SlideShare a Scribd company logo

A Look Into Cyber Security

GTreasury
GTreasury

For organizations today, cyber security stands as a top priority to keep their information and systems safe from theft, damages, or disruptions. Within the financial industry, cyber security is especially important as it relates to including best practices and procedures that can can help prevent hackers from achieving success. Organizations’ defensive strategies are what will best help them win the game. This presentation reviews how the enemy works, ways to defend your organization from an attack, what hackers are capable of, and more.

Software
1 of 17
A Look into Cyber Security | 1© G Treasury SS, LLC 2008 -2017 A LOOK INTO CYBER SECURITY
A Look into Cyber Security | 2© G Treasury SS, LLC 2008 -2017 Network security in cyberspace is never far from the headlines. When it does reach the headlines, it’s never good news. Here are just a few famous – or infamous – security breaches of the not-too-distant past, even though they might seem like ancient history by now: Target, Adobe, TJX, Home Depot, Sony Playstation, Heartland, Epsilon. Hackers and cyber-thieves are, unfortunately, good at what they do and getting more sophisticated all the time. They take advantage of gaps and weak spots in information technology systems. But those gaps and weak spots are there, almost exclusively, because some human being wasn’t doing his or her job properly. We can always improve our hardware and software, and we’ll discuss a few ways we’re doing that. But it doesn’t matter how powerful or expensive your system is if you don’t know how to use it. A LOOK INTO CYBER SECURITY
A Look into Cyber Security | 3© G Treasury SS, LLC 2008 -2017 SWIFT is a messaging system used by banks and financial companies. SWIFT messages include, but are not limited to, payment orders. The SWIFT network itself was not hacked. But the hackers, operating from Egypt, penetrated the banks’ systems and installed malware. The malware modified the bank’s Alliance Access software, which reads and writes the SWIFT messages and records transactions. The malware altered payment orders, increasing transaction amounts and changing payment destinations. It also changed the SWIFT payment confirmation messages back to the original amounts or deleted them entirely. A police investigation showed that the Bangladesh Bank had no firewalls and was using second-hand, ten-dollar switches on its network. The Philippine bank was using a $25 router and default passwords. It’s little wonder that the crooks were able to get into the networks. Anyone who takes security seriously knows that security demands investment. You can’t expect good results by picking cheap components off the shelf, plugging them in, and hoping they’ll work. The components need to be part of a coherent plan. OUTDATED TECHNOLOGY & HUMAN ERROR
A Look into Cyber Security | 4© G Treasury SS, LLC 2008 -2017 HOW THE ENEMY WORKS Spam. Spear phishing. Social engineering. Confederates inside the target institutions. Black-hat tool kits that are more advanced than the tools that developers work with when building applications. They’re all part of the arsenal that hackers use. Nowadays we don’t hear much from the deposed African prince who wants to split a hundred million bucks with us. Cyber crime has gone way beyond such stickups of unwary individuals. The cyber criminals are working full time and studying your business. They scan for the open port, look for SSL vulnerabilities, do automated testing. They seek out the one vulnerable machine on the network or the one gullible or inattentive person who clicks on a link and lets malware in. They also learn who does your payroll, whether you use FedEx, who’s your ISP. They’ll send you an invoice that says your account is overdue and you’ll be terminated if you don’t reply. People click on the invoice link, which can look like a pdf file but which masks an executable one, without thinking. Even high-credentialed employees like executives, CFOs, and treasurers get duped. They’re in a hurry, and they click on links without thinking.
A Look into Cyber Security | 5© G Treasury SS, LLC 2008 -2017 HOW THE ENEMY WORKS (CONT.) All the hackers need for a response rate is for one percent of their attempts to succeed, but the percentage of the population that falls for it is much higher than that. More than 80% of malware that reaches its target gets distributed by phishing, or by somebody’s clicking a link on a compromised web site. This campaign highlights the fact that organizations are only as strong as their weakest link, and in this case, it’s their employees. IBM’s 2015 Cyber Security Intelligence Index indicated 95 percent of all attacks involve some type of human error. Attackers rely on that factor, counting on someone to open a fraudulent attachment or link. Wordpress sites are a particular problem. Many people who use Wordpress do it as a hobby, not in their full time jobs. They don’t keep security patches up-to-date. So if some hacker compromises a Wordpress site and adds their own code, and then you click on one of the site’s links – behind the scenes there’s a software download to your machine.
A Look into Cyber Security | 6 Think of your business as a castle. Build the walls and dig the moat. Most attackers are looking for the soft spots and easy pickings – they prefer to probe for open doors to your system, and to simply walk in. You can turn these intrusion attempts aside by having those walls and moat - appropriate policies and components – in place. The drawbridge and the great wooden door are the entryway to the castle. Sometimes that door must be opened, or the castle can’t function in the world outside. The door should open only when needed. No other entryways, such as windows or emergency doors, should be left unlocked. When the door is opened, be sure you have vigilant, armed, well-trained sentries on duty. They’ll protect you from almost every other external threat – the attackers who go beyond casual probing to methodical intrusion attempts. With the above measures in place, you’ll be guarding against about 99% of all forays against your system. Finally, station hundreds of vigilant guards atop the castle walls and around the base of the walls. They’ll spot and dispatch the final one percent of attackers, those lone daredevils who try to scale the walls or tunnel beneath them. DEFENDING YOUR CASTLE © G Treasury SS, LLC 2008 -2017
