SlideShare une entreprise Scribd logo

Protecting Your Business From Cybercrime

David J Rosenthal
David J Rosenthal

Overview of the business of cybercrime How Cybercrime as a Service has changed cybercrime Some techniques to mitigate cybercrime

Technologie
1  sur  28
Télécharger pour lire hors ligne
1
Agenda • Overview of Cybercrime • Cybercrime as aService • Tipsto Protect your SmallBusiness 2
What is cybercrime? Cybercrime is criminal activity involving the internet, a computer system, or computer technology. 93 percent of all money is digital. That’s what is at risk here. –Bill Nelson Bill Nelson, Financial Services Information Sharing & Analysis Center 3
Financial impact of cybercrime • One large company breached per month • Many small to medium sized companies are breached per week Key ways that hackers earn money: 4
Cybercrime is big business. Cybercrime activity is at the highest, ever Insights about one group of three Blackhats recently indicted: • Stole information on 100 million people • Breached 12 companies, including • Earnings at over $100 million • Employed 270 employees in Ukraine and Hungary in just one of their illicit businesses http://www.reuters.com/article/us-hacking-indictment-idUSKCN0SZ1VM20151110 Cybercrime is more organized and motivated than at any time in history. The blackhat cybercriminal is a professional adversary. This industry has evolved with the evolution of the internet and opportunities associated with PC/computer/mobile devices. 5
Blackhat cybercrime is a form of malicious online behavior motivated by profit and a predictable ROI What is Blackhat cybercrime? • Understanding Blackhat criminal tools, techniques, motivations, cultures, and ecosystems are critical to defending against current attacks and deterring future ones • Treating Blackhat cybercrime as a purely technological problem makes mitigation difficult and costly 6
State Sponsored BlackhatsGrayhatsScript-kiddies The bad actors are not a monolithic group • Non-professional cybercriminals • Use crime kits to make spending money • Little to no business or technical expertise • Even though they are not professional, their impact can be significant • Treatcybercrimeasa business • Businessandtechnical expertise • Oftenworkinaclosed groupofother professional cybercriminals • Criminalreputationis everything • Theybelievetheyare offeringlegitimate services. However,their customerscanbeboth “legitimate”orcriminal • Ranasabusiness • Individualsorgroups whohackforasocial cause,without economicmotivation • Havebothtechnical peopleandfollowers • Nationalsecurityand/or economicmotivation • Technicalexpertise • Workinaclosedgroupof otherprofessionals • OftenuseBlackhat resourcesand/or techniquestomasktheir identity Some elite Blackhats, some elite hactivists, and most state sponsored actors use “APT” techniques Hactivists
The cybercrime problem is broad, and getting worse • More professional cybercrime services make it easier for would-be attackers to become cybercriminals • Many cybercriminals don’t need technical abilities when entering the world of cybercrime • In many regions, it is socially acceptable to steal from victims on the Internet • The line is blurring between state sponsored attackers and cybercriminals • Elite teams of attackers that have the same resources, skills, and patience as state actors 8
It has never been easier for new entrants into the market Chinese Gmail account creation tool, interfaces with SMS and CAPTCHA solving services Cybercrime as a Service (CaaS): Crimekits and services available Russian checker Private Keeper. It is a universal checking tool supporting 17 different web services (PSN, PayPal, Skype, Twitter, etc.) and many email providers. It has an IMAP/POP3 server editor that supports “almost any email service” and allows users to parse the content of messages and check email accounts validity Account CheckersTools to create abuse accounts
Cybercrime as a Service (CaaS): Market for freshly infected PCs to push malware to It has never been easier for new entrants into the market
