We live in the cyberspace but nobody talked us about cybersecurity. The web , deep web and the dark web. The different vectors of cyberattacks. Recommendations to stay protected.
Phishing is a type of cyber attack that steals user data, including credit card and other login credentials information. Phishing happens when a cyber attacker appearing as a trusted entity forces a user to open and click on an email or message, leading to the installation of malware onto the system.
In the computer security context, a hacker is someone who seeks and exploits weaknesses in a computer system or computer network. Hackers may be motivated by a multitude of reasons, such as profit, protest, challenge, enjoyment,[1] or to evaluate those weaknesses to assist in removing them. The subculture that has evolved around hackers is often referred to as the computer underground and is now a known community. While other uses of the word hacker exist that are related to computer security, such as referring to someone with an advanced understanding of computers and computer networks, they are rarely used in mainstream context. They are subject to the longstanding hacker definition controversy about the term's true meaning. In this controversy, the term hacker is reclaimed by computer programmers who argue that someone who breaks into computers, whether computer criminal (black hats) or computer security expert (white hats), is more appropriately called a cracker instead. Some white hat hackers, who claim that they also deserve the title hacker, and that only black hats should be called "crackers"
details of tools and methods used in cyber crime & how to protect your system from crimes...
detail study of password cracking, Denial of service, DDoS, steganography, keylogger, proxy server, phishing etc..
Phishing is a type of cyber attack that steals user data, including credit card and other login credentials information. Phishing happens when a cyber attacker appearing as a trusted entity forces a user to open and click on an email or message, leading to the installation of malware onto the system.
In the computer security context, a hacker is someone who seeks and exploits weaknesses in a computer system or computer network. Hackers may be motivated by a multitude of reasons, such as profit, protest, challenge, enjoyment,[1] or to evaluate those weaknesses to assist in removing them. The subculture that has evolved around hackers is often referred to as the computer underground and is now a known community. While other uses of the word hacker exist that are related to computer security, such as referring to someone with an advanced understanding of computers and computer networks, they are rarely used in mainstream context. They are subject to the longstanding hacker definition controversy about the term's true meaning. In this controversy, the term hacker is reclaimed by computer programmers who argue that someone who breaks into computers, whether computer criminal (black hats) or computer security expert (white hats), is more appropriately called a cracker instead. Some white hat hackers, who claim that they also deserve the title hacker, and that only black hats should be called "crackers"
details of tools and methods used in cyber crime & how to protect your system from crimes...
detail study of password cracking, Denial of service, DDoS, steganography, keylogger, proxy server, phishing etc..
While phishing is an “old-fashioned” cyber security threat, attacks continue to increase. This course will better prepare you to defend against this threat.
In the world of cyber security, a single defeat can be extremely costly.Before you create a plan, it’s vital to learn about the anatomy of a data breach – and understand who your attackers are.
In a standard data breach, the type that occurs between 80 to 90 million times per year, there are roughly 6 essential steps, each of which will be outlined below. It’s time for a quick anatomy lesson to strengthen your cyber security program:
Malware refers to malicious software that is intentionally designed to cause harm to a computer network, server, or even client. Malware consists of code developed by cyber attackers to cause extensive damage to the data and systems and gain unauthorized access to the network.
Short Presentation On Cyber Crime And Security which includes Cyber crime introduction and types , Hacking and its types, different Threats , and in last Prevention for Hacks and Threats.
IT Security and Wire Fraud Awareness Slide DeckDon Gulling
A presentation on IT security, wire fraud and trends in information technology. The information is focused on making the audience aware of the new threats, how to protect against them, and what measures you can take to keep your critical information secure.
14 tips to increase cybersecurity awarenessMichel Bitter
We used this presentation within our company to increase the cybersecurity awareness of our employees. These 14 tips should help everybody to protect themselves against the most obvious cyber attacks.
Information Security & Data Security about the internet, daily life usages. The behavior of employees and contractors with access to data affects information systems and assets. The human factor (what employees do or don’t do) is the biggest threat to information systems and assets.
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
Cyber Security Awareness Session conducted by Lightracers Consulting, for Management and non-IT employees. In this learning presentation, we will look at - What is Cyber Crime, Types of Cyber crime, What is Cyber Security, Types of Threats, Social Engineering techniques, Identifying legitimate and secure websites, Protection measures, Cyber Law in India followed by a small quiz.
