SlideShare a Scribd company logo

Cyber Security-Foundation.ppt

Download as PPT, PDF
E
ErAdityaSingh1

Cyber security refers to technologies, processes, and practices designed to protect networks, devices, programs, and data from attacks, damage or unauthorized access. The top threats include phishing, malware like viruses and ransomware, identity theft, and business email compromise. To protect information according to the CIA triad, systems aim to maintain confidentiality by restricting access, integrity by preventing unauthorized data changes, and availability by ensuring authorized access. Common vulnerabilities are exploited by threats. Cyber security professionals work to mitigate these threats and vulnerabilities through technical and organizational measures.

Education
1 of 46
Downloaded 24 times
1
2
3
4
5
Most read
6
7
8
9
Most read
10
11
Most read
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
Cyber Security (Foundation Level) By Er.Pawan Kumar
Which is the third largest economy? • USA • China • ????
Importance of Cyber Security “The only system which is truly secure is one which is switched off and unplugged, locked in a titanium safe, buried in a concrete bunker, and is surrounded by nerve gas and very highly paid armed guards. Even then, I wouldn’t stake my life on it.” - Professor Gene Spafford https://spaf.cerias.purdue.edu/ In security matters: effectiveness & limitations • There is nothing like absolute security • We are only trying to build comfort levels, because security costs money and lack of it costs much more • Comfort level is a manifestation of efforts as well as a realization of their
Importance of Cyber Security The Internet allows an attacker to work from anywhere on the planet. Risks caused by poor security knowledge and practice: Identity Theft Monetary Theft Legal Ramifications (for yourself and your organization) Sanctions or termination if policies are not followed According to the SANS Institute, the top vectors for vulnerabilities available to a cyber criminal are: Web Browser IM Clients Web Applications Excessive User Rights
Cyber Security • Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access.
Cyber Security https://www.varonis.com/blog/data-breach-statistics/
Cyber Security is Safety • Security:We must protect our computers and data in the same way that we secure the doors to our homes. • Safety: We must behave in ways that protect us against risks and threats that come with technology.
False Sense of Security?
What is a Secure System? (CIA Triad) Availability • Confidentiality – restrict access to authorized individuals • Integrity – data has not been altered in an unauthorized manner • Availability – information can be accessed and modified by authorized individuals in an appropriate timeframe
CIA Triad Protecting information from unauthorized access and disclosure Example: Criminal steals customers’ usernames, passwords, or credit card information Confidentiality
CIA Triad Protecting information from unauthorize d modificatio n Example: Someone alters payroll information or a proposed product design Integrity
CIA Triad Preventing disruption in how information is accessed Example: Your customers are unable to access your online services Availability
Threats and Vulnerabilities What are we protecting our and our stakeholders information from? Threats: Any circumstances or events that can potentially harm an information system by destroying it, disclosing the information stored on the system, adversely modifying data, or making the system unavailable Vulnerabilities: Weakness in an information system or its components that could be exploited.
WHAT KINDS OF THREATS ARE THERE? Phishing and Spear- phishing Attacks Social Engineering Scams Common Malware and Ransomware Business Email Compromise Fake websites that steal data or infect devices And much more
Phishing Phishing refers to the practice of creating fake emails or SMS that appear to come from someone you trust, such as: Bank, Credit Card Company, Popular Websites The email/SMS will ask you to “confirm your account details or your vendor’s account details”, and then direct you to a website that looks just like the real website, but whose sole purpose is for steal information. Of course, if you enter your information, a cybercriminal could use it to steal your identity and possible make fraudulent purchases with your money.