Cybercrime as a Service (CaaS): Market for freshly infected mobile devices to push malware to It has never been easier for new entrants into the market
How kits are used • A botnet is a network of devices infected with malicious software that is centrally controlled • “Good” malware cannot be detected by users • It holds your PC or files for "ransom.” • Prevents you from using your PC • Victim has to pay to regain access • Campaigns can include spam, SMSishing, Vishing, etc. • The intent is to trick the user into giving up their password, account recovery information, or PII Botnet Phishing Ransomware
• Defenders must not rely on your users doing the right thing at the right time • Be proactive, prevent the attack, and prevent the attacker from predicting their ROI • This can include monitoring for their probes and enabling defensive measures to act between their probes and attack Considerations when combating cybercrime To be successful in Cyber defense, one needs to know what are effective and durable mitigations
Tips to keep your Business Safe 14
1. Strengthen your computer’s defenses ➢Keep the firewall on (work, home, public networks) ➢Install legitimate antimalware software (http:/aka.ms/wkactd ) ➢Keep software up to date (automatically) 1 statistics noted from Flexera software 1 15
➢ Train your users to use malware and phishing protection in their browsers. ➢ Keep Antivirus on and updated 2. Don’t be tricked into downloading malware 16
2. Don’t be tricked into downloading malware Think before you click Confirm that the message is legitimate Close pop-up messages carefully Ctrl F4 17
3. Protect company data and financial assets Encrypt confidential data Use rights management solutions to handle sensitive data Train your users to identify scams and fraud Use HoneyTrap accounts in your domain. Notify on successful and unsuccessful logins Use HoneyTrap documents. Notify on successful and unsuccessful access 18
Look for telltale signs Think before you click Keep sensitive information private Train employees to identify socially engineered attacks www.snopes.com 3. Protect company data and financial assets How to evade scams 19
4. Passwords. Keep them strong, private, and don’t reuse them 20
Guess which passwords are strong? WEAKSTRONG Password106/04/79Advan!age0us!$wanR!ceRedD00r510152025MsAw3yO!D SwanRiceRedDoorAdvantageous!My son Aiden was 3 years old in December 4. Passwords. Keep them strong, private, and don’t reuse them 21
Protect your accounts and passwords Make passwords strong (still needed) Keep them private (don’t share among users) Use unique passwords for different websites Limit use of employees using corporate e-mail accounts as their identifier on third- party website Defend against checkers Enable disabling accounts on too many invalid login attempts Don’t use insure interfaces (e.g. unprotected POP/IMAP/SMTP) Monitor for brute force and snowshoe checkers 4. Passwords. Keep them strong, private, and don’t reuse them 22
5. Guard data and devices when you’re on the go 23
Connect securely Confirm the connection Encrypt storage on mobile devices Save sensitive activities for trusted connections Flash drives: watch out for unknowns and disable auto run Enable features like Work Folders and cloud storage to manage work data on mobile devices HLTONHOTELS.NET 5. Guard data and devices when you’re on the go 24
What to do if there are problems Have a predefined process and checklist to identify company identities, data, services, and applications on the device Report abuse and other problems Immediately report phishing Immediately report missing devices or theft of company data Change all passwords Wipe mobile phones 5. Guard data and devices when you’re on the go 25
Use this interactive risk assessment tool to select all threats your company might face and estimate the cost of each. This worksheet will then calculate the total cost and provide countermeasures you can take to protect your company. Let’s assess your security risk STRONGhttp://aka.ms/knowyourrisk Time: 10 min 26
Questions? 27
Contact us for additional information & deployment offers David.Rosenthal@razor-tech.com

