The Network Support Company, profile picture
Uploaded byThe Network Support Company
PPTX, PDF789 views

IT & Network Security Awareness

The document discusses security awareness and the growing threat of cyber attacks and data breaches. It notes that malware has become more sophisticated, targeting data and businesses rather than just PCs. The impacts of data breaches can include high costs for businesses. It recommends practicing defense in depth across networks, endpoints, and security tools to balance risk and costs. Cyber/privacy breach insurance can help cover liabilities and costs imposed by laws and regulations in the event of a security incident.

Embed presentation

Downloaded 28 times
April 26th, 2016 Security Awareness Security is the degree of resistance to, or protection from, harm. …if security breaks down, technology breaks down
• Current Security Landscape • The Impact of Data Breach or Data Loss • Raise everyone’s overall awareness • Security risks • Techniques to reduce risk • Changes in Strategy • What we should and can be doing? Goal for Today Protecting People, Property and Business Assets
“The AV-TEST Institute registers over 390,000 new malicious programs every day” Security is a Growing Concern https://www.av-test.org
Malware has Changed Then • Low Business Impact • Less Sophisticated • Targeted PC’s Now • High Business Impact • High Sophistication • Targets Data High Visibility Low ThenOrganizationalRiskNow
Active malware trends over the last 10 years Security is a Growing Concern
Malware development trends over the last 10 years Security is a Growing Concern
• Businesses ability recover • Brand damage • Associated Costs The Impact of Data Breach or Data Loss
Cost of Breaches 32% of organizations have reported cyber-crime
Attackers Evolve, Adapt and Accelerate • Attackers are nimble, opportunistic, cooperative, skilled and relentless • Their motivation, resiliency, and creativity drives great adaptability • Acceleration in their methods, tools, and targets (technology, people, processes)
Attackers Evolve, Adapt and Accelerate • Dark markets and services grow • New data breach targets emerge • Attacks will drive down the technology stack • Data • Apps • Operating Systems • Firmware • Hardware • Ransomware and “CEO email” fraud rises
• 80% of Infections stem from massive e- mail attacks • Phishing vs Spear Phishing • Attackers are aware of 3rd party relationships between large targets and smaller service providers Phishing
Phishing
Phishing
Phishing
Phishing
Services for sale
Need a credit card ?
Another Scary Fact
Background Security goes back as far a man kind.
The Traditional Approach to Security Internet Firewall Antivirus
Early Defense in Depth
Defense in Depth Example Internet Firewall Antivirus Antispyware Intrusion Prevention Antivirus & Antimalware
Defense in Depth The idea behind “Defense in Depth” is to defend your data and systems against any particular attack, using several independent methods Perimeter Internal Network Endpoint •Firewall •CGSS •IPS •Policies •Access Rights •Monitoring •Antivirus •Anti Malware •Cloud Security
Why is all this important?
The United States is the most targeted country in the world. Fireeye Cyber Threat Map
Who are we trying to protect from? • Nation States • Insiders • Organized Crime • Other Companies • Thrill Seekers • Notoriety • Political Activists
How do they do it? • Poorly configured systems using default passwords and settings which are weak • Exploit known vulnerabilities which are easy to find • Metasploit • CGE (Cisco Global Exploiter) • Password cracking tools to break weak passwords • Social engineering / Email • Planting infection in web sites • Real examples