Phishing Statistics Verizon DBIR 2020: Phishing is the biggest cyber threat for SMBs, accounting for 30% of SMB breaches KnowBe4: 37.9% of Untrained Users Fail Phishing Tests 84% of SMBs are targeted by Phishing attacks A new Phishing site launches every 20 seconds 74% of all Phishing websites use HTTPS 94% of Malware is delivered via email
Example of Phishing
Social Engineering When attempting to steal information or a person’s identity, a hacker will often try to trick you into giving out sensitive information rather than breaking into your computer. Social Engineering can happen: Over the phone By text message Instant message Email
Malware = “malicious software” Malware is any kind of unwanted software that is installed without your consent on your computer and other digital devices. Viruses, Worms, Trojan horses, Bombs, Spyware, Adware, Ransomware are subgroups of malware. Malware
A virus tries to infect a carrier, which in turn relies on the carrier to spread the virus around. A computer virus is a program that can replicate itself and spread from one computer to another. Viruses
Direct infection: virus can infect files every time a user opens that specific infected program, document or file. Fast Infection: is when a virus infects any file that is accessed by the program that is infected. Slow infection: is when the virus infects any new or modified program, file or document. Great way to trick a antivirus program! Sparse Infection: is the process of randomly infecting files, etc. on the computer. RAM-resident infection: is when the infection buries itself in your Computer’s Random Access Memory. Viruses cont.
Trojan horse: is a program or software designed to look like a useful or legitimate file. Once the program is installed and opened it steals information or deletes data. Trojan horses compared to other types of malware is that it usually runs only once and then is done functioning. Some create back-door effects Another distribution of Trojans is by infecting a server that hosts websites. Downfall of Trojans: very reliant on the user. Trojans
Worms and viruses get interchanged commonly in the media. In reality a worm is more dangerous than a virus. User Propagation vs. Self Propagation Worm is designed to replicate itself and disperse throughout the user’s network. Email Worms and Internet Worms are the two most common worm. Worms
Email worm goes into a user’s contact/address book and chooses every user in that contact list. It then copies itself and puts itself into an attachment; then the user will open the attachment and the process will start over again! Example: I LOVE YOU WORM Email Worm
An Internet Worm is designed to be conspicuous to the user. The worms scans the computer for open internet ports that the worm can download itself into the computer. Once inside the computer the worms scans the internet to infect more computers. Internet Worms
Adware is a type of malware designed to display advertisements in the user’s software. They can be designed to be harmless or harmful; the adware gathers information on what the user searches the World Wide Web for. With this gathered information it displays ads corresponding to information collected. Spyware is like adware it spies on the user to see what information it can collect off the user’s computer to display pop ads on the user’s computer. Spyware unlike adware likes to use memory from programs running in the background of the computer to keep close watch on the user. This most often clogs up the computer causing the program or computer to slow down and become un-functional. Adware and Spyware
Identity Theft Impersonation by private information Thief can ‘become’ the victim Reported incidents rising Methods of stealing information Shoulder surfing Snagging Dumpster diving Social engineering High-tech methods Identity Theft
