The document discusses cybersecurity incident response and preparation. It notes that two-thirds of surveyed executives ranked cybersecurity as a top risk, but only 19% expressed high confidence in their ability to respond to an incident. It then discusses defining incidents, typical attack timelines, preparing a response team and plan, minimizing impact during an incident through best practices, and conducting recovery preparations through training exercises.
( ** Cyber Security Training: https://www.edureka.co/cybersecurity-certification-training ** )
This Edureka PPT on "Penetration Testing" will help you understand all about penetration testing, its methodologies, and tools. Below is the list of topics covered in this session:
What is Penetration Testing?
Phases of Penetration Testing
Penetration Testing Types
Penetration Testing Tools
How to perform Penetration Testing on Kali Linux?
Cyber Security Playlist: https://bit.ly/2N2jlNN
Cyber Security Blog Series: https://bit.ly/2AuULkP
Instagram: https://www.instagram.com/edureka_lea...
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
This presentation will provide an overview of what a penetration test is, why companies pay for them, and what role they play in most IT security programs. It will also include a brief overview of the common skill sets and tools used by today’s security professionals. Finally, it will offer some basic advice for getting started in penetration testing. This should be interesting to aspiring pentesters trying to gain a better understanding of how penetration testing fits into the larger IT security world.
Additional resources can be found in the blog below:
https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers
More security blogs by the authors can be found @
https://www.netspi.com/blog/
A man-in-the-middle (MitM) attack is a type of cyber attack where the attacker secretly intercepts communications between two parties who believe they are directly communicating with each other. The attacker can then steal sensitive information like user credentials by redirecting traffic to fake websites or intercepting network traffic. Common MitM attacks include DNS spoofing, HTTP spoofing, cache poisoning, and session hijacking. Organizations can help prevent these attacks by using HTTPS, avoiding public WiFi, implementing endpoint security, and warning users about phishing emails.
This Edureka PPT on "Application Security" will help you understand what application security is and measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities.
Following are the topics covered in this PPT:
Introduction to Cybersecurity
What is Application Security?
What is an SQL Injection attack
Demo on SQL Injection
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Cyber Security introduction. Cyber security definition. Vulnerabilities. Social engineering and human error. Financial cost of security breaches. Computer protection. The cyber security job market
Vulnerabilities in modern web applicationsNiyas Nazar
Microsoft powerpoint presentation for BTech academic seminar.This seminar discuses about penetration testing, penetration testing tools, web application vulnerabilities, impact of vulnerabilities and security recommendations.
The document discusses cybersecurity incident response and preparation. It notes that two-thirds of surveyed executives ranked cybersecurity as a top risk, but only 19% expressed high confidence in their ability to respond to an incident. It then discusses defining incidents, typical attack timelines, preparing a response team and plan, minimizing impact during an incident through best practices, and conducting recovery preparations through training exercises.
( ** Cyber Security Training: https://www.edureka.co/cybersecurity-certification-training ** )
This Edureka PPT on "Penetration Testing" will help you understand all about penetration testing, its methodologies, and tools. Below is the list of topics covered in this session:
What is Penetration Testing?
Phases of Penetration Testing
Penetration Testing Types
Penetration Testing Tools
How to perform Penetration Testing on Kali Linux?
Cyber Security Playlist: https://bit.ly/2N2jlNN
Cyber Security Blog Series: https://bit.ly/2AuULkP
Instagram: https://www.instagram.com/edureka_lea...
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
This presentation will provide an overview of what a penetration test is, why companies pay for them, and what role they play in most IT security programs. It will also include a brief overview of the common skill sets and tools used by today’s security professionals. Finally, it will offer some basic advice for getting started in penetration testing. This should be interesting to aspiring pentesters trying to gain a better understanding of how penetration testing fits into the larger IT security world.
Additional resources can be found in the blog below:
https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers
More security blogs by the authors can be found @
https://www.netspi.com/blog/
A man-in-the-middle (MitM) attack is a type of cyber attack where the attacker secretly intercepts communications between two parties who believe they are directly communicating with each other. The attacker can then steal sensitive information like user credentials by redirecting traffic to fake websites or intercepting network traffic. Common MitM attacks include DNS spoofing, HTTP spoofing, cache poisoning, and session hijacking. Organizations can help prevent these attacks by using HTTPS, avoiding public WiFi, implementing endpoint security, and warning users about phishing emails.
This Edureka PPT on "Application Security" will help you understand what application security is and measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities.
Following are the topics covered in this PPT:
Introduction to Cybersecurity
What is Application Security?
What is an SQL Injection attack
Demo on SQL Injection
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Cyber Security introduction. Cyber security definition. Vulnerabilities. Social engineering and human error. Financial cost of security breaches. Computer protection. The cyber security job market
Vulnerabilities in modern web applicationsNiyas Nazar
Microsoft powerpoint presentation for BTech academic seminar.This seminar discuses about penetration testing, penetration testing tools, web application vulnerabilities, impact of vulnerabilities and security recommendations.
Effective security awareness training with basic needs for the organization and its employees. It should also be engaging and interactive, using a variety of formats such as videos, quizzes, simulations, and case studies.
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™Katie Nickels
Katie Nickels and Adam Pennington presented "Turning intelligence into action with MITRE ATT&CK™" at the FIRST CTI Symposium in London on 20 March 2019.
