SlideShare a Scribd company logo

Cybersecurity Fundamentals for Bar Associations

NowSecure
NowSecure

Practical infosec tips for non-security firms

Law
1 of 36
Download to read offline
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Cybersecurity Fundamentals for Bar Associations
Andrew Hoog CEO and Co-founder of NowSecure © Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. ● Computer scientist & mobile security researcher ● Author of three mobile security books ● Enjoyer of science fiction, running and red wine © Copyright NowSecure 2016, Inc. All Rights Reserved. Proprietary Information.
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Contents ● Why invest in cybersecurity? ● Assets-based risk assessment ● Common attacks vectors ● Frameworks / Best Practices
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Why invest in cybersecurity?
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Model Rules of Professional Conduct 1.6: Confidentiality of Information (c) A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Your job? Your bonus?
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Anyone heard of the Panama papers? The Panama Papers are: 11.5 million leaked documents that detail financial and attorney–client information for more than 214,488 offshore entities.
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Regulation
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. FTC v. Wyndham “A company does not act equitably when it publishes a privacy policy to attract customers who are concerned about data privacy, fails to make good on that promise by investing inadequate resources in cybersecurity, exposes its unsuspecting customers to substantial financial injury, and retains the profits of their business.” Circuit Judge Thomas Ambro, United States Court of Appeals for the Third District
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. FTC v. Wyndhan FTC has authority to bring data security cases Apple App Store and Google Play store require privacy policies Failure to invest in security of those apps (i.e., “do what you say”) puts you at risk
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Information Security - It’s a process, yo! Information Security Management System (ISMS) is not a computer system but an organizational policy and program to implement and manage information security. A major component of this is executive accountability for information security, making clear the responsibility overall and also "ownership" of specific systems/data.
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Asset-based risk assessment
© Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. Assets of value Things I heard you value ● Member database ● Credit cards ● PII ● Anything related to cases ● … Things attackers may also value
© Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. Assets of value Things I heard you value ● Member database ● Credit cards ● PII ● Anything related to cases ● … Things attackers may also value ● Network (DDoS) ● CPU (bitcoin mining, wheeee!) ● Your identity ● Making a point (political / philosophical agendas) ● Bragging rights
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. I think of vulnerabilities in three buckets Unknown / No fix Best practices Very little anyone can do here See router example (vulnerable cable modem) Tactics: implement best practices and try to limit what attackers can access This is the area to focus most energy 80/20 rule in play here, meaning a reasonable amount of effort will address 80% of your risk. The remaining 20% is precipitously expensive and difficult to address. Targeted attacks Can’t defend against Attacker will ultimately succeed Tactics: implement best practices and try to limit what attackers can access
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Compromised router
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. It all began on Saturday, February 13 ● Certificate error ● Examined the details ● Determined there was an issue Documented the issue Contacted corporate security team ● Attempted to re-create on iPad, other iOS devices, laptop, desktop © Copyright NowSecure 2016, Inc. All Rights Reserved. Proprietary Information.
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Info gathering and identification Symptoms ● Gmail app wouldn’t sync ● Wi-Fi certificate errors ● Analyzed certificate Hosted in shared environment ● Istanbul ● Both used self-signed HTTPS certificate ● Issued by: ssl@servers.carsimedya.com © Copyright NowSecure 2016, Inc. All Rights Reserved. Proprietary Information.
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Continuing investigation Suspicious DNS entries ● Queried IP address - resolved to a server in Germany ● Same DNS as carsimedya.com ● Social media and SEO related ● Investigated router configuration Theories ● Targeted attack ● Mass router compromise (using known or zero-day vulnerability) © Copyright NowSecure 2016, Inc. All Rights Reserved. Proprietary Information.
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Common attack vectors
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Common Attacks 1. Vulnerable software (and firmware) 2. Phishing attacks, email most common but can also be SMS 3. Ransomware - (typically phishing + vulnerable software) 4. Webserver 5. Social engineering 6. Physical With scary cyber criminal image
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Local ABA Webserver
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Web Server Info Scan took 1.5 seconds - IIS 7.5 was released in 2009!
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. IIS 7.5 Known Vulnerabilities
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. .NET Framework 4.0 Know Vulnerabilities
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Ideas on how the Panama papers leaked? Does anyone want to conjecture on how the Panama papers were leaked? The Panama Papers are: 11.5 million leaked documents that detail financial and attorney–client information for more than 214,488 offshore entities.
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Frameworks / Best Practices
NIST Cybersecurity Framework Check it out: https://www.nist.gov/cyberframework
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Five practical info sec tips for non-security firms
© Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. 1 2 3 4 5 Patch Routers Firewalls Wi-Fi Access Points Servers Computer Laptops Mobile phones ....
© Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. 1 2 3 4 5 Patch Routers Firewalls Wi-Fi Access Points Servers Computer Laptops Mobile phones .... Auth Change default passwords! Use a password manager. Two Factor Auth
© Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. 1 2 3 4 5 Patch Routers Firewalls Wi-Fi Access Points Servers Computer Laptops Mobile phones .... Auth Change default passwords! Use a password manager. Two Factor Auth Segment Install a firewall Consider segmenting sensitive servers from computers, mobile and IoT devices and guest Wi-Fi
© Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. 1 2 3 4 5 Patch Auth Segment Install a firewall Consider segmenting sensitive servers from computers, mobile and IoT devices and guest Wi-Fi Encrypt Encrypt data at test Servers Laptops Mobile Devices This is only effective in some scenarios Routers Firewalls Wi-Fi Access Points Servers Computer Laptops Mobile phones .... Change default passwords! Use a password manager. Two Factor Auth
© Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. 1 2 3 4 5 Patch Auth Segment Encrypt Outsource Security is hard so outsourcing makes sense in many situations Primary upside is using large SaaS providers for key systems like email Audit your mobile apps against the framework Set internal requirements for mobile app security Teach developers how to code in compliance with the framework, and teach security auditors how to test apps against it Document framework, education materials, and assessments (i.e., reports), and make sure it’s all organized and accessible
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Security needs to be user friendly or people will circumvent it Executives must lead by example and take responsibility for security Needs to become part of your DNS Assets are valuable, vulnerabilities are everywhere. Attackers have an asymmetric advantage Information Security is org policy and program
Don’t Panic Andrew Hoog CEO / Co-founder, NowSecure ahoog@nowsecure.com 312-878-1100, x4242 Twitter: @ahoog42 nowsecure.com

