SlideShare a Scribd company logo

07 2020 網絡安全趨勢和安全小貼士

E
eLearning Consortium 電子學習聯盟

香港電腦保安事故協調中心 (HKCERT) 高級顧問 顏樹榮先生

Education
1 of 29
Download to read offline
2020網絡安全趨勢和安全 小貼士 Billy Ngun Senior Consultant HKCERT
Hong Kong Computer Emergency Response Team Coordination Centre (香港電腦保安事故協調中心) Mission As the Centre for coordination of computer security incident response for local enterprises and Internet Users, and the International Point-of-Contact • Funded by Government • Operated by Hong Kong Productivity Council
Services • Incident Response • Monitoring and Early Warning • Awareness Promotion and Advices • Cross Border Coordination 24-hr Hotline: 8105-6060 Free security alerts subscription (hkcert@hkcert.org)
WWW: hkcert.org Email: hkcert@hkcert.org Hotline: 8105 6060 Facebook page: https://www.facebook.com/hkcert Contact HKCERT
The top 10 most common passwords were: 123456 123456789 qwerty password 111111 12345678 abc123 1234567 password1 12345 5
Jan_pw$! Feb_pw$! Mar_pw$! Apr_pw$! #$Ax!48 6
Secure Passwords 8 Strong Password Don’t use “same” password
NIST 800-63 Password Guidelines 2019 8 character minimum when a human sets it 6 character minimum when set by a system/service Support at least 64 characters maximum length All ASCII characters (including space) should be supported Truncation of the secret (password) shall not be performed when processed Check chosen password with known password dictionaries Allow at least 10 password attempts before lockout No complexity requirements No password expiration period No password hints No knowledge-based authentication No SMS for 2FA Source: https://pages.nist.gov/800-63-3/sp800-63b.html#sec5 9
Passphrase and password manager “My favourite sport is tabletennis!” is extremely easy to remember but very difficult for computers to crack due to its length Consider using a password manager. All you need to remember is one single passphrase. 10
Cyber Security Incidents
Number of records affected: 540 million Year: 2019
Number of records affected: 885 million Year: 2019
Number of records affected: 106 million Year: 2019
Major causes of data breaches System Misconfiguration For example, cloud infrastructure Business logic vulnerability Web application vulnerabilities Old, unpatched security vulnerabilities Human error Malware 16
Cyber Security Trend 17
3,455 4,764 4,505 7,304 7,282 0 2,000 4,000 6,000 8,000 2015 Q1-32016 Q1-32017 Q1-32018 Q1-32019 Q1-3 Botnet Phishing Malware HKCERT Incident Reports Q1-Q3 +42% +22% Source 來源: HKCERT
Highlight of top incident reports in 2019 Q1-3 • Botnet 3,690 (+42%) • Top 3 botnets: Avalanche (1,651), Necurs (640), Ramnit (501) • Top 2 IoT botnets: Mirai (401), VPNFilter (132) [+46%] • Impacts: financial loss, loss of control of device • Phishing 1,853 (+22%) • Top 3 targeted brands: China Construction Bank, Apple, Amazon • Impacts: financial loss, data breach Source 來源: HKCERT
Hong Kong Police Technology Crimes Statistics # of Cases Financial Loss (HK$ million) 2018 H1 2019 H1 2018 H1 2019 H1 Internet Deception 2,794 2,610 1,057.5 1,306.2 Email Scam * 404 401 759.6 1,127.5 (+48.4%) Social media deception 1,003 930 155.4 142.4 Online Biz Fraud 1,107 1,154 20.4 14.8 E-banking fraud 0 0 0 0 Misc. fraud 280 125 122.1 21.5 Internet blackmail 184 177 0.9 0.6 Misuse of Computer 126 40 92.2 0.6 Others 395 261 2.1 1.3 TOTAL 3,499 3,088 (-11.7%) 1,152.7 1,308.7 (+13.5%) * Email scam (malware + social engineering) -- attacker sending spoof emails on behalf of a senior staff (CEO or similar) or a trusted customer with an aim to trigger a payment or release of confidential data.
Protection against Phishing Attacks User: Think before click; Verify by phone Provide 2FA to customer accounts Corporate Brand Protection Adopt Email Defense Technology and DMARC User Training (never trust always verify) Phishing Drill Exercises 21
Cybersecurity in the IoT devices •IoT security vulnerabilities • Use of hardcoded credentials • Use of default credentials • Exposure of sensitive user information Unprotected cloud storage Device Theft scenarios Security defects in Command & Control • Firmware comes with known vulnerabilities Unpatched device A device that no longer receives security updates 22
Protection against Ransomware Isolate infected computer immediately Do NOT pay ransom nor contact attacker Perform regular backups on important data and keep an offline copy Ensure that OS, software and anti-virus signatures are kept updated regularly Do NOT open suspicious email attachments and website links 23
AI & Machine Learning for Cyber Attack DeepFake Deep Learning + Fake Used to create mimic political figures and celebrities https://www.youtube.com/watch?v=5iZuffHPDAw
AI & Machine Learning for Cyber Attack https://www.youtube.com/watch?v=5iZuffHPDAw
Fraudster used AI to Deepfake the boss’ voice - manage to trick to transfer $243K • Victim believed he was talking to his German boss. • the voice carried the German boss’ subtle accent and his pace. Reference: • https://thenextweb.com/security/2019/09/02/fraudsters-deepfake-ceos-voice-to-trick-manager-into-transferring-243000/
Security Issues arising from the End of Support (EOS) of Technologies Microsoft Win 7, Win Server 2008/2008R2 reach EOS in Jan 2020. No more security updates. 27
Key takeaway Information Security is Everybody’s Business Prepare for upgrade/ migration of EOS systems IoT devices have their share of security vulnerabilities Prevention is always better than cure Protection via People, Process and Technology Report incident and Know where to get Assistance 28
Hong Kong Productivity Council 香港生產力促進局 HKPC Building,78 Tat Chee Avenue,Kowloon,HongKong 香港九龍達之路78號生產力大樓 +852 2788 5678 www.hkpc.org

