Download to read offline
![CYBERSECURITYcoll[1].pptx](https://cdn.slidesharecdn.com/ss_thumbnails/cybersecuritycoll1-231207002815-f4e5387d-thumbnail.jpg?width=640&height=640&fit=bounds)
cybersecurity awarness presentation overview.pptx
- 1. Why is CyberSecurity Important?
- 2. How We GotHere
- 3. How Security Becamean Issue
- 4. Utilization ofthe Internet at home and work as we’ve never seen before We can’t go anywhere without a laptop, tablet, smartphone, etc. The beginning of the “IoT” (thermostats, refrigerators, TVs, cars, glasses, etc.) What’s Different?
- 5. Do We EverDisconnect?
- 6.
- 7. What’s the BigDeal? In 2021, the number of people in North America that regularly used the Internet was estimated at 310 million – 87% of the population In 2021, roughly 6 billion people worldwide used the Internet As of December 2022, over 1 trillion websites existed – 350 million existing in 2015
- 8. 333 billionemail messages are sent per day 1.8 billion Gmail users around the world 1.2 trillion photos uploaded in 2021 1.8 billion uses on TikTok 1 billion unique monthly visitors on YouTube 1.4 billion users on Instagram per day 495 million users on snapchat What’s the Big Deal?
- 9. What’s the BigDeal? 80 billion apps are expected to be downloaded this year In 2014 we generated over 74 zettabytes of unique info. More than the previous 5,000 years combined 2022 is already estimated at 94 zettabytes What happens in Vegas stays………. online!
- 10. What’s the BigDeal? • 43% of cyber attackers only target small businesses • 54% of small businesses think they’re too small for a cyber attack. • There was a 424% increase in new small business cyber breaches last year. • 6 out 10 of small and mid-sized businesses reported suffering at least one cyber attack in the last year. • 60% of small businesses that are victims of a successful cyber attack go out of business within six months.
- 11. What’s the BigDeal? • Ransomware attacks will happen every 11 seconds during 2022 • 88% of organizations worldwide experienced spear phishing attempts in 2020. • The average ransomware payment rose 33% in 2021 over 2020, to $170,404 • According to the FBI, there has been a 400% year-over- year in phishing attacks.
- 12. What’s the BigDeal? Only 50% on U.S. businesses have a cybersecurity plan in place Of those, 32% haven’t changed their cybersecurity plan since the pandemic forced remote and hybrid operations Cybercrime cost U.S. businesses more than $6.9 billion in 2021, and only 43% of businesses feel financially prepared to face a cyber-attack in 2022” the average total cost of a data breach increased from $3.86 million to $4.24 million in 2021.
- 13. • Only 50%on U.S. businesses have a cybersecurity plan in place • Of those, 32% haven’t changed their cybersecurity plan in several years • 95% of breaches involved the human element
- 14. What’s the BigDeal? • Cybercrime cost U.S. businesses more than $6.9 billion in 2021, and only 43% of businesses feel financially prepared to face a cyber-attack in 2022” • the average total cost of a data breach increased from $3.86 million to $4.24 million in 2021.
- 15. What is theaverage time it takes for an organization to discover/realize they have been breached in 2021?
- 16. What is theaverage time it takes for an organization to discover/realize they have been breached in 2021? On-Premise Infrastructure
- 17. What is theaverage time it takes for an organization to discover/realize they have been breached in 2021? On-Premise Infrastructure 287 Days
- 18. What is theaverage time it takes for an organization to discover/realize they have been breached in 2021? Remote Infrastructure/Employees
- 19. What is theaverage time it takes for an organization to discover/realize they have been breached in 2021? Remote Infrastructure/Employees 316 Days
- 20. The Current Stateof Security Trash Can Smart TV Baby Monitor A B C All of them!
- 22. The Current Stateof Security A B
- 23. The Current Stateof Security Small or Medium Organization Large Organization A B
- 24.
- 25.
