SlideShare a Scribd company logo

Safer Technology Through Threat Awareness and Response

Download as PPTX, PDF
Stephen Cobb, profile picture
Stephen Cobb

This document discusses cyber threats and strategies for improving technology security. It covers: 1. Common cyber threats like malware, hacking using passwords, and deception are discussed. Malware was involved in 69% of breaches and hacking 81% of breaches. 2. Cyber criminals' motivations include spamming, DDoS attacks, click fraud, stealing financial credentials and ransomware to extort money. Hacked devices can be used in 36 abusive ways. 3. Effective defenses include threat awareness, moving beyond passwords for authentication, and regularly scanning devices for malware before and after connecting online.

BusinessTechnologyNews & Politics
1 of 26
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Safer Technology Through Threat Awareness and Response Stephen Cobb, CISSP Senior Security Researcher
Threat awareness = know your enemy We all know there are threats, but do we have a clear picture of them? What are the main threats? What can we do to defend against them?
What is behind data security breaches? 1. Malware involved in 69% of breaches 2. Hacking* used in 81% of breaches Verizon 2012 Data Breach Investigations Report *80% of hacking is passwords: default, missing, guessed, stolen, cracked
3rd element: deception Used in many types of attack, like this recent attempt to plant a Trojan Clicking either link and you will be infected (Unless you are running a good AV program)
What do cyber criminals want with our digital devices and data?
36 ways to abuse a hacked device • Spam zombie • DDoS extortion zombie • Click fraud zombie • Anonymization proxy • CAPTCHA solving zombie • eBay/PayPal fake auctions • Online gaming credentials • Website FTP credentials • Skype/VoIP credentials • Encryption certificates • Fake antivirus • Ransomware • Email account ransom • Webcam image extortion • Bank account data • Credit card data • Stock and 401K accounts • Wire transfer data • Phishing site • Malware download site • Warez piracy server • Child porn server • Spam site • Harvest email contacts • Harvest associated accounts • Access to corporate email • Webmail spam • Stranded abroad scams • Facebook • Twitter • LinkedIn • Google+ • Online gaming characters • Online gaming goods/$$$ • PC game license keys • OS license key Based on original work by Brian Krebs: krebsonsecurity.com Web server Botnet activity Email attacks Virtual goods Reputation hijacking Financial credentials Hostage attacks Account credentials
IMPACTADVANTAGEMONEY CREDENTIALS What’s their motivation?
The Office of Naval Research and the rail gun • Fires a projectile at 5,000 mph with a range of 100 miles • Small businesses responsible for 86 individual sub-contracts worth $20m
Verizon 2012 Data Breach Investigations Report 1 to 10 11 to 100 101 to 1,000 1,001 to 10,000 10,001 to 100,000 Over 100,000 0 100 200 300 400 500 600 720 breaches by size of organization (employees) SMBs
The SMB sweet spot for the cyber-criminally inclined Assets worth looting Level of protection Big enterprise SMB “sweet spot” Consumers
Tools of the trade To get into cyber crime you need: A. To be a programmer? No B. To buy equipment? No C. To have you own servers? No Crime kits are slick, easy-to-use, and you can rent them. Consider the Serenity exploit kit
Safer Technology Through Threat Awareness and Response
Safer Technology Through Threat Awareness and Response
Safer Technology Through Threat Awareness and Response
Thriving markets for credentials
Safer Technology Through Threat Awareness and Response
Safer Technology Through Threat Awareness and Response
Safer Technology Through Threat Awareness and Response
Safer Technology Through Threat Awareness and Response
All driven by proven business strategies
So how do you defend your devices? Three main attacks …. and defenses Scanning Authentication Malware Hacking AwarenessDeception
Scanning doesn’t work if you don’t use it 0% 10% 20% 30% 40% Scan devices while connected Scan devices prior to connection Require AV on mobile devices Measures in use at a sample of 82 healthcare facilities 98% experienced one or more breaches of PHI Ponemon Institute Third Annual Benchmark Study on Patient Privacy & Data Security
Authentication beyond passwords Passwords exposed in 2012: 75,000,000 Need to add a second factor to authentication 2FA raises the bar for attackers trying to get at your corporate network
Awareness: a powerful weapon • Think before you click/open • If it sounds too good… • Just because your friend said… • Resources: • Securing Our eCity • We Live Security • Podcasts and webinars • ESET Smart Security
Security news and how-tos
Thank you! • Visit www.WeLiveSecurity.com

