The document discusses common cyber threats like phishing, hacking, and DDoS attacks. It notes several major data breaches in recent years at Target and Home Depot that resulted in billions of dollars lost. To protect against these threats, the document recommends businesses implement security measures like audits, encryption, web application firewalls, malware analysis, and employee cybersecurity training. Regular security monitoring and having a crisis plan are also advised.
2. Whats up for today?
Some chitchat about your baby…
3. The dark side of the internet
• Phishing
• Social engineering
• Hacking (vulnerabilities & misconfigurations)
• Injection (iFRAME)
• DDOS
• DNS hijacking
• Cookie hijacking/stealing
• MITM (Man In The Middle)
• Xss and SQL injection
• 3rd Parties
4. Serious cases
• 13 October 2014 1 million dutch e-mail
accounts compromised.
• 5600 Dutch websites hacked (SQL injection)
• Target hack, costs 40 million $, Home depot
60 Miljon $ ( total costs in revenue and
security measures)
• In two years 2 Billion account credentials
breached ( including CC and person
credentials)
5. Data Breaches Leads to Drop in Sales
• Target Earnings Slide 46% After Data Breach
• One third of consumers will shop elsewhere if
their retailer of choice is breached, according
to new research
• Downtime and massive costs after data
breach or malware infection.
6. What can/must we do?
• Audit/Pentest
• Source code check
• Scanning pro software *
• WAF * (Web Application Firewall)
• Encrypt your database, encrypt credentials, if hacked it wont be worth decrypting due to time
• Dedicated Hosting
• HTTPS, Perfect Forward Secrecy, HSTS (HTTP Strict Transport Security)
• MASKING *
• Malware Analyses, day round *
• DDOS protection *
• Secure DNS * (ask hosting company)
• Blacklisting checks *
• Monitor your security
• Security is a must, create budget! (its not IF, but WHEN you will get hacked)
• Backupfallbackupfallback crisis scenario’s and documentation
• Backoffice security, don’t let your twelve year old kid download movies on your work laptop
• Educate the thing between chair and keyboard! Know your software platform(s) (sorry if its you)
• Communicate with your customer about your cyber initiatives, but be very clear in how!
* Do it yourself, approx. 400 euro a year.
7. What can/must we do?
• Audit/Pentest
• Source code check
• Scanning pro software *
• WAF * (Web Application Firewall)
• Encrypt your database, encrypt credentials, if hacked it wont be worth decrypting due to time
• Dedicated Hosting
• HTTPS, Perfect Forward Secrecy, HSTS (HTTP Strict Transport Security)
• MASKING *
• Malware Analyses, day round *
• DDOS protection *
• Secure DNS * (ask hosting company)
• Blacklisting checks *
• Monitor your security
• Security is a must, create budget! (its not IF, but WHEN you will get hacked)
• Backupfallbackupfallback crisis scenario’s and documentation
• Backoffice security, don’t let your twelve year old kid download movies on your work laptop
• Educate the thing between chair and keyboard! Know your software platform(s) (sorry if its you)
• Communicate with your customer about your cyber initiatives, but be very clear in how!
* Do it yourself, approx. 400 euro a year.
8. Treat (not thread) your baby like a baby
Create the safe environment you want your baby to growup in.
For you, your family, your customer and your future.
Happy Selling!
9. CONTACT
Remo Hardeman
Omerta Information Security
remo@omerta.nl
Visits
Boompjes 57
7e verdieping
3011 XB Rotterdam
SOCIAL MEDIA
facebook.com/
omertanetherlands
TWITTER
https://twitter.com/
@omerta_infosec
10. CONTACT
Remo Hardeman
Omerta Information Security
remo@omerta.nl
Visits
Boompjes 57
7e verdieping
3011 XB Rotterdam
SOCIAL MEDIA
facebook.com/
omertanetherlands
TWITTER
https://twitter.com/
@omerta_infosec