- 27.
- 28.
- 30. Security is Everyone’sProblem
- 31. System Penetration Itis an unfortunate reality that most networks will suffer a breach of security at some point To bypass security, an attacker only has to find one vulnerable system within the entire network To guarantee security, an enterprise has to make sure that 100 percent of its systems are invulnerable 100 percent of the time
- 32.
- 33. Who’s Out toGet Us? Hackers Cyber Crime Hactivits Foreign Governments Terror Organizations Disgruntled Insiders
- 34. Why? What arethey after? Intellectual Property Assets Customer Data Personal Data Paycheck Friends Family
- 35. Who is BeingAttacked? - Targeted Attacks - Data Breaches - End-user disruption - DDoS attacks - Bank accounts - Business disruption - ID Theft - Scammed for dollars - Removal costs Enterprises Small Businesses End-Users Governments - Cyber Sabotage - Cyber Espionage - Hacktivism
- 37. Why? What arethey after?
- 38. External Security Requirements Heath Insurance Portability and Accountability Act Internal Revenue Service Federal Bureau of Investigation Social Security Administration Payment Card Industry Data Security Standards Federal Information Security Management Act The Privacy Act The Children’s Internet Protection Act Cybersecurity Maturity Model Certification
- 39. What is theCost? $Average HIPAA Fine: • 1.5 Million
- 40. Security Awareness Wehave antivirus software, so we are secure We have a firewall, so we are secure I have a good password, so my systems are protected We have Internet filtering software, so we are secure Only serious threats come from the outside I’m not worried because my data is backed up Responsibility for security rests with IT staff
- 41. The Dilemma Whatdo I need to do? How do I do it? How can I show that I have done it?
- 42.
- 43. National Standards NIST800-30, 800-39, 800-53 National Cyber Security Framework Executive Order #13636 CIS Security Benchmarks FIPS 199 ITIL v3 CMMC ETC…
- 44.
- 45.
- 46.
- 47. Data, Data, Data Confidentiality Integrity Availability
- 48. Official SecurityDivision in Organization User Awareness Training Policy, processes, and procedures Risk Management Vulnerability management Regular Cyber Security Exercises Table top and live Industry Cyber Security Standards Cloud and Cloud Security
Editor's Notes
- #1 In the beginning… mainframes & dumb terminals 1980s brought the PC (and the “user”) 1990s brought the Internet 2000s brought the Social Network 2010s brought Mobility 2020s will bring the Internet of Things (IoT) In the beginning: Internet was based on Military research in 60s, 70s and 80s (Never designed for today’s commercial use) The trust model is much different today than 30 years ago but the protocols are relatively unchanged 1980s: Birth of the “user” – the PC opened the door for the changes that were about to happen 1990s : Birth of the “Internet” as we know it • 1st came browsers and e-mail; then came file sharing and swapping (mid to late 90s), online multiplayer games (late 90s), social interaction (2000s) • First web page was created in Nov. of 1990 - Mosaic Communication Corp was created in 1994 – “Netscape” • 1993: 10,000 web sites, 1mil web pages, 3mil internet users 2000s – Birth of the Social Network • 1999/2000 “Surfing the Net” was a household phrase • 2012: 600mil+ web sites, 1Tril+ web pages, 2.3bil Internet users • 2013: 50% of the world’s internet users are active users on Facebook 2010s – Mobility • 2014: 4.55 Billion people expected to us a smartphone • 2013: 4.2 Billion people used a mobile device to access social media What Next: SCADA (Supervisory Control and Data Acquisition) – industrial control systems, IoT (Internet of Things)
