This webinar will explore and explain the basics of Cybercrimes and how they take place in your company. Further, the session will also present how criminals penetrate in your system and what you can do to prevent it.
Main points covered:
• How cybercriminals make money
• 9 areas needed for true cover
• A layered security approach
Presenter:
Our presenter for this webinar, Nick Ioannou is an IT professional, blogger, author and public speaker on cloud and security issues, with over 20 years’ corporate experience, including 14 years using cloud/hosted software as a service (SaaS) systems. As an early adopter of cloud systems, he has been paying for the privilege of bug testing them ever since, going through the pain points and making sure others don’t have to. He is also the author of “Internet Security Fundamentals” and contributing author of “Managing Cybersecurity Risk”.
Link of the recorded session published on YouTube: https://www.youtube.com/watch?v=3E0eyDlhLro&feature=youtu.be
4. No Legacy Apps
Cloud First (where practical)
No Front Facing Services
Email In The Cloud
Database In The Cloud
Licencing In The Cloud
My IT strategy – know what you are defending
13. Protecting internet access with layered security
USERS COMPUTER
INTERNET
Web Proxy / HTTP-HTTPS Filter
DNS Filtering
REMOTE USER
Layer 7 UTM Firewall
14. USERS COMPUTER
Sophos Intercept X
Endpoint Security
Ancillary Anti-Ransomware
Least Privilege &
Application Control
Malware Prevention
Protecting user’s computers with layered security
21. attachments that include your full name in the filename
only your name in the To field
your name at the top of the email (e.g. FAO / Dear …)
a mix of genuine links as well as fake ones
unique and plausible reference numbers
an email footer from a real business
unsubscribe links
valid customer support numbers and email address
a hook that is relevant to you – something that needs
urgent action to convince you to open the attachment or
click the link
information about a recent personal event, e.g. holiday
location
information about a recent business event
the words urgent, private, confidential
Quarterly staff security awareness training
28. National Vulnerability Database – May 2017
179 known vulnerabilities in last 3 months
927 73 20 49 1
2446 known vulnerabilities in last 3 years
232699 383 631 485 16
AUTOMATED EXPLOIT KITS
ARE SOLD AS A WEB
SERVICE BY CRIMINALS TO
OTHER CRIMINALS
40%
infection rate if clicked
We are still at risk due to software vulnerabilities
29. $30 a month to check malware with 35 antivirus engines
Free to use – reports findings
Pay to use – findings not reported
32. Know what a file is really called
Tick Show/hide – File name extensions
John.SmithCV.pdf
Invoice-22102016.docx
Photos.zip
John.SmithCV.pdf.js
Invoice-22102016.docx.lnk
Photos.zip.exe
Don’t forget the basics
33. Monthly security reviews
Have a realistic per person budget
Invest in staff awareness training
Layer up solutions to make your budget go further
Looks for gaps in your security
Encourage a no blame culture
Review the market for better products
Don’t stay still
34. ISO 27032 Training Courses
ISO/IEC 27032 Introduction
1 Day Course
ISO/IEC 27032 Foundation
2 Days Course
ISO/IEC 27032 Lead Implementer
5 Days Course
ISO/IEC 27032 Lead Auditor
5 Days Course
Exam and certification fees are included in the training price.
https://www.pecb.com/iso-iec-27032-training-courses| www.pecb.com/events