Loss of privacy Personal information is stored electronically Purchases are stored in a database Data is sold to other companies Public records on the Internet Internet use is monitored and logged None of these techniques are illegal Identity Theft
Ransomware Ransomware is a type of malware that restricts your access to systems and files, typically by encryption and then demands a ransom to restore access. Often, systems are infected by ransomware through a link in a malicious email. When the user clicks the link, the ransomware is downloaded to the user’s computer, smartphone or other device. Ransomware may spread through connected networks.
Ransomware Controls Weapons-Grade Data Backups Religious Patch Management Plan to Fail Well (Incident Response Plan) Know who to call! Training and Testing Your People Don’t Open that Email Link/Attachment
Business/Official Email Compromise BEC is a big problem for you and your organization: Your email is compromised. Another employee of your organization is compromised Almost always, these emails fall into 2 categories: 1. Downloading and spreading additional malware automatically 2. Urging the customer to perform a financial transaction immediately Tips and Tricks to share with customers: BEC made up half of cyber-crime losses in 2019; $75K per scam Standard phishing email awareness – don’t click links or download attachments Pay attention to the email address Enable MFA for business email accounts
Business Email Compromise
Business Email Compromise
COVID-19 Cyber Threats
COVID-19 Cyber Threats
COVID-19 Cyber Threats
COVID-19 Cyber Threats
COVID-19 Cyber Threats • Google: 18+ Million COVID-19 emails in just the one week, in addition to 240M daily COVID-19 spam messages • Phishing up 667% right now • FBI IC3: 4x complaints per day (1K before COVID-19, now 3k-4k per day) • 148% spike in ransomware attacks due to COVID-19 • 30%-40% increase in attacker interest relating to RDP (as measured by Shodan) • 26% increase in e-comm web skimming in March • Healthcare, Financial Services, Medical Suppliers and Manufacturing, Government and Media Outlets all seeing a large increase in cyber threats
What does a Cyber Security Professional look like?
Eugene Kaspersky, CEO Kaspersky Labs, £1.1bn James Lyne, CTO, SANS David Ulevitch, Founder OpenDNS Katie Moussouris, Microsoft Bug Bounty creator Dr Toogood, MD Digitalis Reputation 8 Erin Jacobs, CSO at UCB Financial Services In reality…
How We Protect Information? People Training, education, awareness, repetition Process Governance, oversight, policy, reporting Technology Firewalls, IDS/ISP , SIEM, anti-malware Strong passwords, Logging/monitoring Which is the weakest link?
Social Engineering Best Practices USE YOUR SECURITY SPIDER SENSE! ALWAYS validate requests for information if you’re not 100000% sure Call a number YOU know Google it… ALWAYS ASK QUESTIONS! Is this who I think it is FOR SURE? Did someone mention this to me personally, or was it discussed at a staff meeting? Is this the FIRST I’m hearing about this?
BEC Best Practices Think through Out of Office emailresponders Avoid using free web-based email for business Not only less-professional, but easier to hack, typosquat, or spoof Domains and email addresses are cheap, especially compared to BEC Register similar domains to yours to prevent typosquatting e.g. delaplex.com vs. delapelx.com Be careful about the information you share on your website or Social Media (LinkedIn, Facebook) about job duties or positions, especially for positions with transactional or purchasing authority
Cyber Security and Privacy Starts and Ends with Us! Security Tips Commit to a disciplined practice of information security and continue to refresh yourself so you don’t become a point of vulnerability in our security defenses.
Summary • Cybersecurity will require a significant workforce with deep domain knowledge. • Almost everything is hooked up to the internet in some sort of form. • Recent events have widened the eyes of many security experts. • The ability to gain access to high security organizations, infrastructures or mainframes has frightened many people. • Could one click of the mouse start World War III?
Thank you! Any Queries?? Ping me:- pawan.kumar@podar.org