- #2 In the beginning… mainframes & dumb terminals 1980s brought the PC (and the “user”) 1990s brought the Internet 2000s brought the Social Network 2010s brought Mobility 2020s will bring the Internet of Things (IoT) In the beginning: Internet was based on Military research in 60s, 70s and 80s (Never designed for today’s commercial use) The trust model is much different today than 30 years ago but the protocols are relatively unchanged 1980s: Birth of the “user” – the PC opened the door for the changes that were about to happen 1990s : Birth of the “Internet” as we know it • 1st came browsers and e-mail; then came file sharing and swapping (mid to late 90s), online multiplayer games (late 90s), social interaction (2000s) • First web page was created in Nov. of 1990 - Mosaic Communication Corp was created in 1994 – “Netscape” • 1993: 10,000 web sites, 1mil web pages, 3mil internet users 2000s – Birth of the Social Network • 1999/2000 “Surfing the Net” was a household phrase • 2012: 600mil+ web sites, 1Tril+ web pages, 2.3bil Internet users • 2013: 50% of the world’s internet users are active users on Facebook 2010s – Mobility • 2014: 4.55 Billion people expected to us a smartphone • 2013: 4.2 Billion people used a mobile device to access social media What Next: SCADA (Supervisory Control and Data Acquisition) – industrial control systems, IoT (Internet of Things)
- #3 70s – Everything was “Groovy” 80s – Academic/Concept Attacks (War Games Movie) 90s – Script Kiddies (web defacements, trojan horses viruses, worms, etc.) 00s – Value Attacks, Espionage, Terrorists (bots, root kits, zero-day, etc.) Now – Explosion of Cyber Attacks 1970: Kevin Mitnick, who began in the late 1970’s breaking into phone networks and made social engineering ploys his calling card as a long-time hacker, ended up spending five years in prison. Now a consultant, with a new book “Ghost in the Wires,” he explains, “My passion for technology and fascination with it have taken me down a bumpy road.” 1980: The Morris worm of 1988 released by Cornell University student Robert Tappen Morris infected at least 6,000 Unix machines — though many estimate far more — and resulted in Morris becoming the first sentenced under the 1986 Computer Fraud and Abuse Act. After the sentencing, his mother said, “I still don’t feel that in any way, shape or form my son is a felon.” 1990: A bad software update to AT&T #4ESS switches in January 1990 caused a cascading switch failure, leaving 60,000 people without long-distance service for 9 hours. “The software told Switch B ‘My CCS7 processor is insane,’ so Switch B shut itself down to void spreading the problem,” was how Larry Seese, AT&T's director of technology explained it to Telephony magazine at the time. 2001: When the Code Red worm outbreak in 2001 brought chaos by invading unpatched Microsoft servers across the world, an event so severe the federal government’s National Infrastructure Protection Center quickly organized a press conference in Washington to explain to the public what was happening, Microsoft executive Scott Culp was there as well with the advice “You need to get the patch right away.” Microsoft headquarters also got hit by Code Red. 2007: In his last public appearance at the RSA Conference, Bill Gates in 2007 appeared with Craig Mundie, the Microsoft executive taking over responsibility for security in Microsoft products, and the two offered a mea culpa on why Microsoft’s software has had issues. “Humans are humans and they make mistakes,” said Mundie. Gates indicated he hadn’t focused a lot on security in the early years at Microsoft due to a perception people are “good” and the data center seemed carefully tucked away. 2010: “Let’s be clear. This disclosure is not just an attack on America – it’s an attack on the international community.” – Secretary of State Hillary Clinton in 2010 following theWikiLeaks data dump of confidential diplomatic cables, some of which showed Clinton ordering a secret spy mission by U.S. diplomats to obtain biometric data, credit-card, passwords, encryption keys and other data on U.N. Security Council representatives.
- #9 1 Million Gigabytes = 1 Exabyte 1024 kilobytes = 1 megabyte 1024 megabytes = 1 gigabyte 1024 gigabytes = 1 terabyte 1024 terabytes = 1 petabyte 1024 petabytes = 1 exabyte
- #20 Which of These Have Been Used in a Cyber Attack?