• Train Network Users to have a healthy level of skepticism • Keep Software up to date • Least privileged access • Encrypt Data in transit & on mobile devices • Segment & Isolate Networks • Documented and Tested DR Plan • Regular tests/auditing to ensure measures are effective • Data Loss Protection tools Tools and Techniques Summary
• Seek an optimal balance of Risk/Cost for your business • Understand what we are protecting • Treat security as on going concern • Not a set it and forget it • Ongoing Security Awareness Training Summary
Will Anyone Out There Take on the Rest of My Risk?
Why Cyber/Privacy Breach Liability Insurance? • Both the federal government, and each of the 50 states, impose certain actions upon persons/entities/businesses/agencies who maintain personal information on systems or computers in the event of a breach or suspected breach. • “Certain actions” could include written notice to all impacted individuals, purchase of individual identification protection for 1 year (“Lifelock”), credit report monitoring for each impacted individual, and monetary responsibility for financial losses to the impacted individuals. • There is NO insurance coverage for any of these items absent a cyber/privacy breach liability policy. • The existence of statute and the absence of insurance creates an unfunded potential liability.
What Perils Will Cyber/Privacy Breach Insure For? • Liability imposed by statute • Regulatory defense and penalties • PCI fines and expenses • Notification of Individuals expenses • Legal services/crisis management/public relations services. • Cyber extortion • Specific coverage parts can be bought “ala carte” or are offered as a “bundle” depending on specific need.
What Perils will Cyber/Privacy breach NOT Insure for? • Failure to perform professional duties in a satisfactory manner. (Ex: systems designs, software build). • Loss of digital assets (data). • Loss of revenue (unless specifically added to the cyber policy). • First party theft of money/securities.
Premium Drivers • Revenues/Size of the organization or business. • # of records/contacts in the possession of the entity. • Past claim history. • Industry group (low risk versus high risk). • Limits of insurance purchased/deductibles taken. • Specific coverage parts purchased. • Presence of systems safeguards/professional handling of IT exposures.
Availability of Insurance • Evolving market…some new entrants, some have left the market. Some names you will recognize (AIG), some you will not (Beazley). • Insurance policy, generally, has been adding more coverage in recent years. • Insurance pricing, generally, has declined a bit in recent years. • Application process remains fairly simple: complete a written application (2 to 10 pages), and provide any requested documentation. • If application is denied, carriers will tell you why.
Claim Examples • Accounting firms: Systems are hacked…private info stolen. • Ad Agency: Disgruntled employee provides ‘per click’ data to a competitor of the firm’s client. Client sues for breach of contract/confidentiality. • Not For Profit Group: Loss of a donor list. • Country club/golf course: Credit card transactions are hacked. Loss of cash and private information. • Hacking from outside/”inside job”/carelessness.
Cyber/Privacy Breach Insurance Impacts • In 2011, 35% of all Zurich Ins. Co. survey respondents bought cyber insurance; by 2015, the figure was 61%. • Of cyber attacks experienced by 252 sample employers, 99% were viruses/worms/trojans (high end) with 35% caused by malicious insiders (low end). (Poneman Institute 2015 Study) • Average claim cost due to cyber events were $1,388 per capita for small firms; $431 per capita for large firms. (Poneman Institute 2015 Study)
THANK YOU TO OUR SPONSORS!
Live Hacking Demo

