How Cyber-Criminals Steal and Profit from your Data

Similar documents
Personal Cybersecurity

Restech. User Security AVOIDING LOSS GAINING CONFIDENCE IN THE FACE OF TODAY S THREATS

Best Practices Guide to Electronic Banking

Quick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page

ANATOMY OF AN ATTACK!

mhealth SECURITY: STATS AND SOLUTIONS

SECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi

Service Provider View of Cyber Security. July 2017

Retail/Consumer Client Internet Banking Awareness and Education Program

The BUSINESS of Fraud. Don t let it put you out of business. AFFILIATE LOGO

A practical guide to IT security

CLICK TO EDIT MASTER TITLE STYLE Fraud Overview and Mitigation Strategies

Cyber Insurance: What is your bank doing to manage risk? presented by

Understanding the Changing Cybersecurity Problem

Security Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment

WHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?

PCI Compliance. What is it? Who uses it? Why is it important?

Introduction to Information Security Dr. Rick Jerz

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

Top Ten IT Security Risks CHRISTOPHER S. ELLINGWOOD SENIOR MANAGER, IT ASSURANCE SERVICES

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

IT SECURITY FOR LIBRARIES PART 1: SECURING YOUR LIBRARY BRIAN PICHMAN EVOLVE PROJECT

Getting over Ransomware - Plan your Strategy for more Advanced Threats

What It Takes to be a CISO in 2017

Frauds & Scams. Why is the Internet so attractive to scam artists? 2006 Internet Fraud Trends. Fake Checks. Nigerian Scam

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

IT Security Update on Practical Risk Mitigation Strategies

Who We Are! Natalie Timpone

Online Security and Safety Protect Your Computer - and Yourself!

Cyber fraud and its impact on the NHS: How organisations can manage the risk

Cyber Criminal Methods & Prevention Techniques. By

Cybersecurity The Evolving Landscape

SHS Annual Information Privacy and Security Training

Web Cash Fraud Prevention Best Practices

Cyber Incident Response: Step 1

Cyber Security Updates and Trends Affecting the Real Estate Industry

South Central Power Stop Scams

Create strong passwords

How to Build a Culture of Security

9/11/ FALL CONFERENCE & TRAINING SEMINAR 2014 FALL CONFERENCE & TRAINING SEMINAR

Cyber Security Basics. Presented by Darrel Karbginsky

Sage Data Security Services Directory

It pays to stop and think

PCI DSS Addressing Cyber-Security Threats. ETCAA June Gabriel Leperlier

OPSEC and defense agains social engineering for devels, execs, and sart-ups

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards

IT Security Update on Practical Risk Mitigation Strategies

Your security on click Jobs

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Cyber Crime Seminar. No Victim Too Small Why Small Businesses Are Low Hanging Fruit

OPERATIONS CENTER. Keep your client s data safe and business going & growing with SOC continuous protection

COMPLETING THE PAYMENT SECURITY PUZZLE

RANSOMWARE PROTECTION. A Best Practices Approach to Securing Your Enterprise

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches

Business/Commercial Client Internet Banking Awareness and Education Program

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE

FAQ. Usually appear to be sent from official address

2017 Annual Meeting of Members and Board of Directors Meeting

Treasury Services Group Number Treasury Management Officer

Office 365 Buyers Guide: Best Practices for Securing Office 365

Employee Security Awareness Training

HOW SAFE IS YOUR DATA? Micho Schumann, KPMG, Cayman Islands

Protecting Your Business From Hackers

How Enterprise Tackles Phishing. Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong

Cyber security tips and self-assessment for business

Building a Business Case for Cyber Threat Intelligence. 5Reasons Your. Organization Needs a Risk-Based 5Approach to Cybersecurity

Cybersecurity and Nonprofit

Cyber Liability Preventive Services & Tools Specific & Pre-Emptive Considerations BEFORE the Inevitable Cyber Event.

Keep the Door Open for Users and Closed to Hackers

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Governance Ideas Exchange

Keeping Your PC Safe. Tips on Safe Computing from Doug Copley

Cybersecurity For The Small Business & Home User ( Geared toward Windows, but relevant to Apple )

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

How Breaches Really Happen

But it Was Such a Little Phish February 2016 Webinar

How NOT To Get Hacked

Evolution of Spear Phishing. White Paper

CYBER SECURITY AND MITIGATING RISKS

Safety and Security. April 2015

EBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats.

