Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
© 2016 Million Dollar Round Table Million Dollar Round Table 325 West Touhy Ave. Park Ridge, IL 60068 USA
2016 MDRT Annual Meeting e‐Handout Material Title: The Hacker’s Blacklist: Cyber Security for Financial
Professionals Speaker: John Sileo Presentation Date: Wednesday, June 15, 2016 Presentation Time: 10:00 ‐ 11:00 a.m. The Million Dollar Round Table® (MDRT) does not guarantee the accuracy of tax and legal matters and is not liable for errors and omissions. You are urged to check with tax and legal professionals in your state, province or country. MDRT also suggests you consult local insurance and security regulations and your company’s compliance department pertaining to the use of any new sales materials with your clients. The information contained in this handout is unedited; errors, omissions and misspellings may exist. Content may be altered during the delivery of this presentation.
John Sileo CEO, The Sileo Group
Sileo.com
THE CYBER BLACKLISTTop Threats & Countermeasures for Data Security
sileo.com
Who are you?
john_sileo
Over 37,610,000 anonymous members!
HACKED
BUT
Humans are the Bankers.
Data is Currency…
THE CYBER BLACKLIST king Account Takeover Black Hat Hackers Browser-jacking Card Skimmers Cookie Tracking Credit Fraudsters Cyber Extortion Cyber P
sts Cyber War Dumpster Divers Elder Fraud Our Own Worst Enemy EvilPreneurs Facebook Trawlers Geo-Stalkers Get Rich Quick Scams
niffers Identity Thieves IoT Spies IRS Scams Malware Mobile-jackers Nigerian Scammers Password Crackers Pharmers Phishers Ra fers Social Engineers Spam Spoofing The Mole Travel Espionage War Drivers Wearable Trackers Wi-Fi Sniffers Work from Home Sca
e Snatchers Cloud-jackers Competitive Espionage Eavesdropping App-jacking Account Takeover Black Hat Hackers Browser-jacking Car racking Credit Fraudsters Cyber Extortion Cyber Pickpockets Cyber Terrorists Cyber War Dumpster Divers Elder Fraud Our Own Wor
Facebook Trawlers Geo-Stalkers Get Rich Quick Scams Hacktivists Hotspot Sniffers Identity Thieves IoT Spies IRS Scams Malware M mers Password Crackers Pharmers Phishers Ransomware Shoulder Surfers Social Engineers Spam Spoofing The Mole Travel Esp
Top Threats & Countermeasures for Data Security.
king Account Takeover Black Hat Hackers Browser-jacking Card Skimmers Cookie Tracking Credit Fraudsters Cyber Extortion Cyber P sts Cyber War Dumpster Divers Elder Fraud Our Own Worst Enemy EvilPreneurs Facebook Trawlers Geo-Stalkers Get Rich Quick Scams
niffers Identity Thieves IoT Spies IRS Scams Malware Mobile-jackers Nigerian Scammers Password Crackers Pharmers Phishers Ra fers Social Engineers Spam Spoofing The Mole Travel Espionage War Drivers Wearable Trackers Wi-Fi Sniffers Work from Home Sca
e Snatchers Cloud-jackers Competitive Espionage Eavesdropping App-jacking Account Takeover Black Hat Hackers Browser-jacking Car racking Credit Fraudsters Cyber Extortion Cyber Pickpockets Cyber Terrorists Cyber War Dumpster Divers Elder Fraud Our Own Wor
Facebook Trawlers Geo-Stalkers Get Rich Quick Scams Hacktivists Hotspot Sniffers Identity Thieves IoT Spies IRS Scams Malware M mers Password Crackers Pharmers Phishers Ransomware Shoulder Surfers Social Engineers Spam Spoofing The Mole Travel Esp
Cyber blackmail
The use of illegally obtained data to influence organizations, manipulate people, extract a ransom or otherwise change behavior.
90%Successful Attack Rate
Breach Analysis
Leadership LessonsSecurity must have a Seat of Power in the Boardroom (CISO)
Don’t fail to Leverage Early Mistakes to avoid a sequel
Failure of Culture: CEO emails/phishing/filenames = FIRED
Don’t taunt Unstable Dictators with Unflattering Movies
If 3rd-Party Access, take pro-hacktive and contractual control
Is your reflex to Judge the Breached or learn from them?
“While technical upgrades are important, minimizing human error is even more crucial.”
$12.7 M
Social Engineering
The art (& science) of human manipulation.
@john_sileo
HOGWASH!
John Sileo
Authority
Humor
FEARUrgency
Greed
Reciprocity
HOGWASH! VERIFY.
phishingUse of social engineering to entice you to click a link that installs malware or steals data. 91%
Dell Human Element of Security Study
MICRO Spear-
HYPER-TARGETED!
Anthem Medical Hack: System Admin Phishing
$47M UBIQUITY
Business Email Compromise Imitating someone in a position of !power to gain access, info or money.
1. Facebooks CEO’s travel schedule 2. Phishes CEO’s email credentials 3. LinksIn with CEO’s assistant 4. Imitates CEO in email to assistant 5. Engineers her w/ “China Crisis” 6. Receives $47M wire transfer 7. Retires
CEO-WHALING
Mobile hijackers
Things that are “mobile” have a tendency to “leave”, making control a moving target. 35%
Ponemon Cost of Breach 2013
John Sileo
Knowing ! Doing.
