cyber security awareness cyber threats and information
Post on 05-Jan-2022
17 Views
Preview:
TRANSCRIPT
This training was written by the Israel National Cyber Directorate for the benefit of the public and serves as a recommendation to all organizations in the Israeli economy. The training is provided to employees in all types of employment, and can be used freely to improve cyber resilience. The defense recommendations will be updated from time to time. It is recommended that a professional factor in the organization (Information Security Managers / CISO, CIOs, Human Resources, Organizational Managers, Organization Training Personnel) deliver the presentation to employees, according to the organization's needs. The tutorial includes a presentation and a handbook, written in male language for convenience only. All rights reserved to the INCD. Any reference to the presentation can be emailed to: ProfessionalTraining@cyber.gov.il.
Cyber Security Awareness
Cyber Threats andInformation Security
Cyber Threats and Information Security - Employee Training
Recognize and understand organizational and personalcyber threats
Learn basic tools and recommendations to help reducecyber threats due to personal and organizationalcyberspace activity
Knowledge of the professional factor who can becontacted and/or report to in an emergency event
Purpose of Training
2
Cyber Threats and Information Security - Employee Training
Content
3
Employees responsibility in the organization What is a Cyber Attack? Cyber Space Threat Actors
How does organization intrusion occurs? Stages of Cyber Attack Types of Malwares
Cyber attack methods Social Engineering Types of Phishing Examples of Phishing Ransomware
Defense Recommendations Tips of a Phishing Email Passwords 2 Factor/Multi Factor Authentication Protecting Office Devices Protecting Devices
while working outside the office
Protecting Personal Devices Using External Storage Devices Protecting Emails Safe Internet Social Networks Report an unusual event
Cyber Threats and Information Security - Employee Training
Any employee in the organization can be, usually without his knowledge, a target or a "gateway" to a cyber attack.
Therefore, it is important to understand the meanings anddangers in these threats and to protect information assets inthe personal and organizational aspects. Extreme caution andprocedures needs to be followed to prevent cyber attacks.
Employees responsibility in the organization
4
Cyber Threats and Information Security - Employee Training
Cause Damage
What is a Cyber Attack?
פיננסי Data/Financial
Theft
Influence and consciousness
Information collection and theft
5
To gain control without permission
on an information system
Cyber Threats and Information Security - Employee Training
RivalsState Powers
Foreign NationsWarfare
EspionageEconomic or Ideological
interestBusiness competitor
Crime & terrorist organizations
HackersHacktivists
Insider Threat(inadvertently/accidentally)
6
Cyber Space Threat Actors
EmployeeAuthorized employee
Service ProviderHuman mistakes
Built-in weaknesses (software / hardware /
firmware)
Cyber Threats and Information Security - Employee Training
How does organization intrusion occurs?
End stationMeans of computing or any device connected to
the corporate network, through which the employee accesses software, applications, organizational
information resources and processes.
The human factorPersonal conduct of the human factor, that is, the employee, can be the weak link when it
comes to protecting computerized information and systems in the organization.
Most often, cyber attack will be performed on a network end station through poor personal conduct (click on a link, downloading files, inserting DoK, etc.)
7
Cyber Threats and Information Security - Employee Training
Stages of Cyber Attack
Exploration - maintaining access by downloading attack tools on end point,
which then will lead to lateral movement to other end points.
Data exfiltration - Using the attack tools to gain deep access to the
organizations network
Cyber Attack – take over the organizations network, causing damage (Data
theft, attacking systems, business continuity etc.) . Sometimes attempt to
cover\clear tracks.
Intrusion and enumeration - access the network\end station, which is
often achieved through phishing
Reconnaissance - Information gathering about the organization and employees
Not every cyber attack works according to these steps. Attacker can choose stages based on the purpose of the attack, time and resources available to him.
8
Cyber Threats and Information Security - Employee Training
Spyware - collects information about a person or organization - without their
knowledge
Most cyber attacks are conducted by MALWARES (malicious software) – to perform illegitimateactions on private or organizational network (disrupt computer operations, gather sensitive data,penetrate & gain access to computer systems etc.) - usually without the user's knowledge.