More Related Content

PDF
Nonprofit Cybersecurity Incident Report
Community IT Innovators
 
PDF
Trending it security threats in the public sector
Core Security
 
PPTX
Mobile Strategy Partners Mobile Security
David Eads
 
PPTX
Cyber security
Satbharai Sethar
 
PPTX
CYBERSECURITY | Why it is important?
RONIKMEHRA
 
PPTX
Malware
Michael Carthy
 
PPTX
Cyber Threat Management
Rishi Kant
 
PPTX
Cybersecurity
Eng Hasan Shamroukh CISCO Exams Author
 
Nonprofit Cybersecurity Incident Report
Community IT Innovators
 
Trending it security threats in the public sector
Core Security
 
Mobile Strategy Partners Mobile Security
David Eads
 
Cyber security
Satbharai Sethar
 
CYBERSECURITY | Why it is important?
RONIKMEHRA
 
Malware
Michael Carthy
 
Cyber Threat Management
Rishi Kant
 
Cybersecurity
Eng Hasan Shamroukh CISCO Exams Author
 

What's hot (20)

PDF
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
BeyondTrust
 
PDF
Enemy from Within: Managing and Controlling Access
BeyondTrust
 
PPTX
Cyber security
RIPPER95
 
PPTX
Introduction to Cyber Security
Priyanshu Ratnakar
 
PDF
Securign siem for small business
Rajul Sthapak
 
PPTX
Cyber Vulnerabilities & How companies can test them
24by7Security Inc
 
PPTX
Types of Malware (CEH v11)
EC-Council
 
PPTX
CYBER SECURITY THREATS - Polytechnic Ungku Omar
zakuan zolkefly
 
PPTX
Cyber security and Cyber Crime
Deepak Kumar
 
PPTX
Cyber security threats and its solutions
maryrowling
 
PDF
How to analyze cyber threats
AkankshaPathak27
 
PPTX
Cyber Security - All Over World
Bhawani Singh Chouhan
 
PPTX
Cyber security
manoj duli
 
PDF
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
dadkhah077
 
PDF
Nat'l Cyber Security Awareness Month (NCSAM) Posters
NetLockSmith
 
PPT
V
Tino Cionni
 
PPTX
Cyber security
TaimoorArshad5
 
PDF
NormShield 2018 Cyber Security Risk Brief
NormShield
 
PPTX
Cyber Security
Jay Moliya
 
PPTX
cyber security
BasineniUdaykumar
 
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
BeyondTrust
 
Enemy from Within: Managing and Controlling Access
BeyondTrust
 
Cyber security
RIPPER95
 
Introduction to Cyber Security
Priyanshu Ratnakar
 
Securign siem for small business
Rajul Sthapak
 
Cyber Vulnerabilities & How companies can test them
24by7Security Inc
 
Types of Malware (CEH v11)
EC-Council
 
CYBER SECURITY THREATS - Polytechnic Ungku Omar
zakuan zolkefly
 
Cyber security and Cyber Crime
Deepak Kumar
 
Cyber security threats and its solutions
maryrowling
 
How to analyze cyber threats
AkankshaPathak27
 
Cyber Security - All Over World
Bhawani Singh Chouhan
 
Cyber security
manoj duli
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
dadkhah077
 
Nat'l Cyber Security Awareness Month (NCSAM) Posters
NetLockSmith
 
V
Tino Cionni
 
Cyber security
TaimoorArshad5
 
NormShield 2018 Cyber Security Risk Brief
NormShield
 
Cyber Security
Jay Moliya
 
cyber security
BasineniUdaykumar
 
Ad

Viewers also liked (12)

PDF
Technologies of today
kagecat
 
PPT
Technologies of today
kagecat
 
PPT
Harnessing Science and Technology: Reviving the Philippine Manufacturing Sector
NEDAhq
 
PDF
Technology Trends in Situation Awareness
Brandon Greenberg
 
PPTX
Digital leaders
Bhavneet Singh
 
PPTX
Lesson 1 Empowerment Technology
Maricel Baldomero De Lara
 
PDF
The 2016 CES Report: The Trend Behind the Trend
360i
 
PPTX
Digital globalization: The new era of global flows
McKinsey & Company
 
PDF
The Future Of Work & The Work Of The Future
Arturo Pelayo
 
PDF
SXSW 2016: The Need To Knows
Ogilvy Consulting
 
PPTX
IT in Healthcare
NetApp
 
PDF
[Infographic] How will Internet of Things (IoT) change the world as we know it?
InterQuest Group
 
Technologies of today
kagecat
 
Technologies of today
kagecat
 
Harnessing Science and Technology: Reviving the Philippine Manufacturing Sector
NEDAhq
 
