“7 steps to guard against hackers, disasters, and thieves” · “82% of companies reported...

ldquo7 Steps to Guard Against Hackers

Disasters and Thievesrdquo

ldquo7 Steps to Guard Against Hackers

Disasters and Thievesrdquo

Tuesday November 1 2005 ASU West

Phoenix AZDebbie Christofferson

Sapphire-Security Services LLC

(c) 2005 wwwSapphire-Securitycom 01-Nov-2005 DebbieChristoffersonEarthlinknet 2

DebbieChristoffersonearthlinknetwwwSapphire-Securitycom602-268-3517 or Mobile 480-988-419414 yrs Fortune 500 industry experience in security management and strategyLeading edge security certificationsBusiness ownerHelp organizations identify and manage security and career strategy through

Consulting education amp training business coaching speaking and writing

Debbie Christofferson CISSP CISM


What are your most pressing security

concerns


ContentsRisks amp rewardsStrategyPeople ProcessesTechnologyTrendsCall to ActionResources


Personal Benefits

Protect your privacySafeguard against identity theftAvoid disruption Prevent loss of records and data


School BenefitsAssure student privacy protect financial and medial recordsProtect integrity of research grades tests and curriculumKeep IT infrastructure up and running to support educational activitiesProvide stable online environment for registration and class delivery Safeguard reputation


What are you protecting and whatrsquos the value if itrsquos lost stolen altered or unavailable


Got SecurityBlack Hat vs White Hat

wwwblackhatbriefingscom


From 50 to 70 percent of the value of a company today is derived from its proprietary data and trade secrets and 90 percent of those secrets can be found in digital form

American Society for Industrial Security and PricewaterhouseCoopers 2000 study

httpwwwbusiness2comb2subscribersarticlesprint01792552779100html

Digital Trade Secretswwwpl8scomcokehtm


ldquoSpyware Will be a Top Threat in 2005rdquowwwwatchguardcom by Marcia Savage SC Magazine

ldquo82 of companies reported virus attacks even though 99 of them ran anti-virus softwarerdquo

The 2003 CSIFBI Computer Crime and Security Survey

Nightcrawlers


ldquoBotnets More Menacing Than Everrdquo

ldquohellipMore than a million machines

worldwide are bot-infested and under the

control of hackers hellip (most) attacks hellip

monitored last year were designed to

covertly steal information or take over

computers for criminal purposesrdquoBy Bill Brenner News Writer

18-Mar-2005 SearchSecuritycom


ldquoSpam Nightmare Grows for Small Firmsrdquo

ldquoSmall companies are suffering at the hands of spammers because they do not have the correct defenses in place A new report reveals that companies with 100 users or fewer can receive up to ten times more Spam than large businessesrdquo

The SC Infosecurity Newswire January 28 2005 httpwwwscmagazinecom


ldquo hellip in 2003 US corporations spent more than $25 billion to keep hackers out of their databasesrdquo

BY Art Jahnke CSOOnline Magazine 010105httpwwwcsoonlinecomread010105russianhtm


ldquohellipa group of hackers hellip learned the practice of cardingmdashbuying goods online with stolen credit cardsrdquoldquo hellip among other things tapped a database of an estimated 50000 credit cards helliprdquo

BY Art Jahnke CSOOnline Magazine 010105 ldquoRussian Rouletterdquo

httpwwwcsoonlinecomread010105russianhtml



ndash 2003 CSIFBI Computer Crime amp Security SurveyldquoSymantec Corp tests indicated an IM virus could infect as many as half a million users in as little as 30 to 40 secondsrdquo

ldquoSecurity Wire Perspectivesrdquo 12604 Information Security Magazine

ldquoSpyware Will be a top Threat in 2005rdquo wwwwatchguardcom by Marcia Savage SC Magazine

ldquoIdentity Theft Now Costs US Businesses Some $33B a Yearrdquo - Peter Krass CFO-IT Spring 2005

Spam nightmare grows for Small FirmsrdquoThe SC Infosecurity Newswire 12805 wwwscmagazinecom