More Related Content

PDF
Best Practices for Security Awareness and Training
byKimberly Hood
 
PPTX
The need for effective information security awareness practices.
byCAS
 
PPT
End User Security Awareness Presentation
byCristian Mihai
 
PDF
Cybersecurity Employee Training
byPaige Rasid
 
PPT
Information Security Awareness And Training Business Case For Web Based Solut...
byMichael Kaishar, MSIA | CISSP
 
PPTX
GRRCON 2013: Imparting security awareness to all levels of users
byJoel Cardella
 
PPTX
Employee Awareness in Cyber Security - Kloudlearn
byKloudLearn
 
PPT
Employee Security Awareness Program
byCommLab India – Rapid eLearning Solutions
 
Best Practices for Security Awareness and Training
byKimberly Hood
 
The need for effective information security awareness practices.
byCAS
 
End User Security Awareness Presentation
byCristian Mihai
 
Cybersecurity Employee Training
byPaige Rasid
 
Information Security Awareness And Training Business Case For Web Based Solut...
byMichael Kaishar, MSIA | CISSP
 
GRRCON 2013: Imparting security awareness to all levels of users
byJoel Cardella
 
Employee Awareness in Cyber Security - Kloudlearn
byKloudLearn
 
Employee Security Awareness Program
byCommLab India – Rapid eLearning Solutions
 

What's hot

PPTX
Information Security Awareness
bySnapComms
 
PDF
Information Security Awareness
byNet at Work
 
PPTX
information security awareness course
byAbdul Manaf Vellakodath
 
PDF
Customer information security awareness training
byAbdalrhmanTHassan
 
PPTX
IT Security and Risk Mitigation
byMukalele Rogers
 
PDF
Information security for dummies
byIvo Depoorter
 
PPT
Executive Information Security Training
byAngela Samuels
 
PDF
Raising information security awareness
byTerranovatraining
 
PPTX
Cyber 101 for smb execs v1
byNetWatcher
 
PDF
IT Security - Guidelines
byPedro Espinosa
 
PDF
Information security
byVijayananda Mohire
 
PDF
Information security awareness (sept 2012) bis handout
byMarc Vael
 
PPT
Information Technology Security Basics
byMohan Jadhav
 
PPT
Cyber Risks
byRickWaldman
 
PPTX
How to assess and manage cyber risk
byStephen Cobb
 
PPTX
Cyber Risk: Exposures, prevention, and solutions
byCapri Insurance
 
PDF
Security Awareness Training
byDaniel P Wallace
 
PPTX
Basic Security Training for End Users
byCommunity IT Innovators
 
PDF
Social Engineering Audit & Security Awareness
byCBIZ, Inc.
 
Information Security Awareness
bySnapComms
 
Information Security Awareness
byNet at Work
 
information security awareness course
byAbdul Manaf Vellakodath
 
Customer information security awareness training
byAbdalrhmanTHassan
 
IT Security and Risk Mitigation
byMukalele Rogers
 
Information security for dummies
byIvo Depoorter
 
Executive Information Security Training
byAngela Samuels
 
Raising information security awareness
byTerranovatraining
 
Cyber 101 for smb execs v1
byNetWatcher
 
IT Security - Guidelines
byPedro Espinosa
 
Information security
byVijayananda Mohire
 
Information security awareness (sept 2012) bis handout
byMarc Vael
 
Information Technology Security Basics
byMohan Jadhav
 
Cyber Risks
byRickWaldman
 
How to assess and manage cyber risk
byStephen Cobb
 
Cyber Risk: Exposures, prevention, and solutions
byCapri Insurance
 
Security Awareness Training
byDaniel P Wallace
 
Basic Security Training for End Users
byCommunity IT Innovators
 
Social Engineering Audit & Security Awareness
byCBIZ, Inc.
 

Viewers also liked

PPTX
Cyber Security 101: Training, awareness, strategies for small to medium sized...
byStephen Cobb
 
PDF
internet securityand cyber law Unit2
byRoyalzig Luxury Furniture
 
PDF
IT Security Awareness - How to?
byNarinrit Prem-apiwathanokul
 
PPT
Chapter2 the need to security
byDhani Ahmad
 
PPTX
Social engineering
byVishal Kumar
 
PDF
Social Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
bynwrecruit
 
PPTX
Social engineering-Attack of the Human Behavior
byJames Krusic
 
PDF
Cyber security awareness for students
byKandarp Shah
 
PPT
BASIC IT AND CYBER SECURITY AWARENESS
byMd Abu Syeem Dipu
 
PDF
Social Engineering - Strategy, Tactics, & Case Studies
byPraetorian
 
PPTX
10 Things to Watch for in 2016
byCourion Corporation
 
PPTX
Episode 5 Justin Somaini of Box.com
byContrast Security
 
PPT
Zaptech Solutions - Software Development Company
byZaptech Solutions
 
PDF
OpenStack 101 Presentation
byEVault
 
PPTX
Call Management Services Should be Part of Every Business Telephone System
byMahindra Comviva
 
PDF
Infographic: 10 Jaw-dropping Skype for Business Stats
byExinda
 
PDF
Embracing Mobile First
byCoreMedia
 
PDF
Optimizing the Monetization of a Connected Universe
byComverse, Inc.
 
