Phishing: What is it and how does it affect me?
|
|
- Janis Hamilton
- 5 years ago
- Views:
Transcription
1 Phishing: What is it and how does it affect me?
2 Contents Executive summary... 2 What is phishing?... 3 Recognition factors... 4 Attacking your business: the spear phish... 5 How is phishing affecting the UK?... 7 What should my business do?... 9 Conclusion...10 CUK PD 1
3 Executive summary Phishing is a problem almost as well-known now as itself. The practice of tricking people to provide sensitive data is arguably one of the most prolific and effective types of fraud anyone will encounter, and we are falling victim in our droves. This is hardly surprising considering the volume we are up against Kaspersky Labs stated they had detected over 50,000,000 phishes in the first three months of this year alone. This document aims to re-educate readers on the basics of phishing and promote the need for training in the workplace. This is not an exhaustive document however, HMG has produced detailed guidance on spear phishing and other phishing related fraud, such as pharming. There is also information online about current phishing campaigns, such as one affecting HMRC correspondence. The fact is, phishing is all around us and it is complex; many of those complexities stem from its basic premise fooling a person. Businesses need to invest more in protecting their employees from these dangers. The report will cover the basics (and much of the information contained may seem obvious to security professionals) but should hopefully serve as a guide to less technical managers or executives as to why to invest in network defences and training. The aim is to cover: What is phishing and what is the difference to spear phishing? What motivates an attacker? How big is the problem in the UK? Employee behaviours to encourage The importance of incident management and preparation There are many companies who are taking the appropriate steps on a daily basis to mitigate against this persistent threat but we constantly see reports of successful phishing attacks leading to significant financial losses or data theft and we want the vast experience industry has gained in battling phishing to be shared and learned from. CUK PD 2
4 What is phishing? Phishing is a particular type of scam, whereby victims are targeted from seemingly genuine persons or services, with the aim of tricking the recipient into either providing personal details or clicking on something that will allow the attacker to do something you may not be aware of. Spear phishing is a more targeted version of this attack and is often directed at specific people or organisations as opposed to the more blanket campaigns associated with phishing. Some examples might include: An claiming to be from a bank requesting you log in to verify your account due to fraudulent activity that has taken place; a link provided will direct to a website that looks similar to the genuine site which logs your genuine details once inputted An stating that you have been charged for a service you didn t use, with an attached document that is supposed to be an invoice; upon opening the attachment malicious code then installs on the computer without the user s knowledge An that appears to come from a high ranking person within your own organisation that requests a payment is made to a particular bank account; this is more commonly associated with spear phishing We see examples of this nature on a day to day basis. Attackers are often seeking financial gain, be it through directly stealing money, tricking employees into sending them money, or stealing information that can be sold on. Alternatively, they may just want access to information that your organisation keeps on its networks to spy on. The SANS institute tells us that 95% of all attacks on enterprise networks gained entry through spear phishing 1. That is a worrying figure and one that highlights the fact that human error is both inevitable and potentially devastating if not mitigated. If we can raise awareness of phishing and spear phishing, we could prevent headlines such as these: 1 CUK PD 3
5 Recognition factors Think you know what to look for? Phishing campaigns are designed for mass distribution and in recent years have become more convincing. This approach relies simply on numbers; the more targets, the more likely that someone will click on something. While there are thousands of campaigns that all look and sound different, we have detailed the most common aspects of a modern phishing . HOW TO CATCH A PHISH Sender. Were you expecting this ? Not recognising the sender isn t necessarily cause for concern but look carefully at the sender s name does it sound legitimate, or is it trying to mimic something you are familiar with? Subject line. Often alarmist, hoping to scare the reader into an action without much thought. May use excessive punctuation. Logo. The logo may be of a low quality if the attacker has simply cut and pasted from a website. Is it even a genuine company? Dear You. Be wary of s that refer to you by generic names, or in a way you find unusual, such as the first part of your address. Don t forget though, your actual name may be inferred by your address. The body. Look out for bad grammar or spelling errors but bear in mind modern phishing looks a lot better than it used to. Many phishing campaigns originate from non-english speaking countries but are written in English in order to target a wider global audience, so word choice may be odd or sound disjointed. The hyperlink/attachment. The whole is designed to impress on you the importance of clicking this link or attachment right now. Even if the link looks genuine, hover the mouse over it to reveal the true link, as shown in the image below. It may provide a clue that this is not a genuine . If you are still unsure, do not click the link just open a webpage and log onto your account via the normal method. If it appears to be from a trusted source, consider phoning the company s customer service, but never follow the s instructions. Be aware that some companies operate policies stating they will never include links in s and will never ask for personal information. Again, if in doubt, open a browser and check and do not open attachments. Signature block. The signature block may be a generic design or a copy from the real company. CUK PD 4