Penetration testing reporting and methodologyRashad Aliyev
This paper covering information about Penetration testing methodology, standards reporting formats and comparing reports. Explained problem of Cyber Security experts when they making penetration tests. How they doing current presentations.
We will focus our work in penetration testing methodology reporting form and detailed information how to compare result and related work information.
This document discusses phishing attacks and anti-phishing software. It defines phishing as a social engineering technique where attackers try to steal personal information by impersonating trustworthy sources. The document notes that over 90% of online attacks start with phishing emails, and 76% of companies experienced a phishing attack in 2019. It then introduces a proposed anti-phishing solution called "Phishy Bait" that uses natural language processing to read emails and detect malicious ones based on spelling mistakes, urgency, long URLs, IP addresses instead of domains, and other red flags.
In this presentation, I am trying to explain why and how email security should be implemented.
> Intro to Email
> Basic steps in emailing
> Intro to Email Security
> Common email threats
> How emailsecurity works
> Security requirements (CIA)
> Secure transmission of email: PGP
> PGP: Operation description (All 5 services)
> Secure transmission of email: S/MIME (With its functions)
This presentation was presented by me in the final year of my M.Sc. in Computer science.
Hope you like this presentation. Thank you!
This presentation describes penetration testing with a Who, What, Where, When, and How approach. In the presentation, you may discover the common pitfalls of a bad penetration test and you could identify a better one. You should be able to recognize and differentiate both looking at the methods (attitude) and result.
William F. Crowe presented on the cybersecurity kill chain, which models the stages of a cyber attack based on military doctrine. The model developed by Lockheed Martin includes stages of reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives. ISACA and the European Union Agency for Network and Information Security also use similar kill chain models to analyze the process of advanced persistent threats targeting critical systems and data.
This document summarizes a security awareness training presentation that covered topics such as why security training is important, 21st century security threats, PCI compliance, security objectives and challenges, data classification, and security responsibilities. It provided examples of security incidents, the costs of data breaches, PCI DSS requirements, and outlined the company's security framework including defenses, controls, and challenges around excessive data retention, vulnerable infrastructure, lack of documentation and logging.
The document discusses cybersecurity concepts including encryption, authentication, digital signatures, and penetration testing. It defines cybersecurity as protecting computer systems from threats. Encryption converts data into cipher text for protection. Authentication verifies identities through methods like passwords, certificates, and biometrics. Digital signatures mathematically verify the authenticity and integrity of messages. Penetration testing involves simulated cyber attacks to evaluate security. The document outlines security best practices and roles of security operations centers in monitoring for threats.
The document discusses end user security awareness training. It provides an overview of the training, including introducing security awareness challenges, developing awareness initiatives, and best practices. It also discusses using security awareness materials and resources to educate end users on topics like malware, passwords, and data protection. The goal is to change user behaviors and encourage a security-minded culture.
OWASP Top 10 2021 – Overview and What's New.
OWASP Top 10 is the most successful OWASP Project
It shows ten most critical web application security flaws.
Read the presentation and you will learn each OWASP Top 10 category and recommendations on how to prevent it.
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE - ATT&CKcon
This document discusses Nationwide's experience using threat intelligence to focus their MITRE ATT&CK activities. Their initial broad approach analyzing 240+ techniques at once was unsuccessful. They then prioritized techniques based on threats to the financial sector. This focused their efforts on the 27 most relevant threat actors and the 100+ techniques associated with them. They mapped techniques to the ATT&CK matrix and conducted intelligence research. This intelligence-led approach improved their security posture understanding and enabled prioritized, actionable recommendations. The process is ongoing to constantly evolve their defenses based on the latest intelligence.
A brute force attack checks all possible keys to decrypt encrypted data by exhausting the possible key space. For a password with two characters, there are 3,844 possible guesses because each character can be one of 62 possible letters, numbers or symbols. While unbreakable codes theoretically exist, proper implementation is needed, and administrators can limit the effectiveness of brute force attacks by restricting the number of login attempts and IP addresses.
Password cracking is a technique used to recover passwords through either guessing or using tools to systematically check all possible combinations of characters. Brute force cracking involves trying every possible combination of characters while dictionary attacks use common words and permutations. Cracking can be done offline by accessing a stored hash of the password or online by attempting login repeatedly. Strong passwords are long, complex, and unique for each account to prevent cracking.
The document discusses cyber security awareness and promotes self-protection techniques. It outlines goals of promoting awareness, discussing how to secure personal information, and providing examples of protection software. It then discusses common security threats like malware, phishing, and social engineering and offers tools and best practices for protecting against them, including using antivirus software, enabling two-step verification, and employing encryption and VPNs when online.
This document discusses email phishing and countermeasures. It provides examples of data breaches and losses from stolen personal information. Phishing works through social engineering techniques like spoofing emails and websites to steal passwords, credit card numbers, and other details. Users may unwittingly provide such information in response to phishing attacks. Defenses against phishing include educating users, technical filters and monitoring, and legislation against identity theft. Ongoing challenges include the sophistication of attacks versus defenses.
Slideshare that can be used as an educational training tool for employees to be aware of the risks of phishing attacks. This presentation covers the threat of phishing and what strategies can be done to mitigate phishing attacks.