John Sileo
hotspot sniffers
“Free” Wi-Fi Hotspots are commonly “tapped” or “spoofed” by hackers.
John Sileo
Make Secure Choices the Default.
sileo.com
Nudge Your Culture
123456 12345678 1234 qwerty 12345 dragon baseball football letmein monkey abc123 mustang michael shad 111 2000 jordan superman harley 1234567 hunter trustno1 ranger buster thomas tigger robert soccer b
killer hockey george charlie andrew michelle love sunshine jessica pepper daniel access 123456789 654321 starwars silver william dallas yankees 123123 ashley 666666 hello amanda orange biteme freedom comput
nicole ginger heather hammer summer corvette taylor austin 1111 merlin matthew 121212 golfer cheese helsea patrick richard diamond yellow bigdog secret asdfgh sparky cowboy camaro anthony matrix falco guitar jackson purple scooter phoenix aaaaaa morgan tigers porsche mickey maverick cookie nascar peanu
ey samantha panties steelers joseph snoopy boomer whatever iceman smokey gateway dakota cowboys eag zxcvbn please andrea ferrari knight melissa compaq coffee booboo bitch johnny bulldog welcome james
wizard scooby charles junior internet mike brandy tennis banana monster spider lakers miller rabbit brandon steven fender john yamaha diablo chris boston tiger marine chicago rangers gandalf winter
raiders badboy spanky bigdaddy johnson chester london midnight blue fishing 000000 hannah slayer 1111111 thx1138 asdf marlboro panther zxcvbnm arsenal oliver qazwsx mother victoria 7777777 jasper angel david golden butthead viking jack iwantu shannon murphy angels prince cameron girls madison wilson carlos
startrek captain maddog jasmine butter booger angela golf lauren rocket tiffany theman dennis liverpoo green jackie muffin turtle sophie danielle redskins toyota jason sierra winston debbie giants packers
sper bubba 112233 sandra lovers mountain united cooper driver tucker helpme pookie lucky maxwell 8 gators 5150 222222 jaguar monica fred happy hotdog tits gemini lover xxxxxxxx 777777 canada nathan
888888 nicholas rosebud metallic doctor trouble success stupid tomcat warrior peaches apples fish qwer phins rainbow gunner 987654 freddy alexis braves 2112 1212 cocacola xavier dolphin testing bond007 mem
7777 samson alex apollo fire tester walter beavis voyager peter bonnie rush2112 beer apple scorpio ney scott red123 power gordon travis beaver star flyers 232323 zzzzzz steve rebecca scorpion do
ee blazer bill runner birdie 555555 parker topgun asdfasdf heaven viper animal 2222 bigboy 4444 a
Password Crackersof corporate data breach involves this well-known & often-ignored threat.76%
Dell Human Side of IT Security
Th3 hi11$ @r3 @1iv3
Cryptolocker ransomwareMalware (via phishing) that holds data hostage until you pay the ransom.
Social (Media) engineers
#1 source for social engineering reconnaissance.
A highly-public glossary of private information.
A platform that rewards oversharing with dopamine.
ECHOSEC.NET
Countermeasures Prioritize, adapt and implement sileo.comsileo.com
1. An untrained, unengaged, Socially Engineered employee.
4. Inadequate Data Encryption at rest and in transit.
2. A Phishing Attack that installs malware or steals logins.
3. Bad Password Habits and lack of Two-Step Logins.
5. Mobile Devices w/o passcodes, tracking & App vetting.
6. Unpatched Systems with improper security configurations.
7. Superfluous Data Collection, retention and improper disposal.
hacking the humanssileo.comsileo.com
1. Tap into who they are to gain ownership (Fireflies).
4. Shift to memorable, sticky training (The Hills are Alive).
2. Start by making security a selfish reflex (Hogwash).
3. Understand that feeling is believing (Purse).
5. Build a secure culture by nudging “best” habits (2-Factor).
6. Raise the bar on social (media) trust (Troop Locations).
7. Leverage resilience as the greatest source of security…
A leader’s guide to:
Resilience is Security
___ Opt out of junk mail (Sileo.com/1)
___ Freeze your credit (Sileo.com/2)
___ Enable financial account alerts
___ Convenience-based shredding
___ Lockable filing & offsite storage
___ Social engineering detection
___ Turn on smartphone passcode
___ Enable remote tracking & wiping
___ Replace wi-fi hotspots w/ tethering
___ H!11$ @r3 a1!v3 quality passwords
___ Enable 2-step logins/authentication
___ 60 minutes in social media settings
___ Automated OS patches
___ Application updating
___ Ubiquitous anti-virus
___ BitLocker encryption
___ FileVault encryption
___ 3rd-party spam filter
___ Default deny firewall
___ Personal VPN
___ Dedicated browser
___ WPA2+ Wi-Fi security
___ Password Software
Enterprise Level___ User-Level Access
___ External penetration test
___ Enterprise VPN software
___ Mobile Device Mngmnt
___ Acceptable use policies
___ Data Loss Prevention
___ Application white-listing
___ MAC Specific Wi-Fi
___ SSID Masked Wi-Fi
___ Cyber liability insurance
© Copyright 2015. The Sileo Group and John Sileo. All rights reserved.
Sileo’s PrioritizAbleCOUNTERMEASURES
PRIORITIZE | ADAPT | ACTCYBER RISK AUDIT
303.777.3221 Sileo.com