A Look into Cyber Security | 7© G Treasury SS, LLC 2008 -2017 DEFENDING YOUR CASTLE (CONT.) To summarize - the walls and the moat are administrator rights to your system. More precisely, they’re the curtailments, the strict limitations, of administrator rights. Smart, aggressive control of administrator rights can neutralize around 85% of malware attacks. The drawbridge and sentries are password controls. Eliminate stolen passwords and you’ll turn back almost all of the remaining intrusion attempts. About 14 percent of them. But if, somehow, an attacker climbs the wall or digs underneath it, the vigilant guards that will nab him are the two-factor authentication brigade. That’s the final one percent of protection. Let’s carry the castle analogy just a bit further. It will be much harder to defend the castle if you don’t keep the walls mortared and if you don’t keep the food and ammunition supplies fresh and plentiful. That’s your hardware and software. Keep it current, and keep it patched. Finally, if your soldiers and sentries are untrained or lazy, it doesn’t matter how strong your walls are. The human factor has always posed the biggest risk in cybersecurity. All of your employees have a part to play. So keep them trained and informed. Whether they realize it or not, they’re on duty all day, every day in the fight against cyber-thieves.
A Look into Cyber Security | 8© G Treasury SS, LLC 2008 -2017 AN ATTACK-IN-DEPTH The “Dyre Wolf” campaign against banks shows just how sophisticated the hackers have become. Discovered and named by IBM researchers, it’s an invasion-in-depth, a mirror image of a defense-in depth. Dyre Wolf has pulled off several million-dollar heists from banks and corporations. Run by criminals in Eastern Europe, Dyre Wolf uses spear phishing or spam emails to get a foothold in the system. Then its minions post phony dialogue boxes about system errors, prompting a phone call to a fake service center. They lure employees of the target company into revealing their passwords and authentication codes over the phone. They also post spoofed web sites, where gullible employees think they’re logging in. Within seconds, millions of dollars get whisked away through a maze of foreign banks. The attackers frequently launch a Distributed Denial of Service (DDoS) attack on the target bank to prevent it from seeing what just happened. This is all very scary. But the first, essential break in the target bank’s defenses came when an employee or some other insider such as a vendor allowed a download of malware. The enemy made it through the castle walls and plucked the keys to the castle keep from another employee. IBM’s 2015 Cyber Security Intelligence Index, which describes Dyre Wolf in detail, stated that 55 percent of all attacks recorded in 2014 were carried out by those who had inside access to the target company’s systems. Some of those insiders were malicious; others were unwitting dupes. Elsewhere in that report, IBM states that 95% of actual breaches were caused by human error. So, by now it must be obvious. You’re only as strong as your weakest link, and that link is almost always an employee. So what to do?
A Look into Cyber Security | 9© G Treasury SS, LLC 2008 -2017 BUILDING A DEFENSE Let’s return to the castle and its walls, moat, and sentries. Let’s also narrow our discussion to the breaches that keep bankers and corporate treasurers tossing and turning: those that result in unauthorized transfers of money. In broad strokes, if you start from a secure base, a system in which nobody has rights to anything, and then you open it up to people or processes as necessary, then your solution will be secure and will enable people to do things that must be done. On the other hand, if you start with a system that is wide open and proceed to lock things down, you inevitably will miss locking or closing certain doors. Moreover, as things change, as people come and go or acquire new privileges and responsibilities, you’ve got to be especially vigilant in monitoring everyone and in shutting down additional doors. It’s far easier to grant as necessary rather than trying to deny access once some change occurs. Let’s assume that an attacker has fooled someone into downloading malware onto his or her computer. How much damage can that do? Some, of course, but you can limit it substantially if the infected computer does not have access to administrator rights. If the user of said computer is a “standard” or “least privilege” user, then the worst-case damage will be limited to what that user can do. It can’t change files, install software, change processes, and so on. In other words, it would not allow the types of changes to the SWIFT messages that hit the Bangladesh Bank.
A Look into Cyber Security | 10© G Treasury SS, LLC 2008 -2017 BUILDING A DEFENSE (CONT.) The “2014 Microsoft Vulnerabilities Report” by Avecto, a UK software firm, states that “97% of critical Microsoft vulnerabilities could be mitigated by removing admin rights across an enterprise.” One of the report’s key findings almost reiterated the point: “97% of Critical Remote Code Execution vulnerabilities could be mitigated by removing admin rights.” The report explains “mitigation” in stating “a standard user account either nullifies the vulnerability itself or nullifies the impact of the vulnerability by preventing the exploit from gaining elevated privilege throughout the user.” The Avecto report dealt with Microsoft vulnerabilities. But applications like Flash and Java can be exploited as well. Granting admins right to them, or to any other application with known vulnerabilities, is to be courting disaster. Privilege management is not a panacea. If you’ve got sturdy castle walls but the drawbridge is open, the barbarians will storm through the gate. At that point you’re relying on your guards. But who is verifying the guard’s activities – the familiar question “Who’s guarding the guards?” Some guards need access to sensitive areas of the castle. Who is verifying that they’re doing everything they must be doing, but only what they must be doing. This is where auditing comes in. Remember the percentage of attacks that stem from human error. Some errors are inadvertent; others are deliberate. Does an independent party review your logs, daily, of who accesses production servers? Do you have somebody who is independent of the guards’ function reviewing these accesses? It is similar to the “dual control” of cash practiced by banks, or the requirement for “four eyes” needed to complete an action.