More Related Content

PDF
IT Security PowerPoint Presentation Slides
SlideTeam
 
PDF
Cybersecurity PowerPoint Presentation Slides
SlideTeam
 
PPTX
Cybersecurity Basics.pptx
LineshiDharamraj1
 
PDF
Cyber security awareness presentation nepal
ICT Frame Magazine Pvt. Ltd.
 
PPTX
Public - Cybersecurity awareness presentation (1).pptx
SileSoftwareInc
 
PDF
The importance of Cybersecurity
Benoit Callebaut
 
PPTX
User security awareness
K. A. M Lutfullah
 
PPTX
Cybersecurity - Overview
Thanuja Seneviratne
 
IT Security PowerPoint Presentation Slides
SlideTeam
 
Cybersecurity PowerPoint Presentation Slides
SlideTeam
 
Cybersecurity Basics.pptx
LineshiDharamraj1
 
Cyber security awareness presentation nepal
ICT Frame Magazine Pvt. Ltd.
 
Public - Cybersecurity awareness presentation (1).pptx
SileSoftwareInc
 
The importance of Cybersecurity
Benoit Callebaut
 
User security awareness
K. A. M Lutfullah
 
Cybersecurity - Overview
Thanuja Seneviratne
 

What's hot (20)

PPTX
Threat modelling(system + enterprise)
abhimanyubhogwan
 
PDF
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
 
PPTX
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
PDF
Application Security - Your Success Depends on it
WSO2
 
PDF
Cyber security
Bhavin Shah
 
PDF
Introduction to Software Security and Best Practices
Maxime ALAY-EDDINE
 
PDF
Microsoft Zero Trust
David J Rosenthal
 
PPTX
Endpoint Protection
Sophos
 
PPTX
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
PPT
Introduction To OWASP
Marco Morana
 
PPTX
Computer Security
vishal purkuti
 
PDF
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
PPTX
Mobile Device Security
Nemwos
 
PDF
Vulnerability Management
asherad
 
PPTX
Network Security
Manoj Singh
 
PDF
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Shawn Tuma
 
PDF
Threat Modeling Using STRIDE
Girindro Pringgo Digdo
 
PPTX
Basic Security Training for End Users
Community IT Innovators
 
PDF
Cybersecurity Basics - Aravindr.com
Aravind R
 
PDF
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
 
Threat modelling(system + enterprise)
abhimanyubhogwan
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
 
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Application Security - Your Success Depends on it
WSO2
 
Cyber security
Bhavin Shah
 
Introduction to Software Security and Best Practices
Maxime ALAY-EDDINE
 
Microsoft Zero Trust
David J Rosenthal
 
Endpoint Protection
Sophos
 
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Introduction To OWASP
Marco Morana
 
Computer Security
vishal purkuti
 
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
Mobile Device Security
Nemwos
 
Vulnerability Management
asherad
 
Network Security
Manoj Singh
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Shawn Tuma
 
Threat Modeling Using STRIDE
Girindro Pringgo Digdo
 
Basic Security Training for End Users
Community IT Innovators
 
Cybersecurity Basics - Aravindr.com
Aravind R
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
 
Ad

Similar to Cyber Security-Foundation.ppt (20)

PDF
fundamentals of Cybersecurity Lesion 1.pdf
adamgaidam
 
PPT
Cyber-Security.ppt
SeniorGaming
 
PPT
Cyber-Security-20211013105857.ppt
visik2
 
PPT
Cyber-Security-.ppt
karthikvcyber
 
PPT
Cyber-Security.ppt
VarunJain65422
 
PPT
Cyber-Security-20211013105857.ppt
HArshMangasuli
 
PPT
cybertestqas.ppt
JacobJose37
 
PPT
Cyber-Security-20211013105857.ppt
UmeshBansal18
 
PPT
Cyber-Security-20211013105857.ppt
AshaVijay11
 
PPT
Cyber-Security-.ppt
mabiratu
 
PPT
cs0123.ppt
HeroZero12
 
PPTX
Cyber-Security.ppt
chandakujjwal6
 
PPT
Cyber-Security-20211013105857 (1).ppt
KeerthikaaThiyagaraj
 
PPTX
Cyber security by vinod sencha for education
KanakKumarKanak1
 
PPT
Cyber-Security-20211013105857.ppt HGJHHKJHJKHKH
bhaimeresuresh
 
PPT
Direct infection: virus can infect files every time a user opens that specif...
BUSHRASHAIKH804312
 
PPT
Cyber-Security-20211013105857.ppt
mohan jena
 
PPT
Cyber-Security-20211013105857.ppt
Anoop Mishra
 
PPT
Cyber-Security]shhsjjsjsjdjdjjddjjdjh.ppt
AjitGouda4
 
PPT
Cyber-Security-20211013105857.ppt
ssuser77bda9
 
fundamentals of Cybersecurity Lesion 1.pdf
adamgaidam
 
Cyber-Security.ppt
SeniorGaming
 
Cyber-Security-20211013105857.ppt
visik2
 
Cyber-Security-.ppt
karthikvcyber
 
Cyber-Security.ppt
VarunJain65422
 
Cyber-Security-20211013105857.ppt
HArshMangasuli
 
cybertestqas.ppt
JacobJose37
 
Cyber-Security-20211013105857.ppt
UmeshBansal18
 
Cyber-Security-20211013105857.ppt
AshaVijay11
 
Cyber-Security-.ppt
mabiratu
 
cs0123.ppt
HeroZero12
 
Cyber-Security.ppt
chandakujjwal6
 
Cyber-Security-20211013105857 (1).ppt
KeerthikaaThiyagaraj
 
Cyber security by vinod sencha for education
KanakKumarKanak1
 
Cyber-Security-20211013105857.ppt HGJHHKJHJKHKH
bhaimeresuresh
 
Direct infection: virus can infect files every time a user opens that specif...
BUSHRASHAIKH804312
 