PhishingBox is an online system for organizations to easily conduct simulated phishing attacks and educate their end users through awareness training. This helps identify vulnerabilities and mitigate risk. Our system is simple to use, cost-effective and helps clients reduce risk and achieve cybersecurity objectives.
The basic fundamental of cybersecurity and how can it be used for unethical purposes.
For this type of presentations (customised), you can contact me here : rishav.sadhu11@gmail.com
The document discusses various cybersecurity attack vectors and how organizations can protect themselves. It outlines common attack methods like ransomware, malicious code delivery, social engineering, and phishing. It then recommends that organizations conduct regular security audits, establish governance policies, create an incident response plan, and provide cybersecurity education to employees. The document promotes cybersecurity services from Future Point of View including vulnerability testing, forensics, and training to help organizations enhance their protections.
These slides guides you through the tools and techniques one can use for footprinting websites or people.You will find amazing tools and techniques have a look
This document provides an introduction to cyber forensics. It defines key terms like forensics science, digital forensics, and cyber forensics. It also discusses cyber attack and malware trends, GDPR requirements, core principles of cyber forensics investigations, and presents an overview of the goals, actions, and scope of activities in a cyber forensics investigation. Finally, it provides a case study example of a client database leak investigation.
This document summarizes 10 cyber security trend reports for 2019. Common trends identified across the reports include rises in crypto mining, state-sponsored attacks, security skills shortages, Internet of Things risks, cloud provider attacks, supply chain attacks, phishing as the primary attack vector, and increased regulations. The reports also highlight the importance of user awareness, basic IT hygiene, incident response readiness, and having adequate security resources.
Effective security awareness training with basic needs for the organization and its employees. It should also be engaging and interactive, using a variety of formats such as videos, quizzes, simulations, and case studies.
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™Katie Nickels
Katie Nickels and Adam Pennington presented "Turning intelligence into action with MITRE ATT&CK™" at the FIRST CTI Symposium in London on 20 March 2019.
Penetration testing reporting and methodologyRashad Aliyev
This paper covering information about Penetration testing methodology, standards reporting formats and comparing reports. Explained problem of Cyber Security experts when they making penetration tests. How they doing current presentations.
We will focus our work in penetration testing methodology reporting form and detailed information how to compare result and related work information.
This document discusses phishing attacks and anti-phishing software. It defines phishing as a social engineering technique where attackers try to steal personal information by impersonating trustworthy sources. The document notes that over 90% of online attacks start with phishing emails, and 76% of companies experienced a phishing attack in 2019. It then introduces a proposed anti-phishing solution called "Phishy Bait" that uses natural language processing to read emails and detect malicious ones based on spelling mistakes, urgency, long URLs, IP addresses instead of domains, and other red flags.
In this presentation, I am trying to explain why and how email security should be implemented.
> Intro to Email
> Basic steps in emailing
> Intro to Email Security
> Common email threats
> How emailsecurity works
> Security requirements (CIA)
> Secure transmission of email: PGP
> PGP: Operation description (All 5 services)
> Secure transmission of email: S/MIME (With its functions)
This presentation was presented by me in the final year of my M.Sc. in Computer science.
Hope you like this presentation. Thank you!
This presentation describes penetration testing with a Who, What, Where, When, and How approach. In the presentation, you may discover the common pitfalls of a bad penetration test and you could identify a better one. You should be able to recognize and differentiate both looking at the methods (attitude) and result.
William F. Crowe presented on the cybersecurity kill chain, which models the stages of a cyber attack based on military doctrine. The model developed by Lockheed Martin includes stages of reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives. ISACA and the European Union Agency for Network and Information Security also use similar kill chain models to analyze the process of advanced persistent threats targeting critical systems and data.
This document summarizes a security awareness training presentation that covered topics such as why security training is important, 21st century security threats, PCI compliance, security objectives and challenges, data classification, and security responsibilities. It provided examples of security incidents, the costs of data breaches, PCI DSS requirements, and outlined the company's security framework including defenses, controls, and challenges around excessive data retention, vulnerable infrastructure, lack of documentation and logging.
The document discusses cybersecurity concepts including encryption, authentication, digital signatures, and penetration testing. It defines cybersecurity as protecting computer systems from threats. Encryption converts data into cipher text for protection. Authentication verifies identities through methods like passwords, certificates, and biometrics. Digital signatures mathematically verify the authenticity and integrity of messages. Penetration testing involves simulated cyber attacks to evaluate security. The document outlines security best practices and roles of security operations centers in monitoring for threats.
The document discusses end user security awareness training. It provides an overview of the training, including introducing security awareness challenges, developing awareness initiatives, and best practices. It also discusses using security awareness materials and resources to educate end users on topics like malware, passwords, and data protection. The goal is to change user behaviors and encourage a security-minded culture.
OWASP Top 10 2021 – Overview and What's New.
OWASP Top 10 is the most successful OWASP Project
It shows ten most critical web application security flaws.
Read the presentation and you will learn each OWASP Top 10 category and recommendations on how to prevent it.