A Look into Cyber Security | 11© G Treasury SS, LLC 2008 -2017 Think about what kinds of applications your employees need in order to do their jobs. Do they need Flash installed? Or Java? Perhaps you should consider having application whitelist, to specify what can be installed on company machines, and what will be blocked by default. Most applications installed by users have little to do with their jobs. They may go onto Facebook. They may have a Google Dropbox. They will install things to do at lunchtime. If a company does not know what applications its employees have installed, or how they are using them, then the company will have no control over the information that is flowing through users’ machines on the network. LIMITATIONS
A Look into Cyber Security | 12© G Treasury SS, LLC 2008 -2017 In the case of the Philippine Bank breach mentioned above, the bank was using a $25, second-hand router. It also had no firewalls and used default passwords. Human error, anyone? By now, it should be obvious to any user of IT that their passwords should be in a format that is hard to guess or to discover through algorithms. Passwords should also be changed frequently. Company policies should mandate such approaches. It is a very easy thing to enforce password complexity. Companies should also routinely test passwords to see if they can be broken easily. The whole issue is so familiar that we needn’t go through it here. Still, there’s a distressing proportion of computer users whose password is “password” or “123456.” POLICIES & PASSWORDS
A Look into Cyber Security | 13© G Treasury SS, LLC 2008 -2017 SINGLE SIGN-ON Single Sign-On (SSO) is another effective countermeasure. With SSO, a session and user authentication service permits a user to use one set of login credentials (e.g., name and password) to access multiple applications. It is easy to set up and manage. There are many third-party products, including Microsoft Active Directory Federated Service (ADFS) that work well. They balance out the tradeoff between ease of access for the end user and tight, documented security for the auditors and internal security team. With SSO, mandated password changes are easy. You only have to change the password in one place to update if for every application that supports SSO. You don’t have to go into every system and individual application. Managing multiple passwords, and having to remember them for every system, causes a great deal of user frustration and password-related errors. Because SSO is authentication by a trusted server within the company network, third-party applications like GTreasury do not have to make their own determination that a given user’s credentials are valid. Then, third parties can use the same trusted source that the company is using for its users’ identification and validation.
A Look into Cyber Security | 14© G Treasury SS, LLC 2008 -2017 Multi-factor Authentication (MFA) combines “something you know” – a password – with “something you have.” The “something you have” portion might be a physical token with a distinct, encrypted security code. It might also be a message sent to a mobile phone or a laptop computer. Even if some hacker penetrates your network and steals your password, he can’t make off with the goods unless he also gets hold of the other authenticating factor. MFA does not just need to be on login. It could also come into play at any functional point of using an application – such as approving a payment. The Dyre Wolf guys scored despite MFA because they succeeded in getting both pieces of the puzzle. With faked phone calls and spoofed web sites, they tricked the victims into revealing or entering essential information like security codes or passwords. Again, this shows that no technology is foolproof if humans mishandle it. It also shows the need to layer security, rather than to rely on any one method or solution component. MULTI-FACTOR AUTHENTICATION
A Look into Cyber Security | 15© G Treasury SS, LLC 2008 -2017 MOBILITY & THE CLOUD If you do a good job of restricting administrator rights, of managing identities and passwords, and of implementing two-factor authentication, you’re showing that you’re serious about cyber-security. Your auditors will approve; so too should your lawyers and law-enforcement authorities. Data breaches are a real threat nowadays, even for companies that are diligent about security. If your company’s systems are breached, your legal liability may be much less if you have followed a strategy of defense-in-depth than if you were oblivious to best security practices. In the event of the latter, there could be additional or punitive damages assessed.
A Look into Cyber Security | 16© G Treasury SS, LLC 2008 -2017 If you’re a corporate treasurer, be very careful about using your home computer or your mobile device. If you’re in an airport, for instance, you might inadvertently login onto a Wi-Fi that looks legitimate – named something like “Lagardia” or “Heatrow” – and send critical data to a hacker for a man-in-the-middle attack. Again, going back to the human element, remember that terminated employees aren’t fully terminated until they no longer have access to any of your systems. When you dismiss someone, you shut off access to the internal network. But do you use one or more cloud-based services? If so, someone has to go out and delete the departed individual from every one. It takes some extra work and doesn’t happen automatically unless your cloud provider’s web services offer to disable terminated users’ accounts. CAUTIONARY TALES
A Look into Cyber Security | 17© G Treasury SS, LLC 2008 -2017 CONCLUSION Once more to our castle analogy, we find that cloud computing might just allow potential invaders to glide right over the castle walls and drop in from the sky. You still need vigilant sentries to spot them. You’ll need to give the sentries some accurate, long-range crossbows to nail them even before they land. Or maybe we’ve had enough comparisons with the Middle Ages. Let’s move into modern times and sum it up by thinking of cyber-security as we think of that great American game, football. They say that offense wins games but defense wins championships. And what do you need to build a champion defense? • A well-thought-out game plan – your security policies and procedures. • A defense-in-depth consisting of big strong linemen, heady and agile linebackers, and fleet defensive backs – your tightly controlled admin rights, robust passwords and identity management, and two-factor authentication. • And most importantly, your players – talented, well prepared, and thoroughly drilled. The entire squad, from the highest-paid starters to the least-used substitutes. Your employees. They’re the ones who do the work; they’re the ones on whom you rely

