Cybersecurity Attack Vectors: How to Protect Your Organization
•Download as PPTX, PDF•
3 likes•5,094 views
The document discusses various cybersecurity attack vectors and how organizations can protect themselves. It outlines common attack methods like ransomware, malicious code delivery, social engineering, and phishing. It then recommends that organizations conduct regular security audits, establish governance policies, create an incident response plan, and provide cybersecurity education to employees. The document promotes cybersecurity services from Future Point of View including vulnerability testing, forensics, and training to help organizations enhance their protections.
Report
Share
Cybersecurity Attack Vectors: How to Protect Your Organization
- 1. CYBERSECURITY ATTACK VECTORS How to Protect Your Organization
- 2. Ripped From the Headlines! CYBERSECURITY ATTACK VECTORS In 2015, more than 178 million Americans had their records exposed in cyber attacks *Cyber attacks cost the average American firm $15.4 million *http://money.cnn.com/2015/10/08/technology/cybercrime-cost-business/ **Damage from hacks cost businesses $400 billion per year **http://www.inc.com/will-yakowicz/cyberattacks-cost-companies-400-billion-each-year.html
- 3. CYBERSECURITY ATTACK VECTORS IT’S NOT IF YOU WILL BE ATTACKED BUT WHEN! There are important ways you can protect yourself and your organization First, it’s vital to understand the major methods cyber criminals use to accomplish attacks…..
- 4. CYBERSECURITY ATTACK VECTORS Major Attack Vectors Utilized by Cyber Criminals Ransomware Ransomware is becoming more sophisticated and more prevalent. These types of attacks restrict access to a computer until a ransom is paid. If the ransom is not paid, data is destroyed forcing organizations to either pay the ransom or lose critical data forever.
- 5. CYBERSECURITY ATTACK VECTORS Major Attack Vectors Utilized by Cyber Criminals Delivery of Malicious Code These attacks, often referred to as “watering hole” attacks are characterized by hackers injecting malicious code on to a public web page known to be frequented by those in a particular industry. This type of attack is intended to infect a computer and thus gain access to a targeted network.
- 6. CYBERSECURITY ATTACK VECTORS Major Attack Vectors Utilized by Cyber Criminals Social Engineering Individuals are able to prey on the trustworthiness or inexperience of staff by posing as company personnel, vendors, or powerful authorities to gain information or resources that they can use to bypass organizational security.
- 7. CYBERSECURITY ATTACK VECTORS Major Attack Vectors Utilized by Cyber Criminals Remote Access Through open ports or the exploitation of web code, hackers are able to use SQL injection to gain unauthorized access to a server.
- 8. CYBERSECURITY ATTACK VECTORS Criminals are aided by the conscious assistance of an organization’s employee(s) Major Attack Vectors Utilized by Cyber Criminals The Inside Job
- 9. CYBERSECURITY ATTACK VECTORS Phishing schemes involve attempts to steal your identity or information (such as usernames, passwords, and credit card details) for financial gain by using a fake email disguised as one sent from a trustworthy entity to entice you to click on a bad link or file. These often come dressed as from a financial institution (such as a bank). Major Attack Vectors Utilized by Cyber Criminals Phishing
- 10. CYBERSECURITY ATTACK VECTORS The FBI reported that between October of 2013 and August of 2015 $750 million was extracted from more than 7,000 companies using spoofing type scams. Criminals fake correspondance from the executives of victim companies, asking employees to initiate unauthorized international wire transfers on the company’s behalf. In spoofing, an e-mail header is manipulated to look like it came from somewhere different than the source. Major Attack Vectors Utilized by Cyber Criminals Spoofing
- 11. Access Through Intermediaries Retail chain Target suffered an extremely high profile breach in 2013, which led to 40 million credit and debit cards to be stolen during that holiday shopping season. The attack was implemented in part through the use of a malware that successfully garnered the electronic credentials of Target’s HVAC vendor. CYBERSECURITY ATTACK VECTORS Major Attack Vectors Utilized by Cyber Criminals
- 12. Brute Force Attack An attack that uses automation to systematically check all possible passwords or keys until the correct password is discovered. The success of these attacks are based on the strength of the password. This is why longer, more complex passwords are safer. CYBERSECURITY ATTACK VECTORS Major Attack Vectors Utilized by Cyber Criminals
- 13. What Can I Do? There are some important steps you as a leader can take to protect your organization today… CYBERSECURITY ATTACK VECTORS
- 14. Security Audits & Assessments These security assessments examine your internal and external security including your firewall ports, packet flow, access and authentication to your network, traffic control and much more. They are followed by a report and a remediation plan that you can use to fix any vulnerabilities. They should be performed at least once a year. It is also important to do thorough research on any company you will use to perform these. You will be allowing them access to your network, so it is critical that you have vetted their credentials. CYBERSECURITY ATTACK VECTORS What Can I Do?
- 15. Governance It is important to have procedures and processes surrounding your security including documented rules for passwords, role- based access control, rules for reporting potential security weaknesses, and the requirements for reporting potential security weaknesses and the requirements of applying security updates, patches, and fixes. CYBERSECURITY ATTACK VECTORS What Can I Do?
- 16. Incident Response Plan Organizations often have documented disaster recovery plans without having security incident response plans. This is unfortunate. Planning for various types of breaches, your organizational response based on the severity of the breach, specific roles during or following a breach, and running exercises that simulate a breach are all important ways you can prepare. When something does happen you want to ensure that the entire team is working together to mitigate risk. CYBERSECURITY ATTACK VECTORS What Can I Do?
- 17. Education Your team members can be your greatest asset or vulnerability when it comes to cybersecurity. Every member of your team should be taught how to spot and avoid cyber threats. Security education today must be a cornerstone of every organization’s technology strategy. CYBERSECURITY ATTACK VECTORS What Can I Do?
- 18. Let Us Help You Protect Your Organization FUTURE POINT OF VIEW A Cyber Weapon For Your Organization INTERNAL ASSESSMENTS: We will assess and report on areas such as Access Controls, Malware, Physical Security, Wireless and Mobile, Change Management, Patch/Update Management, Remote Access, Backups, and Disaster Recovery. EXTERNAL ASSESSMENTS: Penetration Testing, Network and Firewalls, System Change Management, Public Facing Access, and more. We offer the following services:
- 19. Let Us Help You Protect Your Organization FUTURE POINT OF VIEW A Cyber Weapon For Your Organization We offer the following services: VULNERABILITY TEST SUBSCRIPTION: These are periodic, random, unannounced, tests to your cyber perimeter to validate that no changes or oversights have occurred that leave your organization vulnerable to an attack or breach. CYBERSECURITY FORENSICS SERVICE: This is offered if you have already experienced a breach. We uncover and identify where, how, and via whom the breach occurred.
- 20. Let Us Help You Protect Your Organization FUTURE POINT OF VIEW A Cyber Weapon For Your Organization We offer the following services: EDUCATION: We offer private and public education to equip your team and leadership with the ability to identify and avoid the latest in cyber threats. These courses are designed to educate all members of your organization how to continually protect the organization’s digital assets. For More Information on our Cybersecurity Education Please Visit FPOV.com/edu