Cyber Vulnerabilities & How companies can test them
•Transferir como PPTX, PDF•
0 gostou•536 visualizações
A presentation on cyber vulnerabilities and how companies can test them.
Recomendados
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (19)
Semelhante a Cyber Vulnerabilities & How companies can test them
Semelhante a Cyber Vulnerabilities & How companies can test them (20)
Último
Último (20)
Cyber Vulnerabilities & How companies can test them
- 1. Confidential Cyber Vulnerabilities & How Companies Can Test Them? October 2018 Prepared by: 1
- 2. Confidential COMMON THREATS Malware Phishing Whaling Spyware Botnet 2 Ransomware
- 3. Confidential 3 More than 400 businesses are targeted with business email compromise (BEC) scams every day Phishing volume grew by a massive 41 percent in Q2 2017 Almost half of all breaches are caused by phishing FACTS ABOUT PHISHING PHISHING
- 4. Confidential Phishing is the leading cause of Ransomware 4
- 5. Confidential 5 Leading Cause of Ransomware 46% 36% 12% 1% 5% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% Spam/Phishing emails Lack of Employee Training Malicious Websites/ Web Ads Lack of Security Ads Others PercentageofRespondents Cause of Ransomware infection Source: © Statista 2018
- 6. Confidential What are cyber vulnerabilities and how can we limit them? 6
- 7. Confidential 7 EXTERNAL VULNERABILITIES INTERNAL VULNERABILITIES The attacker could be a criminal or hacker and they use the vulnerabilities to get into the network or access data. The attacker could be found within the business, they can be employees that intentionally sell information or mistakenly expose the information.
- 8. Confidential 8 EXAMPLES OF EXTERNAL VULNERABILITIES Insufficient access control to customers, suppliers, partners Cloning access cards & FOB Keys Weak firewall rules and unpatched software on firewall Weak Security administration
- 9. Confidential 9 EXAMPLES OF INTERNAL VULNERABILITIES Unprotected Laptops Unpatched Software Access Control Issues Vulnerabilities in internal Applications Weak/ Default Password
- 10. Confidential 42% 33% 18% 7% Where are the threats coming from? Ex-employees 10 PERCENTAGES Third Parties Employees Outside the Organization Within the organization 58% Source: Clearswift.com
- 11. Confidential LIMIT CYBER VULNERABILITIES Train your Workforce Secure Configurations for Hardware & Software Control Use of Administrative Privileged Accounts Install proper Firewalls & Anti-virus Track all hardware devices on the network Practice Patch Management Conduct Vulnerability Assessment Use strong passwords Backup your data 11
- 12. Confidential Joining the workforce? 12 What you can expect when you join the workforce • Career opportunities • A booming industry • What you are likely to hear even if you are not in the Cybersecurity field
- 13. Confidential 13 HOW COMPANIES TEST CYBER VULNERABILITIES External Penetration Testing Internal Penetration Testing Vulnerability Assessment Web Application Testing Social Engineering
- 14. Confidential 14 PENETRATION TESTING External Penetration Testing • An external penetration test mimics the actions of an actual attacker exploiting weaknesses in the network security. Internal Penetration Testing • This test examines internal IT systems for any weakness that could be used to disrupt the Confidentiality, Integrity or Availability of the network, thereby allowing the organization to address each weakness . This process helps identify the security vulnerabilities within the system or network by simulating an attack.
- 15. Confidential 15 VULNERABILITY ASSESSMENT A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system. Table Risk Level Matrix Impact Likelihood Low Medium High High Medium High High Medium Low Medium High Low Low Low Medium
- 16. Confidential 16 WEB APPLICATION TESTING Web application testing, a software testing technique exclusively adopted to test the applications that are hosted on web in which the application interfaces and other functionalities are tested. Web application Testing Techniques to test Confidentiality, Integrity, Availability • Functionality Testing • Usability testing • Interface testing • Compatibility testing • Performance testing • Security testing
- 17. Confidential 17 SOCIAL ENGINEERING Phishing • Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. Vishing • Vishing is the telephone equivalent of phishing. It is described as the act of using the telephone in an attempt to scam the user into surrendering private information that will be used for identity theft. Tailgating • Tailgating is a physical security breach in which an unauthorized person follows an authorized individual to enter a secured premise.
