This is a short presentation Skibo has been delivering to companies over the past 12 months, based on real-world experience in dealing with cyber security incidents,
TeleSign’s Findings on the Future of Digital Identity, Guillaume BourcyAlan Quayle
TeleSign’s Findings on the Future of Digital Identity
Guillaume Bourcy, Data Growth and Strategy at TeleSign
COVID-19, A sign of What’s to Come: Accelerated Digital Transformation brings vulnerabilities, even with basic mitigation practice.
How Fraud is Endemic: Shifting from offline to online increases the need to establish trusted digital identities in real-time.
Today weaknesses, myth and reality of current solutions: Evolving government regulations have a serious impact on global industries.
Mitigating friction, while adhering to regulation and enhanced security processes, can be challenging.
Rising need for Ubiquity: A single, reliable partner to enable engagement and provide security insights.
This infographic highlights key stats and messages from the analyst report from J.Gold Associates that addresses the growing economic impact of mobile cybercrime and fraud.
2016 Cyber Security Breaches Survey for the UKGary Chambers
PIB Insurance Brokers is proud to present our report summarising the 2016 Cyber Security Breaches Survey for the United Kingdom, commissioned by the Department for Culture, Media & Sport as part of the National Cyber Security Programme.
With 300,000 unique phishing attacks reported in the first half of 2017, organizations must evaluate prevention measures to mitigate the threat. As phishing becomes one of the frequently encountered fraud categories in businesses, QPS continues to be a sentinel for merchants and financial institutions in minimizing risks by implementing proactive fraud prevention measures.
Security Concerns Around the World | InfographicPing Identity
Ping Identity’s 2019 consumer survey reveals interesting insights about where residents of the U.S., Australia, France and Germany differ from one another in their cybersecurity concerns and behavioral trends. Check out the infographic to see which country’s respondents are most concerned about surveillance, which are least likely to sign-on to their accounts through a third-party service and more.
Consumer Attitudes in a Post-breach Era: The Geographical GapPing Identity
Ping Identity’s consumer survey on security perceptions and behavior revealed significant differences between residents of the U.S., France, Germany and the UK. Some are more carefree with their information, while others have less trust in brands.
2018 Survey: Consumer Attitudes in a Post-Breach Era - The Generational GapPing Identity
Consumers under 35 and over 55 have significant differences in the way they think about security, willingness to share personal information, investment in data protection and use of technology like biometrics. Check out the infographic to see where Ping Identity’s survey revealed the biggest differences.
The Cybersecurity Information Sharing Act (CISA) would spur cyber threat information sharing in smart ways that protect and respect privacy. The bipartisan bill includes compromises from multiple stakeholders.
TeleSign’s Findings on the Future of Digital Identity, Guillaume BourcyAlan Quayle
TeleSign’s Findings on the Future of Digital Identity
Guillaume Bourcy, Data Growth and Strategy at TeleSign
COVID-19, A sign of What’s to Come: Accelerated Digital Transformation brings vulnerabilities, even with basic mitigation practice.
How Fraud is Endemic: Shifting from offline to online increases the need to establish trusted digital identities in real-time.
Today weaknesses, myth and reality of current solutions: Evolving government regulations have a serious impact on global industries.
Mitigating friction, while adhering to regulation and enhanced security processes, can be challenging.
Rising need for Ubiquity: A single, reliable partner to enable engagement and provide security insights.
This infographic highlights key stats and messages from the analyst report from J.Gold Associates that addresses the growing economic impact of mobile cybercrime and fraud.
2016 Cyber Security Breaches Survey for the UKGary Chambers
PIB Insurance Brokers is proud to present our report summarising the 2016 Cyber Security Breaches Survey for the United Kingdom, commissioned by the Department for Culture, Media & Sport as part of the National Cyber Security Programme.
With 300,000 unique phishing attacks reported in the first half of 2017, organizations must evaluate prevention measures to mitigate the threat. As phishing becomes one of the frequently encountered fraud categories in businesses, QPS continues to be a sentinel for merchants and financial institutions in minimizing risks by implementing proactive fraud prevention measures.
Security Concerns Around the World | InfographicPing Identity
Ping Identity’s 2019 consumer survey reveals interesting insights about where residents of the U.S., Australia, France and Germany differ from one another in their cybersecurity concerns and behavioral trends. Check out the infographic to see which country’s respondents are most concerned about surveillance, which are least likely to sign-on to their accounts through a third-party service and more.
Consumer Attitudes in a Post-breach Era: The Geographical GapPing Identity
Ping Identity’s consumer survey on security perceptions and behavior revealed significant differences between residents of the U.S., France, Germany and the UK. Some are more carefree with their information, while others have less trust in brands.