Trojan - creates a back door to the organization's network in order to leak
information outside the organization.
Virus - software that penetrates the computer covertly and uses computer's
resources while copying and distributing itself
Worm - Similar to a virus but spreads independently on internal networks or
the Internet
9
Types of Malwares
Cyber attack methods
Cyber Threats and Information Security - Employee Training
Social Engineering
The attacker manipulates the victim by contacting
him as a legitimate and trustworthy factor (usually
from a recognized or authorized authority).
The referral will usually contain an
urgent\tempting request\payment causing the
victim to respond hastily and take some action).
By doing so, the attacker actually bypasses all
security mechanisms.
11
Cyber Threats and Information Security - Employee Training
Phishing attacks are not always easy to identify. Anyone can easily fall victim and accidently,click on a link or open an attachment. If you were tempted, don’t be afraid or embarrassed –its crucial to report immediately the authorized person in your organization, to minimizepossible damages.
Types of PhishingPhishing
Appealing to a large number of
people (similar to casting a fishing
net), usually with the aim to reveal
sensitive information.
Spear Phishing
Send a targeted message
to a specific person or group.
Smishing
Using text messages (SMS,
WhatsApp, etc.) that contain
a link or a malicious
attachment.
Whale Phishing
sophisticated fraud,
targeting famous or senior
factors in organizations.
Voice Phishing
Scam made by phone call,
the attacker pretends to
be a legitimate cause.
12
Cyber Threats and Information Security - Employee Training
Appealing to a large number of people (like casting of a fishing net), usually to reveal sensitive information.
Sending a targeted message to a specific person or group.
A fraud made by telephone call, in which the attacker pretends to be a legitimate factor.
Using text messages (SMS, WhatsApp,
etc.) that contain a link or a maliciousattachment.
Targeted, and often sophisticated fraud on famous or significant factor in organizations.
Creating fake webpage for targeting specific keywords and wait for the searcher to land on the fake webpage.
Phishing
Spear Phishing
Smishing - SMS/Text Phishing
Search Engine PhishingVoice Phishing
Whale Phishing
Types of Phishing 12אפשרות שניה לשקף
Cyber Threats and Information Security - Employee Training
Examples of Phishing
14
Cyber Threats and Information Security - Employee Training
Ransomware
15
The attacker sends a tempting phishing message with the purpose of causing the victim to click on a link or open an attachment
The victim will open the attachment or click on the link, causing the malware to override all defense systems
The ransomware encrypts all files on the computer and sends a ransom request for payment in digital currency (such as Bitcoin)
The ransomware activates a worm, which spreads itself through the network
1
4
3
2
Ransom payment will not necessarily lead the attacker to release the encryption.
•Educate users how ransomware works
•Countermeasures to effectively prevent
infection
•Help ransomware victims retrieve their
encrypted data without having to pay
the criminalshttps://www.nomoreransom.org/
Basic Defense Recommendations
17
Social Engineering
Phishing
Passwords
2FA\MFADevice Protection
Personal device protectionDetachable mediaE-mail
InternetSocial networksReport an event
Defense Recommendation
Cyber Threats and Information Security - Employee Training
18
ישראל ישראלי
Bank Shalom <bankshalom1@gmail.com>
קבצים לבקשתך. pdf
Tips of a Phishing Email
1.Notice the senders address, usually an official organization will send an e-mail from an official address, not from Gmail.
2.Before you click, hover the mouse pointer over the link to reveal its true destination.
3.“Dear Customer” – this is not a personal inquiry, customers first name is not used.
4.Examine the email and pay attention to poor wording / spelling mistakes.
5.The phone number looks suspicious and not real.
6.Date format is incorrect.
7.Is the senders name familiar? Did you discuss this before?
8.Always be suspicious of attachments. Open only attachments that come from the source or e-mail from someone expected. If you are unsure - contact the sender through other means of communication (check website, telephone, etc.).
Sometimes even one identification mark is enough to prevent a phishing attack!