While phishing is an “old-fashioned” cyber security threat, attacks continue to increase. This course will better prepare you to defend against this threat.
In the world of cyber security, a single defeat can be extremely costly.Before you create a plan, it’s vital to learn about the anatomy of a data breach – and understand who your attackers are.
In a standard data breach, the type that occurs between 80 to 90 million times per year, there are roughly 6 essential steps, each of which will be outlined below. It’s time for a quick anatomy lesson to strengthen your cyber security program:
Malware refers to malicious software that is intentionally designed to cause harm to a computer network, server, or even client. Malware consists of code developed by cyber attackers to cause extensive damage to the data and systems and gain unauthorized access to the network.
Short Presentation On Cyber Crime And Security which includes Cyber crime introduction and types , Hacking and its types, different Threats , and in last Prevention for Hacks and Threats.
IT Security and Wire Fraud Awareness Slide DeckDon Gulling
A presentation on IT security, wire fraud and trends in information technology. The information is focused on making the audience aware of the new threats, how to protect against them, and what measures you can take to keep your critical information secure.
14 tips to increase cybersecurity awarenessMichel Bitter
We used this presentation within our company to increase the cybersecurity awareness of our employees. These 14 tips should help everybody to protect themselves against the most obvious cyber attacks.
Information Security & Data Security about the internet, daily life usages. The behavior of employees and contractors with access to data affects information systems and assets. The human factor (what employees do or don’t do) is the biggest threat to information systems and assets.
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
Cyber Security Awareness Session conducted by Lightracers Consulting, for Management and non-IT employees. In this learning presentation, we will look at - What is Cyber Crime, Types of Cyber crime, What is Cyber Security, Types of Threats, Social Engineering techniques, Identifying legitimate and secure websites, Protection measures, Cyber Law in India followed by a small quiz.
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
This presentation contains Introduction of Phishing attack, its types and Various techniques, their impact with real live example, after that its Avoidance, Prevention and Solution. Also it contains brief introduction of SSL and HTTPS with their working.
3 aspects where the 'virtual world' interacts now and in the future with us in a very real way.
. Thought Works Introduction to Blockchain
. Cyber Security
. Cloud Accounting
In a world so connected, cyber security awareness is key to a safe online experience, because the weakest information security link to any organisation is the users of technology. This presentation speaks to basic cyber security awareness for everyday internet users
In the digital age, where almost every aspect of our lives is intertwined with the internet, cybersecurity and online privacy have become paramount concerns. As we increasingly rely on the digital realm for communication, shopping, banking, and more, the protection of our personal data and sensitive information is crucial. This article explores the significance of cybersecurity and online privacy, the threats we face, and practical measures to safeguard our digital lives.
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
Our security practices need to evolve in order to address the new challenges propped up by the rapid adoption of technologies and products to enable the world to WFH. The mantra of the attacker remains consistent -- attack that which yields maximum result -- and that is usually something used by a very very large number of users. This webinar will discuss the Top 10 Security Gaps that CISOs should be aware of as they brace for long WFH periods.
What will you learn :
-New Attack techniques hackers are using targeting WFH
-How to handle decentralisation of IT and technology decisions?
-Application risks as enterprises pivot to online/new business model(s)
-New risks in the Cloud and due to Shadow IT
-Security risks due to uninformed employees & their home infrastructure
-How to handle Misconfigurations & Third party risks
-How to build a robust breach response and recovery program?
Full video - https://youtu.be/bQLfnmhDnQs
1st Students Led conference of Surefoot International School, presented by Grade 10 students on 17th October, 2014. An ICT Integrated into Leadership and Service program the topic covered is CYBER CRIME.
Similar to Unveiling the dark web. The importance of your cybersecurity posture (20)
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Unveiling the dark web. The importance of your cybersecurity posture
1. Unveiling The Dark-Web & Crypto-Mining
The importance of your Cybersecurity Posture to protect your Business
By Lourdes
Gimenez
2. I have a Bachelors Degree in Electronic Engineering.
Master Degree in Innovation Management.