2018 Survey: Consumer Attitudes in a Post-Breach Era - The Generational GapPing Identity
Consumers under 35 and over 55 have significant differences in the way they think about security, willingness to share personal information, investment in data protection and use of technology like biometrics. Check out the infographic to see where Ping Identity’s survey revealed the biggest differences.
The Cybersecurity Information Sharing Act (CISA) would spur cyber threat information sharing in smart ways that protect and respect privacy. The bipartisan bill includes compromises from multiple stakeholders.
Surveillance is a growing concern in Europe, and Mozilla believes that privacy and security should be treated as fundamental and not optional in the browsing experience. That's why Firefox has introduced new features for tracking protection and private browsing. Do not track is not only a way to navigate the web, it might also become part of a new privacy law in the EU. We will discuss how this has been implemented in the newest version of Firefox, next steps, and why it's important to have transparency and control in our online experiences.
https://fosdem.org/2016/schedule/event/mozilla_privacy_tracking_protection_firefox/
Why Your Finance Firm Must Monitor For Stolen AccountsDavid McHale
Learn why your finance firm needs to be monitoring for exposed credentials on the dark web in this brief facts-based presentation on identity theft in the finance sector!
Beware of Scam Artists - Recognize Them Before They Get You!Narayan Makaram
Scam artists are expected to steal over $2 billion in 2020, according to ScamSpotter.org. They invariably contact you via phone calls, text messages or email, pretend to be someone you trust (e.g. IRS, your Bank, or IT support), and create a sense of urgency for you to respond. Scammers are primarily out to get your personal information, credit card numbers, or your money.
I will be walking through a few common scamming scenarios and arm you with the top actions that you can take to avoid being defrauded. It would be enlightening to hear some of your stories too, to make this session interactive. Together, we will learn how to stay a step ahead of the scammers.
Fraud in digital advertising botnet baseline summery ziv ginsbergZiv Ginsberg
Fraud in Digital Advertising Botnet Baseline Summery - Ziv Ginsberg
This is a summery of the 50 pages research thet made on the field of botnet by white ops.
As part of the 2019 Global Ventures Summit being hosted at Tech Expo Guadalajara, we shared our outlook for cybersecurity entrepreneurship in the region
[Webinar] The impact of innovation and technology for businesses in 2018Somo
In our recent webinar our strategy, product and technical experts provided key insights on how businesses can leverage the emerging technologies of 2018 to drive growth and innovation.
Check out the video: https://www.youtube.com/watch?v=v803mbXbYy4
Check out my new #INFOGRAPHIC designed for Malwarebytes: THE GLOBAL IMPACT OF RANSOMWARE ON BUSINESSES. The 2016 State of Ransomware report, conducted by Osterman Research and sponsored by Malwarebytes, surveyed 540 CIOs, CISOs, and IT directors in four countries.
Here's what we found.
https://lnkd.in/emT9_k3 show less
There are 2 main forms of mobile fraud - display ad fraud and install fraud. This deck focuses on the far more lucrative and larger form - mobile display fraud.
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec
Youth in foster care face unique risks to their identity.In this webinar we discuss the risks, as well as tips for better protection. Watch on demand here: https://symc.ly/2N8cELV.
Will the largest acquisition in the semiconductorVinsion Chan
In recent years, Microsemi has grown through a series of mergers and acquisitions, especially in the aerospace and defense fields. Microsemi hopes to further expand in the aerospace and defense fields through this transaction. As a buyer, Microchip currently has a relatively weak sense of presence in the aerospace and defense markets, accounting for only about 2% of its annual sales
IRCE 2018 Magento Straight Talk: The Ecommerce Fraud Index and How You Compar...Mike Cassidy
Signifyd's 2018 Ecommerce Fraud Index illustrates how eight retail verticals are vulnerable to various kinds of fraud and how those threats have changed over eight quarters. Signifyd Director of Merchant Advocacy Sourabh Kothari delivered a presentation on the index at IRCE on June 6, 2018.
Surveillance is a growing concern in Europe, and Mozilla believes that privacy and security should be treated as fundamental and not optional in the browsing experience. That's why Firefox has introduced new features for tracking protection and private browsing. Do not track is not only a way to navigate the web, it might also become part of a new privacy law in the EU. We will discuss how this has been implemented in the newest version of Firefox, next steps, and why it's important to have transparency and control in our online experiences.
https://fosdem.org/2016/schedule/event/mozilla_privacy_tracking_protection_firefox/
Why Your Finance Firm Must Monitor For Stolen AccountsDavid McHale
Learn why your finance firm needs to be monitoring for exposed credentials on the dark web in this brief facts-based presentation on identity theft in the finance sector!
