Ray Gasnick III of Miles Technologies discusses how to protect your business from a major cybersecurity incident.
Areas covered include:
- What areas constitute the human elements of cybersecurity
- Best practices for combating social cyber attacks
- Tips for promoting awareness and developing your physical security plan
View the full webinar at https://www.youtube.com/watch?v=ScE3g3O6NdQ.
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Webinar: Cybersecurity Elements that Comprise a Secure Network
1. ElementsThat Comprise a “Secure Network”
Presenter: Ray Gasnick III
Director of IT Engineering
MilesTechnologies
2.
3. “Secure” networks aren’t just
those comprised of multi-
factor authentication
mechanisms and multiple
layers of firewalls.
4. In the past 10 years per the Privacy Rights
Clearinghouse:
534 breaches were due to insider access
771 breaches were due to “accidental” disclosure
1066 breaches were due to hacking or malware
1822 breaches were due to physical loss
(electronic or non-electronic)
Source: http://www.privacyrights.org/data-breach/new
5.
6.
7. The biggest risks to most
networks are NOT “evil”
hackers on the internet.
Most compromises stem
from the users themselves
either misusing their
authority or “leaking” data
accidentally.
8. In most organizations, access is
governed in a hierarchal fashion.
Despite this, someone usually
has greater access due to
responsibility.
The “honor” system is all that
governs this/these users.
9. If a user isn’t entrusted with access to
sensitive data, he or she may be able to
coerce information leakage with
perceived authority.
Examples:
Name dropping of managers to subordinate
employees
Downright requests for information by hiding
the real purpose
10. Another very common method for
data leakage is social engineering.
Takes on the form of:
Calls
Phishing Emails
The most brazen would
show up in person
11. Leverages some technique to coerce an
employee to divulge information:
Tailgating
Outright asking for
the information
Perceived authority
Assumed access
Empathy
All of these avenues of attack cannot be stopped
even with the most sophisticated firewalls in
the world.
12. Everybody “assumes”
they could never be
duped into handing
over information from
a social attack.
Awareness/Education
is the best method for
prevention.
13. Smaller companies are less susceptible.
There is generally a higher degree of awareness
when someone/something is out of the ordinary.
Larger companies are more likely to fall victim to
social tactics.
There is a higher degree of anonymity between
departments if they do not interact regularly.
14. Distinguish employees from visitors
(badges, sign in sheet, etc.).
Promote an environment where it is
acceptable to clarify when a request
sounds unusual.
Ensure that sensitive “data” is
secured by some means.
Ensure that those who are
custodians for sensitive data are
known.
15. Employee awareness is the
best defense but it is not a
one-time deal.
Recurring training sessions
are the best way to keep
secure practices fresh in
everyone’s minds.
Notes de l'éditeur
and other such electronic counter measures
AllClearID is $14.95/month or roughly $180/year/person. If all 35k from the Lowes breach were to utilize it, for 1 year it would have cost Lowes $6.2M
social engineering (not to be confused with social networking)
Not really true though since most victims will never even known that such an attack was underway
Ensure that those who are custodians for sensitive data are known
Also understand their degree of access