Recommandé

Cybercrime
CybercrimeCybercrime
CybercrimeMarite Rojas Ojeda
 
Cyber security
Cyber securityCyber security
Cyber securityPawanKalyanAmbati
 
Impact of cybercrime
Impact of cybercrimeImpact of cybercrime
Impact of cybercrimepronab Kurmi
 
Internet security
Internet securityInternet security
Internet securityMohamed El-malki
 
Cyber crime and fraud
Cyber crime and fraudCyber crime and fraud
Cyber crime and fraudFCA - Future Chartered Accountants
 
Cyber Crime Types & Tips
Cyber Crime Types & TipsCyber Crime Types & Tips
Cyber Crime Types & TipsDeepak Kumar (D3)
 
Cybe Crime & Its Type
Cybe Crime & Its TypeCybe Crime & Its Type
Cybe Crime & Its TypeDeepak Kumar (D3)
 
Cyber Crime Awareness Project
Cyber Crime Awareness ProjectCyber Crime Awareness Project
Cyber Crime Awareness Projecttsdikshit
 

Recommandé

Cybercrime
CybercrimeCybercrime
CybercrimeMarite Rojas Ojeda
 
Cyber security
Cyber securityCyber security
Cyber securityPawanKalyanAmbati
 
Impact of cybercrime
Impact of cybercrimeImpact of cybercrime
Impact of cybercrimepronab Kurmi
 
Internet security
Internet securityInternet security
Internet securityMohamed El-malki
 
Cyber crime and fraud
Cyber crime and fraudCyber crime and fraud
Cyber crime and fraudFCA - Future Chartered Accountants
 
Cyber Crime Types & Tips
Cyber Crime Types & TipsCyber Crime Types & Tips
Cyber Crime Types & TipsDeepak Kumar (D3)
 
Cybe Crime & Its Type
Cybe Crime & Its TypeCybe Crime & Its Type
Cybe Crime & Its TypeDeepak Kumar (D3)
 
Cyber Crime Awareness Project
Cyber Crime Awareness ProjectCyber Crime Awareness Project
Cyber Crime Awareness Projecttsdikshit
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeyazad dumasia
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securityBhavanaKudkyal1
 
Cyber security
Cyber security Cyber security
Cyber security REVA UNIVERSITY
 
Cyber Crimes
Cyber CrimesCyber Crimes
Cyber Crimeslittle robie
 
Cyber crime (2018 )updated
Cyber crime (2018 )updatedCyber crime (2018 )updated
Cyber crime (2018 )updatedPrabhatChoudhary11
 
Cybercrime and its effects on personal life who uses internet
Cybercrime and its effects on personal life who uses internet Cybercrime and its effects on personal life who uses internet
Cybercrime and its effects on personal life who uses internet vimal kumar arora
 
Cyber crime
Cyber crime Cyber crime
Cyber crime Jayant Raj
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsGoutama Bachtiar
 
Ethical hacking (legal)
Ethical hacking (legal)Ethical hacking (legal)
Ethical hacking (legal)Thangaraj Murugananthan
 
CYBER CRIME ppt
CYBER CRIME pptCYBER CRIME ppt
CYBER CRIME pptSuyash Sinha
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeRafel Ivgi
 
CYBER CRIME AWARENESS (Thematic Presentation)
CYBER CRIME AWARENESS (Thematic Presentation)CYBER CRIME AWARENESS (Thematic Presentation)
CYBER CRIME AWARENESS (Thematic Presentation)AFROZULLA KHAN Z
 
Cyber crime: A Quick Survey
Cyber crime: A Quick SurveyCyber crime: A Quick Survey
Cyber crime: A Quick SurveyArindam Sarkar
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber CrimeRamesh Upadhaya
 
Cyberlaw
CyberlawCyberlaw
Cyberlawambadesuhas
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime pptRitesh Thakur
 
Information cyber security
Information cyber securityInformation cyber security
Information cyber securitySumanPramanik7
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeSanket Gogoi
 
Cyber Crime - What is it ?
Cyber Crime - What is it ?Cyber Crime - What is it ?
Cyber Crime - What is it ?Mubaraka Halvadwala
 
Cybercrime: A Seminar Report
Cybercrime: A Seminar ReportCybercrime: A Seminar Report
Cybercrime: A Seminar ReportArindam Sarkar
 
Security as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologySecurity as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologyDavid J Rosenthal
 
Windows Server 2012
Windows Server 2012Windows Server 2012
Windows Server 2012Muhibullah Malyar
 