Beware of Scam Artists - Recognize Them Before They Get You!Narayan Makaram
Scam artists are expected to steal over $2 billion in 2020, according to ScamSpotter.org. They invariably contact you via phone calls, text messages or email, pretend to be someone you trust (e.g. IRS, your Bank, or IT support), and create a sense of urgency for you to respond. Scammers are primarily out to get your personal information, credit card numbers, or your money.
I will be walking through a few common scamming scenarios and arm you with the top actions that you can take to avoid being defrauded. It would be enlightening to hear some of your stories too, to make this session interactive. Together, we will learn how to stay a step ahead of the scammers.
Fraud in digital advertising botnet baseline summery ziv ginsbergZiv Ginsberg
Fraud in Digital Advertising Botnet Baseline Summery - Ziv Ginsberg
This is a summery of the 50 pages research thet made on the field of botnet by white ops.
As part of the 2019 Global Ventures Summit being hosted at Tech Expo Guadalajara, we shared our outlook for cybersecurity entrepreneurship in the region
[Webinar] The impact of innovation and technology for businesses in 2018Somo
In our recent webinar our strategy, product and technical experts provided key insights on how businesses can leverage the emerging technologies of 2018 to drive growth and innovation.
Check out the video: https://www.youtube.com/watch?v=v803mbXbYy4
Check out my new #INFOGRAPHIC designed for Malwarebytes: THE GLOBAL IMPACT OF RANSOMWARE ON BUSINESSES. The 2016 State of Ransomware report, conducted by Osterman Research and sponsored by Malwarebytes, surveyed 540 CIOs, CISOs, and IT directors in four countries.
Here's what we found.
https://lnkd.in/emT9_k3 show less
There are 2 main forms of mobile fraud - display ad fraud and install fraud. This deck focuses on the far more lucrative and larger form - mobile display fraud.
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec
Youth in foster care face unique risks to their identity.In this webinar we discuss the risks, as well as tips for better protection. Watch on demand here: https://symc.ly/2N8cELV.
Will the largest acquisition in the semiconductorVinsion Chan
In recent years, Microsemi has grown through a series of mergers and acquisitions, especially in the aerospace and defense fields. Microsemi hopes to further expand in the aerospace and defense fields through this transaction. As a buyer, Microchip currently has a relatively weak sense of presence in the aerospace and defense markets, accounting for only about 2% of its annual sales
IRCE 2018 Magento Straight Talk: The Ecommerce Fraud Index and How You Compar...Mike Cassidy
Signifyd's 2018 Ecommerce Fraud Index illustrates how eight retail verticals are vulnerable to various kinds of fraud and how those threats have changed over eight quarters. Signifyd Director of Merchant Advocacy Sourabh Kothari delivered a presentation on the index at IRCE on June 6, 2018.
Improving profitability for small businessBen Wann
In this comprehensive presentation, we will explore strategies and practical tips for enhancing profitability in small businesses. Tailored to meet the unique challenges faced by small enterprises, this session covers various aspects that directly impact the bottom line. Attendees will learn how to optimize operational efficiency, manage expenses, and increase revenue through innovative marketing and customer engagement techniques.
Personal Brand Statement:
As an Army veteran dedicated to lifelong learning, I bring a disciplined, strategic mindset to my pursuits. I am constantly expanding my knowledge to innovate and lead effectively. My journey is driven by a commitment to excellence, and to make a meaningful impact in the world.
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...BBPMedia1
Grote partijen zijn al een tijdje onderweg met retail media. Ondertussen worden in dit domein ook de kansen zichtbaar voor andere spelers in de markt. Maar met die kansen ontstaan ook vragen: Zelf retail media worden of erop adverteren? In welke fase van de funnel past het en hoe integreer je het in een mediaplan? Wat is nu precies het verschil met marketplaces en Programmatic ads? In dit half uur beslechten we de dilemma's en krijg je antwoorden op wanneer het voor jou tijd is om de volgende stap te zetten.
Implicitly or explicitly all competing businesses employ a strategy to select a mix
of marketing resources. Formulating such competitive strategies fundamentally
involves recognizing relationships between elements of the marketing mix (e.g.,
price and product quality), as well as assessing competitive and market conditions
(i.e., industry structure in the language of economics).
Unveiling the Secrets How Does Generative AI Work.pdfSam H
At its core, generative artificial intelligence relies on the concept of generative models, which serve as engines that churn out entirely new data resembling their training data. It is like a sculptor who has studied so many forms found in nature and then uses this knowledge to create sculptures from his imagination that have never been seen before anywhere else. If taken to cyberspace, gans work almost the same way.
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...BBPMedia1
Marvin neemt je in deze presentatie mee in de voordelen van non-endemic advertising op retail media netwerken. Hij brengt ook de uitdagingen in beeld die de markt op dit moment heeft op het gebied van retail media voor niet-leveranciers.
