Whats up for today?
Some chitchat about your baby…

The dark side of the internet
• Phishing
• Social engineering
• Hacking (vulnerabilities & misconfigurations)
• Injection (iFRAME)
• DDOS
• DNS hijacking
• Cookie hijacking/stealing
• MITM (Man In The Middle)
• Xss and SQL injection
• 3rd Parties

Serious cases
• 13 October 2014 1 million dutch e-mail
accounts compromised.
• 5600 Dutch websites hacked (SQL injection)
• Target hack, costs 40 million $, Home depot
60 Miljon $ ( total costs in revenue and
security measures)
• In two years 2 Billion account credentials
breached ( including CC and person
credentials)

Data Breaches Leads to Drop in Sales
• Target Earnings Slide 46% After Data Breach
• One third of consumers will shop elsewhere if
their retailer of choice is breached, according
to new research
• Downtime and massive costs after data
breach or malware infection.

What can/must we do?
• Audit/Pentest
• Source code check
• Scanning pro software *
• WAF * (Web Application Firewall)
• Encrypt your database, encrypt credentials, if hacked it wont be worth decrypting due to time
• Dedicated Hosting
• HTTPS, Perfect Forward Secrecy, HSTS (HTTP Strict Transport Security)
• MASKING *
• Malware Analyses, day round *
• DDOS protection *
• Secure DNS * (ask hosting company)
• Blacklisting checks *
• Monitor your security
• Security is a must, create budget! (its not IF, but WHEN you will get hacked)
• Backupfallbackupfallback crisis scenario’s and documentation
• Backoffice security, don’t let your twelve year old kid download movies on your work laptop
• Educate the thing between chair and keyboard! Know your software platform(s) (sorry if its you)
• Communicate with your customer about your cyber initiatives, but be very clear in how!
* Do it yourself, approx. 400 euro a year.

What can/must we do?
• Audit/Pentest
• Source code check
• Scanning pro software *
• WAF * (Web Application Firewall)
• Encrypt your database, encrypt credentials, if hacked it wont be worth decrypting due to time
• Dedicated Hosting
• HTTPS, Perfect Forward Secrecy, HSTS (HTTP Strict Transport Security)
• MASKING *
• Malware Analyses, day round *
• DDOS protection *
• Secure DNS * (ask hosting company)
• Blacklisting checks *
• Monitor your security
• Security is a must, create budget! (its not IF, but WHEN you will get hacked)
• Backupfallbackupfallback crisis scenario’s and documentation
• Backoffice security, don’t let your twelve year old kid download movies on your work laptop
• Educate the thing between chair and keyboard! Know your software platform(s) (sorry if its you)
• Communicate with your customer about your cyber initiatives, but be very clear in how!
* Do it yourself, approx. 400 euro a year.

Treat (not thread) your baby like a baby
Create the safe environment you want your baby to growup in.
For you, your family, your customer and your future.
Happy Selling!

CONTACT
Remo Hardeman
Omerta Information Security
remo@omerta.nl
Visits
Boompjes 57
7e verdieping
3011 XB Rotterdam
SOCIAL MEDIA
facebook.com/
omertanetherlands
TWITTER
https://twitter.com/
@omerta_infosec

CONTACT
Remo Hardeman
Omerta Information Security
remo@omerta.nl
Visits
Boompjes 57
7e verdieping
3011 XB Rotterdam
SOCIAL MEDIA
facebook.com/
omertanetherlands
TWITTER
https://twitter.com/
@omerta_infosec