Recommended

Cyber threats landscape and defense
Cyber threats landscape and defenseCyber threats landscape and defense
Cyber threats landscape and defense
fantaghost
 
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018
joshquarrie
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04Kyle Lai
 
Cyber security-report-2017
Cyber security-report-2017Cyber security-report-2017
Cyber security-report-2017
NRC
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Knowledge Group
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber Security
Nikunj Thakkar
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
Daniel Thomas
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
JamshidRaqi
 

Recommended

Cyber threats landscape and defense
Cyber threats landscape and defenseCyber threats landscape and defense
Cyber threats landscape and defense
fantaghost
 
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018
joshquarrie
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04Kyle Lai
 
Cyber security-report-2017
Cyber security-report-2017Cyber security-report-2017
Cyber security-report-2017
NRC
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Knowledge Group
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber Security
Nikunj Thakkar
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
Daniel Thomas
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
JamshidRaqi
 
Cyber Security Threats and Data Breaches
Cyber Security Threats and Data BreachesCyber Security Threats and Data Breaches
Cyber Security Threats and Data Breaches
Bijay Senihang
 
Presentation on cyber security
Presentation on cyber securityPresentation on cyber security
Presentation on cyber security
9784
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutions
inLabFIB
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
Siemplify
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017
R-Style Lab
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
Leandro Bennaton
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security
Stephen Cobb
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
Aaron White
 
Should i study cyber security
Should i study cyber securityShould i study cyber security
Should i study cyber security
Vishal Singh
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public SectorScott Geye
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015
Nilesh Sapariya
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Priyanshu Ratnakar
 
Cyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed ActionsCyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed Actions
John Gilligan
 
Hot Cyber Security Technologies
Hot Cyber Security TechnologiesHot Cyber Security Technologies
Hot Cyber Security Technologies
RuchikaSachdeva4
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber Security
Mastel Indonesia
 
Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security Threats
Quick Heal Technologies Ltd.
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness Presentation
Jamie Proctor-Brassard
 
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Knowledge Group
 
Cyber security
Cyber securityCyber security
Cyber security
Siblu28
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
Bijay Bhandari
 

More Related Content

What's hot

Cyber Security Threats and Data Breaches
Cyber Security Threats and Data BreachesCyber Security Threats and Data Breaches
Cyber Security Threats and Data Breaches
Bijay Senihang
 
Presentation on cyber security
Presentation on cyber securityPresentation on cyber security
Presentation on cyber security
9784
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutions
inLabFIB
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
Siemplify
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017
R-Style Lab
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
Leandro Bennaton
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security
Stephen Cobb
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
Aaron White
 
Should i study cyber security
Should i study cyber securityShould i study cyber security
Should i study cyber security
Vishal Singh
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public SectorScott Geye
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015
Nilesh Sapariya
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Priyanshu Ratnakar
 
Cyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed ActionsCyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed Actions
John Gilligan
 
Hot Cyber Security Technologies
Hot Cyber Security TechnologiesHot Cyber Security Technologies
Hot Cyber Security Technologies
RuchikaSachdeva4
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber Security
Mastel Indonesia
 
Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security Threats
Quick Heal Technologies Ltd.
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness Presentation
Jamie Proctor-Brassard
 
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Knowledge Group
 

What's hot (20)

Cyber Security Threats and Data Breaches
Cyber Security Threats and Data BreachesCyber Security Threats and Data Breaches
Cyber Security Threats and Data Breaches
 
Presentation on cyber security
Presentation on cyber securityPresentation on cyber security
Presentation on cyber security
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutions
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
 
Should i study cyber security
Should i study cyber securityShould i study cyber security
Should i study cyber security
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Cyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed ActionsCyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed Actions
 
Hot Cyber Security Technologies
Hot Cyber Security TechnologiesHot Cyber Security Technologies
Hot Cyber Security Technologies
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber Security
 
Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security Threats
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness Presentation
 
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
 

Viewers also liked

Cyber security
Cyber securityCyber security
Cyber security
Siblu28
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
Bijay Bhandari
 
The Road Map to Car Donation
The Road Map to Car DonationThe Road Map to Car Donation
The Road Map to Car Donation
goodwillcardonations
 
Introduction to iPhone App Development - midVentures DESIGN+DEVELOP
Introduction to iPhone App Development - midVentures DESIGN+DEVELOPIntroduction to iPhone App Development - midVentures DESIGN+DEVELOP
Introduction to iPhone App Development - midVentures DESIGN+DEVELOP
KeyLimeTie
 
Social Sign-In 101
Social Sign-In 101Social Sign-In 101
Social Sign-In 101KeyLimeTie
 
Cyber security vision since 2017
Cyber security vision since 2017Cyber security vision since 2017
Cyber security vision since 2017
Takeo Sakaguchi ,CISSP,CISA
 
From zero to SYSTEM on full disk encrypted windows system
From zero to SYSTEM on full disk encrypted windows systemFrom zero to SYSTEM on full disk encrypted windows system
From zero to SYSTEM on full disk encrypted windows system
Nabeel Ahmed
 
Post Car Accident Checklist
Post Car Accident ChecklistPost Car Accident Checklist
Post Car Accident Checklist
kenallenlawfirm
 
Playground Safety Checklist
Playground Safety ChecklistPlayground Safety Checklist
Playground Safety Checklist
Grounds For Play
 
CSS Vocabulary Glossary
CSS Vocabulary GlossaryCSS Vocabulary Glossary
CSS Vocabulary Glossary
Key-Lime-Tie
 
IT Certification And Career Guide
IT Certification And Career GuideIT Certification And Career Guide
IT Certification And Career Guide
TrainACEEDU
 
What Employers Looks For In Your Social Media
What Employers Looks For In Your Social MediaWhat Employers Looks For In Your Social Media
What Employers Looks For In Your Social Media
stevensonuniversity
 
Building A More Eco-Friendly Home
Building A More Eco-Friendly HomeBuilding A More Eco-Friendly Home
Building A More Eco-Friendly Home
DonaldAGardner
 
Testing Checklist: How to Test a Mobile App
Testing Checklist: How to Test a Mobile AppTesting Checklist: How to Test a Mobile App
Testing Checklist: How to Test a Mobile App
xbosoftco
 