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE - ATT&CKcon
This document discusses Nationwide's experience using threat intelligence to focus their MITRE ATT&CK activities. Their initial broad approach analyzing 240+ techniques at once was unsuccessful. They then prioritized techniques based on threats to the financial sector. This focused their efforts on the 27 most relevant threat actors and the 100+ techniques associated with them. They mapped techniques to the ATT&CK matrix and conducted intelligence research. This intelligence-led approach improved their security posture understanding and enabled prioritized, actionable recommendations. The process is ongoing to constantly evolve their defenses based on the latest intelligence.
A brute force attack checks all possible keys to decrypt encrypted data by exhausting the possible key space. For a password with two characters, there are 3,844 possible guesses because each character can be one of 62 possible letters, numbers or symbols. While unbreakable codes theoretically exist, proper implementation is needed, and administrators can limit the effectiveness of brute force attacks by restricting the number of login attempts and IP addresses.
Password cracking is a technique used to recover passwords through either guessing or using tools to systematically check all possible combinations of characters. Brute force cracking involves trying every possible combination of characters while dictionary attacks use common words and permutations. Cracking can be done offline by accessing a stored hash of the password or online by attempting login repeatedly. Strong passwords are long, complex, and unique for each account to prevent cracking.
The document discusses cyber security awareness and promotes self-protection techniques. It outlines goals of promoting awareness, discussing how to secure personal information, and providing examples of protection software. It then discusses common security threats like malware, phishing, and social engineering and offers tools and best practices for protecting against them, including using antivirus software, enabling two-step verification, and employing encryption and VPNs when online.
This document discusses email phishing and countermeasures. It provides examples of data breaches and losses from stolen personal information. Phishing works through social engineering techniques like spoofing emails and websites to steal passwords, credit card numbers, and other details. Users may unwittingly provide such information in response to phishing attacks. Defenses against phishing include educating users, technical filters and monitoring, and legislation against identity theft. Ongoing challenges include the sophistication of attacks versus defenses.
Slideshare that can be used as an educational training tool for employees to be aware of the risks of phishing attacks. This presentation covers the threat of phishing and what strategies can be done to mitigate phishing attacks.
PhishingBox is an online system for organizations to easily conduct simulated phishing attacks and educate their end users through awareness training. This helps identify vulnerabilities and mitigate risk. Our system is simple to use, cost-effective and helps clients reduce risk and achieve cybersecurity objectives.
The basic fundamental of cybersecurity and how can it be used for unethical purposes.
For this type of presentations (customised), you can contact me here : rishav.sadhu11@gmail.com
The document discusses various cybersecurity attack vectors and how organizations can protect themselves. It outlines common attack methods like ransomware, malicious code delivery, social engineering, and phishing. It then recommends that organizations conduct regular security audits, establish governance policies, create an incident response plan, and provide cybersecurity education to employees. The document promotes cybersecurity services from Future Point of View including vulnerability testing, forensics, and training to help organizations enhance their protections.
These slides guides you through the tools and techniques one can use for footprinting websites or people.You will find amazing tools and techniques have a look
This document provides an introduction to cyber forensics. It defines key terms like forensics science, digital forensics, and cyber forensics. It also discusses cyber attack and malware trends, GDPR requirements, core principles of cyber forensics investigations, and presents an overview of the goals, actions, and scope of activities in a cyber forensics investigation. Finally, it provides a case study example of a client database leak investigation.
This document summarizes 10 cyber security trend reports for 2019. Common trends identified across the reports include rises in crypto mining, state-sponsored attacks, security skills shortages, Internet of Things risks, cloud provider attacks, supply chain attacks, phishing as the primary attack vector, and increased regulations. The reports also highlight the importance of user awareness, basic IT hygiene, incident response readiness, and having adequate security resources.
The document discusses top cybersecurity facts and trends for 2017-2021. It predicts that cybercrime costs will reach $6 trillion annually by 2021 and cybersecurity spending will exceed $1 trillion in that period. It also notes that cybercrime will more than triple the number of unfilled cybersecurity jobs to 3.5 million by 2021 and the human attack surface will reach 4 billion people by 2020. The document provides summaries of common cyber attacks like ransomware and data breaches that have occurred in 2017. It emphasizes that all IT professionals must prioritize security and references resources like OWASP, CIS top 20, and NIST cybersecurity framework to help with that mission.
This document provides an overview of data loss prevention (DLP). It discusses cyber security risks and increasing data breach statistics and costs. It defines DLP and the lifecycle of data protection. Key aspects of a DLP implementation are outlined, including defining objectives and scope, policy setup, data discovery and classification, monitoring and tuning, and reporting. The benefits of visibility, monitoring, and improved protection are highlighted.
This presentation looks at the core component of an Incident Response plan (NIST 800-61) as well as custom practical implementation framework developed by ELYSIUMSECURITY based on NIST and FIRST.
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk
This document summarizes how Splunk Enterprise Security can help organizations strengthen their security posture and operationalize security processes. It discusses how Splunk ES allows organizations to centralize analysis of endpoint, network, identity, and threat data for improved visibility. It also emphasizes developing an investigative mindset when handling alerts to efficiently determine the root cause. Finally, it explains how Splunk ES can operationalize security processes by providing a single source of truth and integrating security technologies to automate responses.