Recommended

Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the CloudGGV Capital
 
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Raffael Marty
 
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?Alejandro Correa Bahnsen, PhD
 
IoT based on cyber security in defense industry and critical infrastructures
IoT based on cyber security in defense industry and critical infrastructuresIoT based on cyber security in defense industry and critical infrastructures
IoT based on cyber security in defense industry and critical infrastructuresUITSEC Teknoloji A.Ş.
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Knowledge Group
 
Don't Rely on Software Alone. Protect Endpoints with Hardware-Enhanced Security.
Don't Rely on Software Alone. Protect Endpoints with Hardware-Enhanced Security.Don't Rely on Software Alone. Protect Endpoints with Hardware-Enhanced Security.
Don't Rely on Software Alone. Protect Endpoints with Hardware-Enhanced Security.Intel IT Center
 
Cybercriminalité, statut, risques et prévention
Cybercriminalité, statut, risques et préventionCybercriminalité, statut, risques et prévention
Cybercriminalité, statut, risques et préventionForums financiers de Wallonie
 
Security/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceSecurity/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceAdvanced Technology Consulting (ATC)
 

Recommended

Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the CloudGGV Capital
 
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Raffael Marty
 
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?Alejandro Correa Bahnsen, PhD
 
IoT based on cyber security in defense industry and critical infrastructures
IoT based on cyber security in defense industry and critical infrastructuresIoT based on cyber security in defense industry and critical infrastructures
IoT based on cyber security in defense industry and critical infrastructuresUITSEC Teknoloji A.Ş.
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Knowledge Group
 
Don't Rely on Software Alone. Protect Endpoints with Hardware-Enhanced Security.
Don't Rely on Software Alone. Protect Endpoints with Hardware-Enhanced Security.Don't Rely on Software Alone. Protect Endpoints with Hardware-Enhanced Security.
Don't Rely on Software Alone. Protect Endpoints with Hardware-Enhanced Security.Intel IT Center
 
Cybercriminalité, statut, risques et prévention
Cybercriminalité, statut, risques et préventionCybercriminalité, statut, risques et prévention
Cybercriminalité, statut, risques et préventionForums financiers de Wallonie
 
Security/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceSecurity/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceAdvanced Technology Consulting (ATC)
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsinLabFIB
 
SC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsSC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsForeScout Technologies
 