+25 years of experience in Telecommunications & IT;
working in complex and Multinational projects
Leading Cybersecurity Services at Mobility Global
Lourdes Gimenez
3. Business Operations
are based in
Digital Technologies
We live in the Digital Transformation Era
• Big Data
• Artificial Intelligence
• Huge computing power
• IoT
• Connectivity & Collaboration
All this innovation come with a cost
• A growing surface of vulnerabilities.
You need to know the risks
• the dark web, crypto-mining
• dark market, sales of login & password data bases,
ransomware as a service
You need to be Prepare and on Guard to protect
your Business against the Cybercriminals
4. Unveiling
The Dark-Web
• The Web that we normally use is just around the 4%
of the Cyberspace, is like the tip of the Iceberg.
• The Deep-Web the part of the Web not indexed by
web search engines like Medical Records, Financial
records
• Dark-Web include small, friend-to-friend peer-to-peer
networks, as well as large, popular networks like Tor
(accessed trough the browser TOR, top-level domain
suffix .onion), Freenet, I2P, and Riffle.
• You can get Ransomware as a service and other illegal
services as data bases with personal information
Source Wikipedia
5. Cryptocurrency
• Cryptocurrency is a digital asset designed to
work as a medium of exchange that uses
strong cryptography to secure financial
transactions
• Cryptocurrencies use decentralized control.
• Decentralized cryptocurrency is produced
by the entire cryptocurrency system
collectively, at a rate which is defined when
the system is created and which is publicly
known.
Source Wikipedia
6. Cryptominig
There are more
than 1,400
cryptocurrencies
today
• Mining
• Cryptocurrencies are managed via a “blockchain”, a
peer-to-peer network that serves as a distributed ledger
of cryptocurrency transactions that will register and
validate the creation of these currencies.
• Cryptocurrencies are generated through “mining”, a
process of solving complex calculations.
• Mining need massive amounts of computing power to
process the algorithms necessary to generate
cryptocoins.
• Some miners will turn to malware to create an army of
cryptomining bots.
Source Best Practices for Protecting Against Phishing, Ransomware and Email Fraud An Osterman Research
White Paper Published April 2018
7. SOURCE :2019 Internet Security Threat Report (ISTR): The New Threat Landscape
Kevin Haley, Director Product Management, Security Technology & Response, Symantec
9. Cybersecurity
Landscape
Security threats are increasing in number and severity
• cryptojacking malware that is focused on mining coins
Organizations have been victimized by a wide range of threats
and exploits
• phishing attacks that have penetrated corporate defenses
• targeted email attacks launched from compromised
accounts
• sensitive or confidential information accidentally leaked
through email
Threats are becoming more sophisticated as well-financed
cybercriminal gangs develop improved variants of malware and
social engineering attacks.
Source Best Practices for Protecting Against Phishing, Ransomware and Email Fraud An Osterman Research
White Paper Published April 2018
10. Cybersecurity
Landscape
cont.
The main concern is about endpoints getting infected with
malware through email or web browsing,
user credentials being stolen through phishing
senior executives’ credentials being stolen through spearphishing.
Email as the primary threat vector for cybercriminal
activity
Attacks focused on account takeovers.
Many organizations are not exercising proper due diligence
on a number of fronts in the context of their security
posture
security awareness training
data backup processes
establishment of adequate processes & controls
Source Best Practices for Protecting Against Phishing, Ransomware and Email Fraud An Osterman Research
White Paper Published April 2018
11. The Main Vulnerability Vectors
11
Phishing
emails
Web navigator
Web
applications
Excessive user
rights
Untrained
users
Careless use
of passwords
Attack on
Networks
Hardware and
software not
updated
Non-
segmented
networks
12.
13. Email Attacks
• Deceptive phishing
• Spear phishing
• Business Email Compromise: CEO fraud
• Password Hash Theft
• Clickjacking
• Password Sprays
• Rogue Recoveries
• Bad Rules
• Web Beacons/Tracking
• Extreme Social Engineering
14. Email Attacks
Deceptive Phishing
• Phishing is a way for criminals to obtain confidential
information.
• It's a method of social engineering.
• This mail seems to come from a bank or other service
provider. Usually, it says that due to some change in the
system, users have to re-enter their
usernames/passwords to confirm it. Emails usually have
a link to a page that looks almost like the Real bank.