Cyber-Security-20211013105857.ppt
mohan jena
 
Cyber-Security-20211013105857.ppt
Anoop Mishra
 
Cyber-Security]shhsjjsjsjdjdjjddjjdjh.ppt
AjitGouda4
 
Cyber-Security-20211013105857.ppt
ssuser77bda9
 
Ad

Recently uploaded (20)

PDF
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
PPTX
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
PDF
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
PPTX
Cardiovascular Pharmacology for pharmacy students.pptx
TumwineRobert
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PDF
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
PDF
Physiotherapy_for_Respiratory_and_Cardiac_Problems WEBBER.pdf
DrMONISHAphysio
 
PDF
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
PPTX
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 
PPTX
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
PDF
TR - Agricultural Crops Production NC III.pdf
avgilmegino3
 
PPTX
COMPUTERS AS DATA ANALYSIS IN PRECLINICAL DEVELOPMENT.pptx
NIKITA BHUTE
 
PPTX
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
PDF
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
PPTX
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
PDF
Business Ethics Teaching Materials for college
CynthiaCastillo40
 
PPTX
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
PDF
Mark Klimek Lecture Notes_240423 revision books _173037.pdf
pascalgumisiriza1
 
PDF
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
Cardiovascular Pharmacology for pharmacy students.pptx
TumwineRobert
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
Physiotherapy_for_Respiratory_and_Cardiac_Problems WEBBER.pdf
DrMONISHAphysio
 
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
TR - Agricultural Crops Production NC III.pdf
avgilmegino3
 
COMPUTERS AS DATA ANALYSIS IN PRECLINICAL DEVELOPMENT.pptx
NIKITA BHUTE
 
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
Business Ethics Teaching Materials for college
CynthiaCastillo40
 
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
Mark Klimek Lecture Notes_240423 revision books _173037.pdf
pascalgumisiriza1
 
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 

Cyber Security-Foundation.ppt

  • 2. Which is the third largest economy? • USA • China • ????
  • 3. Importance of Cyber Security “The only system which is truly secure is one which is switched off and unplugged, locked in a titanium safe, buried in a concrete bunker, and is surrounded by nerve gas and very highly paid armed guards. Even then, I wouldn’t stake my life on it.” - Professor Gene Spafford https://spaf.cerias.purdue.edu/ In security matters: effectiveness & limitations • There is nothing like absolute security • We are only trying to build comfort levels, because security costs money and lack of it costs much more • Comfort level is a manifestation of efforts as well as a realization of their
  • 4. Importance of Cyber Security The Internet allows an attacker to work from anywhere on the planet. Risks caused by poor security knowledge and practice: Identity Theft Monetary Theft Legal Ramifications (for yourself and your organization) Sanctions or termination if policies are not followed According to the SANS Institute, the top vectors for vulnerabilities available to a cyber criminal are: Web Browser IM Clients Web Applications Excessive User Rights
  • 5. Cyber Security • Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access.
  • 7. Cyber Security is Safety • Security:We must protect our computers and data in the same way that we secure the doors to our homes. • Safety: We must behave in ways that protect us against risks and threats that come with technology.
  • 8. False Sense of Security?
  • 9. What is a Secure System? (CIA Triad) Availability • Confidentiality – restrict access to authorized individuals • Integrity – data has not been altered in an unauthorized manner • Availability – information can be accessed and modified by authorized individuals in an appropriate timeframe
  • 10. CIA Triad Protecting information from unauthorized access and disclosure Example: Criminal steals customers’ usernames, passwords, or credit card information Confidentiality
  • 11. CIA Triad Protecting information from unauthorize d modificatio n Example: Someone alters payroll information or a proposed product design Integrity
  • 12. CIA Triad Preventing disruption in how information is accessed Example: Your customers are unable to access your online services Availability
  • 13. Threats and Vulnerabilities What are we protecting our and our stakeholders information from? Threats: Any circumstances or events that can potentially harm an information system by destroying it, disclosing the information stored on the system, adversely modifying data, or making the system unavailable Vulnerabilities: Weakness in an information system or its components that could be exploited.
  • 14. WHAT KINDS OF THREATS ARE THERE? Phishing and Spear- phishing Attacks Social Engineering Scams Common Malware and Ransomware Business Email Compromise Fake websites that steal data or infect devices And much more
  • 15. Phishing Phishing refers to the practice of creating fake emails or SMS that appear to come from someone you trust, such as: Bank, Credit Card Company, Popular Websites The email/SMS will ask you to “confirm your account details or your vendor’s account details”, and then direct you to a website that looks just like the real website, but whose sole purpose is for steal information. Of course, if you enter your information, a cybercriminal could use it to steal your identity and possible make fraudulent purchases with your money.
  • 16. Phishing Statistics Verizon DBIR 2020: Phishing is the biggest cyber threat for SMBs, accounting for 30% of SMB breaches KnowBe4: 37.9% of Untrained Users Fail Phishing Tests 84% of SMBs are targeted by Phishing attacks A new Phishing site launches every 20 seconds 74% of all Phishing websites use HTTPS 94% of Malware is delivered via email
  • 18. Social Engineering When attempting to steal information or a person’s identity, a hacker will often try to trick you into giving out sensitive information rather than breaking into your computer. Social Engineering can happen: Over the phone By text message Instant message Email
  • 19. Malware = “malicious software” Malware is any kind of unwanted software that is installed without your consent on your computer and other digital devices. Viruses, Worms, Trojan horses, Bombs, Spyware, Adware, Ransomware are subgroups of malware. Malware
  • 20. A virus tries to infect a carrier, which in turn relies on the carrier to spread the virus around. A computer virus is a program that can replicate itself and spread from one computer to another. Viruses
  • 21. Direct infection: virus can infect files every time a user opens that specific infected program, document or file. Fast Infection: is when a virus infects any file that is accessed by the program that is infected. Slow infection: is when the virus infects any new or modified program, file or document. Great way to trick a antivirus program! Sparse Infection: is the process of randomly infecting files, etc. on the computer. RAM-resident infection: is when the infection buries itself in your Computer’s Random Access Memory. Viruses cont.
  • 22. Trojan horse: is a program or software designed to look like a useful or legitimate file. Once the program is installed and opened it steals information or deletes data. Trojan horses compared to other types of malware is that it usually runs only once and then is done functioning. Some create back-door effects Another distribution of Trojans is by infecting a server that hosts websites. Downfall of Trojans: very reliant on the user. Trojans
  • 23. Worms and viruses get interchanged commonly in the media. In reality a worm is more dangerous than a virus. User Propagation vs. Self Propagation Worm is designed to replicate itself and disperse throughout the user’s network. Email Worms and Internet Worms are the two most common worm. Worms
  • 24. Email worm goes into a user’s contact/address book and chooses every user in that contact list. It then copies itself and puts itself into an attachment; then the user will open the attachment and the process will start over again! Example: I LOVE YOU WORM Email Worm
  • 25. An Internet Worm is designed to be conspicuous to the user. The worms scans the computer for open internet ports that the worm can download itself into the computer. Once inside the computer the worms scans the internet to infect more computers. Internet Worms
  • 26. Adware is a type of malware designed to display advertisements in the user’s software. They can be designed to be harmless or harmful; the adware gathers information on what the user searches the World Wide Web for. With this gathered information it displays ads corresponding to information collected. Spyware is like adware it spies on the user to see what information it can collect off the user’s computer to display pop ads on the user’s computer. Spyware unlike adware likes to use memory from programs running in the background of the computer to keep close watch on the user. This most often clogs up the computer causing the program or computer to slow down and become un-functional. Adware and Spyware
  • 27. Identity Theft Impersonation by private information Thief can ‘become’ the victim Reported incidents rising Methods of stealing information Shoulder surfing Snagging Dumpster diving Social engineering High-tech methods Identity Theft
  • 28. Loss of privacy Personal information is stored electronically Purchases are stored in a database Data is sold to other companies Public records on the Internet Internet use is monitored and logged None of these techniques are illegal Identity Theft
  • 29. Ransomware Ransomware is a type of malware that restricts your access to systems and files, typically by encryption and then demands a ransom to restore access. Often, systems are infected by ransomware through a link in a malicious email. When the user clicks the link, the ransomware is downloaded to the user’s computer, smartphone or other device. Ransomware may spread through connected networks.
  • 30. Ransomware Controls Weapons-Grade Data Backups Religious Patch Management Plan to Fail Well (Incident Response Plan) Know who to call! Training and Testing Your People Don’t Open that Email Link/Attachment
  • 31. Business/Official Email Compromise BEC is a big problem for you and your organization: Your email is compromised. Another employee of your organization is compromised Almost always, these emails fall into 2 categories: 1. Downloading and spreading additional malware automatically 2. Urging the customer to perform a financial transaction immediately Tips and Tricks to share with customers: BEC made up half of cyber-crime losses in 2019; $75K per scam Standard phishing email awareness – don’t click links or download attachments Pay attention to the email address Enable MFA for business email accounts
  • 38. COVID-19 Cyber Threats • Google: 18+ Million COVID-19 emails in just the one week, in addition to 240M daily COVID-19 spam messages • Phishing up 667% right now • FBI IC3: 4x complaints per day (1K before COVID-19, now 3k-4k per day) • 148% spike in ransomware attacks due to COVID-19 • 30%-40% increase in attacker interest relating to RDP (as measured by Shodan) • 26% increase in e-comm web skimming in March • Healthcare, Financial Services, Medical Suppliers and Manufacturing, Government and Media Outlets all seeing a large increase in cyber threats
  • 39. What does a Cyber Security Professional look like?
  • 40. Eugene Kaspersky, CEO Kaspersky Labs, £1.1bn James Lyne, CTO, SANS David Ulevitch, Founder OpenDNS Katie Moussouris, Microsoft Bug Bounty creator Dr Toogood, MD Digitalis Reputation 8 Erin Jacobs, CSO at UCB Financial Services In reality…
  • 41. How We Protect Information? People Training, education, awareness, repetition Process Governance, oversight, policy, reporting Technology Firewalls, IDS/ISP , SIEM, anti-malware Strong passwords, Logging/monitoring Which is the weakest link?
  • 42. Social Engineering Best Practices USE YOUR SECURITY SPIDER SENSE! ALWAYS validate requests for information if you’re not 100000% sure Call a number YOU know Google it… ALWAYS ASK QUESTIONS! Is this who I think it is FOR SURE? Did someone mention this to me personally, or was it discussed at a staff meeting? Is this the FIRST I’m hearing about this?
  • 43. BEC Best Practices Think through Out of Office emailresponders Avoid using free web-based email for business Not only less-professional, but easier to hack, typosquat, or spoof Domains and email addresses are cheap, especially compared to BEC Register similar domains to yours to prevent typosquatting e.g. delaplex.com vs. delapelx.com Be careful about the information you share on your website or Social Media (LinkedIn, Facebook) about job duties or positions, especially for positions with transactional or purchasing authority
  • 44. Cyber Security and Privacy Starts and Ends with Us! Security Tips Commit to a disciplined practice of information security and continue to refresh yourself so you don’t become a point of vulnerability in our security defenses.
  • 45. Summary • Cybersecurity will require a significant workforce with deep domain knowledge. • Almost everything is hooked up to the internet in some sort of form. • Recent events have widened the eyes of many security experts. • The ability to gain access to high security organizations, infrastructures or mainframes has frightened many people. • Could one click of the mouse start World War III?
  • 46. Thank you! Any Queries?? Ping me:- pawan.kumar@podar.org