Security from sensor to sunset. “How to approach the security in the IoT ecos...
Security from sensor to sunset. “How to approach the security in the IoT ecos...Security from sensor to sunset. “How to approach the security in the IoT ecos...
Security from sensor to sunset. “How to approach the security in the IoT ecos...Data Driven Innovation
 
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...IJCSIS Research Publications
 
AI for CyberSecurity
AI for CyberSecurityAI for CyberSecurity
AI for CyberSecuritySatnam Singh
 
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...Netpluz Asia Pte Ltd
 
Ciberseguridad: Enemigos o defraudadores (MAGISTRAL)
Ciberseguridad: Enemigos o defraudadores (MAGISTRAL)Ciberseguridad: Enemigos o defraudadores (MAGISTRAL)
Ciberseguridad: Enemigos o defraudadores (MAGISTRAL)Cristian Garcia G.
 
NDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeawaysNDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeawaysBryson Bort
 
Vulnerability Intelligence - Standing Still in a world full of change
Vulnerability Intelligence - Standing Still in a world full of changeVulnerability Intelligence - Standing Still in a world full of change
Vulnerability Intelligence - Standing Still in a world full of changeEoin Keary
 
Cyber security 22-07-29=013
Cyber security 22-07-29=013Cyber security 22-07-29=013
Cyber security 22-07-29=013Dr. Amitabha Yadav
 
Computer hacking and security - Social Responsibility of IT Professional by M...
Computer hacking and security - Social Responsibility of IT Professional by M...Computer hacking and security - Social Responsibility of IT Professional by M...
Computer hacking and security - Social Responsibility of IT Professional by M...Mark John Lado, MIT
 
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Knowledge Group
 
Cybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftCybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftIntellias
 
Login cat tekmonks - v4
Login cat tekmonks - v4Login cat tekmonks - v4
Login cat tekmonks - v4Rohit Kapoor
 
Cybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never SleepCybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never SleepIBM Security
 
Computerworld Conference (2002)
Computerworld Conference (2002)Computerworld Conference (2002)
Computerworld Conference (2002)Skeeve Stevens
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKINGkarthickB24
 
Study on Zeus Banking Malware
Study on Zeus Banking MalwareStudy on Zeus Banking Malware
Study on Zeus Banking MalwareShaik Anisa
 
Cyber-Security Threats: Why We are Losing the Battle (and Probably Don't Even...
Cyber-Security Threats: Why We are Losing the Battle (and Probably Don't Even...Cyber-Security Threats: Why We are Losing the Battle (and Probably Don't Even...
Cyber-Security Threats: Why We are Losing the Battle (and Probably Don't Even...Plus Consulting
 
Crush Common Cybersecurity Threats with Privilege Access Management
Crush Common Cybersecurity Threats with Privilege Access ManagementCrush Common Cybersecurity Threats with Privilege Access Management
Crush Common Cybersecurity Threats with Privilege Access ManagementBeyondTrust
 
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)HITCON GIRLS
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity SlidesJim Kaplan CIA CFE
 

More Related Content

What's hot

Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsinLabFIB
 
SC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsSC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsForeScout Technologies
 
Security from sensor to sunset. “How to approach the security in the IoT ecos...
Security from sensor to sunset. “How to approach the security in the IoT ecos...Security from sensor to sunset. “How to approach the security in the IoT ecos...
Security from sensor to sunset. “How to approach the security in the IoT ecos...Data Driven Innovation
 
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...IJCSIS Research Publications
 
AI for CyberSecurity
AI for CyberSecurityAI for CyberSecurity
AI for CyberSecuritySatnam Singh
 
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...Netpluz Asia Pte Ltd
 
Ciberseguridad: Enemigos o defraudadores (MAGISTRAL)
Ciberseguridad: Enemigos o defraudadores (MAGISTRAL)Ciberseguridad: Enemigos o defraudadores (MAGISTRAL)
Ciberseguridad: Enemigos o defraudadores (MAGISTRAL)Cristian Garcia G.
 
NDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeawaysNDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeawaysBryson Bort
 
Vulnerability Intelligence - Standing Still in a world full of change
Vulnerability Intelligence - Standing Still in a world full of changeVulnerability Intelligence - Standing Still in a world full of change
Vulnerability Intelligence - Standing Still in a world full of changeEoin Keary
 
Computer hacking and security - Social Responsibility of IT Professional by M...
Computer hacking and security - Social Responsibility of IT Professional by M...Computer hacking and security - Social Responsibility of IT Professional by M...
Computer hacking and security - Social Responsibility of IT Professional by M...Mark John Lado, MIT
 
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Knowledge Group
 
Cybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftCybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftIntellias
 
Login cat tekmonks - v4
Login cat tekmonks - v4Login cat tekmonks - v4
Login cat tekmonks - v4Rohit Kapoor
 
Cybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never SleepCybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never SleepIBM Security
 
Computerworld Conference (2002)
Computerworld Conference (2002)Computerworld Conference (2002)
Computerworld Conference (2002)Skeeve Stevens
 
Study on Zeus Banking Malware
Study on Zeus Banking MalwareStudy on Zeus Banking Malware
Study on Zeus Banking MalwareShaik Anisa
 
Cyber-Security Threats: Why We are Losing the Battle (and Probably Don't Even...
Cyber-Security Threats: Why We are Losing the Battle (and Probably Don't Even...Cyber-Security Threats: Why We are Losing the Battle (and Probably Don't Even...
Cyber-Security Threats: Why We are Losing the Battle (and Probably Don't Even...Plus Consulting
 

What's hot (19)

Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutions
 
SC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsSC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey Results
 
Security from sensor to sunset. “How to approach the security in the IoT ecos...
Security from sensor to sunset. “How to approach the security in the IoT ecos...Security from sensor to sunset. “How to approach the security in the IoT ecos...
Security from sensor to sunset. “How to approach the security in the IoT ecos...
 
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
 
AI for CyberSecurity
AI for CyberSecurityAI for CyberSecurity
AI for CyberSecurity
 
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
 
Ciberseguridad: Enemigos o defraudadores (MAGISTRAL)
Ciberseguridad: Enemigos o defraudadores (MAGISTRAL)Ciberseguridad: Enemigos o defraudadores (MAGISTRAL)
Ciberseguridad: Enemigos o defraudadores (MAGISTRAL)
 
NDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeawaysNDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeaways
 
Vulnerability Intelligence - Standing Still in a world full of change
Vulnerability Intelligence - Standing Still in a world full of changeVulnerability Intelligence - Standing Still in a world full of change
Vulnerability Intelligence - Standing Still in a world full of change
 
Cyber security 22-07-29=013
Cyber security 22-07-29=013Cyber security 22-07-29=013
Cyber security 22-07-29=013
 
Computer hacking and security - Social Responsibility of IT Professional by M...
Computer hacking and security - Social Responsibility of IT Professional by M...Computer hacking and security - Social Responsibility of IT Professional by M...
Computer hacking and security - Social Responsibility of IT Professional by M...
 
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
 
Cybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftCybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
 
Login cat tekmonks - v4
Login cat tekmonks - v4Login cat tekmonks - v4
Login cat tekmonks - v4
 
Cybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never SleepCybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never Sleep
 
Computerworld Conference (2002)
Computerworld Conference (2002)Computerworld Conference (2002)
Computerworld Conference (2002)
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKING
 
Study on Zeus Banking Malware
Study on Zeus Banking MalwareStudy on Zeus Banking Malware
Study on Zeus Banking Malware
 
Cyber-Security Threats: Why We are Losing the Battle (and Probably Don't Even...
Cyber-Security Threats: Why We are Losing the Battle (and Probably Don't Even...Cyber-Security Threats: Why We are Losing the Battle (and Probably Don't Even...
Cyber-Security Threats: Why We are Losing the Battle (and Probably Don't Even...
 

Similar to 07 2020 網絡安全趨勢和安全小貼士

Crush Common Cybersecurity Threats with Privilege Access Management
Crush Common Cybersecurity Threats with Privilege Access ManagementCrush Common Cybersecurity Threats with Privilege Access Management
Crush Common Cybersecurity Threats with Privilege Access ManagementBeyondTrust
 
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)HITCON GIRLS
 
Ciberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IACiberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IACristian Garcia G.
 