• Phishing allows criminals to gain access to bank accounts
or other accounts
15. Email Attacks: Spear phishing
A whopping 91% of cyberattacks and the resulting data breach
begin with a spear phishing email
This conclusively shows that users really are the weak link in IT
security.
Users without high-quality security awareness training are easy
targets for spear phishers. The attacker does research on their
targets, finds out who they regularly communicate with, and sends
a personalized email to to make the target click on a link or open
an attachment.
* According to research from security software firm Trend Micro.
* Source KnowBe4
17. Preventing Spear Phishing Attacks
• Do not have a list of all email addresses of all employees on your website,
use a web form instead.
• Regularly scan the Internet for exposed email addresses and/or credentials,
you would not be the first one to find one of your user’s username and
password on a crime or porn site.
• Never send out sensitive personal information via email. Be wary if you get
an email asking you for this info and when in doubt, go directly to the
source.
• Enlighten your users about the dangers of oversharing their personal
information on social media sites. The more the bad guys know, the more
convincing they can be when crafting spear phishing emails.
• Users are your last line of defense! They need to be trained using new-
school security awareness training and receive frequent simulated phishing
emails to keep them on their toes with security top of mind
... and ALWAYS remember to Think Before You Click!
18. Preventing Spear Phishing Attacks
Cont….
Think before opening any email . Especially those requesting some
sort of action:
• Reply with information
• Click on a link
• Open attachment
Use Two-Factor Authentication (2FA)
Use encryption for sensitive communications
• Password protected zip/7zip files
• PGP/GPG, web based encrypted email
Don’t attempt to “unsubscribe”
19. Social Engineering
• People are often the weakest link in a cybersecurity
system: all the technical controls in the world are
worth nothing if you share your password or have
the door open to confidential information or
credentials.
• Social engineering is the art of manipulating people
to give confidential information: passwords or bank
information, or access your computer to secretly
install malicious software
• Criminals use social engineering tactics, because
it's usually easier than discovering ways to hack
into your software.
20.
21. Identifying Security Compromises
Symptoms:
• Antivirus software detects a problem
• Disk space disappears unexpectedly
• Pop-ups suddenly appear, sometimes selling security software
• Files or transactions appear that should not be there
• The computer slows down to a crawl
• Unusual messages, sounds, or displays on your monitor
• Stolen laptop: 1 stolen every 53 seconds; 97% never recovered
• The mouse pointer moves by itself
• The computer spontaneously logs you out, shuts down, or reboots21
Source Cyber Security Awareness Training: End Users. By Bryan Barnhart. Infiltration Labs
22. Keep your phone under your constant supervision
Use the password instead of easy 4 digits PIN
Enable automatic screen lock, set a short waiting time period,
require password
Enable 2FA for all cloud access
Use random answers to restore security questions
"Maiden name of mothers?" Supercalifragilisticexpialidocious
Disable Wi-Fi when not actively used
Do not connect to open access "free-WiFi"
Source Cyber Security Awareness Training: End Users. By Bryan Barnhart. Infiltration Labs
Protect
Mobile
Devices
23. Passwords Authentication is the first line of defense against bad guys
Never share your password with others!
If someone using your login credentials does something illegal or
inappropriate, you will be held responsible
Never keep passwords stored in a file on your computer
Do not write passwords down on a Post-It note or piece of paper
The stronger the password, the less likely it will be cracked Use a pass
phrase:
Pass Phrase: I live very happy in Weston since 2004$
Password: Ilvhiws2004$
Source Cyber Security Awareness Training: End Users. By Bryan Barnhart. Infiltration Labs
Passwords
24.
25. Use strong passwords and don’t reuse passwords
Change passwords frequently
Use Two-Factor Authentication (2FA) for all accounts
Don’t use open Wi-Fi or networks you cant vouch for
If you must, use a VPN
Think before you click:
Don’t click links or open attachments in suspicious emails
Source Cyber Security Awareness Training: End Users. By Bryan Barnhart. Infiltration Labs
Recommendations
for everybody
27. Best Practices
27
CONDUCT A THOROUGH AUDIT OF THE CURRENT SECURITY
INFRASTRUCTURE, TRAINING PRACTICES AND CORPORATE
AND COMPLIANCE POLICIES. PERFORM PENTEST
• Conduct a complete audit of current security infrastructure
• Security awareness training programs
• Security solutions
• Cybersecurity policies
• Processes to remediate
• Perform External & Internal Pent-Test
Identify deficiencies to prioritize the problems to be fix
Evaluate and
Audit
Vunerabilities
Source Best Practices for Protecting Against Phishing, Ransomware and Email Fraud An Osterman Research
White Paper Published April 2018
28. 28
ESTABLECER
DETALLADO Y
POLÍTICAS
EXHAUSTIVAS
Employees:
• Dissemination of security policies.
