how cyber-criminals steal and profit from your...
Post on 27-Jun-2018
221 Views
Preview:
TRANSCRIPT
How Cyber-Criminals Steal and Profit from your Data
Presented by:
Nick Podhradsky, SVP Operations
SBS CyberSecurity
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 1
Agenda
• Why cybersecurity is now your responsibility?
• What are the bad guys after?
• How do they get what they want?
• How can I stop them or slow them down?
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 2
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 3
You Have Been Enlisted
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 4
Strength or Weakness
• People are easier to defeat than technology!
© SBS CyberSecurity, LLC www.sbscyber.com Consulting Network Security IT Audit Education 5
What does a hacker look like?
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 6
What does a “hacker” look like?
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 7
Costs of Cybersecurity?
• Estimated annual global cost could reach $6 trillion by 2021 (estimated at $3 trillion in 2015) – Cybersecurity Ventures
• Data breaches average a cost of around $154 per record –www.cyberark.com
• Significant reputational damage associated with a data breach.
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 8
How hackers make money?
• Compromise Internet Banking Activity
• Credit Cards
• Health Information
• Ransomware
• User or Admin Credentials
• Personal Data
• Contact information including email addresses
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 9
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 10
Data Values – December 2015 (foxnews.com)
• Average estimated price for stolen debit and credit cards in US: $5 - $30
• Bank login credentials for a $2,200 balance bank account: $190
• Bank login credentials plus stealth funds transfers to US Banks for a $20,000 account balance: $1,200
• Online payment service credentials (paypal, etc.) for $1,000 balance: $50
• The more information provided, the higher the value.
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 11
How do “bad guys” get that data?
• Social Engineering
Wikipedia definition: in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 12
Social Engineering Types
• Email Phishing
• Phone Calls - Vishing
• Social Media
• USB Devices
• Dumpster Diving
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 13
Phish Finder –Who, What, Where
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 14
WHO?
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 15
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 16
What?
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 17
What?
© SBS CyberSecurity, LLC www.sbscyber.com Consulting Network Security IT Audit Education 18
Phishing Example
© SBS CyberSecurity, LLC www.sbscyber.com
Consulting Network Security IT Audit Education 19
Where?
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 20
WHO? WHAT? WHERE?
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 21
Phishing Scenario Walkthrough
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 22
I clicked on the link
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 23
See what the hacker gets?
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 24
What about attachments?
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 25
Enabling content will run malware
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 26
What can you do?
• Understand the Importance of Cybersecurity
• Spoofed Wireless
• Strong Passwords
• Multi-Factor Authentication
• Be suspicious of Downloads
• Use Anti-Virus, but be aware that it’s not entirely effective!
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 27
Understand the Importance of Cybersecurity
• You have a responsibility as an employee to help protect the network and data. Get educated
• If you’ve done something you shouldn’t have DON’T cover it up – let someone know.
• Remember that security controls may not be fun to have, but they are there to protect you and your data.
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 28
Spoofed Wireless Networks
© SBS CyberSecurity, LLC www.sbscyber.com Consulting Network Security IT Audit Education 29
• If you aren’t certain of the network, don’t connect.
• Never access confidential information while connected to unsecure wifi.
• If you can VPN through this, your traffic becomes encrypted and is safe.
• Using your “Mobile Data” and shutting off Wifi is also considered safe.
Strong Passwords
• Don’t use passwords in multiple locations – especially banking or confidential website passwords
• Use phrases: Iwah4C;Oahwd! “I want a hippopotamus for Christmas; Only a hippopotamus will do!”
• Use a Password keeper such as KeePass, LastPass; ensure that your password for that is strong.
• Change your password often
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 30
Multi-Factor Authentication
• Multi-Factor Authentication is the use of 2 or more identifiers to verify the user. 1 - something you have 2 - something you know 3 -something you are
• Most email providers OFFER multi-factor authentication. First factor is generally the password, 2nd factor is often an email or text with a code or a security question
• Security questions can be a 2nd factor, make sure that answers are not simple (birthdate – may be on social media; high school – may be found online; pet’s name – social media)
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 31
Be suspicious of Downloads
© SBS CyberSecurity, LLC www.sbscyber.com Consulting Network Security IT Audit Education 32
• Ensure it’s from a trusted source. Go directly to the company site.
• Know what brand of antivirus you have.
• Don’t panic when something happens that looks like the picture to the right.
Use Anti-Virus – but be aware it’s not entirely effective!
• Most sophisticated and new scams will get around anti-virus unnoticed.
• Anti-virus will catch older and very prevalent viruses.
• There are many good anti-viruses available with paid and free versions – paid versions are generally better – there is no reason not to have one.
• Be careful when downloading a new anti-virus (go directly to the company, not to a 3rd party site.
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 33
HCPD Partnership
• HCPD cares about the CyberSecurity of your organization and wants to help!
• HCPD and SBS have partnered on a 5 phase approach to helping HCPD customers improve their Cybersecurity.
• HCPD will pay for 50% of the cost annually, up to $5,000!
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 34
HCPD Phase 1 Cybersecurity Services
• IT Asset Discovery• Identifies hardware and software used by the organization.
• Internal Vulnerability Assessment• Identifies soft spots on the inside of your network that cybercriminals could
exploit.
• Information Security Risk Assessment• A document that identifies the most and least risky use of technology in the
organization
• Cyber Risk Management Prioritization• Based on the 3 items above – SBS will put together a plan for the organization
on how to immediately improve their cybersecurity posture.
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 35
Investment
• Pricing based on the number of meters the customer has
• You can start with Phase 2-5 if you would prefer (contact SBS for more information.
• Time investment for Phase 1 ranges from ½ day to 3 days depending on size.
• SBS would do a presentation for your management/ board if you would like to further discuss.
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 36
Nick Podhradsky
© SBS CyberSecurity, LLC
www.sbscyber.com Consulting Network Security IT Audit Education 37
605-770-3926
Madison, SD
www.sbscyber.com
Nick@sbscyber.com
Let’s Connect!
top related