- 18. Confidential CONTACT INFORMATION www.24By7Security.com @24By7Security (844) 55-CYBER (29237) Contact@24By7Security.com 18
Notas do Editor
- These are the most common types of cyber threats are malware, phishing, spyware, whaling, Botnet & spam. One of the most popular threats people is impacted by is phishing. Some other types are of threats are hacking, bots, misuse of employee privileged. Malware is a malicious software and there are different types as viruses, Ramsomware, spyware, worms and more. • Malware can get in your computer by accidentally clicking a suspicious email attachment or perhaps you connected an infected drive to your computer. • How can malware affect your business? Malware can affect your business by loss of customer information, loss of reputation, financial cost, legal costs and More. -> http://honigconte.com/malware-attacks/ • How can we prevent malware? Examine the email before you open it (check the sender’s address, is it a trusted URL?) , update your operating system, Browsers & plugins, and antivirus install and updated. For more information -> https://blog.malwarebytes.com/101/2016/08/10-easy-ways-to-prevent-malware-infection/ What is phishing? Phishing is when they send emails posing as a reputable institution/companies in order to obtain sensible data as your password, credit card information or username. How can I avoid phishing scams? A couple of the things you could do to avoid phishing scams are to keep informed on the latest techniques use for Phishing, don’t click on emails from unfamiliar sources or people and install an anti-phishing toolbar. -> http://www.phishing.org/10-ways-to-avoid-phishing-scams What is whaling? Whaling is a type of phishing that targets C-Level Executives in order to obtain sensitive information https://digitalguardian.com/blog/what-whaling-attack-defining-and-identifying-whaling-attacks Sources: • https://www.getcybersafe.gc.ca/cnt/rsks/cmmn-thrts-en.aspx • https://purplegriffon.com/blog/10-cyber-security-threats-in-2017
- https://Info.phishlabs.com/blog/the-impact-of-phishing-and-why-it-should-be-your-1-priority The volume of spam emails increased by 400 percent in 2016 – If you click on the phishing email is automatically linked to spams. Symantec – More than 400 businesses are targeted with business email compromise (BEC) scams every day https://www.symantec.com/security-center/threat-report Phishing Volume grew by a massive 41 percent in Q2 2017 - https://info.phishlabs.com/q2_2017_phishing_trends_and_-intelligence_report Verizon - Almost half of all breaches are caused by phishing - https://www.verizonenterprise.com/verizon-insights-lab/dbir/
- We need to see the external and internal vulnerabilities
- Source: https://www.statista.com/statistics/700965/leading-cause-of-ransomware-infection/ https://www.nytimes.com/2017/05/15/technology/personaltech/heres-how-to-protect-yourself-from-ransomware-attacks.html Lack of Security Ads – Ransomware developers often use pop-up windows that advertise software products that remove malware. Do not click on anything through these pop-ups, then safety close the windows.
- We need to see the external and internal vulnerabilities
- Keylogger: are use to capture passwords and other private data, this software or equipment is sold in the open market. https://knowledgemines.com/keyloggers/ Example of External Vulnerability Threats - https://ebrary.net/26640/computer_science/security_threats Could Fob keys be cloned? Yes, they could be cloned https://www.youtube.com/watch?v=cxxnuofREcM https://www.clonemykey.com/faq/ https://www.getkisi.com/blog/how-to-copy-access-cards-and-keyfobs
- Source: https://www.newgenapps.com/blog/internal-and-external-security-threats Infographic: Where are the threats coming from - https://www.clearswift.com/sites/default/files/images/blog/enemy-within.pdf
- Control Use of Administrative Privileged: minimize & monitor the administrative privileges. Practice Patch Management: a process in where you will identify, acquire, install and verify patches for products & systems. Conduct Vulnerability Scanning: to check the software and configurations of the systems of your network. Secure Configurations for Hardware & Software: Certain configurations options can open new opportunities for hackers. Track all hardware devices on the network: Use strong Passwords: Remember to change your password frequently and do not reuse the password. The password needs to contain letters, numbers, & symbols. 7. Secure Wi-Fi Networks: Make sure that the Wi-Fi Networks are encrypted 8. Have proper Back-up Plans: Perform regular back-ups of important files from your laptop. If you are a victim of malware, a backup drive will ensure that important files are not lost. 9. Firewalls: offers different layers of protection and can be in hardware or software form. Source: https://www.calyptix.com/top-threats/5-security-controls-stop-85-cyber-attacks/ http://www.manageitafrica.com/avoidable-cyber-security-mistakes-prevent-vulnerabilities/
- https://www.datto.com/au/blog/how-to-protect-businesses-from-ransomware
- External Penetration Testing: https://www.hacklabs.com/penetration-testing/ Internal Penetration Testing: https://www.hacklabs.com/internal-penetration-testing/ Penetration Testing: It’s the process to identify security vulnerabilities in an application by evaluating the system or network with various malicious techniques. https://www.softwaretestinghelp.com/penetration-testing-guide/ Why your company needs penetration testing? - To avoid incidents as the WannaCry Ransomware attack from May 2017. Companies need to Protect their information systems against security breaches.
- Source: https://en.wikipedia.org/wiki/Vulnerability_assessment Extra: https://searchsecurity.techtarget.com/definition/vulnerability-assessment-vulnerability-analysis
- Source: https://www.tutorialspoint.com/software_testing_dictionary/web_application_testing.htm
- Phishing: https://en.wikipedia.org/wiki/Phishing Vishing: https://www.webopedia.com/TERM/V/vishing.html Tailgating: https://whatis.techtarget.com/definition/tailgating-piggybacking Picture: social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. This is a type of confidence trick for the purpose of information gathering, fraud, or system access, and the first type of attack of this kind known in history is the Trojan horse itself (not the computer virus, but the Greek mythical event). For example, in this attack, an international cyber crime ring based out of Eastern Europe managed to steal $1 billion in 2 years from 100 different banks in nearly 30 countries using spear phishing emails targeting bank employees. The spear phishing technique is, by far, the most successful on the internet today, accounting for 91% of attacks! Website::: https://heimdalsecurity.com/blog/10-surprising-cyber-security-facts-that-may-affect-your-online-safety/