- #21 August 2014 According to a study HP released last week, a review of ten of popular "smart" devices -- including TVs, webcams, home thermostats, remote power outlets, sprinkler controls and automatic door locks -- found 70 percent had security vulnerabilities.
- #22 Which is the most dangerous website? Websense 2013 Threat Report 85% of malicious web links were found on legitimate hosts that had been compromised, an increase over the 82% in 2012. Information Technology Business and Economy Sex Travel Shopping Takeaway? Sites with poor security become an easy target – sites are beginning to realize that if their sites are infected, people won’t visit. Adult websites are businesses – they have learned that if they infect their customers, they wont’ get repeat visits, so they are working hard to keep their sites clean Message for SMBs – you need to protect your site or you will become a host for malware and customers will go elsewhere
- #23 Which is More Likely to Get Attacked? Cyber attackers do not discriminate!
- #24 Kaspersky Labs – November 2014
- #25 Kaspersky Labs – November 2014
- #26 This graphic was created by David McCandless of Information Is Beautiful, showing the world’s biggest data breaches in cybersecurity from 2012-Current.
- #28 Advanced “PERSISTENT” Threat: An APT might be sophisticated in its concept, execution or goal, but its parts are likely to be mundane. Attackers will use any workable means to deliver their payload, including the most routine Trojans, viruses or other malware exploiting well-known vulnerabilities. They will use social engineering and phishing. If the mundane does not work, they might up the game with more exotic exploits. Reality The reality remains that 90-plus percent of companies are more at risk from weak password security, accidental data loss, and poor security practices by their employees than they are from one of these sophisticated attacks. By ignoring the frenzy of the next big thing and working to identify areas of potential loss, companies can most effectively apply their security resources. Locking your doors and windows is not a sexy security story, but any police department in the country will tell you that this is a more effective security practice than installing a fancy alarm system. The same goes for cyber security. Stop focusing on the shiny new toys and hype and concentrate on the basics. If you do, becoming more secure than last year will become a reality.
- #29 One word On LinkedIn there was a word game in the group “Information Security Community“. You were to name what you think is the single most important thing in IT security. The now over 1 year old discussion is still active and keeps popping up in my LinkedIn newsletters. While I do not agree you can put a single word on the most important thing, I do however find the discussion interesting as it could put a perspective on security when we look at the data that can be collected from this. Collecting the data After browsing the discussion I decided to extract all the answers from the thread, process it and try to visualize what everyone is thinking is their single most important thing in IT security. I developed a small java tool which processed the text from the thread, removed all the garbage and collected the words. The java code can be downloaded here. Once I had the code ready I got the following stats from it: • 268 unique words • 471 words total • 697 total comments in thread I only collected the posts which was submitted as one word only. I realize I missed out on some replies as the word they submitted was in a post with more than 1 word, but I do not want to over complicate the code nor do it manually. The words and numbers in my excerpt of the thread is still relevant.
- #31 2011 year-end "Data Breach Intelligence" report from Risk Based Security affiliated with the Open Security Foundation Computer Intrusion was responsible for 83 percent of the total reported exposed records in 2011 and a third of the total breaches Heartbleed Just one day after the disclosure, a proof-of-concept tool capable of exploiting the Heartbleed bug began to circulate, exposing unpatched systems to skilled and unskilled attackers alike. IBM’s Managed Security Services (MSS) division in particular witnessed attackers immediately retooling and exploiting the bug on a global scale. Once the major vendors for intrusion detection and prevention systems created protection signatures, MSS was able to see just how bad the situation had become. On April 15, MSS witnessed the largest spike in activity across the customer base, with more than 300,000 attacks in a single, 24-hour period. That is an average of 3.47 attacks per second for hundreds of customers.
