Downloaded 11 times
Uploaded bySociety of Women Engineers
WE16 - Cyber Security - Security is Everyone's Responsibility
The document contains confidential materials from Verizon for authorized personnel only regarding cyber security. It discusses how security is everyone's responsibility and outlines some quick tips, including being suspicious of links in emails, not sharing passwords and changing them often, setting passcodes on devices, and only downloading software from safe sources. Attackers are typically seeking financial gain and use social engineering techniques to beat cybersecurity measures. A layered defense approach is recommended incorporating policies, practices, perimeter security, network segmentation, application controls and user awareness.
More Related Content
Similar to WE16 - Cyber Security - Security is Everyone's Responsibility
![Employee Security Training[1]@](https://cdn.slidesharecdn.com/ss_thumbnails/EmployeeSecurityTraining1-122974944243-phpapp01-thumbnail.jpg?width=640&height=640&fit=bounds)
More from Society of Women Engineers
WE16 - Cyber Security - Security is Everyone's Responsibility
- 1. Confidential and proprietarymaterials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Cyber Security Security is Everyone’s Responsibility
- 2. Confidential and proprietarymaterials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. The Who, Where and Why.
- 3. Confidential and proprietarymaterials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. But you still need to be aware of the internal threat. Attackers are usually external to the victim’s organization.
- 4. Confidential and proprietarymaterials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Nobody is immune.
- 5. Confidential and proprietarymaterials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Attackers are typically after the money. Financial Espionage 80% 9%
- 6. Confidential and proprietarymaterials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. What happens next is determined by the attacker’s end game. Many breaches share the same threat actions in the early stages of the attack.
- 7. Confidential and proprietarymaterials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Social Engineerin g – it’s not just for email In 2015, Social Engineering was the #1 attack technique. People replaced exploits as attackers’ favorite way to beat Cybersecurity. Proof Point
- 8. Confidential and proprietarymaterials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Perimeter Network Device Application Data Layered Defense Practices Policies People
- 9. Confidential and proprietarymaterials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Safeguard Password s Be Suspiciou s Manage access Design for Resilience Building a Cyber Defensive Workforce
- 10. Confidential and proprietarymaterials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Behaviors travel
- 11. Confidential and proprietarymaterials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Quick tips for everyone Look our for links in unsolicited emails Passwords – no sharing, and change them often Set passcode locks on your mobile devices Watch what you share on social media Download software/apps only from safe sources
Editor's Notes
- #3 <number>
- #4 The actors in breaches are predominantly external. While this goes against InfoSec folklore, the story the data consistently tells is that, when it comes to data disclosure, the attacker is not coming from inside the house. So, while preparing for a threat internally, it’s important to recognize that the biggest threat is likely to lie outside of your organization. <number>
- #5 The 2016 report features incidents affecting organizations in 82 countries and across myriad industries. No country, industry or organization is immune when it comes to the compromise of data. <number>
- #6 It will come as no surprise that money is the main driver for most attacks. But there are many motives for a cyber attack—including cyber-espionage, ideological—in the case of hacktivists—or even simply fun. <number>
- #7 Many incidents share the same threat actions in the beginning of the event chain. The combination of Phishing to install malware and gain a foothold on a user workstation, followed by capture and reuse of credentials is seen across numerous patterns and launched in the most targeted and opportunistic attacks alike. What happens after the initial compromise is determined by what the end game for the attacker is <number>
- #8 You see in the previous picture that people are at the center of many compromises, and while email is big – the DBIR says 30% of people will open a phishing message, and 12% will click on the malicious payload – it’s not the only way people are compromised. Think about call center environments, where a hacker can try to persuade an agent to give up information about a customer. We’re empathetic by nature, and the bad guys can tell compelling stories about sick parents and angry bosses. <number>
- #9 Technical controls get layered throughout the ecosystem, but these need to be support by policies – what are your rules about accessing your data, systems, information – and practices – how do you implement those rules? People are the foundation to all of this – they need to understand they whys and hows of what you do, and provide insight into how to do things better. <number>
- #10 <number>
- #11 When employees get engaged on tools to use at home – home networks, IoT, cyber-bullying--it raises awareness in the workplace. <number>
- #12 Some tips for home and work – Links are dangerous. You can mouse over them to find the address, and if anything asks for credentials, STOP and go directly to the site. Look for the lock icon by the address to confirm you’re using a secure site. “Treat your passwords like your toothbrush” – Clifford Stoll. Don’t share them with other people, and don’t share them between websites. If your shoe store is compromised, you don’t want that impacting your bank. Lock your devices, and set the lock to require a pin pretty quickly. Those “get to know me” quizzes on social media can be used to answer your secret questions. Also, be aware of your privacy settings – are you sure you want all those apps knowing your location? Why do they need it? Make informed trade offs. Download software from known and trusted vendors and app stores, not from random sites. It could be infected with malware that could lock up you data, monitor your traffic, or steal your credentials. <#>