Think IT Association. Mission: To foster professional growth and development through the power of networking and collaboration.

Size: px

Start display at page:

Download "Think IT Association. Mission: To foster professional growth and development through the power of networking and collaboration."

Stanley Shields
5 years ago
Views:

Think IT Association Mission: To foster professional growth and development through the power of networking and collaboration. Think IT is a service of Think IT Association was founded in 2009.

2 Think IT Association Mission: To foster professional growth and development through the power of networking and collaboration. Think IT is a service of Think IT Association was founded in Each group meets regularly in an informal, roundtable format with a different member from the group facilitating each session. The IT Leadership group is designed for all levels of leaders within the IT space including: IT Managers, IT Directors, and VPs of IT within the Twin Cities. Additional Think IT Program: Link to Leadership Registration for our Spring session has officially opened! 6 month leadership development course that is designed and led by IT executives from across the metro Benefits Genesys Works-Twin Cities alumni through the Think IT Young Professionals Scholarship fund While there is no cost to be a member of Think IT, it is not FREE and we do ask that members invest their time and experience and be open to facilitating 2 York Solutions

3 B2E Update A big thank you to the following companies who have hired our B2E students! We will be graduating our 8 th Barriers to Entry cohort next Thursday! All students from this cohort have already been placed at clients As of 2018 we have a 90% program graduate placement rate For more information, contact: Tom at tparker@yorksolutions.net 3 York Solutions

4 A Proud Partner of To date we have raised a total of $542,495 for Genesys Works, through the Think IT Golf Invitational and our Link to Leadership program! Thank you to our 2018 Sponsors! 4 York Solutions

5 Upcoming Meetings Friday, October 19 th Quarterly Event Topic: Innovation and Digital Transformation Location: McDonald s Headquarters; 1045 W Randolph St, Chicago, IL Facilitator: Tasker Genres, CIO/CTO at ServiceNow Save the Date! Wednesday, November 7th Leadership Group Meeting Topic: People, Culture and Change Management Downtown Location: TransUnion; 555 W Adams St, Chicago, IL Suburb Location: Elkay Manufacturing; 2222 Camden Court, Oak Brook, IL Facilitator: George Wang, CIO/COO at Arx Nimbus 5 York Solutions

6 You re Invited! What: 1st Annual Business of IT Awards Presented by York Solutions When: Thursday, November 15 th 4:00pm-6:00pm Where: Peapod

8 Phishing 3.0 Brian Greenberg 8 York Solutions

9 October 2018 Facebook LinkedIn Twitter Blog Medium Forbes Phishing 3.0 A new type of multi-billion dollar attack on businesses that has everyone talking, and what you can do about it.

10 What is Phishing? Phishing relies on trickery to compromise a system. They are legitimate looking s that trick you to reveal user names, passwords, or credit card details. go to a web site that looks legitimate but is harmful. open an attachment that installs a virus. October 2018

11 What s at risk from Phishing attacks? Billions of dollars are at risk. 20% of C-level executives have sent sensitive data as a result of a phishing attack. Half of all organizations say their management and finance teams can t identify and stop an impersonation attempt. October 2018

12 Most common phishing subject lines. 1. Password Check Required Immediately 15% 2. Security Alert 12% 3. Change of Password Required Immediately 11% 4. A Delivery Attempt was made 10% 5. Urgent press release to all employees 10% 6. De-activation of [[ ]] in Process 10% 7. Revised Vacation & Sick Time Policy 9% 8. UPS Label Delivery, 1ZBE312TNY % 9. Staff Review % 10. Company Policies-Updates to our Fraternization Policy 7% October 2018

13 Phishing 3.0 It s time to stop laughing at Nigerian scammers, because they re stealing billions of dollars Washington Post 2017 losses doubled to $675 million Q1 of ,000 victims, $685 million in losses American businesses have lost $3.7 billion October 2018

14 Versions of Phishing v.1 Forward Payment Scams (so-called Nigerian scams) v.2 Type #1: Typo-squatting e.g. espn.cm, aol.cm, itunes.cm, qooqle.com, gooogle.com Typosquatting sites visited > 12M times in Q Type #2: Same script spoofing e.g. rn m, 0 O, l 1 v.3 Mixed script spoofing or Homographs (Internationalized Domain Names) Latin small letter o (U+006F) can be confused with Cyrillic small letter o (U+043E) October 2018

15 What is Phishing 3.0? Phishing 3.0 is different because it s very hard to spot. They are legitimate looking domain names using foreign alphabets to fool you. apple.com apple.com This example uses a Cyrillic а rather than English a Decoded, apple.com is really This is how hackers can get into your systems. October 2018

16 Phishing. 3.0 notes Not all browsers can catch this attack. Also called Punycode: A Bootstring encoding of Unicode for Internationalized Domain Names in Applications (IDNA) Not just browsers are susceptible; any app that reads URLs: e.g. clients, headless browsers, etc. You could look for Punycode entries in queries & DNS logs but there are 100 million IDNs registered You could convert Punycode to Unicode Single script detection: still thousands of Unicode confusables character combinations Detection is not going to happen in real-time: ~50ms At best, detection is after the fact October 2018

17 Reduce the risk from Phishing 3.0 Cut the Phishing lines! Mitigate the risk to your organization by getting the right technology to prevent and recover from attacks. right people trained and up to date on the latest threats. right partners to put together a plan for your organization. October 2018

18 Thank you! Facebook LinkedIn Twitter Blog Medium Forbes

19 Thank You. Brian Greenberg Genesys Works & Elkay Manufacturing 19 York Solutions

FAQ. Usually appear to be sent from official address

FAQ. Usually appear to be sent from official address FAQ 1. What is Phishing Email? A form of fraud by which an attacker masquerades as a reputable entity in order to obtain your personal information. Usually appear to be sent from official email address