6 Attacking your business: the spear phish So how do you actually suffer from phishing? Here is a narrative of an attacker targeting a business (in this case, the fictional Company.Inc ) and subsequently stealing money. Company.Inc has been the subject of much investigation by an attacker who is using tools freely available on the internet in order to footprint the company s network. The IP ranges (the network addresses) used by the company have been discovered but existing cyber defences have so far stopped any attempts to gain access to the network. Gaining access to the company network is the goal here. Think about what information you have on your work computer and what someone could do with it payment details, personal records, phone numbers, company documents all potentially sellable, or could be ransomed. The attacker now tries vishing whereby he will use a phone conversation to try to legitimise a story to get the company s front desk to forward on a malicious for him. The attacker calls pretending to be an acquaintance of the company s CEO, but rather than wanting to speak to him, the attacker asks would you mind forwarding on this important for me? He has focussed his efforts on the CEO, David Smith, having read all about him on his completely open social media profiles. By publishing so much personal information in open social networks, and even on the company s own website, the attacker is able to come up with a genuinely convincing story, which adds pressure on the front desk to help. This time, however, the attack is thwarted by staff rightly challenging the anonymous caller about how he was unable contact the CEO in the first place. The attacker, undeterred, then changes tact by registering a fake domain that looks like (but is not the same as) the company s domain. With little effort made to style, he then sends an (below) hoping that the recipient will obey the instructions without question, having supposedly just received an from the boss! Several employees click on the attachments to open them. CUK PD 5
7 Regardless of their visible content (the attacker may make up something that looks genuine), upon opening the attachments a remote access tool (RAT) is automatically installed on the victim s machine, essentially allowing free access to the network (the attacker can log in and use the computer as though he was sat at the desk). A company domain is the end part of your work . In the image above you ll see company.co.uk whereas the genuine domain might be companyinc.co.uk easy to miss at a glance! You ll even notice there s a typo in the name of the . The warning signs are there if you are vigilant! Employees at Company.Inc enabled macros to automatically run on their machines, meaning when they open excel sheets (for example) some content is automatically triggered. This allowed the RAT to be installed without the user knowing. This particular RAT is exploiting a vulnerability (some misconfigured code) that had not been patched by the local system administrators (not keeping patching up to date is a common problem). The attacker, now with complete access to users computers, gathers as much information as possible by going through files and folders, potentially installing keyloggers to ascertain logins and passwords. At this point his options are wide open. He discovers the identity of a staff member with authority to make payments and, using their line manager s account, sends a completely legitimate from the line manager instructing a payment to be made for 10,000 to the attacker s account. Once payment is received, the attacker then deletes any evidence of wrongdoing from the network and vanishes. CUK PD 6
8 How is phishing affecting the UK? CERT-UK has been in contact with national and international partners to gather a realistic view of phishing in the UK to understand what the scale of the problem is and what businesses are doing about it. We have gathered views and experiences of network defenders from large and small organisations and have drawn the following five key points: Half of everyone who uses the internet will be sent a phishing today 1. Phishing is extremely widespread Phishing s are often sent in campaigns, and an enormous amount of the same will get sent to potentially millions of people. Most commonly, s are short and to the point and impress strongly the need to click a link, usually for the purposes of fraud prevention or saving an account from deactivation, and will often focus on personal accounts. 2. But we are actually quite good at spotting them. The vast majority of phishing s received each month are swept up by network defenders who set up rules in their own systems. Using signatures, such as headers, any matching incoming messages can be disregarded before appearing in the inbox. This system is perhaps the most popular and widely used to combat phishing in the workplace and is arguably the strongest tool for protecting employees. Generally, employees are good at spotting the majority of obvious phishing s. The Centre for the Protection of National Infrastructure (CPNI) endorses the Critical Security Controls 2 as an effective way to protect against spear phishing as well as other cyber-attacks. These are an in depth set of controls that can reduce your risk. 3. Training is effective. Almost all of the responding organisations said that their employees received some sort of training related to phishing. Those who ran specific training sessions on phishing found them to be most effective, as well as those who heard real-life examples of compromise. Many large organisations ran phishing exercises which involved sending a mock phishing to all employees in order to ascertain the current risk from those clicking on things they should not and some established mandatory training for those who clicked the link. A key part of training is establishing an environment where employees have the confidence to challenge s if they do not look right. Without the right training and awareness, that communication will not happen, either through apathy or ignorance. Using the Cyber-security Information Sharing Partnership 3 (CiSP) is a great way to stay informed of current campaigns CUK PD 7