Keeping your business safe online cosy club
Keeping your business safe online cosy clubKeeping your business safe online cosy club
Keeping your business safe online cosy clubGet up to Speed
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxprtabal_25
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessImran Khan
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trendsSsendiSamuel
 
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloudEmerging application and data protection for multi cloud
Emerging application and data protection for multi cloudUlf Mattsson
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
Y20151003 IoT 資訊安全_趨勢科技分享
Y20151003 IoT 資訊安全_趨勢科技分享Y20151003 IoT 資訊安全_趨勢科技分享
Y20151003 IoT 資訊安全_趨勢科技分享m12016changTIIMP
 
CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin OCTF Industry Engagement
 
Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Cyril Soeri
 
The application security controller
The application security controllerThe application security controller
The application security controllerChris Swan
 
2016, A New Era of OS and Cloud Security - Tudor Damian
2016, A New Era of OS and Cloud Security - Tudor Damian2016, A New Era of OS and Cloud Security - Tudor Damian
2016, A New Era of OS and Cloud Security - Tudor DamianITCamp
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed Great Bay Software
 
Practical risk management for the multi cloud
Practical risk management for the multi cloudPractical risk management for the multi cloud
Practical risk management for the multi cloudUlf Mattsson
 
Navigating Today’s Threat Landscape: Discussing Hype vs. Reality
Navigating Today’s Threat Landscape: Discussing Hype vs. RealityNavigating Today’s Threat Landscape: Discussing Hype vs. Reality
Navigating Today’s Threat Landscape: Discussing Hype vs. RealityEnterprise Management Associates
 

Similar to 07 2020 網絡安全趨勢和安全小貼士 (20)

Crush Common Cybersecurity Threats with Privilege Access Management
Crush Common Cybersecurity Threats with Privilege Access ManagementCrush Common Cybersecurity Threats with Privilege Access Management
Crush Common Cybersecurity Threats with Privilege Access Management
 
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity Slides
 
Ciberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IACiberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IA
 
Keeping your business safe online cosy club
Keeping your business safe online cosy clubKeeping your business safe online cosy club
Keeping your business safe online cosy club
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awareness
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trends
 
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloudEmerging application and data protection for multi cloud
Emerging application and data protection for multi cloud
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools Tactics
 
Cyber security
Cyber securityCyber security
Cyber security
 
Y20151003 IoT 資訊安全_趨勢科技分享
Y20151003 IoT 資訊安全_趨勢科技分享Y20151003 IoT 資訊安全_趨勢科技分享
Y20151003 IoT 資訊安全_趨勢科技分享
 
CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin
 
Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.
 
The application security controller
The application security controllerThe application security controller
The application security controller
 
2016, A New Era of OS and Cloud Security - Tudor Damian
2016, A New Era of OS and Cloud Security - Tudor Damian2016, A New Era of OS and Cloud Security - Tudor Damian
2016, A New Era of OS and Cloud Security - Tudor Damian
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed
 
Practical risk management for the multi cloud
Practical risk management for the multi cloudPractical risk management for the multi cloud
Practical risk management for the multi cloud
 
Navigating Today’s Threat Landscape: Discussing Hype vs. Reality
Navigating Today’s Threat Landscape: Discussing Hype vs. RealityNavigating Today’s Threat Landscape: Discussing Hype vs. Reality
Navigating Today’s Threat Landscape: Discussing Hype vs. Reality
 
06 網絡安全挑戰與防衛
06 網絡安全挑戰與防衛06 網絡安全挑戰與防衛
06 網絡安全挑戰與防衛
 

More from eLearning Consortium 電子學習聯盟

AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位eLearning Consortium 電子學習聯盟
 
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?eLearning Consortium 電子學習聯盟
 
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
08 Transform Endpoint Security with the World’s Most Secure PCs and PrinterseLearning Consortium 電子學習聯盟
 

More from eLearning Consortium 電子學習聯盟 (20)

AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
 
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
 
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
 
1. How Data Analytics Transforming Digital Marketing - Saron Leung
1. How Data Analytics Transforming Digital Marketing - Saron Leung1. How Data Analytics Transforming Digital Marketing - Saron Leung
1. How Data Analytics Transforming Digital Marketing - Saron Leung
 
