Cybersecurity Who Cares? 2014

  • Published on
    13-Jul-2015

  • View
    82

  • Download
    1

Embed Size (px)

Transcript

Cybersecurity Who Cares?Why cybersecurity matters and Careers in Cyber Security

Donald E. Hestertwitter.com/sobca | www.facebook.com/LearnSecwww.learnsecurity.org

Social Media

Blurring the linesInternet of Everything

Smart MetersToll road/bridgeTraffic managementParking MetersAutomobilesHome AutomationHealth MonitoringShoppingAppliancesCattle (tracking/monitoring)

By 2020 there will be more things on the internet than people, est. 50 billion things06-Jun-145Online Profile & RepYour "online profile" is the sum of online content about you that you've created and content about you created by others. Items include: emails, videos, posts on social networks, someone posting a picture or comments about you on a social network or website, credit, financial and medical information.Your "online reputation" is the image created of you through information you or others shared online in blogs, posts, pictures, tweets and videos.

Information on the Internet never diesInformation, once on the Internet can be there for years, even if the services claims it is goneDont post anything you wouldnt want seen by everyone

Online Privacy and ReputationDo you have control of what is posted?Not all fame is good!People use anonymity to post stuff about others!Embarrassment, loss of credibilityRev2/28/2011

Online PrivacyWould you invite a stranger into your house to look at your children's photo album?Public v. PrivateAggregate information sources could give someone more information than intended.Rev2/28/2011

Personal Ramifications

Employers are increasingly using social media for background checks.Insurance companies use social media to look for fraud.Spies use social media to look for informants.

http://www.ajc.com/news/barrow-teacher-fired-over-733625.html http://www.dailyfinance.com/story/media/facebook-spying-costs-canadian-woman-her-health-benefits/19250917/ http://smallbiztrends.com/2009/09/social-media-background-checks.html http://www.socialintelligencehr.com/

Spies Among Us: How to Stop the Spies, Terrorists, Hackers, and Criminals You Don't Even Know You Encounter Every Day

10Social Media & HRThe use of social media outside of personal lives has increased and continues to increaseConcern that potential employers will misconstrue what is seenUsed for monitoring current employeesUsed for screening job applicantsEmployees see it as a good way to get to know the applicant

Real life consequences

Bad guys use social media too

Bad guys can exploit your use of social media to infect your computer with malwareInformation about you onlineDo I have control of what is posted about me?Look yourself up!Even if you are not on the web, you may be on the web!Do what you can to control what is out there.What is you social relevancy (Reputation)?Setup alerts and monitor what is posted about you.

Watch what you put online

http://www.youtube.com/watch?v=Soq3jzttwiACan someone use what you post against you?

Social Media & Politics; A Game Changer

SituationWhy does someone want your personal information?In an information age information becomes a commodityInformation has a valueSome information has a greater valueYour personal information is potentially worth more than you think

Who keeps personal data on you?Social Media Sites User generatedCorporations Big data, Tracking, Sales, MarketingGovernment Local, State, Federal and otherOrganizations Non-profits, Clubs, VSOsSchools Grades, Clubs, School NewspaperMedia Newspapers, News, VideoData from unexpected sources

ID Theft vs. ID FraudIdentity fraud," consists mainly of someone making unauthorized charges to your credit card. Identity theft, is when someone gathers your personal information and assumes your identity as their own.

"Identify theft is one of the fastest growing crimes in the US."John Ashcroft79th US Attorney GeneralThe FTC, which is increasingly involved in helping consumers who are victims of identity theft, has a very broad definition of identity theft. The FTC's definition includes what many financial institutions consider to be "identity fraud," which consists mainly of someone making unauthorized charges to your credit card. Identity theft, as defined by many financial institutions, is a much more serious problem. Identity theft, they say, is when someone gathers your personal information and assumes your identity as their own.

21The Busboy That Started It AllMarch 20th 2001, MSNBC reported the first identity theft case to gain widespread public attentionThief assumed the identities of Oprah Winfrey and Martha Stewart, took out new credit cards in their names, and accessed their bank accountsStole more than $7 million from 200 of the worlds super rich - Warren Buffet and George Soros, tech tycoons Paul Allen and Larry EllisonUsed a library computer, public records, a cell phone, a fax machine, a PO Box, and a copy of Forbes Richest People32-year-old Abraham Abdallah was described as a high school dropout, a New York City busboy, a pudgy, disheveled, career petty criminal.

Credit Card/ATM Skimming

http://www.darkreading.com/database_security/security/attacks/showArticle.jhtml?articleID=22310023323Public Records

The federal government is the biggest offender.Paul StephensPrivacy Rights ClearinghouseWhat do they do with stolen IDs?

Information is sold on the Black MarketSometimes the information is traded for drugsUsed to fund terrorist operations

Meth users see mail theft and check washing as a low risk way to pay for their habit.The same chemicals used in Meth production are used in check washing.Meth users, dealers and fraudsters are partners in crime.

25P2P (Peer to Peer file sharing)Used to share computer filesLegal issues with copyrightMalware issuesPrivacy issues, do you know what you are sharing?

Phishing: Internet FraudOldest trick in the book, there are examples in the 1500sOne particular fraud is called the Nigerian 419 scam or Advanced Fee FraudStarted as a letter, then it showed up in faxes and now it is sent by email.Many variations on the story the message containsRev2/28/2011

http://www.secretservice.gov/fraud_email_advisory.shtml

27http://home.rica.net/alphae/419coal/Computer Spyware

Cell Phone Spyware

http://www.youtube.com/watch?v=uCyKcoDaofghttp://news.rutgers.edu/medrel/news-releases/2010/02/rutgers-researchers-20100222http://www.youtube.com/watch?v=UZgf32wVTd4

The Problem

Albert Gonzalez, 28With accomplices, he was involved in data breaches of most of the major data breaches: Heartland, Hannaford Bros., 7-Eleven, T.J. Maxx, Marshalls, BJs Wholesale Club, OfficeMax, Barnes & Noble, Sports Authority, Dave & Busters, Boston Market, Forever 21, DSW and others.32

Hacktivisim

political activism using computer networks: the activity of breaking into and sabotaging a computer system via the Internet as a political protest Bing Dictionary

34Cyber Spying

Forbes The Top Jobs For 2014 1. Software Developers 6. Web Developers 8. Database Administrators 12. Information Security Analysts

Forbes The Top Jobs For 2014, 1. Software Developers 6. Web Developers 8. Database Administrators 12. Information Security Analysts. Go Tech! http://www.forbes.com/sites/jacquelynsmith/2013/12/12/the-top-jobs-for-2014/

06-Jun-1436Careers in IT and Cyber SecurityApplication DevelopmentNetwork EngineerAnalystTeachingAuditor/AssessorSystems AdministrationProgram ManagementLaw enforcement

Forbes The Top Jobs For 2014, 1. Software Developers 6. Web Developers 8. Database Administrators 12. Information Security Analysts. http://www.forbes.com/sites/jacquelynsmith/2013/12/12/the-top-jobs-for-2014/06-Jun-1437Career FoundationsEducation (High School, Trade school, College, Degree) Experience (Internships, years)Certifications (Vendor specific, Vendor neutral)Who you know (always helps, LinkedIn)

The more you have in each area, the higher your application/resume will be in the pile.Linkstwitter.com/sobca | www.facebook.com/LearnSecwww.learnsecurity.orglinkedin.com/in/donaldehester

Slideshttp://www.slideshare.net/sobca/