9 4. Someone at your organisation WILL click on a link they should not. Every organisation that responded said that, at a minimum, a small percentage of staff (that they were aware of) had clicked links, while other organisations stated up to 30% of their workforce had clicked links. Of those that clicked links, a small percentage went on to enter sensitive details into forms. Conversely, some organisations saw a massive increase in reporting of exercise phishing, suggesting training was very effective. 100% of responding organisations had an employee that clicked a link that they should not have Your company s cyber defences need to be as good as they can reasonably be. However, with the threat phishing poses, you should expect to be compromised and therefore employees should know how to handle an incident. CESG provides a brief overview of steps to take to properly handle an incident 4 and CERT-UK s incident handling guidance can be found on CiSP. 5. Money is usually the target but not always! CERT-UK is aware that the majority of phishing and spear phishing is aimed at stealing or fraud but would like to remind readers that they also remain key tools of state-sponsored espionage. In fact, according to Verizon, 95% of espionage attacks involved phishing 5. Businesses will need to consider the risk of not only financial theft, but also of IP theft; something that other states are aggressively pursuing in the UK. Consider in your risk assessment the value of the information you hold to determined actors. Even if you are not the target, you may be the gateway to another organisation. You can help your organisation by signing up to the Cyber Essentials scheme 6 which is aimed at helping businesses protect themselves from cyber-attacks by implementing essential controls. By sharing information on CiSP about phishing you can have a wider impact outside of your organisation and by warning the community about phishing campaigns attacking your business, you can use advice provided by others and tap in to their skills and experience. All organisation victims, regardless of size, should contact Action Fraud if they have lost money or had their network compromised CUK PD 8
10 What should my business do? This report has highlighted some in depth reading from CPNI and CESG, which CERT-UK recommends fully. As an overview, the following diagram shows how we would like, and expect, organisations to continue to protect themselves from the dangers of phishing. It s not exhaustive, and can require a good amount of resource, which we know small and medium enterprises can struggle to maintain. We hope that, where this is not possible, the CiSP community can be a powerful resource. THE MODEL ORGANISATION Network defenders. Several different phishing and spear phishing s should be crafted by network defenders and sent out at irregular intervals. The employees should never be aware that exercising is being conducted. It is not necessary to exercise all employees at the same time and different office sections can be given differing qualities of phishing depending on past results or identified risk. The network defender can learn about new threats on CiSP. Employees. The recipients of the exercise phishing s will take one of three actions. It should be expected that the majority of employees will delete the without interacting with it. Some employees will recognise the phish and report it back to network defenders in these cases consider a reward system for those employees. By flagging up genuine phishes they may be preventing a network breach and saving the business money! Inevitably however some employees will fall victim. Trainers/line managers. It is important that employees who click are not reprimanded but given further training. Remember someone will click the link. This training could come in the form of an informal chat with a line manager reminding the employee of the dangers. Repeat offenders should be sent on a training course for recognition. One of the most overlooked aspects of training is what actions an employee should take upon realising they have perhaps entered sensitive details and this policy should be made clear to all in order to get more employees reporting phishes back to network defenders. Just one correct report could give the network defender the information necessary to block all other employees from receiving it. CUK PD 9
11 Conclusion Train your staff. That s it. Simply put, phishing is not going anywhere - we all know something about phishing, but statistics tell us we are still falling victim. As we rely more heavily on automated cyber defences we cannot forget the human element. Defences in the UK are generally good but are reactive to emerging threats, and this means we will always be vulnerable to unknown or undiscovered threats, and phishing is a common way to exploit these. Staff training is highly effective at reducing the risk. Training on phishing should be at the heart of a security culture whether by online training, demonstrations, exercises all of which should be periodic. We do know however, that training cannot eliminate the risk: someone will click a link they should not and then it is important your employees know, and feel confident using, the reporting procedures in place. Your business should remain vigilant and monitor your network proactively, making sure you have effective ways to process the data and tackle any issues that are flagged. There is much guidance available from trusted sources such as CPNI, CESG, and the gov.uk websites. Make sure your security teams are aware of recent campaigns and techniques by using CiSP where they can learn from others experience as well as share their own. And, after all that, if (or when) the time comes, use the help available to your business. Fraud is a crime, report it to Action Fraud or the police. CUK PD 10
12 A CERT-UK PUBLICATION COPYRIGHT 2015 CUK PD 11
falanx Cyber Falanx Phishing: Measure your resilience
falanx Cyber Falanx Email Phishing: Measure your resilience Contents What is Email Phishing? 3 Why should I carry out an Email Phishing exercise? 4 PhishEd Managed regular phishing 5 Single assessments
More informationWebomania Solutions Pvt. Ltd. 2017
The other name for link manipulation is Phishing or you can say link manipulation is type of phishing attack done generally to mislead the user to a replica website or a looka-like of some well-known site.