PPTX
Why Your Company MUST Upgrade Windows XP, Office 2003 & Small Business Serve...
byChad Massaker
 
PDF
Product Engineering
byGeometric Ltd.
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
byStephen Cobb
 
internet securityand cyber law Unit2
byRoyalzig Luxury Furniture
 
IT Security Awareness - How to?
byNarinrit Prem-apiwathanokul
 
Chapter2 the need to security
byDhani Ahmad
 
Social engineering
byVishal Kumar
 
Social Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
bynwrecruit
 
Social engineering-Attack of the Human Behavior
byJames Krusic
 
Cyber security awareness for students
byKandarp Shah
 
BASIC IT AND CYBER SECURITY AWARENESS
byMd Abu Syeem Dipu
 
Social Engineering - Strategy, Tactics, & Case Studies
byPraetorian
 
10 Things to Watch for in 2016
byCourion Corporation
 
Episode 5 Justin Somaini of Box.com
byContrast Security
 
Zaptech Solutions - Software Development Company
byZaptech Solutions
 
OpenStack 101 Presentation
byEVault
 
Call Management Services Should be Part of Every Business Telephone System
byMahindra Comviva
 
Infographic: 10 Jaw-dropping Skype for Business Stats
byExinda
 
Embracing Mobile First
byCoreMedia
 
Optimizing the Monetization of a Connected Universe
byComverse, Inc.
 
Why Your Company MUST Upgrade Windows XP, Office 2003 & Small Business Serve...
byChad Massaker
 
Product Engineering
byGeometric Ltd.
 

Similar to IT & Network Security Awareness

PPTX
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
byDon Grauel
 
PPTX
Cybersecurity Seminar March 2015
byLawley Insurance
 
PPTX
The Basics of Cyber Insurance
byHB Litigation Conferences
 
PPTX
Cyber Security Awareness Session for Executives and Non-IT professionals
byKrishna Srikanth Manda
 
PPTX
Clinton- Cyber IRT Balto 10_2012
byDon Grauel
 
PPT
Statewide Insurance Brokers - Cyber Insurance 101
byStatewide Insurance Brokers
 
PPTX
Hacking the Human - How Secure Is Your Organization?
byCBIZ, Inc.
 
PDF
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
byPaige Rasid
 
PDF
Protecting Your Business From Cyber Risks
byThis account is closed
 
PPTX
CCIAOR Cyber Security Forum
byCCIAOR
 
PPTX
The Evolution of Cybercrime
byStephen Cobb
 
PDF
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
byJames Fisher
 
PPTX
I’ve Been Hacked  The Essential Steps to Take Next
byBrian Pichman
 
PPTX
What is Information Security and why you should care ...
byJames Mulhern
 
PPT
George Gavras 2010 Fowler Seminar
byDon Grauel
 
PDF
Measures to Avoid Cyber-attacks
bySkillmine Technology Consulting
 
PDF
Measure To Avoid Cyber Attacks
bySkillmine Technology Consulting
 
PPTX
Cyber Security and Healthcare
byJonathon Coulter
 
PDF
Axxera End Point Security Protection
byShawn Crimson
 
PPTX
The CPAs Guide to Buying Cyber Insurance
byJoseph Brunsman
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
byDon Grauel
 
Cybersecurity Seminar March 2015
byLawley Insurance
 
The Basics of Cyber Insurance
byHB Litigation Conferences
 
Cyber Security Awareness Session for Executives and Non-IT professionals
byKrishna Srikanth Manda
 
Clinton- Cyber IRT Balto 10_2012
byDon Grauel
 
Statewide Insurance Brokers - Cyber Insurance 101
byStatewide Insurance Brokers
 
Hacking the Human - How Secure Is Your Organization?
byCBIZ, Inc.
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
byPaige Rasid
 
Protecting Your Business From Cyber Risks
byThis account is closed
 
CCIAOR Cyber Security Forum
byCCIAOR
 
The Evolution of Cybercrime
byStephen Cobb
 
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
byJames Fisher
 
I’ve Been Hacked  The Essential Steps to Take Next
byBrian Pichman
 
What is Information Security and why you should care ...
byJames Mulhern
 
George Gavras 2010 Fowler Seminar
byDon Grauel
 
Measures to Avoid Cyber-attacks
bySkillmine Technology Consulting
 
Measure To Avoid Cyber Attacks
bySkillmine Technology Consulting
 
Cyber Security and Healthcare
byJonathon Coulter
 
Axxera End Point Security Protection
byShawn Crimson
 
The CPAs Guide to Buying Cyber Insurance
byJoseph Brunsman
 

Recently uploaded

PDF
Weaponizing the Neutral Web: Analyzing Adversary Botnets for Offensive Cyber ...
byJoe Slowik
 