Contenu connexe

Tendances

Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securityBhavanaKudkyal1
 
Cybercrime and its effects on personal life who uses internet
Cybercrime and its effects on personal life who uses internet Cybercrime and its effects on personal life who uses internet
Cybercrime and its effects on personal life who uses internet vimal kumar arora
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsGoutama Bachtiar
 
CYBER CRIME AWARENESS (Thematic Presentation)
CYBER CRIME AWARENESS (Thematic Presentation)CYBER CRIME AWARENESS (Thematic Presentation)
CYBER CRIME AWARENESS (Thematic Presentation)AFROZULLA KHAN Z
 
Cyber crime: A Quick Survey
Cyber crime: A Quick SurveyCyber crime: A Quick Survey
Cyber crime: A Quick SurveyArindam Sarkar
 
Information cyber security
Information cyber securityInformation cyber security
Information cyber securitySumanPramanik7
 
Cybercrime: A Seminar Report
Cybercrime: A Seminar ReportCybercrime: A Seminar Report
Cybercrime: A Seminar ReportArindam Sarkar
 

Tendances (20)

Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
Cyber security
Cyber security Cyber security
Cyber security
 
Cyber Crimes
Cyber CrimesCyber Crimes
Cyber Crimes
 
Cyber crime (2018 )updated
Cyber crime (2018 )updatedCyber crime (2018 )updated
Cyber crime (2018 )updated
 
Cybercrime and its effects on personal life who uses internet
Cybercrime and its effects on personal life who uses internet Cybercrime and its effects on personal life who uses internet
Cybercrime and its effects on personal life who uses internet
 
Cyber crime
Cyber crime Cyber crime
Cyber crime
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and Solutions
 
Ethical hacking (legal)
Ethical hacking (legal)Ethical hacking (legal)
Ethical hacking (legal)
 
CYBER CRIME ppt
CYBER CRIME pptCYBER CRIME ppt
CYBER CRIME ppt
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
CYBER CRIME AWARENESS (Thematic Presentation)
CYBER CRIME AWARENESS (Thematic Presentation)CYBER CRIME AWARENESS (Thematic Presentation)
CYBER CRIME AWARENESS (Thematic Presentation)
 
Cyber crime: A Quick Survey
Cyber crime: A Quick SurveyCyber crime: A Quick Survey
Cyber crime: A Quick Survey
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Cyberlaw
CyberlawCyberlaw
Cyberlaw
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime ppt
 
Information cyber security
Information cyber securityInformation cyber security
Information cyber security
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cyber Crime - What is it ?
Cyber Crime - What is it ?Cyber Crime - What is it ?
Cyber Crime - What is it ?
 
Cybercrime: A Seminar Report
Cybercrime: A Seminar ReportCybercrime: A Seminar Report
Cybercrime: A Seminar Report
 

En vedette

Security as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologySecurity as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologyDavid J Rosenthal
 
What’s new in windows server 2012
What’s new in windows server 2012What’s new in windows server 2012
What’s new in windows server 2012Alex de Jong
 
70-410 Installing and Configuring Windows Server 2012
70-410 Installing and Configuring Windows Server 201270-410 Installing and Configuring Windows Server 2012
70-410 Installing and Configuring Windows Server 2012drakoumu
 
Data center maintenance
Data center maintenanceData center maintenance
Data center maintenanceanilinvns
 
Microsoft Windows Server 2012 R2 Overview - Presented by Atidan
Microsoft Windows Server 2012 R2 Overview - Presented by AtidanMicrosoft Windows Server 2012 R2 Overview - Presented by Atidan
Microsoft Windows Server 2012 R2 Overview - Presented by AtidanDavid J Rosenthal
 
MCSA Installing & Configuring Windows Server 2012 70-410
MCSA Installing & Configuring Windows Server 2012 70-410MCSA Installing & Configuring Windows Server 2012 70-410
MCSA Installing & Configuring Windows Server 2012 70-410omardabbas
 