Wersquore Under Attack


We Make it EasyThieves snatch documents containing

Social Security numbers and other personal data from the mail steal computers with stored data hack

databases buy IDs from other thieves bribe company insiders fish through the trash and trick us into providing

their user Ids and passwords

ldquoThe New Face of Identity Theftrdquo CFO-IT Spring 2005


ChoicePointrsquos stock dropped nearly 10 after announcing that criminals

duped it into giving access to its database

ldquoChoicePoint Execs Sold Stock Before Leak RevealedrdquoHarry R Webber of the Associated Press The Arizona Republic 22705



News Story by Carly Suppa

MARCH 17 2004 (ITWORLDCANADA) -TORONTO - More than 1400 Canadians primarily in the provinces of British Columbia and Alberta have been notified of a major security breach at Equifax Canada Inc a national consumer-credit reporting agency

Credit agency reports security breach





PhishingSymantec filters blocking 33M phishing attempts a week in Dec04 up from 9M a week in Jul04 hellipanincrease of hellip 366

32105 press release athttpsessymanteccomcontentcfmArticleID=5491


Symantec Corp tests indicated an IM virus could infect as many as half a million users in as little as 30 to 40 secondsMeta Group analyst Matt Cain pegs sanctioned IM at less than a 17 corporate penetration rate while Sybari Software Inc said more than 90 of enterprises are using IM

ldquoSecurity Wire Perspectivesrdquo Vol 6 No 93 December 6 2004 by Information Security Magazine

Instant Messaging Risk


ldquoThieves Tap Wi-Fi Networks With Easerdquo

ldquoConnections are being commandeered for child pornography fraud death threats

and identity and credit-card theftrdquoldquohellipMost consumers who spend the $60 to

$80 for a wi-fi router are just happy to make it work at all and never turn on

encryptionrdquoBy Seth Schiesel New York Times

The Arizona Republic March 20 2005


ldquoMobile Phone Virus Found in USrdquo

ldquoThe worlds first mobile phone virus lsquoin the Wildrsquo has spread to the United

States from its birthplace in the Philippines eight months ago hellip The

virus called Cabir has spread slowly into 12 countries and marks the beginning of

the mobile phone virus era helliprdquoFrom MSNBCcom (Topic Mobile Viruses) Feb 18( (2005)

httpwwwbusinessweekcommagazinecontent05_09b3922046_mz011htm


Security QuestionsIs your system used to

Spew our forged emailHack and deface web sitesServe child pornographyIllegally download music or software

What are you posting on the networkWhat are you doing to place yourself and your school at risk

The Human Element


ldquoThe Weakest Linkrdquo

ldquoWhen I did security audits I found the fastest path into a secure area was to effectively look for the key under the

doormat People simply dont think about security enough and without knowing it will often create exposures hellip to simplify their jobs hellipNo platform alone can fully

compensate for thisrdquoldquoWhat if Microsoft Got it Rightrdquo By Rob Enderle TechNewsWorld

030104 httpwwwtechnewsworldcomstory32976html


ldquoIrsquove Seen the Enemy and the Enemy is Merdquo

ldquoIf the exposure is people and people are gullible then security at a product level might only make you feel more secure You might not actually be more securerdquo

ldquoWhat if Microsoft Got it RightrdquoBy Rob Enderle TechNewsWorld3105 httpwwwtechnewsworldcomstory32976html


ldquohellipLack of consumer awareness if not downright naiveteacute allows the war to escalaterdquo hellipbetween hackers and

security programmers

The Arizona Republic 122704 ldquoHackers Hone for Holidays


ldquohellip Home users who arent updating their antivirus or installing security patches may have to get burned before they understandrdquo - Steve Fallin director of WatchGuards rapid response team

ldquoExtroverts More Likely to Open Virus-Laden E-Mail Attachmentsrdquo Mark Baard Contributing Writer Security Wire Perspective 012405 published

by Information Security Magazine


ldquoStolen passwords enable ID thieves to roam undetected in computer systemsrdquo

CFO Magazine (CFO-IT) Spring 2005


What is Your Favorite Petrsquos Name

T-Mobilecom requires users to answer a secret question if they forget their passwords For Hiltons account the secret question was What is your favorite pets name By correctly providing the answer any internet user could change Hiltons password and freely access her account

ldquoHow Paris Hilton Got Hackedrdquo Feb 22 2005 Mobile Trackerhttpwwwmobiletrackernetarchives20050222paris-hilton-

hacked-sidekick-phone-


What are You Throwing Out


Technology Hype Vs Reality

Virus protection at client and serverSoftware updatesCamera phonesEncryption

USB Storage devicesPeer to Peer file sharingSecure Remote accessWireless security