HKTVMall: Leading Technology Evolution for eCommerce Industry
HKTVMall: Leading Technology Evolution for eCommerce IndustryHKTVMall: Leading Technology Evolution for eCommerce Industry
HKTVMall: Leading Technology Evolution for eCommerce Industry
 
How Blockchain affecting us - Dr Sin.pdf
How Blockchain affecting us - Dr Sin.pdfHow Blockchain affecting us - Dr Sin.pdf
How Blockchain affecting us - Dr Sin.pdf
 
5-Hot-Chain Bento.pdf
5-Hot-Chain Bento.pdf5-Hot-Chain Bento.pdf
5-Hot-Chain Bento.pdf
 
4-Herbal ID.pdf
4-Herbal ID.pdf4-Herbal ID.pdf
4-Herbal ID.pdf
 
3-VisualSonic.pdf
3-VisualSonic.pdf3-VisualSonic.pdf
3-VisualSonic.pdf
 
2-kNOw Touch.pdf
2-kNOw Touch.pdf2-kNOw Touch.pdf
2-kNOw Touch.pdf
 
1-C-POLAR Air Filter.pdf
1-C-POLAR Air Filter.pdf1-C-POLAR Air Filter.pdf
1-C-POLAR Air Filter.pdf
 
3 - Interaction between Cyber Security and School IT Policy .pdf
3 - Interaction between Cyber Security and School IT Policy .pdf3 - Interaction between Cyber Security and School IT Policy .pdf
3 - Interaction between Cyber Security and School IT Policy .pdf
 
2 - ELC學校網絡安全與防護.pdf
2 - ELC學校網絡安全與防護.pdf2 - ELC學校網絡安全與防護.pdf
2 - ELC學校網絡安全與防護.pdf
 
1 - HKT Reporting.pdf
1 - HKT Reporting.pdf1 - HKT Reporting.pdf
1 - HKT Reporting.pdf
 
02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。
02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。
02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。
 
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
 
04 提升網絡安全 - 為電子學習打造先決條件
04 提升網絡安全 - 為電子學習打造先決條件04 提升網絡安全 - 為電子學習打造先決條件
04 提升網絡安全 - 為電子學習打造先決條件
 
03 學校網絡安全與防衛
03 學校網絡安全與防衛03 學校網絡安全與防衛
03 學校網絡安全與防衛
 
Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)
 
Security Incident Handling for Schools
Security Incident Handling for Schools Security Incident Handling for Schools
Security Incident Handling for Schools
 

Recently uploaded

DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxSherlyMaeNeri
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptxmary850239
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxnelietumpap1
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfphamnguyenenglishnb
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 

Recently uploaded (20)

DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptx
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptx
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 