Retail media wordt gezien als het nieuwe advertising-medium en ook mediabureaus richten massaal retail media-afdelingen op. Merken die niet in de betreffende winkel liggen staan ook nog niet in de rij om op de retail media netwerken te adverteren. Marvin belicht de uitdagingen die er zijn om echt aansluiting te vinden op die markt van non-endemic advertising.
Business Valuation Principles for EntrepreneursBen Wann
This insightful presentation is designed to equip entrepreneurs with the essential knowledge and tools needed to accurately value their businesses. Understanding business valuation is crucial for making informed decisions, whether you're seeking investment, planning to sell, or simply want to gauge your company's worth.
"𝑩𝑬𝑮𝑼𝑵 𝑾𝑰𝑻𝑯 𝑻𝑱 𝑰𝑺 𝑯𝑨𝑳𝑭 𝑫𝑶𝑵𝑬"
𝐓𝐉 𝐂𝐨𝐦𝐬 (𝐓𝐉 𝐂𝐨𝐦𝐦𝐮𝐧𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬) is a professional event agency that includes experts in the event-organizing market in Vietnam, Korea, and ASEAN countries. We provide unlimited types of events from Music concerts, Fan meetings, and Culture festivals to Corporate events, Internal company events, Golf tournaments, MICE events, and Exhibitions.
𝐓𝐉 𝐂𝐨𝐦𝐬 provides unlimited package services including such as Event organizing, Event planning, Event production, Manpower, PR marketing, Design 2D/3D, VIP protocols, Interpreter agency, etc.
Sports events - Golf competitions/billiards competitions/company sports events: dynamic and challenging
⭐ 𝐅𝐞𝐚𝐭𝐮𝐫𝐞𝐝 𝐩𝐫𝐨𝐣𝐞𝐜𝐭𝐬:
➢ 2024 BAEKHYUN [Lonsdaleite] IN HO CHI MINH
➢ SUPER JUNIOR-L.S.S. THE SHOW : Th3ee Guys in HO CHI MINH
➢FreenBecky 1st Fan Meeting in Vietnam
➢CHILDREN ART EXHIBITION 2024: BEYOND BARRIERS
➢ WOW K-Music Festival 2023
➢ Winner [CROSS] Tour in HCM
➢ Super Show 9 in HCM with Super Junior
➢ HCMC - Gyeongsangbuk-do Culture and Tourism Festival
➢ Korean Vietnam Partnership - Fair with LG
➢ Korean President visits Samsung Electronics R&D Center
➢ Vietnam Food Expo with Lotte Wellfood
"𝐄𝐯𝐞𝐫𝐲 𝐞𝐯𝐞𝐧𝐭 𝐢𝐬 𝐚 𝐬𝐭𝐨𝐫𝐲, 𝐚 𝐬𝐩𝐞𝐜𝐢𝐚𝐥 𝐣𝐨𝐮𝐫𝐧𝐞𝐲. 𝐖𝐞 𝐚𝐥𝐰𝐚𝐲𝐬 𝐛𝐞𝐥𝐢𝐞𝐯𝐞 𝐭𝐡𝐚𝐭 𝐬𝐡𝐨𝐫𝐭𝐥𝐲 𝐲𝐨𝐮 𝐰𝐢𝐥𝐥 𝐛𝐞 𝐚 𝐩𝐚𝐫𝐭 𝐨𝐟 𝐨𝐮𝐫 𝐬𝐭𝐨𝐫𝐢𝐞𝐬."
Buy Verified PayPal Account | Buy Google 5 Star Reviewsusawebmarket
Buy Verified PayPal Account
Looking to buy verified PayPal accounts? Discover 7 expert tips for safely purchasing a verified PayPal account in 2024. Ensure security and reliability for your transactions.
PayPal Services Features-
🟢 Email Access
🟢 Bank Added
🟢 Card Verified
🟢 Full SSN Provided
🟢 Phone Number Access
🟢 Driving License Copy
🟢 Fasted Delivery
Client Satisfaction is Our First priority. Our services is very appropriate to buy. We assume that the first-rate way to purchase our offerings is to order on the website. If you have any worry in our cooperation usually You can order us on Skype or Telegram.
24/7 Hours Reply/Please Contact
usawebmarketEmail: support@usawebmarket.com
Skype: usawebmarket
Telegram: @usawebmarket
WhatsApp: +1(218) 203-5951
USA WEB MARKET is the Best Verified PayPal, Payoneer, Cash App, Skrill, Neteller, Stripe Account and SEO, SMM Service provider.100%Satisfection granted.100% replacement Granted.