• Training Plan
• Basic security Procedures and controls:
• Workplace safety
• Allowed applications
• Correct use of resources
• Intellectual Property
• Personal data protection, etc.
• Employee awareness of the existence and
dangers of social engineering
• Personal responsibility for action or omission
• Periodicity of the training.
• To evaluate the learning obtained.
• To promote a culture of information security.
• Extend the awareness plan to most of our
suppliers and customers.
29. Training: Security awareness training is strongly recommended.
No matter how good your prevention steps are, breaches are inevitable.
But user education plays a big part in minimizing the danger.
Reminders to never to insert USB drives from outside devices into work
machines. It should also review password management, such as not
reusing work passwords on other sites or machines.
Normally human error like CEO fraud is NOT covered by cyber security
insurance. As it represents one of the biggest dangers, phishing demands
its own training and instruction.
Just because it says “Bank of America,” or “IT department” with all the
right logos doesn’t mean it’s from that source.
Add further instruction to not open unknown file types, click on links, and
open attachments from unknown people or entities. Coach them into a
suspicious frame of mind regarding requests to send in their passwords or
account details.
29
Source CEO FRAUD: Prevention Manual www.knowBe4.com
30. 30
• How sensitive data files are accessed and protected
• Dual-control procedures for accessing critical data assets
• Backup, restore, and testing for your sensitive data files
• The email
• WEB, collaboration, social networks
• Encrypt emails if they contain confidential or confidential data
• Control the use of personal property devices that access corporate
systems
• There must be pre-established procedures for the response in the
event of an attack, as well as a task force designated for it
ESTABLECER
DETALLADO Y
POLÍTICAS
EXHAUSTIVAS
Source Best Practices for Protecting Against Phishing, Ransomware and Email Fraud An Osterman Research
White Paper Published April 2018
Policies
&
Procedures
31. Policy:
Set security policy, review it regularly for gaps, publish it, and make sure employees
follow it: for example:
Users not opening attachments or clicking on links from an unknown source
Not using USB drives on office computers
Password management policy (not reusing passwords on other sites or machines,
no Post-it notes on screens as password reminders)
Completing specific types of security training including training on security policy,
and the many other details of employee and overall security diligence.
Policy on WiFi access. Include contractors and partners as part of this if they need
wireless access when on site.
Policy should also exist on wire transfers and the handling of confidential
information. Policy should limit such transactions to relatively small amounts.
Anything beyond that threshold must require further authorizations.
Similarly, with confidential information such as IP or employee records, policy should
determine a chain of approvals before such information is released.
31
Source CEO FRAUD: Prevention Manual www.knowBe4.com
32. Procedures:
Block sites known to spread ransomware
Keeping software patches and virus signature files up-to-date
Carry out vulnerability scanning and self-assessment using best practice
frameworks
Conducting regular penetration tests on WiFi and other networks to see
just how easy it is to gain entry.
Procedures must also be developed to prevent CEO fraud.
Wire transfer authorization is one scenario demanding careful attention.
Set it up that any wire transfer requires more than one authorization, as
well as a confirmation beyond email.
Phone, or ideally, face-to-face confirmation should be included.
If by phone, only use a pre-existing number for your contact, not one
given to you in an email, 24 hour waiting period before funds are
transferred.
Effective set of backup, restoration and testing procedures for their
sensitive data assets so that they can recover quickly from ransomware or
other malware infection.
.
32
Source CEO FRAUD: Prevention Manual www.knowBe4.com
33. Infraestructura y
sistemas de
ciberseguridad
`
33
Keep systems up to date; Keep recent backups and test
them periodically
Implement user-computer solutions — ability to detect,
isolate, and remediate
Phishing
Spearphishing
CEO Fraud/BEC
Ransomware threats.
