Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cyber Security 101: Training, awareness, strategies for small to medium sized business

18,420 views

Published on

I developed "Cyber Security 101: Training, awareness, strategies for small to medium sized business" for the second annual Small Business Summit on Security, Privacy, and Trust, co-hosted by ADP in New Jersey, October 2013.

Published in: Internet, Technology, Business
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... ,DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ,DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ,DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ,DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ,DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ,DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Real Ways To Make Money, Most online opportunities are nothing but total scams! ★★★ http://ishbv.com/ezpayjobs/pdf
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Cyber Security 101: Training, awareness, strategies for small to medium sized business

  1. 1. Security 101 Training, awareness, and strategies Stephen Cobb, CISSP Senior Security Researcher ESET NA
  2. 2. The SMB Sweet Spot for the cyber-criminally inclined Enterprises SMB “Sweet Spot” Consumers Assets worth looting Level of protection
  3. 3. The challenge • Organizations of every type rely on computers to handle information • Everyone today is a computer user • Most have no security training • Lack of security training leads to problems
  4. 4. How big is the challenge We asked U.S. consumers if they had ever received any computer security training No: 68% Yes: 32% *Savitz Research for ESET, 2012
  5. 5. 68% is sadly consistent We asked working adults in the U.S. if they had ever received any computer security training No: 68% Yes: 32% *Harris poll for ESET, 2012
  6. 6. 73% is even worse We asked adults in U.S. who use social media if they had ever received online safety training No: 73% Yes: 27% *Harris poll for ESET, 2012
  7. 7. Security training is not yet part of our society* • This has serious implications for your business • 93% of American adults say they’ve had no computer security training in the last 12 months • How many of them work for you, or for your clients, suppliers, etc? *Savitz Research for ESET, 2012
  8. 8. Some problems that lack of security training can cause • Unauthorized access to information • Loss of access to information • Loss of information • Corruption of information • Theft of information
  9. 9. The implications are non-trivial • Loss of revenue • Loss of business • Fines, lawsuits, headlines • Unbudgeted expenses – Breach costs currently estimated at around $190 per record exposed* – 5,263 records = $1 million hit *Ponemon Institute
  10. 10. Trojan terminates escrow firm • $1.1 million wired to China and could not be retrieved • Firm was closed by state law, now in receivership, 9 people out of a job • So what’s the best weapon for keeping that kind of Trojan code out of your company’s system?
  11. 11. A well-trained workforce • Knows not to click on suspicious links in email or social media • Knows to report strange activity (e.g. the two-factor authentication not working) • Knows to scan all incoming files for malware – Email, USB drives
  12. 12. Does training make a difference? • Yes • A significant percentage of problems can be averted, or their impact minimized, if more employees get better security training and education* *A bunch of different studies in recent years
  13. 13. Security training or awareness • What’s the difference? • Training makes sure people at different levels of IT engagement have the right knowledge to execute their roles securely • Awareness makes sure all people at all levels know what to look out for
  14. 14. Not that kind of actor… Do your employees know what motivates bad actors? IMPACTADVANTAGEMONEY CREDENTIALS
  15. 15. Do you know how the bad guys operate?
  16. 16. Taken to exploit site Malware server Popular Attack Technique !?**! User clicks a link Gets infected/owned Command & Control
  17. 17. • RAT has full access to victim PC • And its network connections • Search and exfiltrate files • Access to webcam and audio • Scrape passwords • Execute system functions • Chat with victim
  18. 18. What happens next?
  19. 19. So how do we move forward?
  20. 20. The road map: A B C D E F • Assess your assets, risks, resources • Build your policy • Choose your controls • Deploy controls • Educate employees, execs, vendors • Further assess, audit, test A B C D E F F E D C B A Technology
  21. 21. Assess assets, risks, resources • Assets: digital, physical – If you don’t know what you’ve got you can’t protect it! • Risks – Who or what is the threat? • Resources – In house, hired, partners, vendors, trade groups, associations
  22. 22. Build your policy • Security begins with policy • Policy begins with C-level buy-in • High-level commitment to protecting the privacy and security of data • Then a set of policies that spell out the protective measures, the controls that will be used
  23. 23. Choose controls to enforce policies • For example: – Policy: Only authorized employees can access sensitive data – Controls: • Require identification and authentication of all employees via unique user name and password • Limit access through application(s) by requiring authentication • Log all access
  24. 24. Deploy controls, ensure they work • Put control in place; for example, antivirus (anti-malware, anti-phishing, anti-spam) • Test control – Does it work technically? – Does it “work” with your work? – Can employees work it?
  25. 25. Educate everyone • Everyone needs to know – What the security policies are – How to comply with them through proper use of controls • Pay attention to any information- sharing relationships – Vendors, partners, even clients • Clearly state consequences of failure to comply
  26. 26. Who gets trained? • Everyone, but not in the same way, break it down: – All-hands training – IT staff training – Security staff training
  27. 27. How to deliver training • In person • Online • On paper • In house • Outside contractor • Mix and match • Be creative
  28. 28. Incentives? • Yes! • To launch programs, push agendas • Prizes do work • But also make security part of every job description and evaluation
  29. 29. Use your internal organs • Of communication! • Newsletter • Intranet • Bulletin board • Meetings • Company-wide email
  30. 30. How to do awareness • Make it fun • Make it relevant • Leverage the news • Bear in mind that everyone benefits from greater awareness, at work and at home
  31. 31. Resources to tap • Industry associations • FS-ISAC, NH-ISAC, others • CompTIA, SBA, BBB • ISSA, ISACA, SANS, (ISC)2 • Local colleges and universities • Securing Our eCity
  32. 32. Need more motivation? • Security training is the law – HIPAA – Red Flag Identity Theft Prevention – Gramm-Leach-Bliley, Sarbanes-Oxley – FISMA • Or required by industry – PCI Data Security Standard
  33. 33. Or just plain required • To get that big juicy contract • Many companies now require suppliers to certify that they have security training and awareness programs in place as a condition of doing business
  34. 34. Further assess, audit, test… • This is a process, not a project • Lay out a plan to assess security on a periodic basis • Stay up-to-date on emerging threats • Stay vigilant around change such as arrivals, departures, functionality A B C D E F F E D C B A
  35. 35. Backup and archive Firewall and scan: Incoming traffic emails files devices media Encrypt Monitor Filter and monitor outbound Authenticate users The Technology Slide
  36. 36. Thank you! • stephen.cobb@eset.com • WeLiveSecurity.com • www.eset.com • More info in the lobby

×