A Guide to Employee Recognition
A Guide to Employee RecognitionA Guide to Employee Recognition
A Guide to Employee Recognition
RPGCardServices
 

Viewers also liked (15)

Cyber security
Cyber securityCyber security
Cyber security
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
 
The Road Map to Car Donation
The Road Map to Car DonationThe Road Map to Car Donation
The Road Map to Car Donation
 
Introduction to iPhone App Development - midVentures DESIGN+DEVELOP
Introduction to iPhone App Development - midVentures DESIGN+DEVELOPIntroduction to iPhone App Development - midVentures DESIGN+DEVELOP
Introduction to iPhone App Development - midVentures DESIGN+DEVELOP
 
Social Sign-In 101
Social Sign-In 101Social Sign-In 101
Social Sign-In 101
 
Cyber security vision since 2017
Cyber security vision since 2017Cyber security vision since 2017
Cyber security vision since 2017
 
From zero to SYSTEM on full disk encrypted windows system
From zero to SYSTEM on full disk encrypted windows systemFrom zero to SYSTEM on full disk encrypted windows system
From zero to SYSTEM on full disk encrypted windows system
 
Post Car Accident Checklist
Post Car Accident ChecklistPost Car Accident Checklist
Post Car Accident Checklist
 
Playground Safety Checklist
Playground Safety ChecklistPlayground Safety Checklist
Playground Safety Checklist
 
CSS Vocabulary Glossary
CSS Vocabulary GlossaryCSS Vocabulary Glossary
CSS Vocabulary Glossary
 
IT Certification And Career Guide
IT Certification And Career GuideIT Certification And Career Guide
IT Certification And Career Guide
 
What Employers Looks For In Your Social Media
What Employers Looks For In Your Social MediaWhat Employers Looks For In Your Social Media
What Employers Looks For In Your Social Media
 
Building A More Eco-Friendly Home
Building A More Eco-Friendly HomeBuilding A More Eco-Friendly Home
Building A More Eco-Friendly Home
 
Testing Checklist: How to Test a Mobile App
Testing Checklist: How to Test a Mobile AppTesting Checklist: How to Test a Mobile App
Testing Checklist: How to Test a Mobile App
 
A Guide to Employee Recognition
A Guide to Employee RecognitionA Guide to Employee Recognition
A Guide to Employee Recognition
 

Similar to A Look Into Cyber Security

Cybersecurity Interview Questions Part -2.pdf
Cybersecurity Interview Questions Part -2.pdfCybersecurity Interview Questions Part -2.pdf
Cybersecurity Interview Questions Part -2.pdf
Infosec Train
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Rishi Singh
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
Matthew Pascucci
 
140707_Cyber-Security
140707_Cyber-Security140707_Cyber-Security
140707_Cyber-SecurityTara Gravel
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat Landscape
Melbourne IT
 
Cyber security
Cyber securityCyber security
Cyber security
Rishav Sadhu
 
MT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityMT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in Cybersecurity
Dell EMC World
 
Cyber Security and types of internet threats.pptx
Cyber Security and types of internet threats.pptxCyber Security and types of internet threats.pptx
Cyber Security and types of internet threats.pptx
Sample Assignment
 
Ransomware all locked up book
Ransomware all locked up bookRansomware all locked up book
Ransomware all locked up book
Diego Souza
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
Santiago Cavanna
 
Adam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House CounselAdam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer
 
Understanding Advanced Cybersecurity Threats for the In-House Counsel
Understanding Advanced Cybersecurity Threats for the In-House CounselUnderstanding Advanced Cybersecurity Threats for the In-House Counsel
Understanding Advanced Cybersecurity Threats for the In-House Counsel
Adam Palmer
 
Cyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptxCyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptx
RambilashTudu
 
10 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 201610 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 2016
Core Security
 
10 Things to Watch for in 2016
10 Things to Watch for in 201610 Things to Watch for in 2016
10 Things to Watch for in 2016
Courion Corporation
 
Managed security services for financial services firms
Managed security services for financial services firmsManaged security services for financial services firms
Managed security services for financial services firms
Jake Weaver
 
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
Panda Security
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trump
MAXfocus
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Erik Ginalick
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threatsReadWrite
 

Similar to A Look Into Cyber Security (20)

Cybersecurity Interview Questions Part -2.pdf
Cybersecurity Interview Questions Part -2.pdfCybersecurity Interview Questions Part -2.pdf
Cybersecurity Interview Questions Part -2.pdf
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
 
140707_Cyber-Security
140707_Cyber-Security140707_Cyber-Security
140707_Cyber-Security
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat Landscape
 
Cyber security
Cyber securityCyber security
Cyber security
 
MT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityMT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in Cybersecurity
 
Cyber Security and types of internet threats.pptx
Cyber Security and types of internet threats.pptxCyber Security and types of internet threats.pptx
Cyber Security and types of internet threats.pptx
 
Ransomware all locked up book
Ransomware all locked up bookRansomware all locked up book
Ransomware all locked up book
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
Adam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House CounselAdam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House Counsel
 
Understanding Advanced Cybersecurity Threats for the In-House Counsel
Understanding Advanced Cybersecurity Threats for the In-House CounselUnderstanding Advanced Cybersecurity Threats for the In-House Counsel
Understanding Advanced Cybersecurity Threats for the In-House Counsel
 
Cyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptxCyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptx
 
10 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 201610 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 2016
 
10 Things to Watch for in 2016
10 Things to Watch for in 201610 Things to Watch for in 2016
10 Things to Watch for in 2016
 