Technology Trends in Situation Awareness
Brandon Greenberg
 
Digital leaders
Bhavneet Singh
 
Lesson 1 Empowerment Technology
Maricel Baldomero De Lara
 
The 2016 CES Report: The Trend Behind the Trend
360i
 
Digital globalization: The new era of global flows
McKinsey & Company
 
The Future Of Work & The Work Of The Future
Arturo Pelayo
 
SXSW 2016: The Need To Knows
Ogilvy Consulting
 
IT in Healthcare
NetApp
 
[Infographic] How will Internet of Things (IoT) change the world as we know it?
InterQuest Group
 
Ad

Similar to Safer Technology Through Threat Awareness and Response (20)

PPTX
Enjoy Safer Technology and Defeat Cyber Criminals
Stephen Cobb
 
PPTX
Why do THEY want your digital devices?
ESET
 
PDF
Guarding the Digital Fortress.pdf
Mverve1
 
PDF
Guarding the Digital Fortress Unmasking 10 Common Types of Cybersecurity Thre...
Mverve1
 
PPTX
It security the condensed version
Brian Pichman
 
PDF
Cyber Security.pdf
preethajoseph5
 
PPTX
How secure are you?
Joe Morris
 
PPTX
Cyber security awareness for end users
NetWatcher
 
PDF
Cybersecurity - Webinar Session
Kalilur Rahman
 
PDF
The Evolving Landscape on Information Security
Simoun Ung
 
PDF
Information Security
Madushan Sandaruwan
 
PPTX
Cyber Security for Financial Planners
Michael O'Phelan
 
PPTX
The Evolution of Cybercrime
Stephen Cobb
 
PPTX
Cyber Security Briefing
Marshall Frett Jr.
 
PPTX
Lec 1- Intro to cyber security and recommendations
BilalMehmood44
 
PPTX
Cyber Security Awareness Program
John Rocco
 
PDF
E security and payment 2013-1
Abdelfatah hegazy
 
PDF
Forthright Security Lunch and Learn - Ransomware Focus 2
David Dubree
 
PPTX
Top 5 Cybersecurity Threats in Retail Industry
Seqrite
 
PDF
Making Sense Of Cybersecurity 1 Converted Thomas Kranz
ivanyaderayw
 
Enjoy Safer Technology and Defeat Cyber Criminals
Stephen Cobb
 
Why do THEY want your digital devices?
ESET
 
Guarding the Digital Fortress.pdf
Mverve1
 
Guarding the Digital Fortress Unmasking 10 Common Types of Cybersecurity Thre...
Mverve1
 
It security the condensed version
Brian Pichman
 
Cyber Security.pdf
preethajoseph5
 
How secure are you?
Joe Morris
 
Cyber security awareness for end users
NetWatcher
 
Cybersecurity - Webinar Session
Kalilur Rahman
 
The Evolving Landscape on Information Security
Simoun Ung
 
Information Security
Madushan Sandaruwan
 
Cyber Security for Financial Planners
Michael O'Phelan
 
The Evolution of Cybercrime
Stephen Cobb
 
Cyber Security Briefing
Marshall Frett Jr.
 
Lec 1- Intro to cyber security and recommendations
BilalMehmood44
 
Cyber Security Awareness Program
John Rocco
 
E security and payment 2013-1
Abdelfatah hegazy
 
Forthright Security Lunch and Learn - Ransomware Focus 2
David Dubree
 
Top 5 Cybersecurity Threats in Retail Industry
Seqrite
 
Making Sense Of Cybersecurity 1 Converted Thomas Kranz
ivanyaderayw
 

More from Stephen Cobb (20)

PPTX
Cybercrime-as-health-crisis-shared.pptx
Stephen Cobb
 
PPTX
Cybersecurity Risk Perception and Communication
Stephen Cobb
 
PPTX
What Makes a Good CISO
Stephen Cobb
 
PDF
Sizing the Cyber Skills Gap
Stephen Cobb
 
PPTX
Security and Wearables: Success starts with security
Stephen Cobb
 
PDF
The Hacking Team Hack: Lessons Learned for Enterprise Security
Stephen Cobb
 
PPTX
How to assess and manage cyber risk
Stephen Cobb
 
PPTX
Cybercrime and the Hidden Perils of Patient Data
Stephen Cobb
 
PPTX
Cybersecurity for the non-technical
Stephen Cobb
 
PPTX
The mobile health IT security challenge: way bigger than HIPAA?
Stephen Cobb
 
PPTX
2015: The year-ahead-in-cyber-security
Stephen Cobb
 
PPTX
NCSAM = Cyber Security Awareness Month: Trends and Resources
Stephen Cobb
 
PPTX
Using Technology and People to Improve your Threat Resistance and Cyber Security
Stephen Cobb
 