Entertaining & Effective Security Awareness Training

Employee Privacy in the Electronic Workplace

Capital Bank Express User Guide. The Tech Behind the Money

Improving Password Management. Laura Raderman, Policy and Compliance Coordinator, ISO Ole Villadsen, Research Liaison, Cybersecurity, UL

Security Awareness. Chapter 2 Personal Security

Cyber-Threats and Countermeasures in Financial Sector

Staying Safe on the Internet. Mark Schulman

Phishing Attacks. Mendel Rosenblum. CS142 Lecture Notes - Phishing Attack

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

About The Presentation 11/3/2017. Hacker HiJinx-Human Ways to Steal Data. Who We Are? Ethical Hackers & Security Consultants

CYBERSECURITY IN THE POST ACUTE ARENA AGENDA

Security & Phishing

ALTITUDE DOESN T MAKE YOU SAFE. Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation

FFIEC Guidance: Mobile Financial Services

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa

Protecting your Security and Privacy on the Web. Tony Brett Head of IT Support Staff Services IT Services. 11 March 2013

A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE

Welcome. Password Management & Public Wi-Fi Security. Hosted by: Content by:

Securing the SMB Cloud Generation

Transcription:

How Cyber-Criminals Steal and Profit from your Data Presented by: Nick Podhradsky, SVP Operations SBS CyberSecurity www.sbscyber.com Consulting Network Security IT Audit Education 1

Agenda Why cybersecurity is now your responsibility? What are the bad guys after? How do they get what they want? How can I stop them or slow them down? www.sbscyber.com Consulting Network Security IT Audit Education 2

www.sbscyber.com Consulting Network Security IT Audit Education 3

You Have Been Enlisted www.sbscyber.com Consulting Network Security IT Audit Education 4

Strength or Weakness People are easier to defeat than technology! www.sbscyber.com Consulting Network Security IT Audit Education 5

What does a hacker look like? www.sbscyber.com Consulting Network Security IT Audit Education 6

What does a hacker look like? www.sbscyber.com Consulting Network Security IT Audit Education 7

Costs of Cybersecurity? Estimated annual global cost could reach $6 trillion by 2021 (estimated at $3 trillion in 2015) Cybersecurity Ventures Data breaches average a cost of around $154 per record www.cyberark.com Significant reputational damage associated with a data breach. www.sbscyber.com Consulting Network Security IT Audit Education 8

How hackers make money? Compromise Internet Banking Activity Credit Cards Health Information Ransomware User or Admin Credentials Personal Data Contact information including email addresses www.sbscyber.com Consulting Network Security IT Audit Education 9

www.sbscyber.com Consulting Network Security IT Audit Education 10

Data Values December 2015 (foxnews.com) Average estimated price for stolen debit and credit cards in US: $5 - $30 Bank login credentials for a $2,200 balance bank account: $190 Bank login credentials plus stealth funds transfers to US Banks for a $20,000 account balance: $1,200 Online payment service credentials (paypal, etc.) for $1,000 balance: $50 The more information provided, the higher the value. www.sbscyber.com Consulting Network Security IT Audit Education 11

How do bad guys get that data? Social Engineering Wikipedia definition: in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme. www.sbscyber.com Consulting Network Security IT Audit Education 12

Social Engineering Types Email Phishing Phone Calls - Vishing Social Media USB Devices Dumpster Diving www.sbscyber.com Consulting Network Security IT Audit Education 13

Phish Finder Who, What, Where www.sbscyber.com Consulting Network Security IT Audit Education 14

WHO? www.sbscyber.com Consulting Network Security IT Audit Education 15

www.sbscyber.com Consulting Network Security IT Audit Education 16

What? www.sbscyber.com Consulting Network Security IT Audit Education 17

What? www.sbscyber.com Consulting Network Security IT Audit Education 18

Phishing Example Consulting Network Security IT Audit Education www.sbscyber.com 19

Where? www.sbscyber.com Consulting Network Security IT Audit Education 20

WHO? WHAT? WHERE? www.sbscyber.com Consulting Network Security IT Audit Education 21

