how cyber-criminals steal and profit from your...

How Cyber-Criminals Steal and Profit from your Data

Presented by:

Nick Podhradsky, SVP Operations

SBS CyberSecurity

© SBS CyberSecurity, LLC

www.sbscyber.com Consulting Network Security IT Audit Education 1

Agenda

• Why cybersecurity is now your responsibility?

• What are the bad guys after?

• How do they get what they want?

• How can I stop them or slow them down?



You Have Been Enlisted



Strength or Weakness

• People are easier to defeat than technology!

© SBS CyberSecurity, LLC www.sbscyber.com Consulting Network Security IT Audit Education 5

What does a hacker look like?



What does a “hacker” look like?



Costs of Cybersecurity?

• Estimated annual global cost could reach $6 trillion by 2021 (estimated at $3 trillion in 2015) – Cybersecurity Ventures

• Data breaches average a cost of around $154 per record –www.cyberark.com

• Significant reputational damage associated with a data breach.



http://www.cyberark.com/

How hackers make money?

• Compromise Internet Banking Activity

• Credit Cards

• Health Information

• Ransomware

• User or Admin Credentials

• Personal Data

• Contact information including email addresses



Data Values – December 2015 (foxnews.com)

• Average estimated price for stolen debit and credit cards in US: $5 - $30

• Bank login credentials for a $2,200 balance bank account: $190

• Bank login credentials plus stealth funds transfers to US Banks for a $20,000 account balance: $1,200

• Online payment service credentials (paypal, etc.) for $1,000 balance: $50

• The more information provided, the higher the value.



How do “bad guys” get that data?

• Social Engineering

Wikipedia definition: in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.



Social Engineering Types

• Email Phishing

• Phone Calls - Vishing

• Social Media

• USB Devices

• Dumpster Diving



Phish Finder –Who, What, Where



WHO?



What?



Phishing Example

© SBS CyberSecurity, LLC www.sbscyber.com

Consulting Network Security IT Audit Education 19

Where?



WHO? WHAT? WHERE?



Phishing Scenario Walkthrough



I clicked on the link



See what the hacker gets?



What about attachments?



Enabling content will run malware



What can you do?

• Understand the Importance of Cybersecurity

• Spoofed Wireless

• Strong Passwords

• Multi-Factor Authentication

• Be suspicious of Downloads

• Use Anti-Virus, but be aware that it’s not entirely effective!



Understand the Importance of Cybersecurity

• You have a responsibility as an employee to help protect the network and data. Get educated

• If you’ve done something you shouldn’t have DON’T cover it up – let someone know.

• Remember that security controls may not be fun to have, but they are there to protect you and your data.



Spoofed Wireless Networks


• If you aren’t certain of the network, don’t connect.

• Never access confidential information while connected to unsecure wifi.

• If you can VPN through this, your traffic becomes encrypted and is safe.

• Using your “Mobile Data” and shutting off Wifi is also considered safe.

Strong Passwords

• Don’t use passwords in multiple locations – especially banking or confidential website passwords

• Use phrases: Iwah4C;Oahwd! “I want a hippopotamus for Christmas; Only a hippopotamus will do!”

• Use a Password keeper such as KeePass, LastPass; ensure that your password for that is strong.

• Change your password often



Multi-Factor Authentication

• Multi-Factor Authentication is the use of 2 or more identifiers to verify the user. 1 - something you have 2 - something you know 3 -something you are

• Most email providers OFFER multi-factor authentication. First factor is generally the password, 2nd factor is often an email or text with a code or a security question

• Security questions can be a 2nd factor, make sure that answers are not simple (birthdate – may be on social media; high school – may be found online; pet’s name – social media)



Be suspicious of Downloads


• Ensure it’s from a trusted source. Go directly to the company site.

• Know what brand of antivirus you have.

• Don’t panic when something happens that looks like the picture to the right.

Use Anti-Virus – but be aware it’s not entirely effective!

• Most sophisticated and new scams will get around anti-virus unnoticed.

• Anti-virus will catch older and very prevalent viruses.

• There are many good anti-viruses available with paid and free versions – paid versions are generally better – there is no reason not to have one.

• Be careful when downloading a new anti-virus (go directly to the company, not to a 3rd party site.



HCPD Partnership

• HCPD cares about the CyberSecurity of your organization and wants to help!

• HCPD and SBS have partnered on a 5 phase approach to helping HCPD customers improve their Cybersecurity.

• HCPD will pay for 50% of the cost annually, up to $5,000!



HCPD Phase 1 Cybersecurity Services

• IT Asset Discovery• Identifies hardware and software used by the organization.

• Internal Vulnerability Assessment• Identifies soft spots on the inside of your network that cybercriminals could

exploit.

• Information Security Risk Assessment• A document that identifies the most and least risky use of technology in the

organization

• Cyber Risk Management Prioritization• Based on the 3 items above – SBS will put together a plan for the organization

on how to immediately improve their cybersecurity posture.



Investment

• Pricing based on the number of meters the customer has

• You can start with Phase 2-5 if you would prefer (contact SBS for more information.

• Time investment for Phase 1 ranges from ½ day to 3 days depending on size.

• SBS would do a presentation for your management/ board if you would like to further discuss.



Nick Podhradsky



605-770-3926

Madison, SD

www.sbscyber.com

[email protected]

Let’s Connect!

how cyber-criminals steal and profit from your...

Documents