PPT
HIPAA, Privacy, Security, and Good Business
Stephen Cobb
 
PPTX
Malware is Called Malicious for a Reason: The Risks of Weaponizing Code
Stephen Cobb
 
PPTX
Malware and the risks of weaponizing code
Stephen Cobb
 
PPTX
The Year Ahead in Cyber Security: 2014 edition
Stephen Cobb
 
PPTX
Using Technology and Techno-People to Improve your Threat Resistance and Cybe...
Stephen Cobb
 
PPTX
Endpoint and Server: The belt and braces anti-malware strategy
Stephen Cobb
 
PPTX
Cyberskills shortage: Where is the cyber workforce of tomorrow
Stephen Cobb
 
Cybercrime-as-health-crisis-shared.pptx
Stephen Cobb
 
Cybersecurity Risk Perception and Communication
Stephen Cobb
 
What Makes a Good CISO
Stephen Cobb
 
Sizing the Cyber Skills Gap
Stephen Cobb
 
Security and Wearables: Success starts with security
Stephen Cobb
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
Stephen Cobb
 
How to assess and manage cyber risk
Stephen Cobb
 
Cybercrime and the Hidden Perils of Patient Data
Stephen Cobb
 
Cybersecurity for the non-technical
Stephen Cobb
 
The mobile health IT security challenge: way bigger than HIPAA?
Stephen Cobb
 
2015: The year-ahead-in-cyber-security
Stephen Cobb
 
NCSAM = Cyber Security Awareness Month: Trends and Resources
Stephen Cobb
 
Using Technology and People to Improve your Threat Resistance and Cyber Security
Stephen Cobb
 
HIPAA, Privacy, Security, and Good Business
Stephen Cobb
 
Malware is Called Malicious for a Reason: The Risks of Weaponizing Code
Stephen Cobb
 
Malware and the risks of weaponizing code
Stephen Cobb
 
The Year Ahead in Cyber Security: 2014 edition
Stephen Cobb
 
Using Technology and Techno-People to Improve your Threat Resistance and Cybe...
Stephen Cobb
 
Endpoint and Server: The belt and braces anti-malware strategy
Stephen Cobb
 
Cyberskills shortage: Where is the cyber workforce of tomorrow
Stephen Cobb
 

Recently uploaded (20)

PPT
Lecture notes on Business Research Methods
obedgyan3
 
PDF
Tata consultancy services case study shri Sharda college, basrur
nityanema19
 
PPTX
Slide gioi thieu VietinBank Quy 2 - 2025
hoadm5190
 
PDF
Susan Semmelmann: Enriching the Lives of others through her Talents and Bless...
CIO WOMEN MAGAIZNE CIO WOMEN MAGAIZNE
 
PDF
Solaris Resources Presentation - Corporate August 2025.pdf
pchambers2
 
PDF
ANALYZING THE OPPORTUNITIES OF DIGITAL MARKETING IN BANGLADESH TO PROVIDE AN ...
IJMIT JOURNAL
 
PPTX
Slide gioi thieu VietinBank Quy 2 - 2025
hoadm5190
 
PDF
Charisse Litchman: A Maverick Making Neurological Care More Accessible
The lifescience magaizne
 
PDF
Keppel_Proposed Divestment of M1 Limited
KeppelCorporation
 
PPTX
basic introduction to research chapter 1.pptx
sangeethanagaraj8
 
PPTX
Negotiation and Persuasion Skills: A Shrewd Person's Perspective
smartanimesh2710
 
PDF
How to Get Business Funding for Small Business Fast
Jake Thornhill
 
PDF
Robin Fischer: A Visionary Leader Making a Difference in Healthcare, One Day ...
The lifescience magaizne
 
PDF
Family Law: The Role of Communication in Mediation (www.kiu.ac.ug)
publication11
 
PDF
Module 3 - Functions of the Supervisor - Part 1 - Student Resource (1).pdf
OmoobaOrun1
 
PPTX
TRAINNING, DEVELOPMENT AND APPRAISAL.pptx
sy2773667
 
PDF
NewBase 12 August 2025 Energy News issue - 1812 by Khaled Al Awadi_compresse...
Khaled Al Awadi
 
PDF
Cours de Système d'information about ERP.pdf
pha nguyen
 
PDF
Nante Industrial Plug Factory: Engineering Quality for Modern Power Applications
gdhdgee963
 