Recommended

Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
NowSecure
 
Preparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbookPreparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbook
NowSecure
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
NetWatcher
 
It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016
NowSecure
 
How to scale mobile application security testing
How to scale mobile application security testingHow to scale mobile application security testing
How to scale mobile application security testing
NowSecure
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITY
Sylvain Martinez
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
centralohioissa
 
5 Mobile App Security MUST-DOs in 2018
5 Mobile App Security MUST-DOs in 20185 Mobile App Security MUST-DOs in 2018
5 Mobile App Security MUST-DOs in 2018
NowSecure
 

Recommended

Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
NowSecure
 
Preparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbookPreparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbook
NowSecure
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
NetWatcher
 
It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016
NowSecure
 
How to scale mobile application security testing
How to scale mobile application security testingHow to scale mobile application security testing
How to scale mobile application security testing
NowSecure
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITY
Sylvain Martinez
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
centralohioissa
 
5 Mobile App Security MUST-DOs in 2018
5 Mobile App Security MUST-DOs in 20185 Mobile App Security MUST-DOs in 2018
5 Mobile App Security MUST-DOs in 2018
NowSecure
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Eric Vanderburg
 
Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere
Cisco Canada
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
North Texas Chapter of the ISSA
 
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Berezha Security Group
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
Eric Vanderburg
 
Cyber Resilency VANCOUVER, BC Nov 2017
Cyber Resilency VANCOUVER, BC Nov 2017 Cyber Resilency VANCOUVER, BC Nov 2017
Cyber Resilency VANCOUVER, BC Nov 2017
Kevin Murphy
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Zivaro Inc
 
