2. Haneen Iemeir
Cyber Attacks
Computer-to-computer attack that
undermines the confidentiality, integrity,
or availability of a computer or
information resident on it
IT Department, Haneen Iemeir
Haneen Iemeir
6. Haneen Iemeir
Flame
It was discovered in 2012 but it had been
operating since 2010.
Attacked Middle East and Asia
Collected sensitive data of regular
individuals, business men and military
personnel.
IT Department, Haneen Iemeir
Haneen Iemeir
7. Haneen IemeirHeartland Payment Systems
Phishing out over 100 million individual card
numbers, costing Heartland more then $140 million
dollars in damages incurred in 2008
Started with PHISHING to a regular customer
IT Department, Haneen Iemeir
Haneen Iemeir
9. Haneen Iemeir
Link Clicked .. Oops !
Data is stolen
Software is installed … Malware
Computer is infected and may infect others on
network
IT Department, Haneen Iemeir
Haneen Iemeir
10. Haneen IemeirHow do hackers
GET AWAY WITH IT!
BOTNET
IT Department, Haneen Iemeir
Haneen Iemeir
14. Haneen Iemeir
So WHAT ??
Theft of hard disk data, photos and videos
Destruction to hard disk and data
performance issues
Malfunction of applications
IT Department, Haneen Iemeir
Haneen Iemeir
15. Haneen Iemeir
Most Common Threats
Infected USB
Email phishing, pretend to be some one else
asking you to do something
Social engineering,
https://www.youtube.com/watch?v=HJXJkpir-
ds
Social Networking,
https://www.youtube.com/watch?v=T1EZVFo
Zq4A
IT Department, Haneen Iemeir
Haneen Iemeir
16. Haneen Iemeir
Most Common Threats
Unknown attachments,
https://www.youtube.com/watch?v=5grTJH3B_70
Mobile devices, theft or hack
Hard disk failures
Malicious codes
Accessing business desktop
form outside
IT Department, Haneen Iemeir
Haneen Iemeir
17. Haneen Iemeir
MOST of Most
POOR PASSWORD and ACCESS
management
Unawareness of data importance
INSIDER THREATS
DOWNTIMES !!
On may 2013, it was reported that %58 of
cyber attacks attributed to insider attack
Intentional harm or misuse of access
IT Department, Haneen Iemeir
Haneen Iemeir
18. Haneen Iemeir
WHY ???
An employee having the password of another
employee is not afraid of consequences and
disciplinary actions.
An employee who access data that he/she is NOT
responsible of DO NOT pay care to confidentiality
agreements regarding this data!
Unaware employee can lose data and infect the
network
IT Department, Haneen Iemeir
Haneen Iemeir
19. Haneen Iemeir
Downtime; availability &
Confidentiality
If there is no well-documented business
continuity plan,, you either end up with NO
productivity or paper work will be a total
mess!!
Switching back from paper to information
systems needs authorized procedure and
personnel.
IT Department, Haneen Iemeir
Haneen Iemeir
20. Haneen Iemeir
How to ….
Safeguard my PC and Mobil either at home
or at office?
Protect my integrity,, not allowing anyone
to abuse me?
Pay due-care towards my signed code of
conducts?
IT Department, Haneen Iemeir
Haneen Iemeir
21. Haneen IemeirSafeguards ..
Data classification. To know the importance of
data I access; i.e. when I travel
Do not open emails or
messages from
unknown people, DELETE.
Keep my password secret, complex and changed
periodically; Password Policy
IT Department, Haneen Iemeir
Haneen Iemeir
23. Haneen Iemeir
Safeguards ..
UPGRADE OS of desktop & mobile,
ANTIVIRUS and other applications.
LOG OFF your computers
after work hours
IT Department, Haneen Iemeir
Haneen Iemeir
25. Haneen Iemeir
Safeguards ..
Control privileged access to my staff; IT Privilege
Request Form & annual privilege review
Good job description and confidentiality
agreements.
Do not click on unknown LINKS
Use UPDATED Anti-spam
IT Department, Haneen Iemeir
Haneen Iemeir
26. Haneen Iemeir
Safeguards ..
Do NOT use the same password for all your
accounts.
Avoid UNLICENSED software
Close your office when leaving
Pay attention to shoulder surfing
Use secure devices to access business systems
Either from home or via smart phone.
Scan USB before opening it
IT Department, Haneen Iemeir
Haneen Iemeir
28. Haneen IemeirSafeguards ..
Use SHAREFOLDERs, Sharefolder request form
When implementing new systems,, consult IT for security
and performance issues.
IT Department, Haneen Iemeir
Haneen Iemeir
29. Haneen Iemeir
Business Continuity Plan
Define Critical business procedures
Paper/manual alternative procedure
Downtime period needed to pass before
launching BCP
Who launches the BCP? Decision maker?
How to go back to automatic systems after
recovery?
IT Department, Haneen Iemeir
Haneen Iemeir
30. Haneen Iemeir
Other Security Considerations
Third Party Access
NDA
Policy
IT Department, Haneen Iemeir
Haneen Iemeir
31. Haneen Iemeir
How to tell if I am hacked!!
Browser open websites by its own and you
cannot close them
Antivirus is reporting infected file
Passwords no longer work or they are
locked out.
Suspicious applications on the desktop
Unreasonable slowness of the
system/network
IT Department, Haneen Iemeir
Haneen Iemeir
32. Haneen Iemeir
Report Incidents
All the previous systems
Abuse of credentials
Suspected employee activities
How to report !
http://khccportal/default.aspx
IT Department, Haneen Iemeir
Haneen Iemeir