Cyber Security Powerpoint
Cyber Security Powerpoint
Cyber Security Powerpoint
By Vinod Sencha
CF(IS) RTI Jaipur
Which is the third largest economy?
• USA
• China
• ????
Importance of Cyber Security
https://www.varonis.com/blog/data-breach-statistics
/
Cyber Security is Safety
• Confidentiality – restrict
access to authorized
individuals
• Integrity – data has not
been altered in an
unauthorized manner
• Availability – information
Availabilit
y can be accessed and
modified by authorized
individuals in an
appropriate timeframe
CIA
Triad
Confidentiali Example:
Criminal steals
ty customers’
usernames,
passwords, or credit
card information
Protecting
information
from
unauthorized
access and
disclosure
CIA
Triad
Integrit
y
Protecting
information
from
unauthorize
d
modificatio
Example:
n
Someone alters payroll
information or a
proposed product
design
CIA
Triad
Availabili Example:
Your
ty customers
are unable to
access your
online
services
Preventing
disruption in
how
information
is accessed
Threats and
Vulnerabilities
What are we protecting our and our stakeholders
information from?
Threats: Any circumstances or events that can
potentially harm an information system by
destroying it, disclosing the information stored on
the system, adversely modifying data, or making
the system unavailable
Vulnerabilities:
Weakness in an information system
or its components that could be exploited.
Phishing and Spear-
phishing Attacks
Social Engineering Scams
WHAT Common Malware and
KINDS OF Ransomware
THREATS Business Email
Compromise
ARE THERE?
Fake websites that steal
data or infect devices
And much more
Phishin
g refers to the practice of creating fake emails or SMS that appear to
Phishing
come from someone you trust, such as: Bank, Credit Card Company,
Popular Websites
The email/SMS will ask you to “confirm your account details or your
vendor’s account details”, and then direct you to a website that looks just
like the real website, but whose sole purpose is for steal information.
Of course, if you enter your information, a cybercriminal could use it to
steal your identity and possible make fraudulent purchases with your
money.
Phishing
Statistics
Verizon DBIR 2020: Phishing is the biggest cyber threat for
SMBs, accounting for 30% of SMB breaches
KnowBe4: 37.9% of Untrained Users Fail Phishing Tests
84% of SMBs are targeted by Phishing attacks
A new Phishing site launches every 20 seconds
74% of all Phishing websites use HTTPS
94% of Malware is delivered via email
Example of
Phishing
Social Engineering
Dumpster diving
Social engineering
High-tech methods
Identity Theft
Loss of privacy
Personal information is stored electronically
Purchases are stored in a database
Data is sold to other companies
Public records on the Internet
Internet use is monitored and logged
None of these techniques are illegal
Denial of Service
Attack
Ransomware
Ransomware is a type of
malware that restricts your
access to systems and files,
typically by encryption and then
demands a ransom to restore
access.
Often, systems are infected by
ransomware through a link in a
malicious email. When the
user clicks the link, the
ransomware is downloaded to
the user’s computer,
smartphone or other device.
Ransomware may spread
through connected networks.
Ransomware
Top Ransomware
•Vulnerabilities:
RDP or Virtual Desktop endpoints without MFA
• Citrix ADC systems affected by CVE-2019-19781
• Pulse Secure VPN systems affected by CVE-2019-11510
• Microsoft SharePoint servers affected by CVE-2019-0604
• Microsoft Exchange servers affected by CVE-2020-0688
• Zoho ManageEngine systems affected by CVE-2020-10189
https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare
-
Ransomware Controls
Weapons-Grade Data Backups
Religious Patch Management
Plan to Fail Well (Incident Response Plan)
Know who to call!
Training and Testing Your People
Don’t Open that Email Link/Attachment
Business/Official Email Compromise
BEC is a big problem for you and your organization:
Your email is compromised.
Another employee of your organization is compromised
Almost always, these emails fall into 2 categories:
• Downloading and spreading additional malware
automatically
• Urging the customer to perform a financial
transaction immediately
Tips and Tricks to share with customers:
BEC made up half of cyber-crime losses in 2019; $75K
per scam
Standard phishing email awareness – don’t click links
or download attachments
Pay attention to the email address
Enable MFA for business email accounts
Business Email Compromise
Business Email Compromise
COVID-19 Cyber Threats
COVID-19 Cyber Threats
COVID-19 Cyber Threats
COVID-19 Cyber Threats
COVID-19 Cyber Threats
66.233.160.64
Hacking
Financial(theft,
fraud, blackmail)
Political/State
(state
level/military)
Fame/Kudos
(fun/status)
Hacktivism (cause)
PenTesters (legal
hacking)
Police
Insider
Business
Which hat you want to wear?
Ethical Hacking
System Hacking
System hacking is a vast subject that
consists of hacking the different software-
based technological systems such as laptops,
desktops, etc.
System hacking is defined as the
compromise of computer systems and
software to access the target computer
and steal or misuse their sensitive
information.
Here the malicious hacker exploits the
weaknesses in a computer system or
network to gain unauthorized access to its
data or take illegal advantage.
Hackers generally use viruses, malware,
Trojans, worms, phishing techniques, email
spamming, social engineering, exploit
operating system vulnerabilities, or port
vulnerabilities to access any victim's
system.
Cybercrime as a Service
Cybercrime as a Service
Web, Deep Web & Dark
Web
Global Cyber Security Trends – The next
wave
Recent studies reveal three major findings:
•Growing threat to national security - web espionage becomes
increasingly advanced, moving from curiosity to well-funded and well-
organized operations aimed at not only financial, but also political or
technical gain
•Increasing threat to online services – affecting individuals and
industry because of growth of sophistication of attack techniques
•Emergence of a sophisticated market for software flaws – that can
be used to carry out espionage and attacks on Govt. and Critical
information infrastructure. Findings indicate a blurred line between
legal and illegal sales of software vulnerabilities
Mischievous activities in cyber space have expanded from novice
geeks to organized criminal gangs that are going Hi-tech
Attacks today are
AUTOMATED!
It’s not some dude sitting at his hacker desk all day typing out
ping commands to IP addresses via the command prompt
manually…
What does a Cyber Security Professional look
like?
What does a Cyber Security Professional look
like?
In reality…
David Ulevitch, Founder OpenDNS Katie Moussouris, Microsoft Bug Bounty creator
Process
Governance, oversight, policy, reporting
Technology
Firewalls, IDS/ISP, SIEM, anti-malware
Strong passwords, Logging/monitoring
Security Tips
Commit to a disciplined practice of information
security and continue to refresh yourself so you
don’t become a point of vulnerability in our
security defenses.
Summary
• Cybersecurity will require a
significant workforce with deep
domain knowledge.
• Almost everything is hooked up
to the internet in some sort of
form.
• Recent events have widened
the eyes of many security
experts.
• The ability to gain access to
high security organizations,
infrastructures or mainframes
has frightened many people.
• Could one click of the mouse
start World War III?
u!
k yo
an
Th