dms itech - prevent employee email habits from taking down …€¦ · microsoft powerpoint - dms...
TRANSCRIPT
Prevent Employee Email Habits from Taking Down Your NetworkMarc DriessenJuly 23, 2019
Welcome!!Thank you for attending
Thank you everyone for attending the first in a series of webinars we’ll be conducting over the next couple of months designed to provide additional details and insights
into today’s hot IT related topics
AgendaPhishing – what’s it all about and what are the details?Gone Phishing?
Ransomware attacks – now this too?
Hostage situation…
Who’s behind phishing and ransomware attacks?
Who’s baiting the hook?
What are the stats and trends of phishing and ransomware attacks?
Phish finder and read the ransom note!
01
02
03
04
How can you mitigate the risk of phishing and ransomware attacks?
Cut the bait and disarm the hostage takers!05
phishꞏing/'fiSHiNG/
A means of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes of deceitfully obtaining sensitive user information for malicious intent
• Started in 1995 with AOL, but wasn’t common household conversation until around 2005
• Common means of getting information from unknowing victims:• Email• IM (instant messaging) / Text messaging (Smishing)• Social Media (Instagram, Facebook, many others)• Websites (pop-up’s)• Telephone (Vishing)
Simply put, social engineering used maliciously…
Phishing – what’s it all about and what does it mean to your business?01
There’s actually 10 different types of phishing exploits….today1. CEO Fraud/Business Email Compromise2. Clone phishing3. Evil Twin4. Domain spoofing5. HTTPS phishing6. Smishing7. Spear phishing8. Vishing9. Watering hole phishing10.Whaling
Phishing – what’s it all about and what does it mean to your business?01.1
Phishing – what’s it all about and what does it mean to your business?01.2
One of the most effective ways of approaching potential victims is through email, here’s some examples of what the cybercriminals send.
Phishing – what’s it all about and what does it mean to your business?01.3
Here’s another email example…
Phishing – what’s it all about and what does it mean to your business?01.4
Here’s examples of Instant and Text message Phishing (Smishing)…
Phishing – what’s it all about and what does it mean to your business?01.5
Here’s examples of website pop-up Phishing…
Phishing – what’s it all about and what does it mean to your business?01.6
Telephone phishing….what more can I say?
ranꞏsomꞏware/ˈransәmˌwer/
A type of malicious software designed to block access to a computer system until a sum of money is paid…
First known ransomware attack occurred in 1989 and targeted the healthcare industry. 30 years later, the healthcare industry remains a top target forransomware attacks…and the footprint is significantly increasing withfinancial institutions and large private and public organizations being thelatest targets…
Ransomware – Something else we have toworry about?02
An example of a system infected with ransomware…
Ransomware – Something else we have to worry about?02.1
An example of a system infected with ransomware…
Ransomware – Something else we have to worry about?02.2
Who are the cybercriminals? You’d be surprised…
Phishing and Ransomware attacks – who’s behind it all?03
Who are the cybercriminals? You’d be surprised…
Phishing and Ransomware attacks – who’s behind it all?03.1
Phishing and Email Fraud Statistics 2019
• Business Email Compromise (BEC) a.k.a. phishing scams, accounted for over $12 billion in losses globally in 2018
• Phishing scams account for 90% of data breaches• 15% of people who were successfully phished will be targeted at least one
more time within the year• Phishing attempts have grown 65% in the last year• Around 1.5m new phishing sites are created each month (Webroot) • 76% of businesses reported being a victim of a phishing attack in the last
year• 30% of phishing messages get opened by targeted users• Security Breaches have increased by 11% in the past year• Small Businesses spend an average of $750/yr. on consumer grade cyber
security• Over 60% of North-Americans have been victims• 58% of all phishing websites are now served via HTTPS• It can take up to 50 days for a breach to be discovered, if ever
Sources: https://retruster.com/blog/2019-phishing-and-email-fraud-statistics.html
Phishing & Ransomware – just the facts and trends please!04
• Next generation firewall appliances – web filtering• Advanced threat protection features for email• Introduce corporate policies that inform staff to:
• not give out information to strangers via email, phone call or even in person
• question any unknown parties in the office• 2 factor authentication• Regular operating system and application patching• Staying current with operating system and application releases• Regular password changes through policies and enable
complexity• Phishing url checker• User awareness and training – your first and best line of defense
Phishing & Ransomware – what can you do to avoid and mitigate the risk?05
Phishing & Ransomware – what can you do to avoid and mitigate the risk?05.1
Thank youWe will be sending you a
link to the webinar recording and some follow-up information
shortly