More informationYour security on click Jobs
Your security on click Jobs At Click Jobs is a trading name of Raspberry Recruitment Limited, we're committed to helping you find the right job in a safe and secure environment. On these pages, you can
More informationIt pays to stop and think
It pays to stop and think Protect yourself from financial fraud Together we thrive 2 In the first six months of 2018, over 34,000 people were scammed out of 145.4m At HSBC, we work hard to keep our customers
More informationNew Zealand National Cyber Security Centre Incident Summary
New Zealand National Cyber Security Centre 2013 Incident Summary National Cyber Security Centre 2013 Incident Summary Foreword The incidents summarised in this report reinforce that cyber security is truly
More informationWho We Are! Natalie Timpone
Who We Are! Natalie Timpone Manager of Security Business Management Office Enterprise Security Awareness Manager Carmelo Walsh Security, Risk, and Compliance Security Awareness Subject Matter Expert Who
More informationHow to recognize phishing s
Phishing email messages, websites, and phone calls are designed to steal money, steal data and/or destroy information. Cybercriminals can do this by installing malicious software on your computer or stealing
More informationTABLE OF CONTENTS Introduction: IS A TOP THREAT VECTOR... 3 THE PROBLEM: ATTACKS ARE EVOLVING FASTER THAN DEFENSES...
The Guide TABLE OF CONTENTS Introduction: EMAIL IS A TOP THREAT VECTOR... 3 THE PROBLEM: ATTACKS ARE EVOLVING FASTER THAN EMAIL DEFENSES... 4 Today s Top Email Fraud Tactics...5 Advanced Malware...8 Outbound
More informationAges Donʼt Fall for Fake: Activity 1 Don t bite that phishing hook! Goals for children. Letʼs talk
Ages 11-14 Donʼt Fall for : Activity 1 Don t bite that phishing hook! Children play a game where they study various emails and texts and try to decide which messages are legit and which are phishing scams.
More information41% Opens. 73% Clicks. 35% Submits Sent
Phishing Awareness Attackers engage with you through your email inbox, and unless you pay close attention, you can become a victim to their masquerade. What tactic are these attackers using? It is called
More informationEvolution of Spear Phishing. White Paper
Evolution of Spear Phishing White Paper Executive Summary Phishing is a well-known security threat, but few people understand the difference between phishing and spear phishing. Spear phishing is the latest
More informationFAQ. Usually appear to be sent from official address
FAQ 1. What is Phishing Email? A form of fraud by which an attacker masquerades as a reputable entity in order to obtain your personal information. Usually appear to be sent from official email address
More informationPhishing. What do phishing s do?
Phishing We have become all too familiar with phishing emails but if that s the case, why do we as a community still fall victim? In this newsletter our goal is to provide you with some basic information
More informationMachine-Powered Learning for People-Centered Security
White paper Machine-Powered Learning for People-Centered Security Protecting Email with the Proofpoint Stateful Composite Scoring Service www.proofpoint.com INTRODUCTION: OUTGUNNED AND OVERWHELMED Today
More informationCyber and data security How prepared is your charity?
Cyber and data security How prepared is your charity? 1 Executive summary In this report we reveal the results of our survey 54% of respondents didn t know or said their charity was not well equipped to
More informationBRING SPEAR PHISHING PROTECTION TO THE MASSES
E-Guide BRING SPEAR PHISHING PROTECTION TO THE MASSES SearchSecurity phishing. I n this expert tip, David Sherry describes how a combination of technical controls and user awareness training can help put
More informationCYBER RESILIENCE & INCIDENT RESPONSE
CYBER RESILIENCE & INCIDENT RESPONSE www.nccgroup.trust Introduction The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable
More informationFinancial scams. What to look for and how to avoid them.
Financial scams What to look for and how to avoid them. Keep your money secure We take the security and wellbeing of our customers very seriously. So we ve created this guide to highlight the most common
More informationThe Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015
The Cost of Phishing Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015 Executive Summary.... 3 The Costs... 4 How To Estimate the Cost of an Attack.... 5 Table
More informationDo not open attachments on s that you are not sure of.
Avoid free online offers of programs to rid your hard drive of viruses and shred your history completely. It will probably install spyware or infect your hard drive. Do not open attachments on emails that
More informationIntroduction to
Introduction to Email gcflearnfree.org/print/email101/introduction-to-email Introduction Do you ever feel like the only person who doesn't use email? You don't have to feel left out. If you're just getting
More informationCyber fraud and its impact on the NHS: How organisations can manage the risk
Cyber fraud and its impact on the NHS: How organisations can manage the risk Chair: Ann Utley, Preparation Programme Manager, NHS Providers Arno Franken, Cyber Specialist, RSM Sheila Pancholi, Partner,
More informationIT Security Protecting Ourselves From Phishing Attempts. Ray Copeland Chief Information Officer (CIO)
IT Security Protecting Ourselves From Phishing Attempts Ray Copeland Chief Information Officer (CIO) Phishing Defined The fraudulent practice of sending emails claiming to be from reputable people or companies
More informationwith Advanced Protection
with Advanced Email Protection OVERVIEW Today s sophisticated threats are changing. They re multiplying. They re morphing into new variants. And they re targeting people, not just technology. As organizations
More informationOnline Scams. Ready to get started? Click on the green button to continue.