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsMobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Skycure
 
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat ReportWebinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Cyren, Inc
 
Webinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of DefenseWebinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of Defense
Cyren, Inc
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
EnergySec
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
EnergySec
 
A Day in the Life of a GDPR Breach
A Day in the Life of a GDPR BreachA Day in the Life of a GDPR Breach
A Day in the Life of a GDPR Breach
Splunk
 
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
Stanton Viaduc
 
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
NowSecure
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
centralohioissa
 
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS
 
2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident Preparation2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident Preparation
Cimation
 
OFFENSIVE IDS
OFFENSIVE IDSOFFENSIVE IDS
OFFENSIVE IDS
Sylvain Martinez
 
OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure! OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure!
Prathan Phongthiproek
 
Industrial Cybersecurity & SCADA hacks presentation
Industrial Cybersecurity & SCADA hacks presentationIndustrial Cybersecurity & SCADA hacks presentation
Industrial Cybersecurity & SCADA hacks presentation
Gavin Davey
 
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
AVEVA
 

More Related Content

What's hot

Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Berezha Security Group
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
EnergySec
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
EnergySec
 
A Day in the Life of a GDPR Breach
A Day in the Life of a GDPR BreachA Day in the Life of a GDPR Breach
A Day in the Life of a GDPR Breach
Splunk
 
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
Stanton Viaduc
 
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS
 

What's hot (20)

Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
 
Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
 
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
 
Cyber Resilency VANCOUVER, BC Nov 2017
Cyber Resilency VANCOUVER, BC Nov 2017 Cyber Resilency VANCOUVER, BC Nov 2017
Cyber Resilency VANCOUVER, BC Nov 2017
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsMobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 Predictions
 
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat ReportWebinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
 
Webinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of DefenseWebinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of Defense
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
 
A Day in the Life of a GDPR Breach
A Day in the Life of a GDPR BreachA Day in the Life of a GDPR Breach
A Day in the Life of a GDPR Breach
 
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
 
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
 
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
 
2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident Preparation2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident Preparation
 
OFFENSIVE IDS
OFFENSIVE IDSOFFENSIVE IDS
OFFENSIVE IDS
 
OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure! OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure!
 

Viewers also liked

Industrial Cybersecurity & SCADA hacks presentation
Industrial Cybersecurity & SCADA hacks presentationIndustrial Cybersecurity & SCADA hacks presentation
Industrial Cybersecurity & SCADA hacks presentation
Gavin Davey
 

Viewers also liked (20)

Industrial Cybersecurity & SCADA hacks presentation
Industrial Cybersecurity & SCADA hacks presentationIndustrial Cybersecurity & SCADA hacks presentation
Industrial Cybersecurity & SCADA hacks presentation
 
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data Encryption
 
InduSoft Speaks at Houston Infragard on February 17, 2015
InduSoft Speaks at Houston Infragard on February 17, 2015InduSoft Speaks at Houston Infragard on February 17, 2015
InduSoft Speaks at Houston Infragard on February 17, 2015
 
chile-2015 (2)
chile-2015 (2)chile-2015 (2)
chile-2015 (2)
 
Economics Of Networks - Rod Beckstrom, National Cybersecurity Center, Departm...
Economics Of Networks - Rod Beckstrom, National Cybersecurity Center, Departm...Economics Of Networks - Rod Beckstrom, National Cybersecurity Center, Departm...
Economics Of Networks - Rod Beckstrom, National Cybersecurity Center, Departm...
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk Management
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the Boardroom
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Guia extraescolares 17-18
Guia extraescolares 17-18Guia extraescolares 17-18
Guia extraescolares 17-18
 
Mau ghe nail 2017 dep gia re bao hanh 5 nam
Mau ghe nail 2017 dep gia re bao hanh 5 namMau ghe nail 2017 dep gia re bao hanh 5 nam
Mau ghe nail 2017 dep gia re bao hanh 5 nam
 