Introducing Microsoft SQL Server 2017
Introducing Microsoft SQL Server 2017Introducing Microsoft SQL Server 2017
Introducing Microsoft SQL Server 2017David J Rosenthal
 
Active Directory Domain Services Installation & Configuration - Windows Ser...
Active Directory Domain Services Installation & Configuration - Windows Ser...Active Directory Domain Services Installation & Configuration - Windows Ser...
Active Directory Domain Services Installation & Configuration - Windows Ser...Adel Alghamdi
 
Protecting your Organisation from the Internet of Evil Things
Protecting your Organisation from the Internet of Evil ThingsProtecting your Organisation from the Internet of Evil Things
Protecting your Organisation from the Internet of Evil ThingsZeshan Sattar
 
Windows Server 2012
Windows Server 2012Windows Server 2012
Windows Server 2012anilinvns
 
Step by Step Installation of Microsoft SQL Server 2012
Step by Step Installation of Microsoft SQL Server 2012 Step by Step Installation of Microsoft SQL Server 2012
Step by Step Installation of Microsoft SQL Server 2012 Sameh AboulDahab
 
Automatisez, visualisez et améliorez vos processus d’entreprise avec Nintex
Automatisez, visualisez et améliorez vos processus d’entreprise avec Nintex Automatisez, visualisez et améliorez vos processus d’entreprise avec Nintex
Automatisez, visualisez et améliorez vos processus d’entreprise avec Nintex Microsoft Technet France
 

En vedette (15)

Security as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologySecurity as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor Technology
 
Windows Server 2012
Windows Server 2012Windows Server 2012
Windows Server 2012
 
What’s new in windows server 2012
What’s new in windows server 2012What’s new in windows server 2012
What’s new in windows server 2012
 
70-410 Installing and Configuring Windows Server 2012
70-410 Installing and Configuring Windows Server 201270-410 Installing and Configuring Windows Server 2012
70-410 Installing and Configuring Windows Server 2012
 
Data center maintenance
Data center maintenanceData center maintenance
Data center maintenance
 
Windows 10
Windows 10Windows 10
Windows 10
 
Windows Server 2012 R2
Windows Server 2012 R2Windows Server 2012 R2
Windows Server 2012 R2
 
Microsoft Windows Server 2012 R2 Overview - Presented by Atidan
Microsoft Windows Server 2012 R2 Overview - Presented by AtidanMicrosoft Windows Server 2012 R2 Overview - Presented by Atidan
Microsoft Windows Server 2012 R2 Overview - Presented by Atidan
 
MCSA Installing & Configuring Windows Server 2012 70-410
MCSA Installing & Configuring Windows Server 2012 70-410MCSA Installing & Configuring Windows Server 2012 70-410
MCSA Installing & Configuring Windows Server 2012 70-410
 
Introducing Microsoft SQL Server 2017
Introducing Microsoft SQL Server 2017Introducing Microsoft SQL Server 2017
Introducing Microsoft SQL Server 2017
 
Active Directory Domain Services Installation & Configuration - Windows Ser...
Active Directory Domain Services Installation & Configuration - Windows Ser...Active Directory Domain Services Installation & Configuration - Windows Ser...
Active Directory Domain Services Installation & Configuration - Windows Ser...
 
Protecting your Organisation from the Internet of Evil Things
Protecting your Organisation from the Internet of Evil ThingsProtecting your Organisation from the Internet of Evil Things
Protecting your Organisation from the Internet of Evil Things
 
Windows Server 2012
Windows Server 2012Windows Server 2012
Windows Server 2012
 
Step by Step Installation of Microsoft SQL Server 2012
Step by Step Installation of Microsoft SQL Server 2012 Step by Step Installation of Microsoft SQL Server 2012
Step by Step Installation of Microsoft SQL Server 2012
 
Automatisez, visualisez et améliorez vos processus d’entreprise avec Nintex
Automatisez, visualisez et améliorez vos processus d’entreprise avec Nintex Automatisez, visualisez et améliorez vos processus d’entreprise avec Nintex
Automatisez, visualisez et améliorez vos processus d’entreprise avec Nintex
 