Managed security services for financial services firms
Managed security services for financial services firmsManaged security services for financial services firms
Managed security services for financial services firms
 
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trump
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threats
 

Recently uploaded

How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
Globus
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Globus
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
Fermin Galan
 
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Anthony Dahanne
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Mind IT Systems
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
Ortus Solutions, Corp
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
Philip Schwarz
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
Max Andersen
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
Globus
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
Globus
 
A Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdfA Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdf
kalichargn70th171
 
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteAI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
Google
 
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume MontevideoVitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Shahin Sheidaei
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
Juraj Vysvader
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
takuyayamamoto1800
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
NYGGS Automation Suite
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
Paco van Beckhoven
 

Recently uploaded (20)

How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
 
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
 
A Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdfA Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdf
 
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteAI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
 
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume MontevideoVitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume Montevideo
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
 

A Look Into Cyber Security

  • 1. A Look into Cyber Security | 1© G Treasury SS, LLC 2008 -2017 A LOOK INTO CYBER SECURITY
  • 2. A Look into Cyber Security | 2© G Treasury SS, LLC 2008 -2017 Network security in cyberspace is never far from the headlines. When it does reach the headlines, it’s never good news. Here are just a few famous – or infamous – security breaches of the not-too-distant past, even though they might seem like ancient history by now: Target, Adobe, TJX, Home Depot, Sony Playstation, Heartland, Epsilon. Hackers and cyber-thieves are, unfortunately, good at what they do and getting more sophisticated all the time. They take advantage of gaps and weak spots in information technology systems. But those gaps and weak spots are there, almost exclusively, because some human being wasn’t doing his or her job properly. We can always improve our hardware and software, and we’ll discuss a few ways we’re doing that. But it doesn’t matter how powerful or expensive your system is if you don’t know how to use it. A LOOK INTO CYBER SECURITY
  • 3. A Look into Cyber Security | 3© G Treasury SS, LLC 2008 -2017 SWIFT is a messaging system used by banks and financial companies. SWIFT messages include, but are not limited to, payment orders. The SWIFT network itself was not hacked. But the hackers, operating from Egypt, penetrated the banks’ systems and installed malware. The malware modified the bank’s Alliance Access software, which reads and writes the SWIFT messages and records transactions. The malware altered payment orders, increasing transaction amounts and changing payment destinations. It also changed the SWIFT payment confirmation messages back to the original amounts or deleted them entirely. A police investigation showed that the Bangladesh Bank had no firewalls and was using second-hand, ten-dollar switches on its network. The Philippine bank was using a $25 router and default passwords. It’s little wonder that the crooks were able to get into the networks. Anyone who takes security seriously knows that security demands investment. You can’t expect good results by picking cheap components off the shelf, plugging them in, and hoping they’ll work. The components need to be part of a coherent plan. OUTDATED TECHNOLOGY & HUMAN ERROR
  • 4. A Look into Cyber Security | 4© G Treasury SS, LLC 2008 -2017 HOW THE ENEMY WORKS Spam. Spear phishing. Social engineering. Confederates inside the target institutions. Black-hat tool kits that are more advanced than the tools that developers work with when building applications. They’re all part of the arsenal that hackers use. Nowadays we don’t hear much from the deposed African prince who wants to split a hundred million bucks with us. Cyber crime has gone way beyond such stickups of unwary individuals. The cyber criminals are working full time and studying your business. They scan for the open port, look for SSL vulnerabilities, do automated testing. They seek out the one vulnerable machine on the network or the one gullible or inattentive person who clicks on a link and lets malware in. They also learn who does your payroll, whether you use FedEx, who’s your ISP. They’ll send you an invoice that says your account is overdue and you’ll be terminated if you don’t reply. People click on the invoice link, which can look like a pdf file but which masks an executable one, without thinking. Even high-credentialed employees like executives, CFOs, and treasurers get duped. They’re in a hurry, and they click on links without thinking.
  • 5. A Look into Cyber Security | 5© G Treasury SS, LLC 2008 -2017 HOW THE ENEMY WORKS (CONT.) All the hackers need for a response rate is for one percent of their attempts to succeed, but the percentage of the population that falls for it is much higher than that. More than 80% of malware that reaches its target gets distributed by phishing, or by somebody’s clicking a link on a compromised web site. This campaign highlights the fact that organizations are only as strong as their weakest link, and in this case, it’s their employees. IBM’s 2015 Cyber Security Intelligence Index indicated 95 percent of all attacks involve some type of human error. Attackers rely on that factor, counting on someone to open a fraudulent attachment or link. Wordpress sites are a particular problem. Many people who use Wordpress do it as a hobby, not in their full time jobs. They don’t keep security patches up-to-date. So if some hacker compromises a Wordpress site and adds their own code, and then you click on one of the site’s links – behind the scenes there’s a software download to your machine.
