Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

APMG - Social Engineering (LDSC Cyber Themed Evening)

27 views

Published on

Cyber Themes 2018: https://londondsc.co.uk/cyberthemes2018/

Use "#SocialEngineering" on Twitter to join in the conversation

---
APMG (APM Group) International is the most reputable global accreditation and examination institute
APMG accredits organizations to deliver training courses and consultancy services for a broad range of professional certification schemes.
Our long history of accrediting organizations worldwide – combined with our rigorous assessment process means that APMG accredited organizations are recognized for their commitment to delivering exceptional service.

---
We are a not for profit organisation, founded as a joint venture by the Mayor of London, the Metropolitan Police Service (MPS) and the City of London Police (CoLP). We work in partnership with private industry and academia to help businesses, primarily SME business (less than 249 employees), to embrace digital innovations and operate in a secure online environment protecting themselves against cyber criminals.

What is our purpose?
- To provide simple, measurable and effective digital security solutions to businesses.
- To enable businesses to operate in a secure digital environment.
- To target victims of cyber crime and provide support to prevent repeat victimisation.
- To evidence a positive shift in the digital security of businesses.

---
Find out more information via:

Website ▶ https://londondsc.co.uk/
Twitter ▶ https://twitter.com/LondonDSC
LinkedIn ▶ https://www.linkedin.com/company/london-digital-security-centre/
Instagram ▶ https://www.instagram.com/londondigititalsecuritycentre

  • Be the first to comment

  • Be the first to like this

APMG - Social Engineering (LDSC Cyber Themed Evening)

  1. 1. © APM Group Ltd. 2018 All Rights Reserved. CDCAT® is a registered trade mark of Dstl. All rights Social Engineering and how to avoid the pitfalls • Martin Huddleston • APMG Head of Cyber
  2. 2. © APM Group Ltd. 2018 All Rights Reserved. CDCAT® is a registered trade mark of Dstl. All rights The bait … [financial] scams … internet enabled … at scale … https://twitter.com/actionfrauduk
  3. 3. © APM Group Ltd. 2018 All Rights Reserved. CDCAT® is a registered trade mark of Dstl. All rights Information Commissioner Office Statistics (June 2018) Department of Digital Culture Media and Sport (DCMS) Survey
  4. 4. © APM Group Ltd. 2018 All Rights Reserved. CDCAT® is a registered trade mark of Dstl. All rights And internationally we have a problem … Breaches from only: • Accidental release • Inside job • Poor security (many from social engineering that originates outside the UK, e.g. Equifax)
  5. 5. © APM Group Ltd. 2018 All Rights Reserved. CDCAT® is a registered trade mark of Dstl. All rights How do they attack? Internet • Companies House • LinkedIn • Social media • Web sites • Other breaches Email • Phishing emails • Vishing • Smishing • Whaling emails • Spear-phishing emails 1. Surveillance Techniques
  6. 6. © APM Group Ltd. 2018 All Rights Reserved. CDCAT® is a registered trade mark of Dstl. All rights How do they attack? Spoofing Social engineering Connected laptops or other kit, BYOD Updates Old vulnerabilities Attachments Links in emails Honeypots/watering holes Wi-Fi enabled devices where appropriate (ports, marinas, etc.) Leading to … malware download 2. Gain Access Techniques
  7. 7. © APM Group Ltd. 2018 All Rights Reserved. CDCAT® is a registered trade mark of Dstl. All rights How do they attack? Trojan Ransomware Steal data Corrupt data Fraud Industrial Control Systems (ICS) Safety critical systems Safety V Security Spoofing Moving horizontally 3. Attack (do damage) Techniques This Photo by Unknown Author is licensed under CC BY
  8. 8. © APM Group Ltd. 2018 All Rights Reserved. CDCAT® is a registered trade mark of Dstl. All rights So what do we do about it? • Train the people to be aware • Business processes • Use codification • Follow CyberAware & NCSC advice Example https://www.barclays.co.uk/security/digitally-safe-quiz/#/ https://twitter.com/actionfrauduk https://twitter.com/ncsc https://www.ncsc.gov.uk/information/regional-organised- crime-units-rocus use ROCU twitter accounts https://www.cyberaware.gov.uk/ https://www.ncsc.gov.uk/smallbusiness
  9. 9. © APM Group Ltd. 2018 All Rights Reserved. CDCAT® is a registered trade mark of Dstl. All rights NCSC Small Business Guide: Online Guidance • Backing up your data – 5 things to consider when backing up your data. • Protecting your organisation from malware – 5 free and easy-to-implement tips that can help prevent malware damaging your organisation. • Keeping your smartphones (and tablets) safe – 5 quick tips that can help keep your mobile devices (and the information stored on them) secure. • Using passwords to protect your data – 5 things to keep in mind when using passwords. • Avoiding phishing attacks – Steps to help you identify the most common phishing attacks. • https://www.ncsc.gov.uk/smallbusiness • https://www.ncsc.gov.uk/phishing • https://www.ncsc.gov.uk/guidance/email- security-and-anti-spoofing
  10. 10. © APM Group Ltd. 2018 All Rights Reserved. CDCAT® is a registered trade mark of Dstl. All rights … and don’t forget • Security • Safety • Business issue • Risk-based assessment • Supply chain • Contractors • Segregation of systems • Business processes
  11. 11. © APM Group Ltd. 2018 All Rights Reserved. CDCAT® is a registered trade mark of Dstl. All rights What else should you do? • Use a recognised certification to get independent assurance you are doing the important things correctly, such as: – ISO27001 – Cyber Essentials – Cyber Essentials Plus This Photo by Unknown Author is licensed under CC BY
  12. 12. © APM Group Ltd. 2018 All Rights Reserved. CDCAT® is a registered trade mark of Dstl. All rights Final thoughts … • What if at least partially successful attacks lead to a data breach of personal information belonging to an EU citizen? • Then GDPR could hit you (from 25th May 2018). • Maximum fines €20 million or 4% of annual worldwide turnover – whichever is the GREATER
  13. 13. © APM Group Ltd. 2018 All Rights Reserved. CDCAT® is a registered trade mark of Dstl. All rights and … follow this great advice … be Cyber Aware
  14. 14. © APM Group Ltd. 2018 All Rights Reserved. CDCAT® is a registered trade mark of Dstl. All rights Thank you!
  15. 15. © APM Group Ltd. 2018 All Rights Reserved. CDCAT® is a registered trade mark of Dstl. All rights
  16. 16. International © APM Group Ltd. 2016 All Rights Reserved.© APM Group Ltd. 2018 All Rights Reserved. CDCAT® is a registered trade mark of Dstl. All rights

×