Consider deploying DLP systems
Consider deploying encryption systems
Consider implementing multifactor authentication
Consider implementing advanced threat protection
Consider using virtual Web browsers
Perform penetration tests at least once a year and
every time you make a change to your infrastructure
Best Practices
Technology
38. The Main Vulnerability Vectors
38
Phishing emails/
Training & Email
Security
Web navigator /
Web Isolation
Web applications
Excessive user rights
/ Policies
Untrained users /
Training
Careless use of
passwords/ Policies
& Multifactor
Authentication
Attack on Networks
Hardware and
software not
updated / Policies &
Procedures
Non-segmented
networks /
Segmentation
39. Mobility Global
Can help you to protect your Business
• We have experts to help you to do:
• Business Risk Assessment
• Cybersecurity Policies and Procedures
• Incident response procedures
• Perform Penetration Testing
• We represent the best products to protect your
devices, your network and your Data
• We can design and implement your backup system
39
Talking Points
Now that we’ve talked about the approach and key technologies behind Symantec DLP, I want to take you on a quick tour of our complete family of DLP products.
DLP ENFORCE PLATFORM
DLP Enforce is a single management console that provides broad, unified discovery, monitoring and protection across cloud, network, storage, endpoints and mobile devices.
As your data spreads across a wider range of applications and devices, this ability to consistently define and enforce policies becomes even more critical.
With the DLP Enforce Platform, you can write policies once and then enforce them everywhere.
All of the DLP products we’ll talk about leverage the Enforce platform.
DLP FOR CLOUD
DLP Cloud Service for Email, Cloud Prevent for Microsoft Office 365 and Cloud Storage for Box provide robust discovery, monitoring and protection for your cloud-based email and storage.
DLP FOR NETWORK
DLP Network Monitor, Network Prevent for Email, and Network Prevent for Web give you the ability to monitor a wide range of network protocols and prevent both authorized and unauthorized network users from mishandling confidential data.
DLP FOR STORAGE
DLP Network Discover, Network Protect, Data Insight and the Data Insight Self-Service Portal allow you to take control of all your unstructured data, so it never becomes vulnerable to careless employees and malicious attackers
DLP FOR ENDPOINT
DLP Endpoint Discover and Endpoint Prevent give you the ability to discover, monitor, and protect confidential data on traditional and virtual desktops, whether users are on or off your corporate network. With Symantec DLP, a single highly scalable agent enables both the Endpoint Discover and Endpoint Prevent modules.
DLP FOR MOBILE
DLP for Mobile gives you the visibility and control you need to embrace BYOD and provide the flexible mobile access users want—without putting your information at risk.
Talking Points
Now that we’ve talked about the approach and key technologies behind Symantec DLP, I want to take you on a quick tour of our complete family of DLP products.
DLP ENFORCE PLATFORM
DLP Enforce is a single management console that provides broad, unified discovery, monitoring and protection across cloud, network, storage, endpoints and mobile devices.
As your data spreads across a wider range of applications and devices, this ability to consistently define and enforce policies becomes even more critical.
With the DLP Enforce Platform, you can write policies once and then enforce them everywhere.
All of the DLP products we’ll talk about leverage the Enforce platform.
DLP FOR CLOUD
DLP Cloud Service for Email, Cloud Prevent for Microsoft Office 365 and Cloud Storage for Box provide robust discovery, monitoring and protection for your cloud-based email and storage.
DLP FOR NETWORK
DLP Network Monitor, Network Prevent for Email, and Network Prevent for Web give you the ability to monitor a wide range of network protocols and prevent both authorized and unauthorized network users from mishandling confidential data.
DLP FOR STORAGE
DLP Network Discover, Network Protect, Data Insight and the Data Insight Self-Service Portal allow you to take control of all your unstructured data, so it never becomes vulnerable to careless employees and malicious attackers
DLP FOR ENDPOINT
DLP Endpoint Discover and Endpoint Prevent give you the ability to discover, monitor, and protect confidential data on traditional and virtual desktops, whether users are on or off your corporate network. With Symantec DLP, a single highly scalable agent enables both the Endpoint Discover and Endpoint Prevent modules.
DLP FOR MOBILE
DLP for Mobile gives you the visibility and control you need to embrace BYOD and provide the flexible mobile access users want—without putting your information at risk.