Every day new businesses create their presence online. The internet can be the best way of marketing a product or service and generate new leads and income. But the risks are immense. Every day, hackers compromise websites and get hold of confidential data. When this happens, this can mean the end of your business. What can you do to prevent this from happening?
Scaling API-first – The story of a global engineering organization
Tackling the cyber security threat (2016 - v1.0)
1. Rui Miguel FeioSharing knowledge with the world
TACKLING THE CYBER
SECURITY THREAT
Business Accelerator Event (2016)
2. Rui Miguel FeioSharing knowledge with the world
RUI MIGUEL FEIO
• Working with computers since 9 years old, back in 1984
• Worked for Citibank, IBM, Xerox
• Worked with many Blue Chip companies around the world
• Specialises in Cyber Security
• Experience in different systems(Mainframe, Linux, Windows, Unix,…)
• Works with RSM Partners as a Senior Technical Lead
• Gives lectures and presentations all over the world
Key facts:
CYBER SECURITY CONSULTANT
3. Rui Miguel FeioSharing knowledge with the world
The ”online world” is
worth trillions of British
Pounds and it’s being
targeted by the criminal
world.
But How Safe is It?
Almost every
business requires an
online presence
today
Online Presence
20
%
30
%
25
%
40
%
30
%
Contact people / institutions
Customers
Online Education
Social Media
Collaboration
E-commerce
Institutions
Increase Revenue
Security
Business Goals
World Wide Markets
New Ideas
Internet Search
YOUR BUSINESS ONLINE
4. Rui Miguel FeioSharing knowledge with the world
ONLINE SECURITY THREATS
Risks
Virus
X-Site
Scripting
Spoofing
Denial-of-Service attack is a cyber-attack
where the perpetrator seeks to make a
machine or network resource unavailable to
its intended users.
Malicious Software is a computer program
designed to infiltrate and damage computers
without the users consent. It’s the general term
covering all the different types of threats to your
computer such as viruses, spyware, worms,
trojans, rootkits and so on.
Virus is a program or piece of code that is loaded onto your
computer without your knowledge and runs against your wishes.
Phishing is the attempt to obtain sensitive information
such as usernames, passwords, and confidential data,
often for malicious reasons, by masquerading as a
trustworthy entity in an electronic communication.
Ransomware is a type of malicious software designed
to block access to a computer system until a sum of
money is paid.
Cross-site Scripting (XSS) refers to client-
side code injection attack wherein an
attacker can execute malicious scripts into a
legitimate website or web application.
Spoofing is the act of falsifying the origin of an
internet communication in order to mislead the
recipient. It's widely used to create bogus emails
or web pages in order to steal money, passwords
or banking credentials.
5. Rui Miguel FeioSharing knowledge with the world
The data breach cost per record
is in average of $154 (USD)
world wide. In the UK, the
average cost per record is of
$159 (USD) / £128 (GBP).
$154
COST PER RECORD
The most targeted sector by
attackers was the Healthcare,
followed by Education, Financial,
Services, Life Science, Retail,
Communications, Industrial,
Energy and Technology.
HEALTH
TARGETED SECTOR
The global average number of
breached records was 23,834. In
the UK, the average number was
of 22,759 breached records.
23,834
RECORDS BREACHED
Globally, malicious or criminal
attacks accounted for 48% of the
root cause of the data breach,
followed by 27% for system glitch
and 25% for human error. In the
UK these numbers were 51%, 24%,
and 25% respectively.
48%
ROOT CAUSE
2016 RESEARCH
* Benchmark research sponsored by IBM Independently conducted by Ponemon Institute LLC June 2016
6. Rui Miguel FeioSharing knowledge with the world
01
HACKERS
The term hacker is used in popular
media to describe someone who
attempts to break into computer
systems. Typically, this kind of
hacker would be a proficient
programmer or engineer with
sufficient technical knowledge to
understand the weak points in a
security system.
02
CRIMINAL ORGS
Criminal activities carried out by
criminal organisations by means of
computers or the Internet.
03
HACKTIVISTS
Hacktivist is a person who gains
unauthorised access to computer
files or networks in order to further
social or political ends.
04
NATION STATES
The Nation State actor has a
'Licence to Hack'. They work for a
government to disrupt or
compromise target governments,
organisations or individuals to gain
access to valuable data or
intelligence, and can create
incidents that have international
significance.
05
CYBER TERRORISTS
A cyber-terrorist is a criminal who
uses computer technology and the
Internet, especially to cause fear
and disruption. Some cyber-
terrorists spread computer viruses,
and others threaten people,
organisations and nations
electronically.
‘ACTORS’ OF THE ONLINE THREATS
7. Rui Miguel FeioSharing knowledge with the world
INTERNET OF THINGS
IoT
Manufacturers of the IoT
devies are under
pressure to release new
gadgets with new
functionalities to an ever
more demanding
customer. However,
security is not greatly
taken in consideration
which creates security
risks to individuals,
organisations and
governments.
Security Risk
There are currently
6.4 billion IoT
devices connected to
the internet. It’s
estimated that by
2020, there will be
20 to 50 billion IoT
devices connected to
the internet.
Internet of Things
8. Rui Miguel FeioSharing knowledge with the world
MOBILITY
• Mobile devices are moving targets
• Most mobile devices are easy to hack
and compromise
• Mobile devices may contain private
and business data
• Hackers ‘love’ mobile devices
• If compromised, they can become entry
points to your home or business IT
network
The Downside
• Being able to access data and do
business wherever you are is a major
advantage and a requirement in the
modern world.
Mobility is Good
• Old devices
• Operating system not up-to-date
• Apps can leak and collect personal
data
• Connected to ‘dubious’ free WiFi spots
• Devices not protected with access
credentials
Risks and Threats
9. Rui Miguel FeioSharing knowledge with the world
THE DARK WEB
Dark Web
Accessible only through special browsers like
TOR, that are designed for anonymity.
Website addresses are not in clear text (e.g.
http://3g2upl4pq6kufc4m.onion)
You can get access to drugs, weapons, illegal
information, hacking tools, hackers, criminals,
credit cards details, private confidential data,
login credentials, etc.
Internet
The visible internet that we see when
we browse. E.g. Google, Facebook,
BBC, company websites, etc.
10. Rui Miguel FeioSharing knowledge with the world
BE PROACTIVEBE AWAREBE MINDFUL
THREE Bs TO BE SECUREDThese are the 3 Bs to help you be secured in the cyber world. Be mindful of what you do; always question if you
should click on a link, on an option, if you should open a document, the source of the document or email. Be aware
of the security risks; keep informed, ask questions. Don’t put yourself and your business at risk. Be proactive. Don’t
wait until your systems are compromised. Keep them up-to-date with the latest versions of the operating system,
and software. Apply the security fixes. Have a firewall and an anti-virus and keep them updated. Ask for professional,
experienced help. In the long run this can save you a lot of money!!
WHAT TO DO
11. Rui Miguel FeioSharing knowledge with the world
CONTACTS
UK ruif@rmfconsulting.com
+44 (0)7570 911459
www.RuiFeio.com
t
f g
l
ADDRESS EMAIL SOCIAL MEDIA
twitter.com/rfeio
facebook.com/RuiMiguelFeio
linkedin.com/in/rfeio
google.com/+RuiMiguelFeio