PPTX
Living in IT Era Module 5 - (DIGITAL TECHNOLOGY AND SOCIAL CHANGES).pptx
bycjregua03
 
PDF
The Girl Who Left a Mark - Deep Impact of Kindness to a person
byAnoop Singh Nagi
 
PPTX
AWS Architecture Design Icons Template.pptx
bybiqtor1
 
PDF
Beacon Kit paper date: 11 February 2026 pdf
bySteven McGee
 
PPTX
Your Complete Brand Protection Guide with Fieldwatch.ai!
byFieldwatch ai
 
PDF
Top 3 Snapchat Monitoring Apps of 2026 for Activity Tracking
byMichael Carter
 
Weaponizing the Neutral Web: Analyzing Adversary Botnets for Offensive Cyber ...
byJoe Slowik
 
Living in IT Era Module 5 - (DIGITAL TECHNOLOGY AND SOCIAL CHANGES).pptx
bycjregua03
 
The Girl Who Left a Mark - Deep Impact of Kindness to a person
byAnoop Singh Nagi
 
AWS Architecture Design Icons Template.pptx
bybiqtor1
 
Beacon Kit paper date: 11 February 2026 pdf
bySteven McGee
 
Your Complete Brand Protection Guide with Fieldwatch.ai!
byFieldwatch ai
 
Top 3 Snapchat Monitoring Apps of 2026 for Activity Tracking
byMichael Carter
 

IT & Network Security Awareness

  • 1.
    April 26th, 2016 SecurityAwareness Security is the degree of resistance to, or protection from, harm. …if security breaks down, technology breaks down
  • 3.
    • Current SecurityLandscape • The Impact of Data Breach or Data Loss • Raise everyone’s overall awareness • Security risks • Techniques to reduce risk • Changes in Strategy • What we should and can be doing? Goal for Today Protecting People, Property and Business Assets
  • 4.
    “The AV-TEST Instituteregisters over 390,000 new malicious programs every day” Security is a Growing Concern https://www.av-test.org
  • 5.
    Malware has Changed Then •Low Business Impact • Less Sophisticated • Targeted PC’s Now • High Business Impact • High Sophistication • Targets Data High Visibility Low ThenOrganizationalRiskNow
  • 6.
    Active malware trends overthe last 10 years Security is a Growing Concern
  • 7.
    Malware development trends overthe last 10 years Security is a Growing Concern
  • 8.
    • Businesses abilityrecover • Brand damage • Associated Costs The Impact of Data Breach or Data Loss
  • 9.
    Cost of Breaches 32% oforganizations have reported cyber-crime
  • 10.
    Attackers Evolve, Adaptand Accelerate • Attackers are nimble, opportunistic, cooperative, skilled and relentless • Their motivation, resiliency, and creativity drives great adaptability • Acceleration in their methods, tools, and targets (technology, people, processes)
  • 11.
    Attackers Evolve, Adaptand Accelerate • Dark markets and services grow • New data breach targets emerge • Attacks will drive down the technology stack • Data • Apps • Operating Systems • Firmware • Hardware • Ransomware and “CEO email” fraud rises
  • 12.
    • 80% ofInfections stem from massive e- mail attacks • Phishing vs Spear Phishing • Attackers are aware of 3rd party relationships between large targets and smaller service providers Phishing
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 20.
  • 22.
  • 23.
    The Traditional Approachto Security Internet Firewall Antivirus
  • 24.
  • 25.
    Defense in DepthExample Internet Firewall Antivirus Antispyware Intrusion Prevention Antivirus & Antimalware
  • 26.
    Defense in Depth Theidea behind “Defense in Depth” is to defend your data and systems against any particular attack, using several independent methods Perimeter Internal Network Endpoint •Firewall •CGSS •IPS •Policies •Access Rights •Monitoring •Antivirus •Anti Malware •Cloud Security
  • 27.
    Why is allthis important?
  • 28.
    The United States isthe most targeted country in the world. Fireeye Cyber Threat Map
  • 29.
    Who are wetrying to protect from? • Nation States • Insiders • Organized Crime • Other Companies • Thrill Seekers • Notoriety • Political Activists
  • 30.
    How do theydo it? • Poorly configured systems using default passwords and settings which are weak • Exploit known vulnerabilities which are easy to find • Metasploit • CGE (Cisco Global Exploiter) • Password cracking tools to break weak passwords • Social engineering / Email • Planting infection in web sites • Real examples
  • 31.
    • Train NetworkUsers to have a healthy level of skepticism • Keep Software up to date • Least privileged access • Encrypt Data in transit & on mobile devices • Segment & Isolate Networks • Documented and Tested DR Plan • Regular tests/auditing to ensure measures are effective • Data Loss Protection tools Tools and Techniques Summary
  • 32.
    • Seek anoptimal balance of Risk/Cost for your business • Understand what we are protecting • Treat security as on going concern • Not a set it and forget it • Ongoing Security Awareness Training Summary
  • 33.
    Will Anyone OutThere Take on the Rest of My Risk?
  • 34.
    Why Cyber/Privacy BreachLiability Insurance? • Both the federal government, and each of the 50 states, impose certain actions upon persons/entities/businesses/agencies who maintain personal information on systems or computers in the event of a breach or suspected breach. • “Certain actions” could include written notice to all impacted individuals, purchase of individual identification protection for 1 year (“Lifelock”), credit report monitoring for each impacted individual, and monetary responsibility for financial losses to the impacted individuals. • There is NO insurance coverage for any of these items absent a cyber/privacy breach liability policy. • The existence of statute and the absence of insurance creates an unfunded potential liability.
  • 35.
    What Perils WillCyber/Privacy Breach Insure For? • Liability imposed by statute • Regulatory defense and penalties • PCI fines and expenses • Notification of Individuals expenses • Legal services/crisis management/public relations services. • Cyber extortion • Specific coverage parts can be bought “ala carte” or are offered as a “bundle” depending on specific need.
  • 36.
    What Perils willCyber/Privacy breach NOT Insure for? • Failure to perform professional duties in a satisfactory manner. (Ex: systems designs, software build). • Loss of digital assets (data). • Loss of revenue (unless specifically added to the cyber policy). • First party theft of money/securities.
  • 37.
    Premium Drivers • Revenues/Sizeof the organization or business. • # of records/contacts in the possession of the entity. • Past claim history. • Industry group (low risk versus high risk). • Limits of insurance purchased/deductibles taken. • Specific coverage parts purchased. • Presence of systems safeguards/professional handling of IT exposures.
  • 38.
    Availability of Insurance •Evolving market…some new entrants, some have left the market. Some names you will recognize (AIG), some you will not (Beazley). • Insurance policy, generally, has been adding more coverage in recent years. • Insurance pricing, generally, has declined a bit in recent years. • Application process remains fairly simple: complete a written application (2 to 10 pages), and provide any requested documentation. • If application is denied, carriers will tell you why.
  • 39.
    Claim Examples • Accountingfirms: Systems are hacked…private info stolen. • Ad Agency: Disgruntled employee provides ‘per click’ data to a competitor of the firm’s client. Client sues for breach of contract/confidentiality. • Not For Profit Group: Loss of a donor list. • Country club/golf course: Credit card transactions are hacked. Loss of cash and private information. • Hacking from outside/”inside job”/carelessness.
  • 40.
    Cyber/Privacy Breach InsuranceImpacts • In 2011, 35% of all Zurich Ins. Co. survey respondents bought cyber insurance; by 2015, the figure was 61%. • Of cyber attacks experienced by 252 sample employers, 99% were viruses/worms/trojans (high end) with 35% caused by malicious insiders (low end). (Poneman Institute 2015 Study) • Average claim cost due to cyber events were $1,388 per capita for small firms; $431 per capita for large firms. (Poneman Institute 2015 Study)
  • 41.
    THANK YOU TOOUR SPONSORS!
  • 42.

Editor's Notes

  • #3 Jim…
  • #4 Jim….. Beside making everyone as paranoid as me, my goal here today is to….
  • #5 Buddy
  • #6 Buddy
  • #7 Buddy …. We focus a little more on malware because it can create back doors, exfiltrate data, slow systems down and more
  • #8 Buddy…..Comparison from 2012 thru today from a strategy standpoint and how we address
  • #9 Jim …. A data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property etc. Costs of fines Insurance
  • #10 Jim…. Lots of statistics which vary somewhat but all convey the same message. Companies that experience an outage lasting more the 10 day days will have financial challenges 50% of those companies will be out of business in 5 years The National Cyber Security Alliance indicates 60% of small firms go out of business within 6 months of a breach 25% will never reopen after a major data loss 70% of small firms that experience a major data loss will go out of business in a year 85% of all breaches happen to small businesses In a 2015 study by IBM, they report the average cost for each record of lost or stolen records contain sensitive information and confidential information rose from 145 to $154 per record. The JP Morgan data breach in 2014 affected 76 million households and 7 million small businesses Now JPMorgan never announced the exact cost but they did announce a $250 million dollar a year spend on security. Now the math would indicate that breach cost them over 12.7 Billion dollars.
  • #11 Buddy
  • #12 Buddy… Malware for rent Customer support for malware Firmware/Hardware attacks are up in coming – lack of security on IoT devices – updates are required ----Shodan
  • #13 Buddy
  • #14 Buddy… Targeted or spear phishing example Automated vs manual
  • #15 Buddy
  • #17 Buddy
  • #19 We know stolen credit cards are a sought after commodity. What if you wanted to buy them? Here is a site that sells the stolen cards. They even guarantee that 80% of them will work!
  • #20 Here is a hacker for hire that does some messed up stuff:
  • #21 Jim…. Anybody want to guess the amount a time it took for a company to realize they have been breached… According to the same IBM study a malicious attack on average took 256 before it was discovered and breach….. Before anything was known
  • #22 Most of the time the detection is provided by a third party, like the FBI,
  • #23 Jim… Security is nothing new. It dates all the way back to the beginning of man kind when our friendly caveman carried a club to simply protect his cave.
  • #24 Jim or Buddy
  • #25 Jim As man developed so did the methods of protection that were required during whatever period we’re talking about. In medieval times there was armor and moots around castles. This may have been considered the beginning of defense in depth. You’d have to get through the armored guard outside the castle and somehow cross the alligator infested waters and then no doubt be met inside with additional resistance or protection before ever getting to the crown jewels. Its really this concept that we try to establish today when architecting IT security. No more is it simply the caveman at the gate. So we have in this example
  • #26 Jim or Buddy
  • #28 Jim It adds context to different methods of protecting the crown jewels of organizations
  • #29 Jim
  • #30 Jim
  • #31 Jim Example: recently I was working on a client that was having constant account lockouts and we quickly determined it was coming from outside. I ran a scan from my home and with 1 minute determined the domain name, computer name and I could have easily determined vulnerability and attempted to exploit them… Another example, performed a scan on a internal network and discovered a undocumented device which had port 53 and 80 open and listening. Not being sure what it is, pull up browser and discover it’s a wireless router. So I identify the model, on a hunch go to my friendly google to get the default uid/pwd, and bingo I’m in. Now the SSID did have a “strong” password for WPA2 security, but it didn’t make any difference… again a poorly configured system.. A third recent example, I was performing an assessment and as part of the process I like to interview people. So I asked if there was any sensitive data on the network and if so where. I wanted to check permissions on the folder. The crown jewel folder had full open access to all users and it did contain sensitive data, like w-2’s workers comp data, etc. So what are we to do….
  • #32 Jim or Buddy Wireless guest access Crypto Passwords vs pass phrases
  • #33 Jim or Buddy