Sammanfattning av 2014 Trustwave Global Security Report Inuit AB
2014 Trustwave Global Security Report avslöjar vilka cyberkriminella attackerar, vilken information de vill ha och hur de får tillgång till den. Detta är en sammanfattning som hölls på SpiderLabs day i Stockholm hösten 2014.För hela rapporten besök: http://go.inuit.se/2014-trustwave-global-security-report
[Infographic] Email: The First Security Gap Targeted by AttackersFireEye, Inc.
When two-thirds of all email is spam, it's easy to miss dangerous email attacks that evade spam filters. FireEye Email Security offers 6 unmatched advantages to help save — millions in income and reputation. Visit www.fireeye.com/go/email for more information.
Recorded Future delivers security intelligence to amplify the effectiveness of security and IT teams. It provides proactive and predictive intelligence by analyzing open, proprietary, and customer-provided data sources. Recorded Future arms analysts, vulnerability teams, security operations centers, and incident responders with context-rich, actionable intelligence in real time that is ready for integration across the security ecosystem. It aims to provide a singular view of digital, brand, and third-party risk.
This document summarizes literature on detecting phishing attacks. It begins with an introduction defining phishing and explaining the broad scope of the problem. It then outlines the document's objectives and various definitions related to phishing. Several techniques for mitigating, detecting, and evaluating phishing attacks are discussed, including user training, software classification, offensive defense, correction approaches, and prevention. Evaluation metrics and examples of detection methods like passive/active warnings, visual similarity analysis, and blacklists are also summarized. The conclusion recommends education as the best defense and outlines common characteristics of phishing attacks.
This document discusses how a Threat Intelligence Platform (TIP) can help organizations apply the Cyber Kill Chain framework to improve their cyber defenses in seven ways: 1) Prioritizing sensor alerts, 2) Prioritizing escalation of incidents, 3) Prioritizing security investments, 4) Measuring effectiveness of defenses over time, 5) Measuring resilience to attacks, 6) Measuring completeness of analysis of incidents, and 7) Standardizing documentation of investigations. The document advocates using a TIP to ingest and correlate internal and external threat data to drive an intelligence-led approach to defense.
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadOpenDNS
Practice makes perfect. And unfortunately for security professionals, attackers have realized that persistence is a powerful approach to breaching an organization's defenses.
Focusing on prevention alone is no longer a sufficient strategy for securing your organization against the business risks of a breach. Our current security environment demands an approach less centered on ideal prevention and more focused on reality. During this webcast, we discussed key strategies that limit your risk and exposure to unrelenting threats.
Some highlighted topics include:
- How the shift in attacker motivations has impacted today's threat landscape
- Why preventative techniques alone can no longer ensure a secure environment
- Which strategies need to be considered for a holistic approach to security
- What next steps you can take towards identifying your best strategy against attacks
Psychological aspect of social engineeringYuvaraj Naresh
Yuvaraj Naresh gave a presentation on social engineering at an OWASP meet. He began by introducing himself and outlined his agenda which included defining social engineering, behaviors vulnerable to attack, common targets, and types like human-based, computer-based, and mobile-based social engineering. He explained that social engineering is effective because despite security policies, the human element remains susceptible to manipulation, social engineering attacks are hard to detect, and no method can fully prevent them. He concluded by welcoming any questions.
Everyone is important in Security. Empower your team.
Plan, Execute, Report, Follow-up, Close and Repeat.
Frequency of Cyber-Attacks
21,239 Incidents targeted Public Services
239 Were breaches
58 Incidents per day
You have spent a ton of money on your security infrastructure. But how do you string all those things together so you can achieve your goals of reducing time to response, and early detection and prevention of events. See a live demonstration that will showcase how to operationalize those resources so that your organization can reap the maximum benefit.
This document discusses 6 ways that organizations can use deception techniques to deter cyber attackers. It describes how distributed decoy systems can be used to distribute fake endpoint systems and reduce false positives. It also explains how intrusion prevention systems, next-generation firewalls, and web application firewalls can incorporate deception. Specific deception tactics covered include concealing valuable data, making infrastructure a moving target, providing false information, creating fake resources, using defensive feints, and gathering threat intelligence. The goal of these techniques is to waste attackers' time, shake their confidence, and make continued attacks difficult and time-consuming so they are abandoned.
The document discusses threat intelligence and how Lookingglass' ScoutPlatform helps organizations leverage threat intelligence from multiple sources. It collects data on internet infrastructure and indicators of compromise from over 40 sources to provide context and a comprehensive view of risks. This aggregated intelligence helps security operations transition to a more proactive posture by providing timely and actionable insights.
The document provides an overview of an incident response concept and framework. It discusses the benefits of incident response, common incident response structures and lifecycles. It also outlines the key steps in an incident response process including preparation, detection, analysis, containment, eradication, recovery, reporting and lessons learned. Specific approaches and activities at each step are also described for a company's incident response implementation.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
Simon Wong and Chris Cram, Scalar security experts, discuss how Palo Alto Networks technology disrupts the entire malware kill chain. Attendees will also gain insight on flexible deployment options to better serve their mobile users, and how to get the most out of their Palo Alto Networks deployment.
Mobile Cybercrime - Don’t Leave Your Customers VulnerableXura
Based on the results of a survey commissioned by Xura, this webinar co-hosted with TMCnet, explored the mobile consumer’s view of the risks they face from mobile network vulnerabilities, and the role of the mobile network operator in protecting them.