Ecosistemas eii
Ecosistemas eiiEcosistemas eii
Ecosistemas eii
 
Business is a game & the best team wins
Business is a game & the best team winsBusiness is a game & the best team wins
Business is a game & the best team wins
 
Laboratorio di Internazionalizzazione d’Impresa
Laboratorio di Internazionalizzazione d’ImpresaLaboratorio di Internazionalizzazione d’Impresa
Laboratorio di Internazionalizzazione d’Impresa
 
3Com 10/100BASE-TX
3Com 10/100BASE-TX3Com 10/100BASE-TX
3Com 10/100BASE-TX
 
Boletim 2017
Boletim 2017Boletim 2017
Boletim 2017
 
La evolución
La evoluciónLa evolución
La evolución
 
Tech talent hunting
Tech talent huntingTech talent hunting
Tech talent hunting
 

Similar to Cybersecurity Fundamentals for Bar Associations

How to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’tsHow to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’ts
NowSecure
 
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
NowSecure
 
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppCybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureApp
WeSecureApp
 
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesCASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
NowSecure
 
Secure Your Business 2009
Secure Your Business 2009Secure Your Business 2009
Secure Your Business 2009
RCioffi
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
 

Similar to Cybersecurity Fundamentals for Bar Associations (20)

OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10
 
The fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityThe fundamentals of Android and iOS app security
The fundamentals of Android and iOS app security
 
Five mobile security challenges facing the enterprise
Five mobile security challenges facing the enterpriseFive mobile security challenges facing the enterprise
Five mobile security challenges facing the enterprise
 
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next auditCompliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
 
How to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’tsHow to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’ts
 
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
 
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppCybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureApp
 
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the Code
 
Ri cyber-security-for-your-small-business
Ri cyber-security-for-your-small-businessRi cyber-security-for-your-small-business
Ri cyber-security-for-your-small-business
 
"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016
"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016
"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016
 
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
 
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesCASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
 
iOS and Android security: Differences you need to know
iOS and Android security: Differences you need to knowiOS and Android security: Differences you need to know
iOS and Android security: Differences you need to know
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial Institutions
 
Secure Your Business 2009
Secure Your Business 2009Secure Your Business 2009
Secure Your Business 2009
 
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to know
 
SMB Network Security Checklist
SMB Network Security Checklist SMB Network Security Checklist
SMB Network Security Checklist
 
Beyond the Phish with GTRI and Wombat Security Technologies
Beyond the Phish with GTRI and Wombat Security TechnologiesBeyond the Phish with GTRI and Wombat Security Technologies
Beyond the Phish with GTRI and Wombat Security Technologies
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 

More from NowSecure

Debunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSecDebunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSec
NowSecure
 
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaOSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
NowSecure
 
Mobile App Security Predictions 2019
Mobile App Security Predictions 2019Mobile App Security Predictions 2019
Mobile App Security Predictions 2019
NowSecure
 
Jeff's Journey: Best Practices for Securing Mobile App DevOps
Jeff's Journey: Best Practices for Securing Mobile App DevOpsJeff's Journey: Best Practices for Securing Mobile App DevOps
Jeff's Journey: Best Practices for Securing Mobile App DevOps
NowSecure
 
5 Tips for Agile Mobile App Security Testing
5 Tips for Agile Mobile App Security Testing5 Tips for Agile Mobile App Security Testing
5 Tips for Agile Mobile App Security Testing
NowSecure
 
Solving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesSolving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial services
NowSecure
 
Leaky Mobile Apps: What You Need to Know
Leaky Mobile Apps: What You Need to KnowLeaky Mobile Apps: What You Need to Know
Leaky Mobile Apps: What You Need to Know
NowSecure
 

More from NowSecure (20)

iOS recon with Radare2
iOS recon with Radare2iOS recon with Radare2
iOS recon with Radare2
 
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference ArchitectureFrom Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture
 