Phishing Scenario Walkthrough www.sbscyber.com Consulting Network Security IT Audit Education 22

I clicked on the link www.sbscyber.com Consulting Network Security IT Audit Education 23

See what the hacker gets? www.sbscyber.com Consulting Network Security IT Audit Education 24

What about attachments? www.sbscyber.com Consulting Network Security IT Audit Education 25

Enabling content will run malware www.sbscyber.com Consulting Network Security IT Audit Education 26

What can you do? Understand the Importance of Cybersecurity Spoofed Wireless Strong Passwords Multi-Factor Authentication Be suspicious of Downloads Use Anti-Virus, but be aware that it s not entirely effective! www.sbscyber.com Consulting Network Security IT Audit Education 27

Understand the Importance of Cybersecurity You have a responsibility as an employee to help protect the network and data. Get educated If you ve done something you shouldn t have DON T cover it up let someone know. Remember that security controls may not be fun to have, but they are there to protect you and your data. www.sbscyber.com Consulting Network Security IT Audit Education 28

Spoofed Wireless Networks If you aren t certain of the network, don t connect. Never access confidential information while connected to unsecure wifi. If you can VPN through this, your traffic becomes encrypted and is safe. Using your Mobile Data and shutting off Wifi is also considered safe. www.sbscyber.com Consulting Network Security IT Audit Education 29

Strong Passwords Don t use passwords in multiple locations especially banking or confidential website passwords Use phrases: Iwah4C;Oahwd! I want a hippopotamus for Christmas; Only a hippopotamus will do! Use a Password keeper such as KeePass, LastPass; ensure that your password for that is strong. Change your password often www.sbscyber.com Consulting Network Security IT Audit Education 30

Multi-Factor Authentication Multi-Factor Authentication is the use of 2 or more identifiers to verify the user. 1 - something you have 2 - something you know 3 - something you are Most email providers OFFER multi-factor authentication. First factor is generally the password, 2 nd factor is often an email or text with a code or a security question Security questions can be a 2 nd factor, make sure that answers are not simple (birthdate may be on social media; high school may be found online; pet s name social media) www.sbscyber.com Consulting Network Security IT Audit Education 31

Be suspicious of Downloads Ensure it s from a trusted source. Go directly to the company site. Know what brand of antivirus you have. Don t panic when something happens that looks like the picture to the right. www.sbscyber.com Consulting Network Security IT Audit Education 32

Use Anti-Virus but be aware it s not entirely effective! Most sophisticated and new scams will get around anti-virus unnoticed. Anti-virus will catch older and very prevalent viruses. There are many good anti-viruses available with paid and free versions paid versions are generally better there is no reason not to have one. Be careful when downloading a new anti-virus (go directly to the company, not to a 3 rd party site. www.sbscyber.com Consulting Network Security IT Audit Education 33

HCPD Partnership HCPD cares about the CyberSecurity of your organization and wants to help! HCPD and SBS have partnered on a 5 phase approach to helping HCPD customers improve their Cybersecurity. HCPD will pay for 50% of the cost annually, up to $5,000! www.sbscyber.com Consulting Network Security IT Audit Education 34

HCPD Phase 1 Cybersecurity Services IT Asset Discovery Identifies hardware and software used by the organization. Internal Vulnerability Assessment Identifies soft spots on the inside of your network that cybercriminals could exploit. Information Security Risk Assessment A document that identifies the most and least risky use of technology in the organization Cyber Risk Management Prioritization Based on the 3 items above SBS will put together a plan for the organization on how to immediately improve their cybersecurity posture. www.sbscyber.com Consulting Network Security IT Audit Education 35

Investment Pricing based on the number of meters the customer has You can start with Phase 2-5 if you would prefer (contact SBS for more information. Time investment for Phase 1 ranges from ½ day to 3 days depending on size. SBS would do a presentation for your management/ board if you would like to further discuss. www.sbscyber.com Consulting Network Security IT Audit Education 36

Nick Podhradsky 605-770-3926 Nick@sbscyber.com www.sbscyber.com Madison, SD Let s Connect! www.sbscyber.com Consulting Network Security IT Audit Education 37

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback