Driving Behavioral Change for Information Management through Data-Driven Gree...
What's Hot In IT - Cybersecurity
1.
2. ATTRACT JOIN RETAIN PROGRESS LEAD
GOGIRL MENTORING BOLDMOVESGRAD GIRLS WHAT’S HOT IN IT
IMPORTANCE
OF WOMEN
Get with the program in 2017. Join today.
Membership comes with a lot of benefits. It’s open to everyone and is already making a difference in the
lives of the thousands of women and girls who have participated. It’s a priceless investment in your career.
Join the women shaping tomorrow and be recognised as an industry leader.
3. Remember to get social!
@VICT4W
@vict4w
vicictforwomen.com.au
#whatshotinit
#whatshotinit
4.
5. RODD CUNICO
CHIEF EXECUTIVE OFFICE
ALATA GROUP
ESTHER LIM
SECURITY ANALYST
DELOITTE AUSTRALIA
HAYTHAM YOUNES
HEAD OF CYBERSECURITY
GOVERNANCE, RISK &
COMPLIANCE, AUSTRALIA POST
HALANA DEMAREST
SENIOR THREAT INTELLIGENCE
& CYBER HUNT SPECIALIST
KEVIN PRIOR
GLOBAL HEAD OF CYBER
ASSURANCE
COMPUTERSHARE
SHAUN COULTER
CONSULTING SECURITY
SYSTEMS ENGINEER
CISCO SYSTEMS
DR. CARSTEN
RUDOLPH
ASSOC. PROFESSOR, FACULTY
OF IT, MONASH UNIVERSITY AND
DIRECTOR OF THE OCEANIA CYBER
SECURITY CENTRE
MEAGHAN STACKPOLE
SENIOR MANAGER
CYBER SECURITY
EY
DAMIEN SMITH
HEAD OF TECHNOLOGY,
INFRASTRUCTURE DELIVERY
ANZ
DR. NANDITA
BHATTACHARJEE
COURSE DIRECTOR MASTER OF
NETWORKS AND SECURITY,
MONASH UNIVERSITY
LEE BEYER
SENIOR MANAGER,
CYBER SAFETY
NAB
CyberSecurity Speakers
6. Introduction to Cyber Security
Military Grade Intelligence & Cyber-security Solutions
7. What is Cyber Security?
The body of; technologies, processes and practices
designed to protect; networks, computers, programs and data
from attack, damage or unauthorised access.
In a computing context, security includes both cyber security
and physical security.
Source: Margaret Rouse | http://whatis.techtarget.com/definition/cybersecurity
9. The Problem
Estimated 14,800 cybersecurity incidents affected Australian
businesses in 2015–2016.
Resulting in;
n significant direct and indirect costs associated with a cyber-breach,
n highest monetary cost being for;
– resources to investigate the extent of the intrusion,
– understanding the harm,
– the immediate remediation of the intrusion,
– and the legal costs when impacted third parties may sue for
negligence or breach of contract
10. New Legislation
The government has revealed a draft of the statement it expects
organisations to file if they suffer a data breach after February 22nd, 2018.
Under data breach notification laws passed in mid-February of this year,
organisations that suffer a data breach will need to notify the Australian
Information Commissioner and affected customers “as soon as
practicable.”
They must also assess its severity and the potential harm to those
impacted, and may need to file a formal report.
12. Types of attack
TYPE OF ATTACK
Information Warfare
Cyber Espionage
Cyber Crime
Cracking
Hactivism
Cyber Terror
MOTIVATION
Military or political dominance
Gain of intellectual Property and Secrets
Economic gain
Ego, personal enmity
Political change
Political change
METHOD
Attack, corrupt, exploit, deny,
conjoint with physical attack
Advanced Persistent Threats
Attack, Exploit
Fraud, ID theft, extortion, Attack, Exploit
Attack, defacing
Marketing, command and control,
computer based violence
13. Evolution of cyber threats
Source: Andrew Dell | NAB CISO
Sophistication of tools
and techniques
Technical
knowledge
required
TIME
SOPHISTICATION
HIGH
LOW
15. Four types of attacks
SpearPhishing WireFraud
Insider Threat 3rd Party Breach
16. Mia Ash
Is an attractive 29-year-old freelance
photographer.
Lives in London listens to indie
music adores social media.
Hails from Great Wyrley in Staffordshire,
often sports a sexy bob rather like
Audrey Tautou’s in the film Amelie
She doesn’t go for creative professionals…
17.
18. Mia Ash - Fake Persona
A honey trap conceived to steal information.
Creation of hackers linked to Iran.
An illustration of the sophistication of
“social engineering” in cyber espionage.
The scheme lured senior figures in sensitive
industries in the US, Israel, India and Saudi
Arabia to reveal confidential data.
Able to plant snooping S/W on their
computers.
19. What can you do and what’s your role?
Cyber security is the responsibility of
every single person within an organisation.
Your organisation is only as strong as
the weakest link.
20. The Basics
Don’t take the bait – avoid Phishy emails.
Keep your software updated.
Use secured internet connections.
Use multiple strong passwords or
multi-factor authentication.
Source: Carlo Minassini | LinkedIn – Cyber safety steps so simple
my mother could follow them (but probably won’t)
21. ASD’s ESSENTIAL 8
The Australian Signals Directorate’s (ASD)
Strategies to Mitigate Cyber Security Incidents
is a prioritised list of practical actions
organisations can take to make their
computers more secure.
The advantage of this guidance is that it is
customisable to each organisation based
on their risk profile and the threats they
are most concerned about.
22. ASD’s ESSENTIAL 8
To prevent malware running:
APPLICATION WHITELISTING
A whitelist only allows selected software applications to run
on computers. Why? All other software applications are
stopped, including malware.
DISABLE UNTRUSTED
MICROSOFT OFFICE MACROS
Microsoft Office applications can use software known as
“macros” to automate routine tasks. Why? Macros are in-
creasingly being used to enable the download of malware.
Adversaries can then access sensitive information, so macros
should be secured or disabled.
PATCH APPLICATIONS
A patch fixes security vulnerabilities in software applications.
Why? Adversaries will use known security vulnerabilities to
target computers.
USER APPLICATION HARDENING
Block web browser access to Adobe Flash player (uninstall
if possible), web advertisements and untrusted Java code
on the internet. Why? Flash, Java and web ads have long
been popular ways to deliver malware to infect computers.
23. ASD’s ESSENTIAL 8
To limit the extent of incidents and recover data:
RESTRICT ADMINISTRATIVE PRIVILEGES
Only use administrator privileges for managing systems,
installing legitimate software and applying software patches.
These should be restricted to only those that need them.
Why? Admin accounts are the ‘keys to the kingdom’,
adversaries use these accounts for full access to information
and systems.
MULTI-FACTOR AUTHENTICATION
This is when a user is only granted access after
successfully presenting multiple, separate pieces of evidence.
Typically: Something you know, like a pass phrase. Something
you have, like a physical token. And/or something you are, like
biometric data. Why? Having multiple levels of authentication
makes it a lot harder for adversaries to access your information.
PATCHING OPERATING SYSTEMS
A patch fixes security vulnerabilities in operating systems.
Why? Adversaries will use known security vulnerabilities to
target computers.
DAILY BACKUP OF IMPORTANT DATA
Regularly back up all data and store it securely offline. Why?
That way your organisation can access data again if it suffers
a cyber security incident.
34. If you would like more information about tonight’s event or
Would like to join the ‘What’s Hot in IT’ Team please contact:
Elizabeth Mulhall M 0487 700 026 244 E elizabethlmulhall@gmail.com
ASSOCIATION FOR ADVANCING WOMEN IN DIGITAL + TECH