Android Q & iOS 13 Privacy Enhancements
Android Q & iOS 13 Privacy EnhancementsAndroid Q & iOS 13 Privacy Enhancements
Android Q & iOS 13 Privacy Enhancements
 
Debunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSecDebunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSec
 
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaOSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
 
Building a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintBuilding a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing Blueprint
 
Mobile App Security Predictions 2019
Mobile App Security Predictions 2019Mobile App Security Predictions 2019
Mobile App Security Predictions 2019
 
Jeff's Journey: Best Practices for Securing Mobile App DevOps
Jeff's Journey: Best Practices for Securing Mobile App DevOpsJeff's Journey: Best Practices for Securing Mobile App DevOps
Jeff's Journey: Best Practices for Securing Mobile App DevOps
 
A Risk-Based Mobile App Security Testing Strategy
A Risk-Based Mobile App Security Testing StrategyA Risk-Based Mobile App Security Testing Strategy
A Risk-Based Mobile App Security Testing Strategy
 
Android P Security Updates: What You Need to Know
Android P Security Updates: What You Need to KnowAndroid P Security Updates: What You Need to Know
Android P Security Updates: What You Need to Know
 
iOS 12 Preview - What You Need To Know
iOS 12 Preview - What You Need To KnowiOS 12 Preview - What You Need To Know
iOS 12 Preview - What You Need To Know
 
5 Tips for Agile Mobile App Security Testing
5 Tips for Agile Mobile App Security Testing5 Tips for Agile Mobile App Security Testing
5 Tips for Agile Mobile App Security Testing
 
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDATop OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
 
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App RiskMobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
 
What attackers know about your mobile apps that you don’t: Banking & FinTech
What attackers know about your mobile apps that you don’t: Banking & FinTechWhat attackers know about your mobile apps that you don’t: Banking & FinTech
What attackers know about your mobile apps that you don’t: Banking & FinTech
 
Solving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesSolving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial services
 
Leaky Mobile Apps: What You Need to Know
Leaky Mobile Apps: What You Need to KnowLeaky Mobile Apps: What You Need to Know
Leaky Mobile Apps: What You Need to Know
 
Vetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security EssentialsVetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security Essentials
 
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligence
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligenceDelivering secure mobile financial services (MFS) - "Frictionless" vs diligence
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligence
 
Next-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNext-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approach
 

Recently uploaded

Notes-on-Prescription-Obligations-and-Contracts.doc
Notes-on-Prescription-Obligations-and-Contracts.docNotes-on-Prescription-Obligations-and-Contracts.doc
Notes-on-Prescription-Obligations-and-Contracts.doc
BRELGOSIMAT
 
ALL EYES ON RAFAH BUT WHY Explain more.pdf
ALL EYES ON RAFAH BUT WHY Explain more.pdfALL EYES ON RAFAH BUT WHY Explain more.pdf
ALL EYES ON RAFAH BUT WHY Explain more.pdf
46adnanshahzad
 
Agrarian Reform Policies in the Philippines: a quiz
Agrarian Reform Policies in the Philippines: a quizAgrarian Reform Policies in the Philippines: a quiz
Agrarian Reform Policies in the Philippines: a quiz
gaelcabigunda
 
RIGHTS OF VICTIM EDITED PRESENTATION(SAIF JAVED).pptx
RIGHTS OF VICTIM EDITED PRESENTATION(SAIF JAVED).pptxRIGHTS OF VICTIM EDITED PRESENTATION(SAIF JAVED).pptx
RIGHTS OF VICTIM EDITED PRESENTATION(SAIF JAVED).pptx
OmGod1
 

Recently uploaded (20)

Notes-on-Prescription-Obligations-and-Contracts.doc
Notes-on-Prescription-Obligations-and-Contracts.docNotes-on-Prescription-Obligations-and-Contracts.doc
Notes-on-Prescription-Obligations-and-Contracts.doc
 
Debt Mapping Camp bebas riba to know how much our debt
Debt Mapping Camp bebas riba to know how much our debtDebt Mapping Camp bebas riba to know how much our debt
Debt Mapping Camp bebas riba to know how much our debt
 