An overview of why knowing programming can make you a better cyber security professional, a look at the most popular languages and some pitfalls to avoid
This document provides an introduction to cryptography. It defines cryptography as the science of hiding information to provide confidentiality, integrity, authentication, and non-repudiation. The document then summarizes the history of cryptography, the main types of cryptography including encryption, decryption, hashing, and steganography. It also describes symmetric and asymmetric cryptographic algorithms like AES, RSA, and hash functions like MD5 and SHA-1/2. The document concludes by emphasizing the safe use of standard algorithms and protection of private keys.
This document provides an overview of incident response procedures, including the incident response life cycle of detection, categorization, containment, investigation, remediation, reporting, and learnings. It outlines roles and responsibilities, communication processes, and generic response playbooks. Resources for incident response frameworks and standards are also referenced.
IDS are great tools for blue teams and resource for network forensics, however they can also be a great resource for the red teams and as part of a penetration testing exercise.
A look at what makes a Red Team special versus more traditional security services such as Vulnerability Assessment and Penetration Testing. Use case will also be provided to illustrate the points made in the presentation.
A quick look at what you should be considering when assessing the security of a mobile application, looking at an established framework and some of the common tools to get started
The document discusses Capture the Flag (CTF) competitions, which provide a safe environment for practicing hacking skills and learning about cybersecurity threats. CTF competitions involve challenges at different skill levels related to hacking, cryptography, forensics, and other IT security topics. Participants can learn about vulnerabilities and misconfigurations, practice real attacks, and improve their skills through the game-like format of CTF events. Examples of challenges described in the document include extracting a hidden image from DNS traffic and analyzing an audio file spectrogram to reveal hidden text.
This document discusses security concerns related to cryptocurrencies. It begins by defining cryptocurrency as a digital currency created through mathematical algorithms that aims to be open, anonymous, secure and bypass traditional financial systems. It then outlines some key advantages of cryptocurrency over traditional money, such as maintaining user anonymity. However, it also identifies several security concerns with cryptocurrencies, such as selfish mining that allows miners to gain more revenue than their share of computing power, double spending of coins, and attacks on wallet software or acquiring over 50% of a cryptocurrency's computing power.
This document discusses the General Data Protection Regulation (GDPR) which takes effect on May 25, 2018. It will apply to all companies and gives individuals new rights around accessing and deleting their personal data. It also requires companies to implement privacy by design and notify authorities within 72 hours of a data breach. The document also outlines debates around whether previous policies were sufficient, concerns about spam and data breaches, and arguments that individuals will just click through privacy notices as well as whether the EU can enforce fines. However, supporters argue that the GDPR will push companies to improve security, be more transparent about what data they hold, demand more from third parties, and give individuals better control over their personal information.
This document provides guidance on data security best practices. It defines data and describes different data types and forms. It outlines key data security goals of confidentiality, integrity and availability that can be threatened by malware, hacking and phishing. The document recommends solutions like encryption, access controls and monitoring to protect data during usage, transit and storage. It stresses the importance of security awareness, safe behaviors like strong unique passwords and backups, and taking basic precautions.
Ethical hacking involves performing authorized security testing and vulnerability assessments to evaluate an organization's security posture and help protect against cyber threats. It generally follows steps of reconnaissance, scanning systems to identify vulnerabilities, gaining access if possible, maintaining or escalating that access, and covering tracks. Ethical hackers have permission and work within legal bounds, using their skills to strengthen security rather than enable harm. The document discusses definitions, common techniques, tools used at each step, and how ethical hackers differ from malicious hackers by operating openly to help rather than secretly to enable illegal acts.
This document discusses how social media is used to gather personal data and how that data can enable cyber attacks. It notes that over 5 million records are lost or stolen daily and outlines the types of sensitive information that can be obtained from LinkedIn, Facebook, Twitter, and other online sources. The document warns that this data exposure enables personal, corporate, and marketing attacks but does not specify the nature of these threats or provide recommendations for mitigating risks.
This document provides instructions for setting up an intrusion detection system (IDS) in a home network. It explains that an IDS monitors network traffic to detect malicious activity and policy violations. It recommends using open-source tools like Security Onion and SELKS to set up the IDS. The document outlines installing the software, duplicating network traffic to the IDS, tuning the IDS to ignore false alarms, and provides sample enhanced network architectures and dashboards.
This document provides an introduction to several cybersecurity standards and regulations, including ISO 27001, FFIEC, and GDPR. It describes the purpose and key aspects of each, such as ISO 27001 focusing on establishing an information security management system, FFIEC assessing cybersecurity maturity, and GDPR strengthening data protection for EU individuals. The document also gives an overview of Mauritius' new data protection act aligned with GDPR and provides some free resources for further information.
Overview on the state of WIFI security for WEP, WPA/WPA2, WPA3. Looking at their protocols, weaknesses and attacks.
The presentation finishes with a live demo on 2 attacks: Karma Attack and Evil Portal Attack
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframePrecisely
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...alexjohnson7307
Predictive maintenance is a proactive approach that anticipates equipment failures before they happen. At the forefront of this innovative strategy is Artificial Intelligence (AI), which brings unprecedented precision and efficiency. AI in predictive maintenance is transforming industries by reducing downtime, minimizing costs, and enhancing productivity.