Similaire à Protecting Your Business From Cybercrime

Protecting Your Business from Cybercrime - Cybersecurity 101
Protecting Your Business from Cybercrime - Cybersecurity 101Protecting Your Business from Cybercrime - Cybersecurity 101
Protecting Your Business from Cybercrime - Cybersecurity 101David J Rosenthal
 
First Union Bank Report
First Union Bank ReportFirst Union Bank Report
First Union Bank ReportYogesh Kumar
 
3 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 20173 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 2017Bret Piatt
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
 
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfitsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfMansoorAhmed57263
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...AwodiranOlumide
 
csa2014 IBC
csa2014 IBCcsa2014 IBC
csa2014 IBCapyn
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber securityKaushal Solanki
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxprtabal_25
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessImran Khan
 

Similaire à Protecting Your Business From Cybercrime (20)

Protecting Your Business from Cybercrime - Cybersecurity 101
Protecting Your Business from Cybercrime - Cybersecurity 101Protecting Your Business from Cybercrime - Cybersecurity 101
Protecting Your Business from Cybercrime - Cybersecurity 101
 
First Union Bank Report
First Union Bank ReportFirst Union Bank Report
First Union Bank Report
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
3 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 20173 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 2017
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
 
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfitsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
 
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
 
csa2014 IBC
csa2014 IBCcsa2014 IBC
csa2014 IBC
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
 
Types of Cyber Crimes and Security Threats
Types of Cyber Crimes and Security ThreatsTypes of Cyber Crimes and Security Threats
Types of Cyber Crimes and Security Threats
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
 
Hacking
Hacking Hacking
Hacking
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
 
Digital Security and Hygiene.pptx
Digital Security and Hygiene.pptxDigital Security and Hygiene.pptx
Digital Security and Hygiene.pptx
 
DWP Cybersecurity 101 for Nonprofits
DWP Cybersecurity 101 for NonprofitsDWP Cybersecurity 101 for Nonprofits
DWP Cybersecurity 101 for Nonprofits
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awareness
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
 

Plus de David J Rosenthal

Microsoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made SimpleMicrosoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made SimpleDavid J Rosenthal
 
Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021David J Rosenthal
 
Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021David J Rosenthal
 
Viva Connections from Microsoft
Viva Connections from MicrosoftViva Connections from Microsoft
Viva Connections from MicrosoftDavid J Rosenthal
 
Protect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainProtect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainDavid J Rosenthal
 
A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365David J Rosenthal
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftDavid J Rosenthal
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewDavid J Rosenthal
 
Windows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid WorldWindows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid WorldDavid J Rosenthal
 
Windows 11 for the Enterprise
Windows 11 for the EnterpriseWindows 11 for the Enterprise
Windows 11 for the EnterpriseDavid J Rosenthal
 
Microsoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital AssistantMicrosoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital AssistantDavid J Rosenthal
 
What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021David J Rosenthal
 
Modernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureModernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureDavid J Rosenthal
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active DirectoryDavid J Rosenthal
 

Plus de David J Rosenthal (20)

Microsoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made SimpleMicrosoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made Simple
 
Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021
 
Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021
 
Viva Connections from Microsoft
Viva Connections from MicrosoftViva Connections from Microsoft
Viva Connections from Microsoft
 
Protect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainProtect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chain
 
Microsoft Viva Introduction
Microsoft Viva IntroductionMicrosoft Viva Introduction
Microsoft Viva Introduction
 
Microsoft Viva Learning
Microsoft Viva LearningMicrosoft Viva Learning
Microsoft Viva Learning
 
Microsoft Viva Topics
Microsoft Viva TopicsMicrosoft Viva Topics
Microsoft Viva Topics
 
A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from Microsoft
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 Overview
 
Windows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid WorldWindows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid World
 