Cyber Threats and Information Security - Employee Training
Passwords
Choose a long phrase password (passphrase) that includes upper & lower case letters, digits, and special characters (! # $ @)
19
Avoid common passwords, or based on your visible information (birth date, child / pet name, etc.)
Create different accounts: personal and work Choose different passwords for every account you have.
Keep your passwords safe and away from your device. We recommend to memorize or encrypt your password.
Never reveal a password to anyone! Not even a service provider or any factor in your organization.
Set up two factor / multi-factor authentication on every account that allows it.
If you suspect your password was exposed, change it immediately!
Recommendation: use a password manager, it stores all PW in a "Vault", with only one password to remember.(master PW should be long, complex with 2FA)
Cyber Threats and Information Security - Employee Training
Adding another layer of protection to prevent fraud, account or identity theft.
Identification process consists of two steps:
2 Factor/Multi Factor Authentication
Something you have – Phone,
Smart card, USB token, RFID, PC
Something you are – Fingerprint, Face recognition , Iris
Something you know – password, PIN, verification question
Multi-factor Authentication (MFA) requires the use of two or more factors
20
1. IdentificationClaiming identity (username, mobile no., ID, email, etc.).
2. AuthenticationBacking up identity by using two of the following factors:
Set up 2FA/MFA onevery application &account that allows it!
Cyber Threats and Information Security - Employee Training
Protecting Office Devices
21
Always lock your devices with a strongpassword, PIN, pattern lock, biometric means.
Make sure your computer and mobile deviceshave regular and often backups. In addition,save backups often on offline means(HardDisk/Cloud).
Make sure that you have an automatic updatefor your operating system, software, andbrowser.
Avoid connecting external devices fromunknown sources. Use only your own fixeddevice, which is approved and provided by yourorganization.
Most organizations update & backup endpoints, butnot necessarily private/mobile devices. Therefore, werecommend that you set updates & backups on allyour devices.
When leaving the office or at the end of the workday, remember to logout from your digital accounts and lock your computer (Ctrl + Alt + Delete - Lock)
Cyber Threats and Information Security - Employee Training
Findיישוםאתלעדכןמומלץ my phoneהמאפשרנתוניםמחיקתלבצעואףנפרץ/נגנב/שאבדמכשירלאתר.מרחוק
22
Protecting Devices - while working outside the office
Never leave your device unattended!
Lock all your devices using password / PIN /pattern lock / biometric means. Set yourdevice to lock automatically (after not it using forX minutes).
Backup all your devices and its data. In case of theft\loss\hacking – you can recover its data. Back up on Removable Drive or cloud (encrypted and 2FA).
When working in a public place, make sure to hide the screen from foreigners / bystanders.
Recommendation – download Find My Phoneapp to track lost/stolen/breached device, even toerase data remotely.
Avoid connecting external devices from unknown sources. Use only your own fixed device, which is approved and provided by your organization. Prefer receiving files by email.
Avoid connecting a public / free Wi-Fi network. Prefer to connect from a secure network or mobile device (personal access point / hotspot).
Outside the office, avoid working on filescontaining confidential / sensitive businessinformation.
Cyber Threats and Information Security - Employee Training
Findיישוםאתלעדכןמומלץ my phoneהמאפשרנתוניםמחיקתלבצעואףנפרץ/נגנב/שאבדמכשירלאתר.מרחוק
23
Protecting Personal Devices
Lock all your devices using password / PIN /pattern lock / biometric means. Set 2FA onevery account/App which allows it!
Set automatic updates on all software/Apps.Download systems update as soon as theyare published.
Backup all your devices and its data. In case of theft\loss\breach – you can recover its data. Back up on Removable Drive or cloud (encrypted and 2FA).
Once in a while check the App Permissions you approved (location, camera, microphone etc.) remove what is unnecessary.
When handing your device to a laboratory repairdevice, make sure you logout from all accounts(use authorized laboratory services).
Download Find My Phone app to track lost / stolen / breached device, even to erase data remotely. Cover your camera when not in use. You can place a sticker/cover on it.