Military Commissions details LtCol Thomas Jasper as Detailed Defense Counsel
Military Commissions details LtCol Thomas Jasper as Detailed Defense CounselMilitary Commissions details LtCol Thomas Jasper as Detailed Defense Counsel
Military Commissions details LtCol Thomas Jasper as Detailed Defense Counsel
 
EMPLOYMENT LAW AN OVERVIEW in Malawi.pptx
EMPLOYMENT LAW AN OVERVIEW in Malawi.pptxEMPLOYMENT LAW AN OVERVIEW in Malawi.pptx
EMPLOYMENT LAW AN OVERVIEW in Malawi.pptx
 
DNA Testing in Civil and Criminal Matters.pptx
DNA Testing in Civil and Criminal Matters.pptxDNA Testing in Civil and Criminal Matters.pptx
DNA Testing in Civil and Criminal Matters.pptx
 
PRECEDENT AS A SOURCE OF LAW (SAIF JAVED).pptx
PRECEDENT AS A SOURCE OF LAW (SAIF JAVED).pptxPRECEDENT AS A SOURCE OF LAW (SAIF JAVED).pptx
PRECEDENT AS A SOURCE OF LAW (SAIF JAVED).pptx
 
VIETNAM - DIRECT POWER PURCHASE AGREEMENTS (DPPA) - Latest development - What...
VIETNAM - DIRECT POWER PURCHASE AGREEMENTS (DPPA) - Latest development - What...VIETNAM - DIRECT POWER PURCHASE AGREEMENTS (DPPA) - Latest development - What...
VIETNAM - DIRECT POWER PURCHASE AGREEMENTS (DPPA) - Latest development - What...
 
Solidarity and Taxation: the Ubuntu approach in South Africa
Solidarity and Taxation: the Ubuntu approach in South AfricaSolidarity and Taxation: the Ubuntu approach in South Africa
Solidarity and Taxation: the Ubuntu approach in South Africa
 
Donald_J_Trump_katigoritirio_stormi_daniels.pdf
Donald_J_Trump_katigoritirio_stormi_daniels.pdfDonald_J_Trump_katigoritirio_stormi_daniels.pdf
Donald_J_Trump_katigoritirio_stormi_daniels.pdf
 
ALL EYES ON RAFAH BUT WHY Explain more.pdf
ALL EYES ON RAFAH BUT WHY Explain more.pdfALL EYES ON RAFAH BUT WHY Explain more.pdf
ALL EYES ON RAFAH BUT WHY Explain more.pdf
 
Law Commission Report. Commercial Court Act.
Law Commission Report. Commercial Court Act.Law Commission Report. Commercial Court Act.
Law Commission Report. Commercial Court Act.
 
Application of Doctrine of Renvoi by foreign courts under conflict of laws
Application of Doctrine of Renvoi by foreign courts under conflict of lawsApplication of Doctrine of Renvoi by foreign courts under conflict of laws
Application of Doctrine of Renvoi by foreign courts under conflict of laws
 
Casa Tradicion v. Casa Azul Spirits (S.D. Tex. 2024)
Casa Tradicion v. Casa Azul Spirits (S.D. Tex. 2024)Casa Tradicion v. Casa Azul Spirits (S.D. Tex. 2024)
Casa Tradicion v. Casa Azul Spirits (S.D. Tex. 2024)
 
indian evidence act.pdf.......very helpful for law student
indian evidence act.pdf.......very helpful for law studentindian evidence act.pdf.......very helpful for law student
indian evidence act.pdf.......very helpful for law student
 
Agrarian Reform Policies in the Philippines: a quiz
Agrarian Reform Policies in the Philippines: a quizAgrarian Reform Policies in the Philippines: a quiz
Agrarian Reform Policies in the Philippines: a quiz
 
7 Basic Steps of Trust Administration.pdf
7 Basic Steps of Trust Administration.pdf7 Basic Steps of Trust Administration.pdf
7 Basic Steps of Trust Administration.pdf
 