Windows 11 for the Enterprise
Windows 11 for the EnterpriseWindows 11 for the Enterprise
Windows 11 for the Enterprise
 
Microsoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital AssistantMicrosoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital Assistant
 
What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021
 
Modernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureModernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft Azure
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active Directory
 
Nintex Worflow Overview
Nintex Worflow OverviewNintex Worflow Overview
Nintex Worflow Overview
 
Microsoft Power BI Overview
Microsoft Power BI OverviewMicrosoft Power BI Overview
Microsoft Power BI Overview
 

Dernier

Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 

Dernier (20)

Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 

Protecting Your Business From Cybercrime

  • 1. 1
  • 2. Agenda • Overview of Cybercrime • Cybercrime as aService • Tipsto Protect your SmallBusiness 2
  • 3. What is cybercrime? Cybercrime is criminal activity involving the internet, a computer system, or computer technology. 93 percent of all money is digital. That’s what is at risk here. –Bill Nelson Bill Nelson, Financial Services Information Sharing & Analysis Center 3
  • 4. Financial impact of cybercrime • One large company breached per month • Many small to medium sized companies are breached per week Key ways that hackers earn money: 4
  • 5. Cybercrime is big business. Cybercrime activity is at the highest, ever Insights about one group of three Blackhats recently indicted: • Stole information on 100 million people • Breached 12 companies, including • Earnings at over $100 million • Employed 270 employees in Ukraine and Hungary in just one of their illicit businesses http://www.reuters.com/article/us-hacking-indictment-idUSKCN0SZ1VM20151110 Cybercrime is more organized and motivated than at any time in history. The blackhat cybercriminal is a professional adversary. This industry has evolved with the evolution of the internet and opportunities associated with PC/computer/mobile devices. 5
  • 6. Blackhat cybercrime is a form of malicious online behavior motivated by profit and a predictable ROI What is Blackhat cybercrime? • Understanding Blackhat criminal tools, techniques, motivations, cultures, and ecosystems are critical to defending against current attacks and deterring future ones • Treating Blackhat cybercrime as a purely technological problem makes mitigation difficult and costly 6
  • 7. State Sponsored BlackhatsGrayhatsScript-kiddies The bad actors are not a monolithic group • Non-professional cybercriminals • Use crime kits to make spending money • Little to no business or technical expertise • Even though they are not professional, their impact can be significant • Treatcybercrimeasa business • Businessandtechnical expertise • Oftenworkinaclosed groupofother professional cybercriminals • Criminalreputationis everything • Theybelievetheyare offeringlegitimate services. However,their customerscanbeboth “legitimate”orcriminal • Ranasabusiness • Individualsorgroups whohackforasocial cause,without economicmotivation • Havebothtechnical peopleandfollowers • Nationalsecurityand/or economicmotivation • Technicalexpertise • Workinaclosedgroupof otherprofessionals • OftenuseBlackhat resourcesand/or techniquestomasktheir identity Some elite Blackhats, some elite hactivists, and most state sponsored actors use “APT” techniques Hactivists
  • 8. The cybercrime problem is broad, and getting worse • More professional cybercrime services make it easier for would-be attackers to become cybercriminals • Many cybercriminals don’t need technical abilities when entering the world of cybercrime • In many regions, it is socially acceptable to steal from victims on the Internet • The line is blurring between state sponsored attackers and cybercriminals • Elite teams of attackers that have the same resources, skills, and patience as state actors 8
  • 9. It has never been easier for new entrants into the market Chinese Gmail account creation tool, interfaces with SMS and CAPTCHA solving services Cybercrime as a Service (CaaS): Crimekits and services available Russian checker Private Keeper. It is a universal checking tool supporting 17 different web services (PSN, PayPal, Skype, Twitter, etc.) and many email providers. It has an IMAP/POP3 server editor that supports “almost any email service” and allows users to parse the content of messages and check email accounts validity Account CheckersTools to create abuse accounts