Online Scams Hi, I m Kate. We re here to learn how to protect ourselves from online scams. We ll follow along with Kevin to learn what types of scams are out there, how to recognize the warning signs,
More informationQuick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page
Workshop #7 Email Security Previous workshops 1. Introduction 2. Smart phones & Tablets 3. All about WatsApp 4. More on WatsApp 5. Surfing the Internet 6. Emailing Quick recap on Emailing Email Security
More informationSpam Protection Guide
Spam Email Protection Guide Version 1.0 Last Modified 5/29/2014 by Mike Copening Contents Overview of Spam at RTS... 1 Types of Spam... 1 Spam Tricks... 2 Imitation of 3 rd Party Email Template... 2 Spoofed
More informationPHISHING ATTACK TARGETING UNIVERSITY STUDENTS MAY 2016
PHISHING ATTACK TARGETING UNIVERSITY STUDENTS MAY 2016 Page 1 of 5 PURPOSE OF THE ALERT The information contained within this alert is based on the reports received by Action Fraud and the National Fraud
More informationIT & DATA SECURITY BREACH PREVENTION
IT & DATA SECURITY BREACH PREVENTION A PRACTICAL GUIDE Part 1: Reducing Employee and Application Risks CONTENTS EMPLOYEES: IT security hygiene best practice APPLICATIONS: Make patching a priority AS CORPORATE
More informationPanda Security 2010 Page 1
Panda Security 2010 Page 1 Executive Summary The malware economy is flourishing and affecting both consumers and businesses of all sizes. The reality is that cybercrime is growing exponentially in frequency
More informationSecurity & Phishing
Email Security & Phishing Best Practices In Cybersecurity Presenters Bill Shieh Guest Speaker Staff Engineer Information Security Ellie Mae Supervisory Special Agent Cyber Crime FBI 2 What Is Phishing?
More informationPhishing. A simplified walkthrough on how phishing campaigns are often orchestrated, and possible defences. Copyright March 2018
Phishing A simplified walkthrough on how phishing campaigns are often orchestrated, and possible defences. Copyright March 2018 Netscylla Cyber Security Ltd GB 10571639 Address: Telecom House, 125-135
More informationTrain employees to avoid inadvertent cyber security breaches
Train employees to avoid inadvertent cyber security breaches TRAIN EMPLOYEES TO AVOID INADVERTENT CYBER SECURITY BREACHES PAGE 2 How much do you know about cyber security? Small business owners often lack
More informationREPORT. proofpoint.com
REPORT proofpoint.com Email fraud, also known as business email compromise (BEC), is one of today s greatest cyber threats. These socially engineered attacks seek to exploit people rather than technology.
More informationELECTRONIC BANKING & ONLINE AUTHENTICATION
ELECTRONIC BANKING & ONLINE AUTHENTICATION How Internet fraudsters are trying to trick you What you can do to stop them How multi-factor authentication and other new techniques can help HELPING YOU STAY
More informationT-SURE VIGILANCE CYBER SECURITY OPERATIONS CENTRE
www.thalesgroup.com/uk SECURE COMMUNICATIONS AND INFORMATION SYSTEMS T-SURE VIGILANCE CYBER SECURITY OPERATIONS CENTRE An enterprise-level bespoke security service for the detection and response to cyber
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationA practical guide to IT security
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
More informationHow to Build a Culture of Security
How to Build a Culture of Security March 2016 Table of Contents You are the target... 3 Social Engineering & Phishing and Spear-Phishing... 4 Browsing the Internet & Social Networking... 5 Bringing Your
More informationCLICK TO EDIT MASTER TITLE STYLE Fraud Overview and Mitigation Strategies
Fraud Overview and Mitigation Strategies SUNTRUST TEAM: DOUG HICKMAN SENIOR VICE PRESIDENT FOUNDATIONS AND ENDOWMENTS SPECIALTY PRACTICE JAMES BERNAL ASSISTANT VICE PRESIDENT FOUNDATIONS AND ENDOWMENTS
More informationHOW TO PHISH YOUR BUSINESS (AND GET MANAGEMENT S BUY-IN)
HOW TO PHISH YOUR BUSINESS (AND GET MANAGEMENT S BUY-IN) Answering key questions about the value, cost, risk, and execution of a phishing awareness program TABLE OF CONTENTS Introduction: What Management
More informationCreate strong passwords
Create strong passwords Passwords are the first line of defense against break-ins to your online accounts and computer, tablet, or phone. Poorly chosen passwords can render your information vulnerable
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationWhy you MUST protect your customer data
Why you MUST protect your customer data If you think you re exempt from compliance with customer data security and privacy laws because you re a small business, think again. Businesses of all sizes are
More informationCYBER SECURITY TRAINING
CYBER Security skills for the digital age. Cyber Crime has never been more predominant. The number of breaches is exponentially rising year on year leading to an ever increasing Cyber Security threat.