Attending a job Interview for B1 and B2 Englsih learnersErika906060
It is a sample of an interview for a business english class for pre-intermediate and intermediate english students with emphasis on the speking ability.
Digital Transformation and IT Strategy Toolkit and TemplatesAurelien Domont, MBA
This Digital Transformation and IT Strategy Toolkit was created by ex-McKinsey, Deloitte and BCG Management Consultants, after more than 5,000 hours of work. It is considered the world's best & most comprehensive Digital Transformation and IT Strategy Toolkit. It includes all the Frameworks, Best Practices & Templates required to successfully undertake the Digital Transformation of your organization and define a robust IT Strategy.
Editable Toolkit to help you reuse our content: 700 Powerpoint slides | 35 Excel sheets | 84 minutes of Video training
This PowerPoint presentation is only a small preview of our Toolkits. For more details, visit www.domontconsulting.com
3. All other crime
47%
Computer
Misuse 17%
Cyber Enabled
Fraud 36%
Cyber Crime as a proportion of UK crime
in 2015 (Source: ONS)
All other crime Computer Misuse Cyber Enabled Fraud
Hello and welcome to this short presentation on Cyber Security. My name is Mark Mair and I’m a cyber security consultant working for Skibo Technologies and for the past 11 years I have been working in the field of information security, helping business of all sizes understand the threats posed by cyber crime and advising on the measures to mitigate against those threats. At the end of this presentation there are links to e-learning based training we have developed to assist with this, including a free course on Phishing Awareness.
In this presentation I’ll be covering several topics around Cyber Security and why it should be high on the priority list of any organisation.
I’ll start by covering the Threat Landscape. I’ll discuss the scale of cyber crime in the UK and the impact it’s having on organisations of all sizes. This will include real world examples of cyber crime Skibo has dealt with in the past 18 months. For obvious reasons these examples will be redacted in order to keep the identity of the organisations in question confidential.
The topics covered will include:
Who
I’ll discuss the different groups and individuals that pose a threat and why each group will have different motives for wanting to attack an organisation.
Why
I will cover the why? What motivates cyber criminals to target organisations and individuals? Once you understand what your organisation has that is valuable to a criminals you can’t start to formulate an action plan to mitigate against the risks.
How
In the how section I’ll go over some of the most common methods used by criminals to gains access to a company’s assets, whether that’s financial, intellectual property or other market sensitive information as well as the computer network itself.
Cyber-crime is the fastest growing area of crime in the UK and very organisation, regardless of its size, geographic location or industry sector is a target.
To put that in context, the latest UK Government report on Cyber-crime compiled by the Office of National Statistics for 2105 reports that there were 2.11 victims of cyber crim in the UK. Of that number only 16.5K cyber dependent and approximately 700,000 cyber-enabled incidents were reported to Action Fraud. It’s estimated that 85% of computer based fraud & cyber-related crime goes unreported. Cyber-crime is estimated to cost the UK upwards of 27 billion pounds per year.
Cyber-enabled fraud in 2015 accounted for 36% of all UK crime, with computer misuse accounting for another 17%. In other words more than half of all UK crime is cyber related.
I’m sure you have all seen the news reports of high profile data breaches with the likes of Sony, Yahoo and Linked to name a few. It’s estimated that the first ransomware attack, ransomware being software that indiscriminately encrypts company information and demands payment before releasing the unlock codes netted the criminals behind it $30million dollars in the first 100 days of its release.
In the past 18 months in the Aberdeenshire area, Skibo have been involved in the aftermath of several security breaches as a result of cyber-crime. At one end of the scale we dealt with a hospitability business that had all its business data encrypted by ransomware. This included all financial data, customer details and bookings. This information was lost. The immediate financial impact to the business run tens of thousands of pounds in terms of remedial action and lost business. The long term reputational damage is harder to calculate but the impact is still being felt over a year later.
At the other end of the scale we dealt with a business that had their financial systems compromised. This resulted in a loss of £1.2million pounds that had been taken from their bank account and routed to overseas banks.
Every individual within an organisation is also a target. The most sophisticated and expensive defences can be breached by simply targeting an individual within a company. This doesn’t necessarily mean senior people or those in privileged positons. I’ll be covering that in more detail later.
There are several different types of cyber-criminals or hackers. The categories of each type are the subject of much debate within the cyber-security community but for the purposes of this presentation I will concentrate on the six most common types.
Script Kiddies, this a pejorative term used to describe amateur hackers. This type of hacker uses various hacking tools that are freely available on the internet. They typically lack the skills that other hackers have. They are usually easy to detect as they are not very good at covering their tracks. That said, a poorly protected network can still be easily breached by this type of hacker and the subsequent damage caused can still be significant.