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Digital Marketing Trends in 2024 | Guide for Staying AheadWask
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3Data Hops
Free A4 downloadable and printable Cyber Security, Social Engineering Safety and security Training Posters . Promote security awareness in the home or workplace. Lock them Out From training providers datahops.com
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
This presentation provides valuable insights into effective cost-saving techniques on AWS. Learn how to optimize your AWS resources by rightsizing, increasing elasticity, picking the right storage class, and choosing the best pricing model. Additionally, discover essential governance mechanisms to ensure continuous cost efficiency. Whether you are new to AWS or an experienced user, this presentation provides clear and practical tips to help you reduce your cloud costs and get the most out of your budget.
1. CYBER SECURITY
PHISHING PROTECTION
HOW TO START A PROGRAM
VERSION: 1.5
DATE: 26/06/2019
AUTHOR: SYLVAIN MARTINEZ
REFERENCE: ESC17-MUSCL
CLASSIFICATION: PUBLIC
2. 2
• Presentation goal;
• Phishing Statistics;
• Incident cost;
• Phishing protection
benefits;
• Phishing definition;
• Spear Phishing
definition;
• Phishing email – From
the outside;
• Phishing email – From
the inside;
• Phishing Website –
From the outside;
• Phishing Website –
From the inside;
• Phishing protection
program overview;
• Training overview;
• Training – Awareness
campaign;
• Training – Guidelines;
• Testing overview;
• Testing – URLS;
• Testing –
Attachments;
• Testing – Phishing
simulation planning;
• Detection overview;
• Detecting – Manual
detection;
• Detecting –
Automated detection;
• Protecting overview;
• Protecting – Warn;
• Protecting – Block;
CONTENTS
PUBLIC
CONCLUSIONDEFENCESAWARENESSPROGRAMCONTEXT
• Key Take Away;
• Get Started;
• Extra Resources.
3. PRESENTATION GOAL
3
LEARN HOW TO START AN
ANTI-PHISHING PROGRAM
3
LEARN ABOUT DIFFERENT TYPE
OF PHISHING PROTECTIONS
2
LEARN ABOUT DIFFERENT TYPE
OF PHISHING ATTACKS
1
TO LEARN ABOUT PHISHING PROTECTION SOLUTIONS
CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT
Icons: from The Noun Project unless stated otherwisePUBLIC
4. PHISHING STATISTICS
4Source: hostingtribunal.com - June 2019PUBLIC
CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT
ALL EMAILS
45%
ARE SPAM
SPAM
14.5 BILLION
EVERY DAY
GROWTH
65%
PHISHING IN 2018
MALWARE
92%
EMAIL DELIVERED
PHISHING EMAIL
16
MONTHLY PER USER
PHISHING OPEN
30%
BY TARGETED USERS
PHISHING CLICK
12%
BY TARGETED USERS
PHISHING SITES
1.5 MILLION
NEW EVERY MONTH
5. INCIDENT COST
5
ELYSIUMSECURITY INVESTIGATIONS
MAURITIUS
JANUARY 2018 – JUNE 2019
80% FINANCIAL FRAUD
20% RANSOMWARE
100% PHISHING
JAN 2018
MAY 2018
AUG 2018
APR 2019
MAY 2019
JUNE 2019
$0.5M
$1M
$2M
$0.5M
$1M
$0.5M
AVERAGE COST PER DATA BREACH
AVERAGE COST PER PHISHING ATTACK
DATA BREACHES FROM PHISHING ATTACKS
AVERAGE DETECTION TIME
$3.86M
$1.6M
95%
197 DAYS
WORLDWIDE
WORLDWIDE STATS FROM SAFEATLAST.CO AND RETRUSTER.COM – JUNE 2019PUBLIC
CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT
7. PHISHING DEFINITION
7PUBLIC
CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT
PHISHING IS A TYPE OF SOCIAL ENGINEERING ATTACK USED TO STEAL
SENSITIVE INFORMATION SUCH AS PASSWORDS OR FINANCIAL
DETAILS
ATTACKERS PRETEND TO BE A TRUSTED ENTITY TO PUSH VICTIMS
INTO OPENING FRAUDULENT LINKS OR ATTACHMENTS.
THIS IS A GENERIC ATTACK USING COMMON MESSAGES THAT MAY BE
RELEVANT TO THE VICTIMS CONTRIBUTING TO THEIR FALSE SENSE OF
TRUST
8. SPEAR PHISHING DEFINITION
8PUBLIC
CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT
SPEAR PHISHING IS AN ADVANCED TYPE OF SOCIAL ENGINEERING
ATTACK USED TO STEAL SENSITIVE INFORMATION SUCH AS
PASSWORDS OR FINANCIAL DETAILS
ATTACKERS PRETEND TO BE A TRUSTED ENTITY TO PUSH VICTIMS
INTO OPENING FRAUDULENT LINKS OR ATTACHMENTS
THIS IS A VERY FOCUSED ATTACK USING SPECIFIC MESSAGES WITH
PERSONAL AND RELEVANT INFORMATION TO THE VICTIMS
INCREASING THEIR FALSE SENSE OF TRUST
9. PHISHING EMAIL - FROM THE OUTSIDE
9PUBLIC
CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT
LOOKS AND
SOUNDS
LEGETIMATE
10. PHISHING EMAIL - FROM THE INSIDE
10PUBLIC
CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT
WARNING
SIGNS IF YOU
KNOW WHERE
TO LOOK!
