More Related Content
Similar to Cyber Threat Prevention in Todays World (20)
Cyber Threat Prevention in Todays World
- 1. © Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd© Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd
Cyber Threat Prevention in
Today's World
Shane Troyer, CPA, CISSP, CFE, CIA
Partner
Business Risk Services
- 2. © Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd
Network Perimeter Security
2
- 3. © Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd
Managed By
3
Information System
Security Professional
Yes No
• Valid business
communications
• Authenticated staff and
clients
• File sharing
• Malware and Malicious web
sites
• Spam and blacklisted sites
• Perimeter attacks (DOS)
- 4. © Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd
The Human Element
4
Social Engineering
- 5. © Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd
Social Engineering
5
- 6. © Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd
Types of Social Engineering
6
Cyber thieves perform reconnaissance, collect the personal information
of company employees and attempt to get employees to take an action
Baiting – offering an incentive in order to draw in a target (i.e.
convincing a person to download malicious software onto his or her
computer).
Pretexting - using misrepresentation to gain access to privileged
information.
Phishing - an attacker attempts to obtain private information such as
a social security number or authentication information.
Spear-phishing - targeted at a specific person or role in an
organization. Hackers leverage freely available information to craft
an email likely to appeal to the target.
- 7. © Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd
7
So who is really protecting
your organization?
- 8. © Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd
Him
8
- 9. © Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd
Her
9
- 10. © Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd
and Him
10
- 11. © Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd
Cybercriminals are increasingly moving towards more
complex email threats…….and scammers will seek to
exploit what they perceive to be the weakest link in the
chain:
Humans
Symantec Corporation – Internet Security Threat Report 2016
11
- 12. © Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd
How Strong are These Controls?
12
0
10
20
30
40
50
60
70
No Response
Email Opened
Link clicked
Multiple Clicks
Employee Response Rate to Cyber Attack by Email
- 13. © Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd
Employee Enabled Threats
13
Fraudulent
Fund
Transfers
Worms
Ransomware
(Crypto)
Trojan
Horses
Botnets
(DDOS)Spyware
Viruses
- 14. © Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd
Ransomware
14
- 15. © Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd
What do attacks look like?
15
- 16. © Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd
What Can We Do?
16
• Employee Awareness Training – provide employees with the
knowledge to understand how these attacks are perpetrated so that
they have the ability detect potential attacks before they become
victims.
• Ongoing Monitoring of Awareness – don’t just trust that an
employee's new found awareness will be taken to heart. Test them
consistently!
• PhishAlarm Tools – Enable real time reporting of suspected attacks
via email so that feedback on the validity of the email can be
determined.
• Open Communications – promote an open dialogue between IT
resources and employees to ensure that questions will be asked
before they click suspicious links.
- 17. © Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd
Discussion
17