07 2020 網絡安全趨勢和安全小貼士

  • 2. Hong Kong Computer Emergency Response Team Coordination Centre (香港電腦保安事故協調中心) Mission As the Centre for coordination of computer security incident response for local enterprises and Internet Users, and the International Point-of-Contact • Funded by Government • Operated by Hong Kong Productivity Council
  • 3. Services • Incident Response • Monitoring and Early Warning • Awareness Promotion and Advices • Cross Border Coordination 24-hr Hotline: 8105-6060 Free security alerts subscription (hkcert@hkcert.org)
  • 4. WWW: hkcert.org Email: hkcert@hkcert.org Hotline: 8105 6060 Facebook page: https://www.facebook.com/hkcert Contact HKCERT
  • 5. The top 10 most common passwords were: 123456 123456789 qwerty password 111111 12345678 abc123 1234567 password1 12345 5
  • 7.
  • 9. NIST 800-63 Password Guidelines 2019 8 character minimum when a human sets it 6 character minimum when set by a system/service Support at least 64 characters maximum length All ASCII characters (including space) should be supported Truncation of the secret (password) shall not be performed when processed Check chosen password with known password dictionaries Allow at least 10 password attempts before lockout No complexity requirements No password expiration period No password hints No knowledge-based authentication No SMS for 2FA Source: https://pages.nist.gov/800-63-3/sp800-63b.html#sec5 9
  • 10. Passphrase and password manager “My favourite sport is tabletennis!” is extremely easy to remember but very difficult for computers to crack due to its length Consider using a password manager. All you need to remember is one single passphrase. 10
  • 12.
  • 13. Number of records affected: 540 million Year: 2019
  • 14. Number of records affected: 885 million Year: 2019
  • 15. Number of records affected: 106 million Year: 2019
  • 16. Major causes of data breaches System Misconfiguration For example, cloud infrastructure Business logic vulnerability Web application vulnerabilities Old, unpatched security vulnerabilities Human error Malware 16
  • 18. 3,455 4,764 4,505 7,304 7,282 0 2,000 4,000 6,000 8,000 2015 Q1-32016 Q1-32017 Q1-32018 Q1-32019 Q1-3 Botnet Phishing Malware HKCERT Incident Reports Q1-Q3 +42% +22% Source 來源: HKCERT
  • 19. Highlight of top incident reports in 2019 Q1-3 • Botnet 3,690 (+42%) • Top 3 botnets: Avalanche (1,651), Necurs (640), Ramnit (501) • Top 2 IoT botnets: Mirai (401), VPNFilter (132) [+46%] • Impacts: financial loss, loss of control of device • Phishing 1,853 (+22%) • Top 3 targeted brands: China Construction Bank, Apple, Amazon • Impacts: financial loss, data breach Source 來源: HKCERT
  • 20. Hong Kong Police Technology Crimes Statistics # of Cases Financial Loss (HK$ million) 2018 H1 2019 H1 2018 H1 2019 H1 Internet Deception 2,794 2,610 1,057.5 1,306.2 Email Scam * 404 401 759.6 1,127.5 (+48.4%) Social media deception 1,003 930 155.4 142.4 Online Biz Fraud 1,107 1,154 20.4 14.8 E-banking fraud 0 0 0 0 Misc. fraud 280 125 122.1 21.5 Internet blackmail 184 177 0.9 0.6 Misuse of Computer 126 40 92.2 0.6 Others 395 261 2.1 1.3 TOTAL 3,499 3,088 (-11.7%) 1,152.7 1,308.7 (+13.5%) * Email scam (malware + social engineering) -- attacker sending spoof emails on behalf of a senior staff (CEO or similar) or a trusted customer with an aim to trigger a payment or release of confidential data.
  • 21. Protection against Phishing Attacks User: Think before click; Verify by phone Provide 2FA to customer accounts Corporate Brand Protection Adopt Email Defense Technology and DMARC User Training (never trust always verify) Phishing Drill Exercises 21
  • 22. Cybersecurity in the IoT devices •IoT security vulnerabilities • Use of hardcoded credentials • Use of default credentials • Exposure of sensitive user information Unprotected cloud storage Device Theft scenarios Security defects in Command & Control • Firmware comes with known vulnerabilities Unpatched device A device that no longer receives security updates 22
  • 23. Protection against Ransomware Isolate infected computer immediately Do NOT pay ransom nor contact attacker Perform regular backups on important data and keep an offline copy Ensure that OS, software and anti-virus signatures are kept updated regularly Do NOT open suspicious email attachments and website links 23
  • 24. AI & Machine Learning for Cyber Attack DeepFake Deep Learning + Fake Used to create mimic political figures and celebrities https://www.youtube.com/watch?v=5iZuffHPDAw
  • 25. AI & Machine Learning for Cyber Attack https://www.youtube.com/watch?v=5iZuffHPDAw
  • 26. Fraudster used AI to Deepfake the boss’ voice - manage to trick to transfer $243K • Victim believed he was talking to his German boss. • the voice carried the German boss’ subtle accent and his pace. Reference: • https://thenextweb.com/security/2019/09/02/fraudsters-deepfake-ceos-voice-to-trick-manager-into-transferring-243000/
  • 27. Security Issues arising from the End of Support (EOS) of Technologies Microsoft Win 7, Win Server 2008/2008R2 reach EOS in Jan 2020. No more security updates. 27
  • 28. Key takeaway Information Security is Everybody’s Business Prepare for upgrade/ migration of EOS systems IoT devices have their share of security vulnerabilities Prevention is always better than cure Protection via People, Process and Technology Report incident and Know where to get Assistance 28
  • 29. Hong Kong Productivity Council 香港生產力促進局 HKPC Building,78 Tat Chee Avenue,Kowloon,HongKong 香港九龍達之路78號生產力大樓 +852 2788 5678 www.hkpc.org