Patricia Watson, MBA

Digital Forensics Program Manager

ISCPA CPE Course | 11.15.13

Cyber

Security

Threats:

Are You

@ Risk?

What we will cover…

# Today’s cyber security landscape

# SMBs = False sense of security

# Your role in mitigating cyber

threats at work

# Appendix: Takeaways – Securing your

cyber space

Today’s Cyber Security landscape

Advances in technology are

continuously reshaping methods of

storing, accessing, sharing and

transferring data…

Manual Digital Virtual

Today’s Cyber Security landscape

Some examples of cyber crime:

# Distributing malware

# Phishing

# Stealing PII

# Illegally downloading files

# Espionage

# Hacktivism

# Cyber-warfare!

Today’s Cyber Security landscape

Cyber crime vectors include:

# Unsuspecting Users

# Social engineering

# 0 day exploits

# Unpatched systems

# Default/weak credentials

# Mobile applications

# USB devices

Today’s Cyber Security landscape

The Risks:

# Financial loss

# Loss of intellectual property

# Loss of customer confidence

# Identity theft

# Utilization of resources

# Being a hacker’s puppet!

Today’s Cyber Security landscape

In the news*…

# Adobe breach impacted at least 38

million users

# New variant of trojan targeting SAP

users

# Google “outraged” at alleged NSA

hacking

# Hackers exploit latest

Windows zero-day vulnerability

* See notes section for credit to article/news…

SMBs – False sense of Security

Despite overwhelming validation that

cyber threats continue rising, small

and medium-sized businesses (SMBs)

insist in perpetuating the fallacy:

We are not a hacker target!

SMBs – False sense of Security

A few statistics*:

# 96% of businesses are unprepared for

a cyber attack

# 50% of targeted attacks were aimed

at SMBs

# 37% of breaches affected financial

sector

# Mobile malware increased 58% in 2012

* See notes section for credit to report references…

A few more…

# Almost two-thirds of data breaches

are caused by human errors

# Weak or stolen credentials account

for 76% of network intrusions

# The United States accounts for

almost 50% of the world’s data

security breaches

* See notes section for credit to report references…

SMBs – False sense of Security

Cyber Security @ work

How can YOU mitigate the risks of

cyber threats @ work:

Use strong passwords (don’t recycle)

Use encryption

Foster social media etiquette

Lock your PC & mobile devices

Avoid “free” WIFI

Be vigilant - training & awareness

In summary…

# Don’t underestimate cyber

adversaries

# Cyber security is everyone’s

responsibility

# Cyber security is a

continuous process

# Training and awareness is

just one piece of the puzzle…

Appendix: Takeaways

# Securing your home network

# Social Media Etiquette

# Do you know what your kids are

browsing

# For your viewing enjoyment

Cyber Security @ home

Use a firewall – software/hardware.

Password protect your WIFI, never use the default

credentials

Check the default security settings on all your

devices (computers, printers, tablets, etc.)

Automate security patches

Automate signature updates for anti-virus software.

Plug & Scan: all USB devices, email attachments and

downloadable files should be checked for viruses

Be diligent – Don’t open attachments or click on

links from unknown sources!

Social Media Etiquette

# Depending on the purpose of your social media account, you

don’t need to provide all your personal information – tailor

the account to your needs (including privacy settings).

# Remove all metadata from pictures and documents before

sending or uploading.

# Be mindful that in cyberspace, it is almost impossible to

distinguish between a “friend” & a “foe”. Don’t feel

obligated to “Like”, “Friend” or “Follow” profiles of people

you don’t actually know.

# There’s an App for that! Yes, most social media providers

have an App for mobile phones and tablets. Be sure to

manage the privacy, notifications and location services

settings to avoid oversharing.

# Stop.Think.Post – Remember, once you hit the upload, share,

tweet or send button, you have no control regarding the

destiny of that “post“!

Do you know what your kids

are browsing?

# Create separate user accounts (user name &

password) if you share devices that connect to the

internet with other members of your household and

apply the principle of least privilege to each

account (separate from administrator account).

# Manage internet access on all devices (game

consoles, tablets, smart phones, printers, etc.)

# If your kids use social media, be sure to “friend”

&/or “follow” them.

# Take off your technology blinders and stay current

with the latest cyber trends & threats…awareness

is key!

For your viewing enjoyment…

# Short Film – The Dawn of the Net: http://www.youtube.com/watch?v=RhvKm0RdUY0&feature=youtu.be

# Video – 10 top time-saving tech tips by David

Pogue: https://www.youtube.com/watch?v=QoT0-2vu9m4&feature=youtu.be

# Video – History of computer viruses: http://www.youtube.com/watch?v=1g1yZVWrbtE#!

# TedTalk – Mikko Hypponen: How the NSA betrayed the

world’s trust – time to act http://www.ted.com/talks/mikko_hypponen_how_the_nsa_betrayed_the_world_s

_trust_time_to_act.html?awesm=on.ted.com_NSAbetray&utm_content=awesm-

publisher&utm_campaign=&utm_source=t.co&utm_medium=on.ted.com-static