11. PHISHING WEBSITE - FROM THE OUTSIDE
11PUBLIC
CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT
12. PHISHING WEBSITE- FROM THE INSIDE
12PUBLIC
CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT
YOUR CREDENTIALS ARE INTERCEPTED AND
SENT… TO THE WRONG PLACE / PERSON!
13. PHISHING PROTECTION PROGRAM OVERVIEW
13PUBLIC
CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT
CAMPAIGN #1
PHISHING
MOST COMMONALL STAFF
GENERIC INEXPENSIVE AUTOMATED
SIMPLE ATTACK
CAMPAIGN #2
SPEAR PHISHING
LEAST COMMONKEY STAFF
TARGET TAILORED EXPENSIVE MANUAL
COMPLEX ATTACK
TRAINING
GUIDELINES
AWARENESS
CAMPAIGN
TESTING
OPEN
ATTACHMENT
CLICK URL
DETECTING
AUTOMATEDMANUAL
PROTECTING
BLOCKWARN
{elysiumsecurity}
PHISHING PROTECTION
PROGRAM
15. TRAINING - AWARENESS CAMPAIGN
15PUBLIC
CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT
RELEVANT TO YOUR
CORPORATE RISK
PROFILE
1
COORDINATED
WITH CORPORATE
COMMUNICATION
2
LINKED TO WIDER
CYBER SECURITY
AWARENESS
3
MIX OF IN PERSON
AND DIGITAL
DELIVERY
4
SET AND REVIEW
KEY PERFORMANCE
INDICATORS
7
REGULAR AND
REPEATED
6
USE OF RELATABLE
EXAMPLES
5
RESULTS FEEDBACK
CAN BE A TRAINING
TOOL
8
CHEAT SHEET
10
POSTER
9
16. TRAINING - GUIDELINES
16PUBLIC
CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT
DO THINK BEFORE
YOU CLICK
1
DO CHECK EMAIL
PROVENANCE
2
DO CHECK EMAIL
CONTEXT
3
DO BE CAREFUL OF
DISAPEARING
EMAILS
4
DO NOT IGNORE
SECURITY
WARNINGS
7
DO NOT USE WORK
EMAIL FOR
PERSONAL PURPOSE
6
DO REPORT
SUSPICIOUS EMAILS
5
DO NOT OPEN
UNEXPECTED
ATTACHMENT
8
DO NOT ENTER
PASSWORDS FROM
URL IN EMAILS
10
DO NOT CLICK
UNEXPECTED URL
9
DO DO NOT
27. KEY TAKE AWAY
27
PHISHING IS THE MOST COMMON ATTACK
VECTOR TODAY
1
BE AWARE OF PHISHING VERSUS SPEAR
PHISHING
2
AWARENESS IS KEY3
IMPORTANCE OF PHISHING PROTECTION4
IMPORTANCE OF EMAIL ACCESS PROTECTION5
PUBLIC
CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT
28. GET STARTED
28
STAY INFORMED OF PHISHING CAMPAIGNS1
REMIND STAFF OF PHISHING RISKS2
USE SECURE EMAIL PROVIDER3
ENFORCE EMAIL PROTECTIONS4
DEFINE AND IMPLEMENT A PHISHING
PROTECTION PROGRAM
5
PUBLIC
CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT
29. EXTRA RESOURCES
29
CONCLUSIONCASE STUDYHANDLINGSTRUCTURECONTEXT
TRAINING
PUBLIC
AVERAGE COST
$10 / YEAR / USER / NO CUSTOMISATION
GARTNER
COMPARE DIFFERENT OFFERINGS
https://www.gartner.com/reviews/market/security-awareness-computer-based-training/
SIMULATOR
AVERAGE COST
FREE - $10 / YEAR / USER
PHISHING READINESS
THIS IS A PRODUCT BY SYMANTEC
https://www.symantec.com/products/phishing-readiness
KNOWBE4
THIS IS A COMPANY BY KEVIN MITNICK
https://www.knowbe4.com/
MICROSOFT
ATTACK SIMULATOR – ATP PLAN 2
https://docs.microsoft.com/en-us/office365/securitycompliance/attack-simulator
GOPHISH
OPENSOURCE AND PROFESSIONAL VERSIONS
https://getgophish.com/
TREND MICRO
FREE AND PAID SUBSCRIPTION
https://cofense.com/simulator-small-business-edition
COFENSE
BOUGHT MARKET LEADER CALLED PHISHME.COM
https://cofense.com/simulator-small-business-edition
CYBERAWARE
FREE RESOURCES
https://free.thesecurityawarenesscompany.com/downloads/category/videos/
SANS
CAN BE EXPAMSIVE BUT ALSO HAS FREE RESOURCES
https://www.sans.org/security-awareness-training
ESET
CLAIMS TO BE FREE BUT MAY HAVE SOME HIDDEN COST
https://www.eset.com/us/cybertraining/
TREND MICRO
ALSO OFFERS WIDER CYBER SECURITY TRAINING
https://phishinsight.trendmicro.com/en/training
MIMECAST
ALSO OFFERS WIDER CYBER SECURITY TRAINING
https://www.mimecast.com/content/phishing-awareness