Black Hack Hackers – these are the bad guys that have the skills necessary to penetrate a businesses network and gain access to a company’s assets such as financial systems, intellectual property or other market sensitive information. They are typically motived by financial gain.
Hacktivists – are motivated by politics or religion and will attack organisation's that are run counter to their beliefs. For example animal testing labs are the target of animal rights groups. Drilling companies exploring in sensitive areas such as the arctic can be the target of environmental groups.
Spy Hackers – similar to black hat hackers, they have the skills and are often hired by organisations in order to gain market advantage by stealing information from competitors or to disrupt a competitors operations for example by taking down their website.
State Sponsored Hackers – also known as advanced persistent threat or APT. These groups are highly skilled, well funded and as there name suggests persistent. They will often target organisations such as political parties or trade organisations in order to steal or influence national governmental policies. The controversy around the alleged hacking of the democratic party servers in the US presidential election is a good example of State Sponsored Hackers. Its is estimated that the Peoples Army of China has up to 100,000 individuals employed in cyber-related espionage.
Cyber Terrorists – this is by far the most dangerous group who’s motives are to cause fear, terror and murder by attacking critical infrastructure such as air traffic control systems or SCADA systems.
As I’ve already touched on, different groups are motivated by different goals.
Financial Gain
The most obvious one is money or other financial gain. Accessing a company’s network can provide a criminal with access the company’s financial systems. In many cases a criminal that has gained access to those system will not act immediately, they will study the business, understand who its suppliers and clients are. What type of payments they make and receive.
In one example Skibo dealt with a company that had been breached. The criminal had been accessing the company’s network and computer systems for over 6 months.
They worked out the main financial system exported a payments file that was uploaded to the banking system to pay suppliers.
The file was in plain text file, and contained the name of payee, the bank account and sort code and the figure to be paid. In this case all the criminal had to do was to modify the bank account and sort code to an account that was under their control.
Banking payment software doesn’t use the payee field. The financial controller looked at each payment line to check the amount being transferred and the payee was correct.
One the file was processed by the back, almost five hundred thousand pounds was redirected to the criminals.
This only came to light when the suppliers credit controller’s contacted the company to find out when they were getting paid.
To steal trade secrets and IP
In addition to money, stealing a company’s trade secrets, IP is another motive. It may not be information that belongs to the company being targeted but information they hold on behalf of their clients. As larger organisations have the resources to implement expensive defences, so criminals will work their way down the supply chain. Think not only about the valuable information you hold about your own organisation but also your clients. Increasingly invitation to tender requests are asking about what Information Security Management System potential bidders have in place. After quality and environmental standards, ISO 27001 is increasingly being asked for.
To take control of a company’s network
In some cases controlling a company’s network and the PCs and laptops attached to that network is the goal of the criminals. It allows them to use the network as a base from which to launch attacks against other targets. Computers controlled by criminals are referred to a zombie machines and collectively make up botnets. When a attacks are launched against website in what is known as a distributed denial of service attack, tens of thousands of compromised computers making it extremely difficult to combat.
To embarrass a company or other organisation
This can sometimes involve defacing a company’s website as happened recently to Aberdeen City Council or stealing and publishing subscriber details as in the case of the marital affair site, Ashley Maddison.
Peer group recognition
In some cases simply hacking a network and boasting about it to fellow hackers in the hacking community is motivation enough.
To disrupt the operations of a company
With many companies, especially those that sell online, any impact to their website can be expensive, cause reputational damage and lose sales. Denial of service attacks are used to flood a website with requests that cause the site to crash or go offline for extended periods of time. This type of attack can be purchased on the dark web for as little as $500 to take out a site for a week during core business hours.
To disrupt national infrastructure
Cyber terrorists will try and disrupt critical national infrastructure such as power plants, air traffic control systems and banking infrastructure. A good example of this is the Stuxnet virus that was responsible for causing substantial damage to Iran’s nuclear program by targeting industrial computer systems.
It’s been widely reported that governments believe the next world war will be waged online.
Research
The success of any attack will increase greatly if the criminal has done his or her homework on the target. As an example, let’s take the fictitious company Azimuth Drilling. Azimuth Drilling is an engineering company that has developed a new drilling technology that will revolutionise Oil & Gas exploration. The company has been working on this technology for several years and has cost the millions of pounds in R&D, the product is ready to be launched and marketed. The criminals are interested in gaining access to the company network in order to steal the engineering drawings and test data.
Google
The first stop is Google. The criminals will use Google to get as much information as they can that’s in the public domain. Press releases, awards, news items on contracts won etc. It provides a high level view of the company.
The company website
Next stop the company website. This will more often than not provide wealth of information, including key personnel, geographic locations etc.