RIGHTS OF VICTIM EDITED PRESENTATION(SAIF JAVED).pptx
RIGHTS OF VICTIM EDITED PRESENTATION(SAIF JAVED).pptxRIGHTS OF VICTIM EDITED PRESENTATION(SAIF JAVED).pptx
RIGHTS OF VICTIM EDITED PRESENTATION(SAIF JAVED).pptx
 
What Are the Strategies Offered by Cybercrime Law Firms?
What Are the Strategies Offered by Cybercrime Law Firms?What Are the Strategies Offered by Cybercrime Law Firms?
What Are the Strategies Offered by Cybercrime Law Firms?
 
Charge and its essentials rules Under the CRPC, 1898
Charge and its essentials rules Under the CRPC, 1898Charge and its essentials rules Under the CRPC, 1898
Charge and its essentials rules Under the CRPC, 1898
 
Abdul Hakim Shabazz Deposition Hearing in Federal Court
Abdul Hakim Shabazz Deposition Hearing in Federal CourtAbdul Hakim Shabazz Deposition Hearing in Federal Court
Abdul Hakim Shabazz Deposition Hearing in Federal Court
 

Cybersecurity Fundamentals for Bar Associations

  • 1. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Cybersecurity Fundamentals for Bar Associations
  • 2. Andrew Hoog CEO and Co-founder of NowSecure © Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. ● Computer scientist & mobile security researcher ● Author of three mobile security books ● Enjoyer of science fiction, running and red wine © Copyright NowSecure 2016, Inc. All Rights Reserved. Proprietary Information.
  • 3. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Contents ● Why invest in cybersecurity? ● Assets-based risk assessment ● Common attacks vectors ● Frameworks / Best Practices
  • 4. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Why invest in cybersecurity?
  • 5. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Model Rules of Professional Conduct 1.6: Confidentiality of Information (c) A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.
  • 6. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Your job? Your bonus?
  • 7. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Anyone heard of the Panama papers? The Panama Papers are: 11.5 million leaked documents that detail financial and attorney–client information for more than 214,488 offshore entities.
  • 8. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Regulation
  • 9. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. FTC v. Wyndham “A company does not act equitably when it publishes a privacy policy to attract customers who are concerned about data privacy, fails to make good on that promise by investing inadequate resources in cybersecurity, exposes its unsuspecting customers to substantial financial injury, and retains the profits of their business.” Circuit Judge Thomas Ambro, United States Court of Appeals for the Third District
  • 10. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. FTC v. Wyndhan FTC has authority to bring data security cases Apple App Store and Google Play store require privacy policies Failure to invest in security of those apps (i.e., “do what you say”) puts you at risk
  • 11. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Information Security - It’s a process, yo! Information Security Management System (ISMS) is not a computer system but an organizational policy and program to implement and manage information security. A major component of this is executive accountability for information security, making clear the responsibility overall and also "ownership" of specific systems/data.
  • 12. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Asset-based risk assessment
  • 13. © Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. Assets of value Things I heard you value ● Member database ● Credit cards ● PII ● Anything related to cases ● … Things attackers may also value
  • 14. © Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. Assets of value Things I heard you value ● Member database ● Credit cards ● PII ● Anything related to cases ● … Things attackers may also value ● Network (DDoS) ● CPU (bitcoin mining, wheeee!) ● Your identity ● Making a point (political / philosophical agendas) ● Bragging rights
  • 15. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. I think of vulnerabilities in three buckets Unknown / No fix Best practices Very little anyone can do here See router example (vulnerable cable modem) Tactics: implement best practices and try to limit what attackers can access This is the area to focus most energy 80/20 rule in play here, meaning a reasonable amount of effort will address 80% of your risk. The remaining 20% is precipitously expensive and difficult to address. Targeted attacks Can’t defend against Attacker will ultimately succeed Tactics: implement best practices and try to limit what attackers can access
  • 16. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Compromised router