Download\set updated Anti-Virus and Firewall on all devices. On computers, activate windows defender.
Avoid downloads from unknowns sources orlinks. Download only from authorized stores.
Often we use our private devices to read corporate email or make calls andcorrespondence in various media on work-related issues. By doing so, we may become a target on personal or organizational level.
Cyber Threats and Information Security - Employee Training
Usage of external storage devices can allow an attacker to access devicesdata, and even use the computer as a potential "gateway" into theorganization. Avoid connecting external devices (CD, DoK, USB devices,mobile phones) from unknown sources. Use external storage devices:
After examinationor whitening*
process (if available)
Only if necessary and with permission
of an authorized factorin the organization
24
Using External Storage Devices
From a reliable orpermanent
external media
Before inserting external media into the corporate network, contact the organization’s authorized factor for examination and approval .Request files to be emailed to you in order to have sort of organization filtration.
*Whitening station – scanning and filtering files from malware and Zero-Day threats.
Cyber Threats and Information Security - Employee Training
When using private mobile to readcorporate emails, set a login password onyour device. Also, set 2FA on your emailaccount.
Notice the origin of the sender's address, maybe this is an impersonation?For example: paypal.com or paypa1.com
Avoid sending corporate or sensitive information to an out-of-network email box.If necessary, use email encryption solutions.
Do not forward / send usernames andpasswords by e-mail or on by any publicchannels.
If you already clicked on the link / attachment you received – don’t delete the message so that it can be investigated. Report immediately to the organization’s IT / security manager.
Check a suspicious link, by placing the mouse cursor on it and examine the web address. OR copy and paste it into the web browser bar - before pressing Enter, examine it for suspicious signs
Its important to have two separateaccounts: Personal and organizational.
25
Don’t click on links or open suspiciousattachments from an unknown oreven a known source
Be suspicious of emails that require animmediate\urgent action. If necessary, contact the sender through alternative means(such as a phone call).
When sending an Attachment email,make sure the attachment is indeedwhat you intended to send.
When mailing to a widespread mailing list, prefer to add all recipients in a hidden copy (BCC).
Protecting Emails
Cyber Threats and Information Security - Employee Training
Check if the website name matches the its content and whether the website extension is strange / suspicious.
If the site does not include "Contact Us" / “About us" / "Contact Us" / Privacy Policy / "Policies" this is a suspicious sign.
Note that the URL starts with https (s is for Secure), and aclosed lock icon appears next to it, which signifies that it isa secure site (sometimes, despite the existence of the lock -the site is not necessarily secure).
In any case of concern or suspicion - Avoid entering personal or credit card information on the website.
Notice whether the site is: unprofessionally designed, contains misspellings or poor linguistic wording, contains too many links, or is characterized by multiple advertisements.
26
Safe Internet
Cyber Threats and Information Security - Employee Training
Social Networks
Examine the security settings of the different apps and:Set a strong password and 2-facor / multi-factor authenticationSet up receiving unrecognized / unauthorized login alertsSet up 3-5 trusted contacts through which you can recover an accountwhen you are locked out.
Be careful and beware before clicking on suspicios links or attachments
Beware of impostor/fake profiles and be suspicious when acceptingfriends requests.
Review the privacy policy in your various accounts and pay attention towhat personal or professional information you disclose and to whom.Could the information be sensitive in a personal or organizationalaspect?Be suspicious and reduce – as possible - the information you reveal.
27
Cyber Threats and Information Security - Employee Training
Report an unusual eventWhen there is a certain or even suspected information security breach
In case of suspected cyber event or
uncertainty, it is important to
immediately report to the organization responsible factor!
When there is an identification or suspicion of an operational malfunction, which could cause information security breaches
When there is identification or suspicion of a suspicious action by a colleague or opponent
When an organization computer / end-point or personal mobile which can be used to enter the corporate email – are stolen.
The presence of a suspected or unauthorized party in the organization's premises
28
For more information, Visit the INCD website at:
www.cyber.gov.il
Or call us: 119
top related