More informationChain 365 Cyber Threat Intelligence Enterprise & Cyber Security. August 2017
Chain 365 Cyber Threat Intelligence Enterprise & Cyber Security August 2017 Fujitsu Cyber Threat Intelligence Office 365 Supply Chain Compromise Global Impact Executive Summary... 2 Chain 365... 3 Potential
More informationHow Breaches Really Happen
How Breaches Really Happen www.10dsecurity.com About Dedicated Information Security Firm Clients Nationwide, primarily in financial industry Services Penetration Testing Social Engineering Vulnerability
More informationIntegrated Access Management Solutions. Access Televentures
Integrated Access Management Solutions Access Televentures Table of Contents OVERCOMING THE AUTHENTICATION CHALLENGE... 2 1 EXECUTIVE SUMMARY... 2 2 Challenges to Providing Users Secure Access... 2 2.1
More informationThe Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It
The Credential Phishing Handbook Why It Still Works and 4 Steps to Prevent It Introduction Phishing is more than 20 years old, but still represents more than 90% of targeted attacks. The reason is simple:
More informationKey Findings from the Global State of Information Security Survey 2017 Indonesian Insights
www.pwc.com/id Key Findings from the State of Information Security Survey 2017 n Insights Key Findings from the State of Information Security Survey 2017 n Insights By now, the numbers have become numbing.
More informationCyber Security Guide for NHSmail
Cyber Security Guide for NHSmail Version 3.0 February 2017 Copyright 2017Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body created by statute,
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationToday s cyber threat landscape is evolving at a rate that is extremely aggressive,
Preparing for a Bad Day The importance of public-private partnerships in keeping our institutions safe and secure Thomas J. Harrington Today s cyber threat landscape is evolving at a rate that is extremely
More informationUsing Threat Analytics to Protect Privileged Access and Prevent Breaches
Using Threat Analytics to Protect Privileged Access and Prevent Breaches Under Attack Protecting privileged access and preventing breaches remains an urgent concern for companies of all sizes. Attackers
More informationA new approach to Cyber Security
A new approach to Cyber Security Feel Free kpmg.ch We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward.
More informationEvolution of a Phish That Got Through the Net[work]
Evolution of a Phish That Got Through the Net[work] Allan Carey ISACA San Antonio December 12, 2013 Largest Data Breaches (Aurora) Source: Informationisbeautiful.net Attacks Begin With Email-based Tactics
More informationState of the Phish 2016
State of the Phish 2016 1 Introduction & Overview In October 2015, Wombat Security acquired ThreatSim, bringing together two of the leading simulated phishing attack tools. ThreatSim has historically prepared
More informationDIGITAL ACCOUNTANCY FORUM CYBER SESSION. Sheila Pancholi Partner, Technology Risk Assurance
DIGITAL ACCOUNTANCY FORUM CYBER SESSION Sheila Pancholi Partner, Technology Risk Assurance Section 1: The background World s biggest data breaches 10 years ago 2007 2006 accidentally published hacked inside
More informationSecurity Awareness Training Courses
Security Awareness Training Courses Trusted Advisor for All Your Information Security Needs ZERODAYLAB Security Awareness Training Courses 75% of large organisations were subject to a staff-related security
More informationCyber Risk Report. Family offices. PRECISE. PROVEN. PERFORMANCE.
Cyber Risk Report Family offices PRECISE. PROVEN. PERFORMANCE. Cyber Risk Report Family offices Contents Introduction...1 Time to build defences: family offices cyber risk survey results...2 Cyber security
More informationEBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats.
EBOOK Stopping Email Fraud How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats www.proofpoint.com EBOOK Stopping Email Fraud 2 Today s email attacks have
More information5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief
5 Trends That Will Impact Your IT Planning in 2012 Layered Security Executive Brief a QuinStreet Excutive Brief. 2011 Layered Security Many of the IT trends that your organization will tackle in 2012 aren
More informationKASPERSKY SECURITY FOR MICROSOFT OFFICE s are sent every second. It only takes one to bring down your business.