  • 17. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. It all began on Saturday, February 13 ● Certificate error ● Examined the details ● Determined there was an issue Documented the issue Contacted corporate security team ● Attempted to re-create on iPad, other iOS devices, laptop, desktop © Copyright NowSecure 2016, Inc. All Rights Reserved. Proprietary Information.
  • 18. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Info gathering and identification Symptoms ● Gmail app wouldn’t sync ● Wi-Fi certificate errors ● Analyzed certificate Hosted in shared environment ● Istanbul ● Both used self-signed HTTPS certificate ● Issued by: ssl@servers.carsimedya.com © Copyright NowSecure 2016, Inc. All Rights Reserved. Proprietary Information.
  • 19. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Continuing investigation Suspicious DNS entries ● Queried IP address - resolved to a server in Germany ● Same DNS as carsimedya.com ● Social media and SEO related ● Investigated router configuration Theories ● Targeted attack ● Mass router compromise (using known or zero-day vulnerability) © Copyright NowSecure 2016, Inc. All Rights Reserved. Proprietary Information.
  • 20. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Common attack vectors
  • 21. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Common Attacks 1. Vulnerable software (and firmware) 2. Phishing attacks, email most common but can also be SMS 3. Ransomware - (typically phishing + vulnerable software) 4. Webserver 5. Social engineering 6. Physical With scary cyber criminal image
  • 22. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Local ABA Webserver
  • 23. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Web Server Info Scan took 1.5 seconds - IIS 7.5 was released in 2009!
  • 24. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. IIS 7.5 Known Vulnerabilities
  • 25. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. .NET Framework 4.0 Know Vulnerabilities
  • 26. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Ideas on how the Panama papers leaked? Does anyone want to conjecture on how the Panama papers were leaked? The Panama Papers are: 11.5 million leaked documents that detail financial and attorney–client information for more than 214,488 offshore entities.
  • 27. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Frameworks / Best Practices
  • 28. NIST Cybersecurity Framework Check it out: https://www.nist.gov/cyberframework
  • 29. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Five practical info sec tips for non-security firms
  • 30. © Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. 1 2 3 4 5 Patch Routers Firewalls Wi-Fi Access Points Servers Computer Laptops Mobile phones ....
  • 31. © Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. 1 2 3 4 5 Patch Routers Firewalls Wi-Fi Access Points Servers Computer Laptops Mobile phones .... Auth Change default passwords! Use a password manager. Two Factor Auth
  • 32. © Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. 1 2 3 4 5 Patch Routers Firewalls Wi-Fi Access Points Servers Computer Laptops Mobile phones .... Auth Change default passwords! Use a password manager. Two Factor Auth Segment Install a firewall Consider segmenting sensitive servers from computers, mobile and IoT devices and guest Wi-Fi
  • 33. © Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. 1 2 3 4 5 Patch Auth Segment Install a firewall Consider segmenting sensitive servers from computers, mobile and IoT devices and guest Wi-Fi Encrypt Encrypt data at test Servers Laptops Mobile Devices This is only effective in some scenarios Routers Firewalls Wi-Fi Access Points Servers Computer Laptops Mobile phones .... Change default passwords! Use a password manager. Two Factor Auth
  • 34. © Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. 1 2 3 4 5 Patch Auth Segment Encrypt Outsource Security is hard so outsourcing makes sense in many situations Primary upside is using large SaaS providers for key systems like email Audit your mobile apps against the framework Set internal requirements for mobile app security Teach developers how to code in compliance with the framework, and teach security auditors how to test apps against it Document framework, education materials, and assessments (i.e., reports), and make sure it’s all organized and accessible
  • 35. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Security needs to be user friendly or people will circumvent it Executives must lead by example and take responsibility for security Needs to become part of your DNS Assets are valuable, vulnerabilities are everywhere. Attackers have an asymmetric advantage Information Security is org policy and program
  • 36. Don’t Panic Andrew Hoog CEO / Co-founder, NowSecure ahoog@nowsecure.com 312-878-1100, x4242 Twitter: @ahoog42 nowsecure.com