browsing Regularly clear your browser history and cache, check for secure connections (HTTPS). Common sense Always be aware of your actions, a single click or tap can have serious consequences.
  16. 16. What Can You Do At work? Do not take work to home Physical and digital work assets are a target outside your place of work. 02 01 Remove unused software, services Limit use of software and services to essentials. 04 03 05 06 End-to-End encryption Ensure all start and endpoints of electronic communications are encrypted to mitigate man- in-the-middle attacks. Document / Record Everything Ensure there’s a paper trail in case something goes wrong. Data retention Comply with the law but ensure useless data is destroyed. Think GDPR.  Security Awareness Give the appropriate cybersecurity training to your employees, ask about your data management expectations.
  17. 17. Questions? “The art and science of asking questions is the source of knowledge” - Thomas Berger
  18. 18. [1] https://www.bls.gov/cps/cpsaat11.htm [2] https://www.bls.gov/opub/ted/2016/39-percent-of-managers-in-2015-were-women.htm [3] http://womenscyberjutsu.org/ [4] Data Breach level Index http://breachlevelindex.com/ [5] Privacy International – What is Privacy? https://www.privacyinternational.org/node/568 References:

×