Over 70 of wireless LANs have no security at all allowing hackers to access corporate networks from outside a corporate building source WorldWide WarDrive

Wifi Finder detects wireless networks up to 200 feet away


ldquoA sophisticated computer hacker had access to servers at wireless giant T-Mobile for at least a year which he used

to monitor US Secret Service email obtain customers passwords and Social Security numbers and download

candid photos taken by Sidekick users including Hollywood celebrities SecurityFocus has learned

By Kevin Poulsen SecurityFocus 011205httpwwwtheregistercouk20050112hacker_penetrates_t-mobile

ldquoHacker Breaches T-Mobile Systems Reads US Secret Service Emailrdquo


Software QualityYou really need a revolution in the IT industry hellip If engineers

built bridges as software developers build software there wouldnt be a bridge standing

Mary Ann Davidson Oracle CSO ldquoSecurity Wire Perspectivesrdquo

Vol 6 No 93 December 6 2004 by Information Security Magazine


Regulations and ComplianceMergers amp AcquisitionsOutsourcing of security

Trends


ForensicsldquoEvidence is becoming increasingly harder to destroy says forensic accountant Peter Dentrdquo wwwdeloittecom

Super-sleuth Sherlock solved crimes with forensic chemistry


Tech TrendsMobile amp WirelessVoice and video over IPBroadband from the power plugBlogging PodCasting eLearningRFIDBiometrics

wwwdw-worlddedwarticle

0111369000html


What info gets indexed is it sensitive

Who has access to the computer

Google utility indexes past web searches and cached web pages including secure web pages


Increasing CrimeldquohellipSale of bootleg products is estimated at to account for up to 7 percent of global tradehelliprdquo

CSO Magazine December 2004

ldquoTop Billing News From Inside the Beltwayrdquo

ldquohellip 133 of all computer thefts involve PDAshttpwwwpcphonehomecomindexphp Complete

survey isavailable at the Brigadoon Web site wwwbrigadoonsoftwarecom


Laptop Thefts 16 million laptops stolen in the USA in the last 3 years Worldwide statistics are

similar httpwwwpcphonehomecomindexphp

CPU Scams Hardware thefts top a million dollars a week Auction sites and small shops

often offer PCs with doctored chips httpwwwpcworldcomnewsarticle0aid973400asp

Christina Wood in April 1999 issue of PC World magazine

Freight Theft ldquoLast Christmas a gang sliced open the padlock on a parked big rig north of the

101 freeway in Santa Clara CA quickly loaded the booty onto a nearby truck and drove off into

the night The holiday payoff a cool $3 million in Cisco boards

ldquoThwarting the Perfect Crimerdquo Jonathan Littman 4103 Electronic Business wwwTapaOnlineorg

High Tech Theft


Call to ActionYou are the key to successPractice safe computingKeep your system up to dateRun anti-virus regularlyUse a firewallKeep passwords privateUse legal software


Summary

Stay awareThink securityKeep safe online


Free US Consumer Credit Report

wwwannualcreditreportcom orCall 877-322-8228 toll-free Or complete the Annual Credit Report Request Form and mail it to

Annual Credit Report Request ServiceP O Box 105281 Atlanta GA 30348-5281

Starts in June for Southern states in September for Eastern states and already in affect in Western and Northern states

Visit wwwftcgov for more informationwwwmyficocom for credit scores (for a paid fee)


To Receive Free ResourcesldquoTips amp Tricks to Pass the CISSP ExamrdquoldquoThe Security Strategistrdquo Newsletter ndash Subscribe today by sending email

List of resources for those interested in a security careerSend email with request in subject line to DebbieChristoffersonearthlinknet