  • 6. A Look into Cyber Security | 6 Think of your business as a castle. Build the walls and dig the moat. Most attackers are looking for the soft spots and easy pickings – they prefer to probe for open doors to your system, and to simply walk in. You can turn these intrusion attempts aside by having those walls and moat - appropriate policies and components – in place. The drawbridge and the great wooden door are the entryway to the castle. Sometimes that door must be opened, or the castle can’t function in the world outside. The door should open only when needed. No other entryways, such as windows or emergency doors, should be left unlocked. When the door is opened, be sure you have vigilant, armed, well-trained sentries on duty. They’ll protect you from almost every other external threat – the attackers who go beyond casual probing to methodical intrusion attempts. With the above measures in place, you’ll be guarding against about 99% of all forays against your system. Finally, station hundreds of vigilant guards atop the castle walls and around the base of the walls. They’ll spot and dispatch the final one percent of attackers, those lone daredevils who try to scale the walls or tunnel beneath them. DEFENDING YOUR CASTLE © G Treasury SS, LLC 2008 -2017
  • 7. A Look into Cyber Security | 7© G Treasury SS, LLC 2008 -2017 DEFENDING YOUR CASTLE (CONT.) To summarize - the walls and the moat are administrator rights to your system. More precisely, they’re the curtailments, the strict limitations, of administrator rights. Smart, aggressive control of administrator rights can neutralize around 85% of malware attacks. The drawbridge and sentries are password controls. Eliminate stolen passwords and you’ll turn back almost all of the remaining intrusion attempts. About 14 percent of them. But if, somehow, an attacker climbs the wall or digs underneath it, the vigilant guards that will nab him are the two-factor authentication brigade. That’s the final one percent of protection. Let’s carry the castle analogy just a bit further. It will be much harder to defend the castle if you don’t keep the walls mortared and if you don’t keep the food and ammunition supplies fresh and plentiful. That’s your hardware and software. Keep it current, and keep it patched. Finally, if your soldiers and sentries are untrained or lazy, it doesn’t matter how strong your walls are. The human factor has always posed the biggest risk in cybersecurity. All of your employees have a part to play. So keep them trained and informed. Whether they realize it or not, they’re on duty all day, every day in the fight against cyber-thieves.
  • 8. A Look into Cyber Security | 8© G Treasury SS, LLC 2008 -2017 AN ATTACK-IN-DEPTH The “Dyre Wolf” campaign against banks shows just how sophisticated the hackers have become. Discovered and named by IBM researchers, it’s an invasion-in-depth, a mirror image of a defense-in depth. Dyre Wolf has pulled off several million-dollar heists from banks and corporations. Run by criminals in Eastern Europe, Dyre Wolf uses spear phishing or spam emails to get a foothold in the system. Then its minions post phony dialogue boxes about system errors, prompting a phone call to a fake service center. They lure employees of the target company into revealing their passwords and authentication codes over the phone. They also post spoofed web sites, where gullible employees think they’re logging in. Within seconds, millions of dollars get whisked away through a maze of foreign banks. The attackers frequently launch a Distributed Denial of Service (DDoS) attack on the target bank to prevent it from seeing what just happened. This is all very scary. But the first, essential break in the target bank’s defenses came when an employee or some other insider such as a vendor allowed a download of malware. The enemy made it through the castle walls and plucked the keys to the castle keep from another employee. IBM’s 2015 Cyber Security Intelligence Index, which describes Dyre Wolf in detail, stated that 55 percent of all attacks recorded in 2014 were carried out by those who had inside access to the target company’s systems. Some of those insiders were malicious; others were unwitting dupes. Elsewhere in that report, IBM states that 95% of actual breaches were caused by human error. So, by now it must be obvious. You’re only as strong as your weakest link, and that link is almost always an employee. So what to do?
  • 9. A Look into Cyber Security | 9© G Treasury SS, LLC 2008 -2017 BUILDING A DEFENSE Let’s return to the castle and its walls, moat, and sentries. Let’s also narrow our discussion to the breaches that keep bankers and corporate treasurers tossing and turning: those that result in unauthorized transfers of money. In broad strokes, if you start from a secure base, a system in which nobody has rights to anything, and then you open it up to people or processes as necessary, then your solution will be secure and will enable people to do things that must be done. On the other hand, if you start with a system that is wide open and proceed to lock things down, you inevitably will miss locking or closing certain doors. Moreover, as things change, as people come and go or acquire new privileges and responsibilities, you’ve got to be especially vigilant in monitoring everyone and in shutting down additional doors. It’s far easier to grant as necessary rather than trying to deny access once some change occurs. Let’s assume that an attacker has fooled someone into downloading malware onto his or her computer. How much damage can that do? Some, of course, but you can limit it substantially if the infected computer does not have access to administrator rights. If the user of said computer is a “standard” or “least privilege” user, then the worst-case damage will be limited to what that user can do. It can’t change files, install software, change processes, and so on. In other words, it would not allow the types of changes to the SWIFT messages that hit the Bangladesh Bank.
  • 10. A Look into Cyber Security | 10© G Treasury SS, LLC 2008 -2017 BUILDING A DEFENSE (CONT.) The “2014 Microsoft Vulnerabilities Report” by Avecto, a UK software firm, states that “97% of critical Microsoft vulnerabilities could be mitigated by removing admin rights across an enterprise.” One of the report’s key findings almost reiterated the point: “97% of Critical Remote Code Execution vulnerabilities could be mitigated by removing admin rights.” The report explains “mitigation” in stating “a standard user account either nullifies the vulnerability itself or nullifies the impact of the vulnerability by preventing the exploit from gaining elevated privilege throughout the user.” The Avecto report dealt with Microsoft vulnerabilities. But applications like Flash and Java can be exploited as well. Granting admins right to them, or to any other application with known vulnerabilities, is to be courting disaster. Privilege management is not a panacea. If you’ve got sturdy castle walls but the drawbridge is open, the barbarians will storm through the gate. At that point you’re relying on your guards. But who is verifying the guard’s activities – the familiar question “Who’s guarding the guards?” Some guards need access to sensitive areas of the castle. Who is verifying that they’re doing everything they must be doing, but only what they must be doing. This is where auditing comes in. Remember the percentage of attacks that stem from human error. Some errors are inadvertent; others are deliberate. Does an independent party review your logs, daily, of who accesses production servers? Do you have somebody who is independent of the guards’ function reviewing these accesses? It is similar to the “dual control” of cash practiced by banks, or the requirement for “four eyes” needed to complete an action.