Kaspersky KASPERSKY SECURITY for Business FOR MICROSOFT OFFICE 365 emails are sent every second. It only takes one to bring down your business. 2 When Oice 365 meets cyberthreat 24/7 Most businesses have
More informationEMPLOYEE SKILLS TRAINING PLATFORM. On-access skills training and measurement for all employees
EMPLOYEE SKILLS TRAINING PLATFORM On-access skills training and measurement for all employees 1 HUMAN MISTAKES AS THE BIGGEST CYBERRISK FOR ENTERPRISES TODAY $861,000 $86,500 $865,000 up to $400 per enterprise
More informationWould you fall for the latest ingenious bank scam?
Would you fall for the latest ingenious bank scam? Mark Winterton and Jana Parkin suspected the Lloyds letter was fake when it arrived at their office but said they were 'very impressed' with the quality
More informationSecurity Awareness. Chapter 2 Personal Security
Security Awareness Chapter 2 Personal Security Objectives After completing this chapter, you should be able to do the following: Define what makes a weak password Describe the attacks against passwords
More informationCYBER THREATS: REAL ESTATE FRAUD ADVISORY COUNCIL
CYBER THREATS: REAL ESTATE FRAUD ADVISORY COUNCIL RAHUL GUPTA SENIOR DEPUTY DISTRICT ATTORNEY ORANGE COUNTY DISTRICT ATTORNEYS OFFICE CELL: 714-345-7722 EMAIL: rahul.gupta@da.ocgov.com DAVE WHITE INVESTIGATOR
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationManaging IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services
Managing IT Risk: What Now and What to Look For Presented By Tina Bode IT Assurance Services Agenda 1 2 WHAT TOP TEN IT SECURITY RISKS YOU CAN DO 3 QUESTIONS 2 IT S ALL CONNECTED Introduction All of our
More informationAdobe Security Survey
Adobe Security Survey October 2016 Edelman + Adobe INTRODUCTION Methodology Coinciding with National Cyber Security Awareness Month (NCSAM), Edelman Intelligence, on behalf of Adobe, conducted a nationally
More information6 Ways Office 365 Keeps Your and Business Secure
6 Ways Office 365 Keeps Your Email and Business Secure Acora House, Albert Drive, Burgess Hill, West Sussex, RH15 9TN T: +44 (0) 844 264 2222 W: acora.com E: sales@acora.com Introduction Microsoft have
More informationCyber Hygiene Guide. Politicians and Political Parties
Cyber Hygiene Guide Politicians and Political Parties Canadian Election Integrity Initiative Design by ccm.design Cover Image by Songquan Deng Helping to Safeguard the Integrity of the Electoral Process
More informationCyber Security Guide. For Politicians and Political Parties
Cyber Security Guide For Politicians and Political Parties Indian Election Integrity Initiative Design by ccm.design Cover Image by Paul Dufour Helping to Safeguard the Integrity of the Electoral Process
More informationHoliday Season Cyberattacks on Pace to Increase by Nearly 60%
Holiday Season Cyberattacks on Pace to Increase by Nearly 60% NOVEMBER 2018 1 Tis the season for cyberattacks. According to the Carbon Black Threat Analysis Unit (TAU), organizations should expect to see
More informationMalicious s. How to Identify Them and How to Protect Yourself
Malicious Emails How to Identify Them and How to Protect Yourself 1.Identify the Sender This is the first thing you should do whenever you receive an email, especially if: It is requesting sensitive information
More informationTarget Breach Overview
Target Breach Overview Q: Media reports are stating that Target experienced a data breach. Can you provide more specifics? A: Yes, Target has confirmed that it experienced unauthorized access to its systems
More informationBest Practices Guide to Electronic Banking
Best Practices Guide to Electronic Banking City Bank & Trust Company offers a variety of services to our customers. As these services have evolved over time, a much higher percentage of customers have
More informationEntertaining & Effective Security Awareness Training
Entertaining & Effective Security Awareness Training www.digitaldefense.com Technology Isn t Enough Improve Security with a Fun Training Program that Works! Social engineering, system issues and employee
More informationThis Online Gaming Company Didn t Want to Roll the Dice on Security That s Why it Worked with BlackBerry
This Online Gaming Company Didn t Want to Roll the Dice on Security That s Why it Worked with BlackBerry At a Glance With offices across the country, this gaming company has been in operation for decades.