Getting the results you need to protect your bottom lineHelping organizations build and manage a successful security strategy based on risks and the bottom line20 years international Fortune 500 management experience with Intel Corp across the US Europe and Greater Asia Published authorldquoThe Security Strategistrdquo Newsletter ndashsend email to subscribe nowSapphire-Security Services LLCDebbieChristoffersonearthlinknetwwwsapphire-securitycom

ldquo7 Steps to Guard Against Hackers Disasters and Thievesrdquo


What are your most pressing security concerns

Contents

Personal Benefits

School Benefits

Got Security



We Make it Easy

Phishing



Security Questions

The Human Element



ldquoStolen passwords enable ID thieves to roam undetected in computer systemsrdquoCFO Magazine (CFO-IT) Spring 2005




Software Quality

Trends

Forensics

Tech Trends

Increasing Crime

High Tech Theft

Call to Action

Summary


To Receive Free Resources



DebbieChristoffersonearthlinknetwwwSapphire-Securitycom602-268-3517 or Mobile 480-988-419414 yrs Fortune 500 industry experience in security management and strategyLeading edge security certificationsBusiness ownerHelp organizations identify and manage security and career strategy through

Consulting education amp training business coaching speaking and writing




concerns




Personal Benefits


















Nightcrawlers








































































The Human Element

















































Trends







0111369000html





















High Tech Theft




Summary

















Contents

Personal Benefits

School Benefits

Got Security



We Make it Easy

Phishing



Security Questions

The Human Element







Software Quality

Trends

Forensics

Tech Trends

Increasing Crime

High Tech Theft

Call to Action

Summary






concerns




Personal Benefits


















Nightcrawlers








































































The Human Element

















































Trends







0111369000html





















High Tech Theft




Summary

















Contents

Personal Benefits

School Benefits

Got Security



We Make it Easy

Phishing



Security Questions

The Human Element







Software Quality

Trends

Forensics

Tech Trends

Increasing Crime

High Tech Theft

Call to Action

Summary







Personal Benefits


















Nightcrawlers








































































The Human Element

















































Trends







0111369000html





















High Tech Theft




Summary

















Contents

Personal Benefits

School Benefits

Got Security



We Make it Easy

Phishing



Security Questions

The Human Element







Software Quality

Trends

Forensics

Tech Trends

Increasing Crime

High Tech Theft

Call to Action

Summary




















Nightcrawlers








































































The Human Element

















































Trends







0111369000html





















High Tech Theft




Summary

















Contents

Personal Benefits

School Benefits

Got Security



We Make it Easy

Phishing



Security Questions

The Human Element







Software Quality

Trends

Forensics

Tech Trends

Increasing Crime

High Tech Theft

Call to Action

Summary











































































The Human Element

















































Trends







0111369000html





















High Tech Theft




Summary

















Contents

Personal Benefits

School Benefits

Got Security



We Make it Easy

Phishing



Security Questions

The Human Element







Software Quality

Trends

Forensics

Tech Trends

Increasing Crime

High Tech Theft

Call to Action

Summary




















































Trends







0111369000html





















High Tech Theft




Summary

















Contents

Personal Benefits

School Benefits

Got Security



We Make it Easy

Phishing



Security Questions

The Human Element







Software Quality

Trends

Forensics

Tech Trends

Increasing Crime

High Tech Theft

Call to Action

Summary










0111369000html





















High Tech Theft




Summary

















Contents

Personal Benefits

School Benefits

Got Security



We Make it Easy

Phishing



Security Questions

The Human Element







Software Quality

Trends

Forensics

Tech Trends

Increasing Crime

High Tech Theft

Call to Action

Summary
























High Tech Theft




Summary

















Contents

Personal Benefits

School Benefits

Got Security



We Make it Easy

Phishing



Security Questions

The Human Element







Software Quality

Trends

Forensics

Tech Trends

Increasing Crime

High Tech Theft

Call to Action

Summary







Summary

















Contents

Personal Benefits

School Benefits

Got Security



We Make it Easy

Phishing



Security Questions

The Human Element







Software Quality

Trends

Forensics

Tech Trends

Increasing Crime

High Tech Theft

Call to Action

Summary



















Contents

Personal Benefits

School Benefits

Got Security



We Make it Easy

Phishing



Security Questions

The Human Element







Software Quality

Trends

Forensics

Tech Trends

Increasing Crime

High Tech Theft

Call to Action

Summary




“7 steps to guard against hackers, disasters, and thieves” · “82% of companies reported...

Documents