WE16 - Cyber Security - Security is Everyone's Responsibility
1. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Cyber Security
Security is Everyone’s Responsibility
2. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
The
Who,
Where
and Why.
3. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
But you still
need to be
aware of the
internal
threat.
Attackers are
usually
external
to the victim’s
organization.
4. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Nobody is
immune.
5. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Attackers are typically after the money.
Financial
Espionage
80%
9%
6. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
What happens
next is
determined by
the attacker’s
end game.
Many breaches
share the same
threat actions
in the early
stages of the
attack.
7. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Social
Engineerin
g – it’s not
just for
email
In 2015, Social Engineering was the #1 attack
technique. People replaced exploits as attackers’
favorite way to beat Cybersecurity. Proof Point
8. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Perimeter
Network
Device
Application
Data
Layered Defense
Practices
Policies
People
9. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Safeguard
Password
s
Be
Suspiciou
s
Manage
access
Design for
Resilience
Building a Cyber Defensive Workforce
10. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Behaviors travel
11. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Quick tips for everyone
Look our for links in
unsolicited emails
Passwords – no sharing, and
change them often
Set passcode locks on your
mobile devices
Watch what you share on
social media
Download software/apps only
from safe sources
Editor's Notes
<number>
The actors in breaches are predominantly external. While this goes against InfoSec folklore, the story the data consistently tells is that, when it comes to data disclosure, the attacker is not coming from inside the house. So, while preparing for a threat internally, it’s important to recognize that the biggest threat is likely to lie outside of your organization.
<number>
The 2016 report features incidents affecting organizations in 82 countries and across myriad industries. No country, industry or organization is immune when it comes to the compromise of data.
<number>
It will come as no surprise that money is the main driver for most attacks. But there are many motives for a cyber attack—including cyber-espionage, ideological—in the case of hacktivists—or even simply fun.
<number>
Many incidents share the same threat actions in the beginning of the event chain. The combination of Phishing to install malware and gain a foothold on a user workstation, followed by capture and reuse of credentials is seen across numerous patterns and launched in the most targeted and opportunistic attacks alike. What happens after the initial compromise is determined by what the end game for the attacker is
<number>
You see in the previous picture that people are at the center of many compromises, and while email is big – the DBIR says 30% of people will open a phishing message, and 12% will click on the malicious payload – it’s not the only way people are compromised. Think about call center environments, where a hacker can try to persuade an agent to give up information about a customer. We’re empathetic by nature, and the bad guys can tell compelling stories about sick parents and angry bosses.
<number>
Technical controls get layered throughout the ecosystem, but these need to be support by policies – what are your rules about accessing your data, systems, information – and practices – how do you implement those rules? People are the foundation to all of this – they need to understand they whys and hows of what you do, and provide insight into how to do things better.
<number>
<number>
When employees get engaged on tools to use at home – home networks, IoT, cyber-bullying--it raises awareness in the workplace.
<number>
Some tips for home and work –
Links are dangerous. You can mouse over them to find the address, and if anything asks for credentials, STOP and go directly to the site. Look for the lock icon by the address to confirm you’re using a secure site.
“Treat your passwords like your toothbrush” – Clifford Stoll. Don’t share them with other people, and don’t share them between websites. If your shoe store is compromised, you don’t want that impacting your bank.
Lock your devices, and set the lock to require a pin pretty quickly.
Those “get to know me” quizzes on social media can be used to answer your secret questions. Also, be aware of your privacy settings – are you sure you want all those apps knowing your location? Why do they need it? Make informed trade offs.
Download software from known and trusted vendors and app stores, not from random sites. It could be infected with malware that could lock up you data, monitor your traffic, or steal your credentials.
<#>