- #32 Criminal Activity: Credit Card, Porn, Spyware, Phishing emails, fake websites, etc.; Nation States: Cyber Warfare; Espionage: Companies/Countries; Terrorist: ??? Cybercriminals are shifting to a business model known as malware-as-a-service (MaaS), where authors of exploit kits offer extra services to customers in addition to the exploit kit itself. It was just one of the observations in Verisign’s '2012 iDefense Cyber Threats and Trends' report. 2012 - According to a study by Symantec, 88% of breaches are caused by insiders/partners 2013 – Over 666,000 internal security breaches in US business in 2013 – Roughly 2,560 per working day. Internet is the Perfect playground for crime (no taxes, anonymous, tools are same as used to enjoy the Internet, no law enforcement, etc.). The biggest complaint from criminals that have been caught is that the Internet is too slow! April 2012 (Austria): A 15-year-old boy has been arrested for hacking into 259 companies during a 90-day spree. In other words, during the last quarter he successfully attacked an average of three websites per day.
- #33 Criminal Activity: Credit Card, Porn, Spyware, Phishing emails, fake websites, etc.; Nation States: Cyber Warfare; Espionage: Companies/Countries; Terrorist: ??? Cybercriminals are shifting to a business model known as malware-as-a-service (MaaS), where authors of exploit kits offer extra services to customers in addition to the exploit kit itself. It was just one of the observations in Verisign’s '2012 iDefense Cyber Threats and Trends' report. 2012 - According to a study by Symantec, 88% of breaches are caused by insiders/partners 2013 – Over 666,000 internal security breaches in US business in 2013 – Roughly 2,560 per working day. Internet is the Perfect playground for crime (no taxes, anonymous, tools are same as used to enjoy the Internet, no law enforcement, etc.). The biggest complaint from criminals that have been caught is that the Internet is too slow! April 2012 (Austria): A 15-year-old boy has been arrested for hacking into 259 companies during a 90-day spree. In other words, during the last quarter he successfully attacked an average of three websites per day.
- #34 Annual Cost of Cybercrime: 2004: 17 Billion 2011: Over 100 Billion 2012: 200 Billion. 2013: 445 Billion The revenue of cyber crime is very close to the revenue of illegal drug trade. Zero-Day Exploit – MS $50,000 & Other $20,000 to $30,000 Bots that allow self-generation of botnets - $5,000 and up Customized Trojan - $1,000 - $5000 Credit Card # with Pin - $250 Driver’s Lic, Birth Cert., Soc Sec Card - $100 Internet Espionage – Countries, Companies, Military – The new Spy vs Spy Financially motivated criminals were behind most of last year's data breaches, but hacktivists stole almost twice as many records from organizations and government agencies, according to the Data Breach Investigations Report being released by Verizon today. While more than 80 percent of the data breaches in 2011 were due to organized criminal activity, the number of records pilfered from activist groups represented 58 percent of the total, the report finds. In total, there were 855 data breaches across 174 million stolen records, representing the second highest data loss Verizon researchers have seen since they began compiling data in 2004. More than 80 percent used hacking, nearly 70 percent incorporated malware, and only 7 percent used social tactics. Financial Fraud Ring Extends Worldwide Reach (McAfee): Online financial fraud attacks have spread worldwide in Q3 (2012). New research indicates that Operation High Roller, a financial fraud ring identified earlier this year by McAfee Labs and Guardian Analytics, has now spread outside Europe, including to the United States and Colombia. Cybercriminals set up an automated transfer system (ATS) that was used to attack European financial institutions, and set out to target a major U.S. multinational financial institution. The thieves appear to have pilfered somewhere between $60- $100 million, and have attempted to steal as $2.5 billion overall so far, according to David Marcus, director of security research at McAfee.
- #35 Who is being attacked today? The short answer is that everyone is being attacked. But attacks differ based on the intended victim. We can break down the targets of today’s malware attacks into four categories. Each with different types of attacks or repercussion from the attack. Enterprises are of course most concerned with targeted attacks, whether they are an APT or not. Data Breeches continue. There is the end-user disruption of infected machines. And with the return of hacktivism, DDoS are a concern. Small business are being targeted because they have less defenses in place and can suffer debilitating losses from banking Trojans. Limited processes and IT resources make malware clean-up very disruptive. End-users continue to be targeted by malware authors who want to steal their identify and con them into buying bogus security software. For the non-computer literate, the cost of malware clean can get very expensive. For Governments, Stuxnet and Hydraq have shown the potential of cyber sabotage and cyber espionage. We’ll talk about them a little bit more in just a minute. And our course hacktivism is an issue here as well.