  • 11. A Look into Cyber Security | 11© G Treasury SS, LLC 2008 -2017 Think about what kinds of applications your employees need in order to do their jobs. Do they need Flash installed? Or Java? Perhaps you should consider having application whitelist, to specify what can be installed on company machines, and what will be blocked by default. Most applications installed by users have little to do with their jobs. They may go onto Facebook. They may have a Google Dropbox. They will install things to do at lunchtime. If a company does not know what applications its employees have installed, or how they are using them, then the company will have no control over the information that is flowing through users’ machines on the network. LIMITATIONS
  • 12. A Look into Cyber Security | 12© G Treasury SS, LLC 2008 -2017 In the case of the Philippine Bank breach mentioned above, the bank was using a $25, second-hand router. It also had no firewalls and used default passwords. Human error, anyone? By now, it should be obvious to any user of IT that their passwords should be in a format that is hard to guess or to discover through algorithms. Passwords should also be changed frequently. Company policies should mandate such approaches. It is a very easy thing to enforce password complexity. Companies should also routinely test passwords to see if they can be broken easily. The whole issue is so familiar that we needn’t go through it here. Still, there’s a distressing proportion of computer users whose password is “password” or “123456.” POLICIES & PASSWORDS
  • 13. A Look into Cyber Security | 13© G Treasury SS, LLC 2008 -2017 SINGLE SIGN-ON Single Sign-On (SSO) is another effective countermeasure. With SSO, a session and user authentication service permits a user to use one set of login credentials (e.g., name and password) to access multiple applications. It is easy to set up and manage. There are many third-party products, including Microsoft Active Directory Federated Service (ADFS) that work well. They balance out the tradeoff between ease of access for the end user and tight, documented security for the auditors and internal security team. With SSO, mandated password changes are easy. You only have to change the password in one place to update if for every application that supports SSO. You don’t have to go into every system and individual application. Managing multiple passwords, and having to remember them for every system, causes a great deal of user frustration and password-related errors. Because SSO is authentication by a trusted server within the company network, third-party applications like GTreasury do not have to make their own determination that a given user’s credentials are valid. Then, third parties can use the same trusted source that the company is using for its users’ identification and validation.
  • 14. A Look into Cyber Security | 14© G Treasury SS, LLC 2008 -2017 Multi-factor Authentication (MFA) combines “something you know” – a password – with “something you have.” The “something you have” portion might be a physical token with a distinct, encrypted security code. It might also be a message sent to a mobile phone or a laptop computer. Even if some hacker penetrates your network and steals your password, he can’t make off with the goods unless he also gets hold of the other authenticating factor. MFA does not just need to be on login. It could also come into play at any functional point of using an application – such as approving a payment. The Dyre Wolf guys scored despite MFA because they succeeded in getting both pieces of the puzzle. With faked phone calls and spoofed web sites, they tricked the victims into revealing or entering essential information like security codes or passwords. Again, this shows that no technology is foolproof if humans mishandle it. It also shows the need to layer security, rather than to rely on any one method or solution component. MULTI-FACTOR AUTHENTICATION
  • 15. A Look into Cyber Security | 15© G Treasury SS, LLC 2008 -2017 MOBILITY & THE CLOUD If you do a good job of restricting administrator rights, of managing identities and passwords, and of implementing two-factor authentication, you’re showing that you’re serious about cyber-security. Your auditors will approve; so too should your lawyers and law-enforcement authorities. Data breaches are a real threat nowadays, even for companies that are diligent about security. If your company’s systems are breached, your legal liability may be much less if you have followed a strategy of defense-in-depth than if you were oblivious to best security practices. In the event of the latter, there could be additional or punitive damages assessed.
  • 16. A Look into Cyber Security | 16© G Treasury SS, LLC 2008 -2017 If you’re a corporate treasurer, be very careful about using your home computer or your mobile device. If you’re in an airport, for instance, you might inadvertently login onto a Wi-Fi that looks legitimate – named something like “Lagardia” or “Heatrow” – and send critical data to a hacker for a man-in-the-middle attack. Again, going back to the human element, remember that terminated employees aren’t fully terminated until they no longer have access to any of your systems. When you dismiss someone, you shut off access to the internal network. But do you use one or more cloud-based services? If so, someone has to go out and delete the departed individual from every one. It takes some extra work and doesn’t happen automatically unless your cloud provider’s web services offer to disable terminated users’ accounts. CAUTIONARY TALES
  • 17. A Look into Cyber Security | 17© G Treasury SS, LLC 2008 -2017 CONCLUSION Once more to our castle analogy, we find that cloud computing might just allow potential invaders to glide right over the castle walls and drop in from the sky. You still need vigilant sentries to spot them. You’ll need to give the sentries some accurate, long-range crossbows to nail them even before they land. Or maybe we’ve had enough comparisons with the Middle Ages. Let’s move into modern times and sum it up by thinking of cyber-security as we think of that great American game, football. They say that offense wins games but defense wins championships. And what do you need to build a champion defense? • A well-thought-out game plan – your security policies and procedures. • A defense-in-depth consisting of big strong linemen, heady and agile linebackers, and fleet defensive backs – your tightly controlled admin rights, robust passwords and identity management, and two-factor authentication. • And most importantly, your players – talented, well prepared, and thoroughly drilled. The entire squad, from the highest-paid starters to the least-used substitutes. Your employees. They’re the ones who do the work; they’re the ones on whom you rely