Companies’ house
Companies’ house will provide a list of the directors, their home addresses and any interests they have in other businesses.
Social Media
From the details of key personnel from the companies own website and a list company directors the criminals have identified two candidates that they will target. The operations director and the financial director. Next stop is social media to get more information on the targets.
Facebook provides a wealth of information. For a start, the FD hasn’t set his privacy settings correctly so it’s easy to see the photographs on his timeline, his relationships including his mother and father’s names, and the places he’s visited on holiday. The operations director can’t be located on FB but he is on LinkedIN. Using one of the many fake LinkedIN profiles, a LI request is sent to OD and he accepts. They now have access to the OD’s previous work history as well as a list of current and former colleagues.
Facebook, Twitter, LinkedIN, Instagram etc.
Genealogy sites
Armed with the FD date of birth from companies house, his mother and fathers first name and surname as search of the marriages section of a genealogy site quickly locates his mother’s maiden name.
Google Street View
Entering the address of both the FS & OD home address into Google Street View the criminals are able to assess the type of property the targets live in. In the case of the OD, a small boat on a trailer can be seen in the driveway, this would suggest that he is a keen sailor, could this information be useful in designing an attack?
So with nothing more than access to the internet the criminals have profiled the company, identified two likely targets, know the FD’s mother’s maiden name (a standard security question), from FB they know he likes golf and skiing, is married, has no children and is counting down the days until he goes on holiday to Portugal in 10 days time.
They know the OD likes sailing, who he has previously worked for and what interests him by the content of the articles he has commented on or shared in Linked IN, as well has what industry interest groups he belongs to.
Pretexting
With this information, the criminals have enough to create a pretext of how the aim to get access to the company network. To do this they plan to user Social Engineering techniques to get the FD to install malware on his PC and get the OD to reveal the password he uses to access the company network.
Road Apples
Another method that can be used by criminals is known as “road apples”, this involves dropping, typically a USB thumb drive in a common area such as the car park or bathroom knowing it will more than likely be picked up in plugged into a network computer. Once it’s plugged in it will install software that allows the criminals access to the network.
With this information, the criminals have enough to create a pretext of how the aim to get access to the company network. To do this they plan to user Social Engineering techniques to get the FD to install malware on his PC and get the OD to reveal the password he uses to access the company network
Phishing, spelt with a PH, is defined as the fraudulent practice of sending emails purporting to be from reputable sources in order to induce the individuals targeted to perform an action such as revealing information e.g. passwords or installing software. Spear Phishing is a phishing scam where the criminals have researched their target in order to increase the likelihood of getting the target to perform the action required.
In the case of the FD, the criminals create carefully crafted email offering the chance of a week’s golfing holiday in the Algarve. All the FD has to do is answer a short quiz on a website the criminals have already created. When the quiz starts a popup box appears with a message that his “Adobe Flash Software is out of date” and needs updating. Press update to continue. After he presses update and follows the instruction he continues to the quiz. The “update” actually installed malware on his PC allowing the criminals access to his computer, including all his documents and spreadsheets as well as recording the keystrokes he types which includes usernames and passwords to other sites.
A watering hole is defined as website designed for the purposes of getting the target to hand over sensitive information such as usernames and passwords.
In the case of the Operations Director, he is sent a carefully crafted email asking for submissions to a new industry awards gala for innovation in O&G. To be considered he has to register his interest on the events website.
He does this, using is work email address as his username, and the same password he uses to logon to the company network. He has too many passwords to remember and uses the same combination for all the sites he accesses. The criminals now have the details the need to logon to the company network, as the OD and gain access to all the information he has access to, including engineering drawings and test data.
Another method that can be used by criminals is known as “road apples”, this involves dropping, typically a USB thumb drive in a common area such as the car park or bathroom knowing it will more than likely be picked up in plugged into a network computer. Once it’s plugged in it will install software that allows the criminals access to the network.
So how to you prevent against attacks such as these?
There are many different controls and solutions that can be put in place to mitigate against the threats posed by cyber-criminals. The key is to get the rights solutions that work for you organisations. While every organisation should put security at the forefront, the security measures required to protect a bank, will differ greatly from those of a house builder and they in-turn will be different to a life sciences company at the cutting edge of research into a break through drug.
With that in mind these are some of the measures that companies should have in-place.
Technical Controls
Firewall – The first line of defence, it sits at the perimeter and controls access to the outside world. Today’s enterprise class Next-Generation Firewalls also provide additional features such as deep packet inspection where the traffic to and from the internal network is analysed to detect suspicious behaviour.