More informationKaspersky Security for Microsoft Office 365
Kaspersky for Business Kaspersky Security for Microsoft Office 365 emails are sent every second. It only takes one to bring down your business. Moving to the cloud? Secure it. With more than 100 million
More informationCopyright ECSC Group plc 2017 ECSC - UNRESTRICTED
Copyright ECSC Group plc 2017 ECSC - UNRESTRICTED ECSC - UNRESTRICTED Introduction A Web Application Firewall (WAF) is, in our experience, the most important layer of defence against a wide range of attacks
More informationIntro to Capture the Flag
Intro to Capture the Flag Talk for General Audience: Why Capture the Flag (CTFs) Matter. Synopsis: CTFs are one example of a gamified learning environment. Gamified ecosystems pose many benefits to professional
More informationNews English.com Ready-to-use ESL / EFL Lessons
www.breaking News English.com Ready-to-use ESL / EFL Lessons 1,000 IDEAS & ACTIVITIES FOR LANGUAGE TEACHERS The Breaking News English.com Resource Book http://www.breakingnewsenglish.com/book.html Top
More informationNewcomer Finances Toolkit. Fraud. Worksheets
Newcomer Finances Toolkit Fraud Worksheets Ottawa Community Loan Fund Fonds d emprunt Communautaire d Ottawa 22 O Meara St., Causeway Work Centre, Ottawa, ON K1Y 4N6 Tel: 613-594-3535 Fax: 613-594-8118
More informationOPEN SOURCE SECURITY ANALYSIS The State of Open Source Security in Commercial Applications
OPEN SOURCE SECURITY ANALYSIS The State of Open Source Security in Commercial Applications By Mike Pittenger, Vice President, Security Strategy Black Duck s On-Demand business conducts audits of customers
More informationThe New Government Security Classification System -
The New Government Security Classification System -? Industry The guidance in this booklet is being developed for use from April 2014. It is but is being shared with industry in order to raise awareness
More informationCompliance & HIPAA Annual Education
Compliance & HIPAA Annual Education 1 The purpose of this education is to UPDATE The purpose and of this education REFRESH is to UPDATE your and REFRESH understanding understanding of: of: Aultman s Compliance
More informationSecurity Using Digital Signatures & Encryption
Email Security Using Digital Signatures & Encryption CONTENTS. Introduction The Need for Email Security Digital Signatures & Encryption 101 Digital Signatures & Encryption in Action Selecting the Right
More informationCyber Security Stress Test SUMMARY REPORT
Cyber Security Stress Test SUMMARY REPORT predict prevent respond detect FINAL SCORE PREDICT: PREVENT: Final score: RESPOND: DETECT: BRILLIANT! You got a 100/100. That's as good as it gets. So take a second
More informationA quick guide to... Split-Testing
A quick guide to... Split-Testing In this guide... Learn how you can get the best results from your email campaign by testing it first! Just create up to five messages, with different personalization techniques,
More informationRisk Outlook Anti money Laundering and Cybercrime. Steve Wilmott and George Hawkins
Risk Outlook Anti money Laundering and Cybercrime Steve Wilmott and George Hawkins Introductions Steve Wilmott, Director of Intelligence and Investigations George Hawkins, Senior Technical Advisor, Risk
More informationOA Cyber Security Plan FY 2018 (Abridged)
OA Cyber Security Plan FY 2018 (Abridged) 1 Table of Contents Vision... 3 Goals, Strategies, and Tactics... 5 Goal #1: Create a Culture that Fosters the Adoption of Cyber Security Best Practices... 5 1.1
More informationThe UK s National Cyber Security Strategy
The UK s National Cyber Security Strategy 2016 2021 Vision for 2021: The UK is secure and resilient to cyber threats, prosperous and confident in the digital world 1 National Cyber Security Strategy 2016
More informationPhishing Activity Trends Report October, 2004
Phishing Activity Trends Report October, 2004 Phishing is a form of online identity theft that uses spoofed emails designed to lure recipients to fraudulent websites which attempt to trick them into divulging
More informationOWASP Top 10 The Ten Most Critical Web Application Security Risks
OWASP Top 10 The Ten Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain
More informationPart 1: Anatomy of an Insider Threat Attack
Part 1: Anatomy of an Insider Threat Attack Shiri Margel Data Security Research Team Lead Imperva Carrie McDaniel Emerging Products Team Lead Imperva Shiri Margel Data Security Research Team Lead Masters
More informationTHE CYBERSECURITY LITERACY CONFIDENCE GAP
CONFIDENCE: SECURED WHITE PAPER THE CYBERSECURITY LITERACY CONFIDENCE GAP ADVANCED THREAT PROTECTION, SECURITY AND COMPLIANCE Despite the fact that most organizations are more aware of cybersecurity risks
More informationThe power management skills gap
The power management skills gap Do you have the knowledge and expertise to keep energy flowing around your datacentre environment? A recent survey by Freeform Dynamics of 320 senior data centre professionals
More informationGovernance Ideas Exchange
www.pwc.com.au Anatomy of a Hack Governance Ideas Exchange Robert Di Pietro October 2018 Cyber Security Anatomy of a Hack Cyber Security Introduction Who are the bad guys? Profiling the victim Insights
More information