Cyber Security—What you should know before it’s too late!

T Jay Humphries and Trevor O’Donnal

What is Cyber Security?

• Understanding the threats associated with using the Internet.

• The two greatest risks to the University and to individuals are from Email Phishing and poorly protected Web applications.

• Learning how to keep safe and protected.

Target Data Breach Cost for Banks Tops $200M

The theft of more than 100 million customer records

Organized Crime

To call Target’s data breach the tip of the iceberg doesn’t begin to capture the magnitude of the threat companies and individuals face today from cyber criminals. A more fitting metaphor is that we are in the midst of the largest, but largely unnoticed, world-wide epidemic, infecting computers and communications systems, and spreading at a dangerous pace.

After Target data theft, hackers’ next target is you

Stuart Madnick is the John Norris Maguire professor of information technology at the Sloan School of Management and professor of engineering systems at MIT School of Engineering.

Cyber Crime

• “Criminal gangs now find that transnational and cyber crime are far more rewarding and profitable than other, riskier forms of making money,” says Interpol

• “Experts have warned that the cost of cyber crime is larger than the combined costs of cocaine, marijuana and heroin trafficking. In Europe, the cost of cybercrime has apparently reached €750 billion euros ($964 billion) a year,” says Interpol

Too close to home!

University of Utah's $3.3M data breach

Computerworld - University of Utah officials this week acknowledged that a metal box of backup tapes containing billing records of some 2.2 million patients was stolen…

Identity theft

• Number of US 2011 victims: 279,000.• Number of US 2013 victims: 11,571,900.• Average financial loss per incident: $4,930• Total financial loss attributed to identity theft in 2013: $21 billion• 85% of theft incidents involved the fraudulent use of existing accounts, rather than the use of somebody's name to open a new account.

Source: U.S. Department of Justice, Javelin Strategy & Research

Credentials

Phishing threat

• “Spear phishing is a much more precise method. They’ll take your name, look you up on Facebook, and do research to find out where you live. They’ll used LinkedIn to see what your job is, who your friends are,” explains Jonathan Maurer, information security officer at Rochester Institute of Technology.

• “They’ll try to craft a communication that looks so legitimate that you’ll actually fall for it and you’ll click on a link or download an attachment, and before you know it, your computer is compromised.”

Resources

• Email, network use, disk space, Web pages, etc,.

• Higher education is particularly vulnerable because—in contrast to hacking targets like banks—college and university computer networks have historically been as open and inviting as their campuses, says Fred Cate, director of the Indiana University Center

We can protect our selves

• Stronger passwords – 15 char passphrases are the best.• Use many levels of passwords – Keep a password vault.

Msecure, Keepass2, etc,.• Multifactor authentication - sensitive parts of an

institution’s network should require “multifactor authentication.” A user might have to enter a password, answer a separate question, and verify fingerprints or pass a retinal scan. Users also could be required to have a “token,” such as a USB key or card with a magnetic strip, says Fred Cate, director of the Indiana University Center for Applied Cybersecurity Research.

Keeping Safe

• If in doubt, don’t click it. There is no free lunch!

• Keep antivirus and other applications up-to- date with the latest versions. Secunia PSI.

• Monitor your statements. Use monitoring services.

• Be informed! Cryptolocker.– Sans ISC StormCast.

Protect your Web applications OIT Security Services

• Server vulnerability assessments.• Penetration testing.• Security consulting.• OIT Security Services offers Web Application

Scanning. Security@byu.edu.

First actual case of bug being found