  • 10. Cybercrime as a Service (CaaS): Market for freshly infected PCs to push malware to It has never been easier for new entrants into the market
  • 11. Cybercrime as a Service (CaaS): Market for freshly infected mobile devices to push malware to It has never been easier for new entrants into the market
  • 12. How kits are used • A botnet is a network of devices infected with malicious software that is centrally controlled • “Good” malware cannot be detected by users • It holds your PC or files for "ransom.” • Prevents you from using your PC • Victim has to pay to regain access • Campaigns can include spam, SMSishing, Vishing, etc. • The intent is to trick the user into giving up their password, account recovery information, or PII Botnet Phishing Ransomware
  • 13. • Defenders must not rely on your users doing the right thing at the right time • Be proactive, prevent the attack, and prevent the attacker from predicting their ROI • This can include monitoring for their probes and enabling defensive measures to act between their probes and attack Considerations when combating cybercrime To be successful in Cyber defense, one needs to know what are effective and durable mitigations
  • 14. Tips to keep your Business Safe 14
  • 15. 1. Strengthen your computer’s defenses ➢Keep the firewall on (work, home, public networks) ➢Install legitimate antimalware software (http:/aka.ms/wkactd ) ➢Keep software up to date (automatically) 1 statistics noted from Flexera software 1 15
  • 16. ➢ Train your users to use malware and phishing protection in their browsers. ➢ Keep Antivirus on and updated 2. Don’t be tricked into downloading malware 16
  • 17. 2. Don’t be tricked into downloading malware Think before you click Confirm that the message is legitimate Close pop-up messages carefully Ctrl F4 17
  • 18. 3. Protect company data and financial assets Encrypt confidential data Use rights management solutions to handle sensitive data Train your users to identify scams and fraud Use HoneyTrap accounts in your domain. Notify on successful and unsuccessful logins Use HoneyTrap documents. Notify on successful and unsuccessful access 18
  • 19. Look for telltale signs Think before you click Keep sensitive information private Train employees to identify socially engineered attacks www.snopes.com 3. Protect company data and financial assets How to evade scams 19
  • 20. 4. Passwords. Keep them strong, private, and don’t reuse them 20
  • 21. Guess which passwords are strong? WEAKSTRONG Password106/04/79Advan!age0us!$wanR!ceRedD00r510152025MsAw3yO!D SwanRiceRedDoorAdvantageous!My son Aiden was 3 years old in December 4. Passwords. Keep them strong, private, and don’t reuse them 21
  • 22. Protect your accounts and passwords Make passwords strong (still needed) Keep them private (don’t share among users) Use unique passwords for different websites Limit use of employees using corporate e-mail accounts as their identifier on third- party website Defend against checkers Enable disabling accounts on too many invalid login attempts Don’t use insure interfaces (e.g. unprotected POP/IMAP/SMTP) Monitor for brute force and snowshoe checkers 4. Passwords. Keep them strong, private, and don’t reuse them 22
  • 23. 5. Guard data and devices when you’re on the go 23
  • 24. Connect securely Confirm the connection Encrypt storage on mobile devices Save sensitive activities for trusted connections Flash drives: watch out for unknowns and disable auto run Enable features like Work Folders and cloud storage to manage work data on mobile devices HLTONHOTELS.NET 5. Guard data and devices when you’re on the go 24
  • 25. What to do if there are problems Have a predefined process and checklist to identify company identities, data, services, and applications on the device Report abuse and other problems Immediately report phishing Immediately report missing devices or theft of company data Change all passwords Wipe mobile phones 5. Guard data and devices when you’re on the go 25
  • 26. Use this interactive risk assessment tool to select all threats your company might face and estimate the cost of each. This worksheet will then calculate the total cost and provide countermeasures you can take to protect your company. Let’s assess your security risk STRONGhttp://aka.ms/knowyourrisk Time: 10 min 26
  • 28. Contact us for additional information & deployment offers David.Rosenthal@razor-tech.com