Anti-Virus/Anti-Malware software – Any network connected device should be protected with a suitable anti-virus / anti-malware package. Modern anti-virus solutions will not just scan for known malware but will monitor for suspicious activity such as ransomware. One such product from Sophos will detect if files are being encrypted and kill any suspicious process after a third file has been encrypted and prevent further activity.
A standardised network environment – The use of policies to control the computer environment should be implemented. This can control aspects of the network such as disabling USB ports on PCs to stop the spread of viruses through removable media such as thumb drives. It can be used to prevent the installation of 3rd party software, roll-out software updates etc.
IDS/IPS – Intrusion detection and prevention systems are used to monitor activity on the network for suspicious behaviour and take appropriate action. If a PC starts communicating with a server in Easter Europe at 3 o’clock in the morning there is a good chance the machine has been compromised. An IDS would report this activity and allow the IT department to investigate and take remedial steps to remove the threat.
Data Loss Prevention systems – are designed to protect sensitive information from being taken off-premises, either by criminals remotely accessing the company network or as is often the case employees, whether by accident or maliciously. A DLP system monitors the network and devices data deemed sensitive by search for keyword and known phrases e.g. the name of a chemical formulae and either prevent the transfer of that information, report the attempt or both. This includes users who access cloud storage such as Dropbox or iCloud to copy company information to.
Penetration Testing – is a process where “white ha hackers” or the good guys are commissioned to test the security of a company’s network, assets and systems to look for vulnerabilities. They essentially act has hackers and will use the same tools and methods that criminals would use in order to attempt to gain access to the company’s digital assets. This is a requirement for any Information Security Management Systems such as ISO 27001/2 or Cyberessentials Plus.
Process & Procedural Controls
Roles & Responsibilities – Appoint an individual within the organisation that is responsible information security. In large organisations this will often be a dedicated position, but in smaller companies it may be a function that is allocated to an existing position such as the FD. Who is responsible will vary depending on type of company and the industry sector they operate in. For regulated industries such as financial services there can be fiduciary duties that go along with this function and should therefore be assigned at director level.
Change management procedures – implement a system of change management where no one individual can make changes to systems or process without first having those changes peer –reviewed. A good example of this is changing the bank details of a supplier.
Often criminals will send in a request notifying the target that their bank details have changed and to update their records. They may even call in advance to warn of the change request and to confirm it is legitimate. This is known as mandate fraud, as the new bank details belong to the criminals. Having requests such as these verified and reviewed can limit the likelihood of this type of scam being successful.
Examine the processes and procedures your organisation follows and look for ways they could be compromised by criminals. Where are the weak links, where are the single points of failure.
Risk management assessments – a full risk assessment should carried out to assess the level of identify the cybersecurity risk to your organisation. This should include:
Identify and Document Asset Vulnerabilities
Identify and Document Internal and External Threats
Acquire Threat and Vulnerability Information from External Sources
Identify Potential Business Impacts and Likelihoods
Determine Enterprise Risk by Reviewing Threats, Vulnerabilities, Likelihoods and Impacts
Identify and Prioritize Risk Responses
If you lack in in-house skills necessary to perform those tasks it is strongly recommend that you partner with an IT provider that will take you through the process. Not caring out a risk assessment will leave you organisation vulnerable and non-compli
ant against recognised ISMS standards such as ISO 27001 and Cyberessentials Plus.
Change the culture – In the same way that the Oil & Gas industry changed the culture in the 80s to one of safety first, a similar sea change is needed to put security front and foremost in people’s minds. This change in culture needs to come from the top down, from the CEOs and Managing Directors and Partners.
Staff need to understand why the company is taking information security seriously, explain what the impact is to the organisation if the culture doesn’t change, the financial impact either directly through theft or indirectly through loss of IP or market share or reputational damage. Once staff understand the impact and scale of cyber-crime it is much easier to implement the necessary change.
Education, education, education –
Staff training is key. Security awareness training should be part of the staff induction process and as a minimum be undertaken at least once a year.
Awareness Training
With that in mind, Skibo have developed an e-Learning based Phishing Awareness Training course which is 100% free. The course takes around thirty minutes to complete and covers how to spot a phishing attack and what actions to take.
It can be accessed at the link on screen. If you want to put all your staff through this course contact me at the address at the end of this presentation and we can arrange to have their details bulk uploaded and enrolled and setup reporting who has taken the course, their success/failure and who has yet to take it, otherwise you can get individuals to self-enrol.
We have also developed another e-learning course which goes beyond simply phishing and covers areas such as:
Passwords
Email & Instant Messaging
Social Networking
Mobile Device Security
Wi-Fi Security
Protections at home
What to do if your 'hacked'
It can be access at the link below.
If you have any questions please feel free to email at mark.mair@skibo.com or contact me via Linked IN at the address on screen. If you’d like me to come and present to you organization please contact me by the same method.