- #37 What’s the underground market’s going rate for a thousand U.S based malware infected hosts? Imagine you’re a cybercriminal that has somehow managed to infect a 1000 U.S based hosts and is looking for ways to monetize his malicious activity? He could easily start spreading spam or phishing emails, use the infected hosts as a platform for disseminating related malware attacks, or basically data mine the infected hosts for accounting data to be later on sold to fellow cybercriminals. What if all he wanted to do is earn as much profit in the shortest possible amount of time without investing more efforts into the monetization of the infected hosts? Is the cybercrime ecosystem mature enough to offer him an alternative? Appreciate the rhetoric. The maturing cybercrime ecosystem is fully capable of offering him a high liquidity monetization approach for earning revenue by infecting hosts and spreading a specific undetectable executable pushed by the pay-per-install affiliate network that I’ll profile in this post. The Pay-Per-Install affiliate network model, has been steadily gaining popularity over the past few years. With a dozen of affiliate networks willing to share revenue for the process of infecting hosts with an executable provided by them, cybercriminals have been taking advantage of this well developed monetization strategy for years. The prices? A 1,000 U.S based malware-infected hosts go for $100, AU, GB, CA and DE go for $75 and EU based malware-infected users go for $50. What’s also worth pointing out is that the administrator of the affiliate network is soliciting additional revenues from this project by offering advertising space for related cybercrime-friendly projects on the front page of the affiliate network.
- #38 Health Insurance Portability and Accountability Act of 1996 (HIPAA) IRS Publication 1075 Payment Card Industry Data Security Standard (PCI/DSS) Federal Information Security Management Act of 2002 (FISMA) The Privacy Act of 1974, 5 U.S.C. § 552 a, Public Law No. 93-579 Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 DFR Part 99) Tax Information Security Guidelines for Federal, State and Local Agencies House Bill 583 of 2010: Breach of Security; Require notice The Freedom of Information Act
- #40 2012 Dimension Data Report: 75% of devices assessed had security vulnerabilities. The report also indicates that while the percentage of devices with security vulnerabilities stayed roughly the same (73% last year vs. 75% this year), the vulnerability environment is rapidly evolving with four new entrants on the top 10 list--all of which carry relatively high risk ratings. 45% of all network devices were found to be beyond end-of-sale, which means their vendors no longer sell them and they will be patched and supported for only a limited length of time, the study says. In fact, of the devices that were beyond end-of-sale, more than 50 percent were already beyond end-of-software-maintenance.
- #45 2014 FireEye Report Advanced attackers go undetected for 229 days The time it takes to detect a compromise continues to improve The median number of days attackers were present on a victim’s network before being discovered dropped to 229 days in 2013 from 243 in 2012. This improvement is incremental relative to the drop from 416 days in 2011, however organizations can be unknowingly breached for years. The longest time an attacker was present before being detected in 2013 was six years and three months.
- #46 All humans make mistakes. One of the most intriguing findings from IBM’s “2014 Cyber Security Intelligence Index” is that 95 percent of all security incidents involve human error. Many of these are successful security attacks from external attackers who prey on human weakness in order to lure Insiders within organizations to unwittingly provide them with access to sensitive information. According to Verizon’s “2013 Data Breach Investigations Report,” 95 percent of advanced and targeted attacks involved spear-phishing scams with emails containing malicious attachments that can cause malware to be downloaded onto the user’s computing device. This gives attackers a foothold into the organization from which they can move laterally in search of valuable information, such as intellectual property.