PPTX
2025 Product Deck V1.0.pptxCATALOGTCLCIA
AndreaRominaHoyosSur2
 
Lecture notes on Business Research Methods
obedgyan3
 
Tata consultancy services case study shri Sharda college, basrur
nityanema19
 
Slide gioi thieu VietinBank Quy 2 - 2025
hoadm5190
 
Susan Semmelmann: Enriching the Lives of others through her Talents and Bless...
CIO WOMEN MAGAIZNE CIO WOMEN MAGAIZNE
 
Solaris Resources Presentation - Corporate August 2025.pdf
pchambers2
 
ANALYZING THE OPPORTUNITIES OF DIGITAL MARKETING IN BANGLADESH TO PROVIDE AN ...
IJMIT JOURNAL
 
Slide gioi thieu VietinBank Quy 2 - 2025
hoadm5190
 
Charisse Litchman: A Maverick Making Neurological Care More Accessible
The lifescience magaizne
 
Keppel_Proposed Divestment of M1 Limited
KeppelCorporation
 
basic introduction to research chapter 1.pptx
sangeethanagaraj8
 
Negotiation and Persuasion Skills: A Shrewd Person's Perspective
smartanimesh2710
 
How to Get Business Funding for Small Business Fast
Jake Thornhill
 
Robin Fischer: A Visionary Leader Making a Difference in Healthcare, One Day ...
The lifescience magaizne
 
Family Law: The Role of Communication in Mediation (www.kiu.ac.ug)
publication11
 
Module 3 - Functions of the Supervisor - Part 1 - Student Resource (1).pdf
OmoobaOrun1
 
TRAINNING, DEVELOPMENT AND APPRAISAL.pptx
sy2773667
 
NewBase 12 August 2025 Energy News issue - 1812 by Khaled Al Awadi_compresse...
Khaled Al Awadi
 
Cours de Système d'information about ERP.pdf
pha nguyen
 
Nante Industrial Plug Factory: Engineering Quality for Modern Power Applications
gdhdgee963
 
2025 Product Deck V1.0.pptxCATALOGTCLCIA
AndreaRominaHoyosSur2
 

Safer Technology Through Threat Awareness and Response

  • 1. Safer Technology Through Threat Awareness and Response Stephen Cobb, CISSP Senior Security Researcher
  • 2. Threat awareness = know your enemy We all know there are threats, but do we have a clear picture of them? What are the main threats? What can we do to defend against them?
  • 3. What is behind data security breaches? 1. Malware involved in 69% of breaches 2. Hacking* used in 81% of breaches Verizon 2012 Data Breach Investigations Report *80% of hacking is passwords: default, missing, guessed, stolen, cracked
  • 4. 3rd element: deception Used in many types of attack, like this recent attempt to plant a Trojan Clicking either link and you will be infected (Unless you are running a good AV program)
  • 5. What do cyber criminals want with our digital devices and data?
  • 6. 36 ways to abuse a hacked device • Spam zombie • DDoS extortion zombie • Click fraud zombie • Anonymization proxy • CAPTCHA solving zombie • eBay/PayPal fake auctions • Online gaming credentials • Website FTP credentials • Skype/VoIP credentials • Encryption certificates • Fake antivirus • Ransomware • Email account ransom • Webcam image extortion • Bank account data • Credit card data • Stock and 401K accounts • Wire transfer data • Phishing site • Malware download site • Warez piracy server • Child porn server • Spam site • Harvest email contacts • Harvest associated accounts • Access to corporate email • Webmail spam • Stranded abroad scams • Facebook • Twitter • LinkedIn • Google+ • Online gaming characters • Online gaming goods/$$$ • PC game license keys • OS license key Based on original work by Brian Krebs: krebsonsecurity.com Web server Botnet activity Email attacks Virtual goods Reputation hijacking Financial credentials Hostage attacks Account credentials
  • 8. The Office of Naval Research and the rail gun • Fires a projectile at 5,000 mph with a range of 100 miles • Small businesses responsible for 86 individual sub-contracts worth $20m
  • 9. Verizon 2012 Data Breach Investigations Report 1 to 10 11 to 100 101 to 1,000 1,001 to 10,000 10,001 to 100,000 Over 100,000 0 100 200 300 400 500 600 720 breaches by size of organization (employees) SMBs
  • 10. The SMB sweet spot for the cyber-criminally inclined Assets worth looting Level of protection Big enterprise SMB “sweet spot” Consumers
  • 11. Tools of the trade To get into cyber crime you need: A. To be a programmer? No B. To buy equipment? No C. To have you own servers? No Crime kits are slick, easy-to-use, and you can rent them. Consider the Serenity exploit kit
  • 15. Thriving markets for credentials
  • 20. All driven by proven business strategies
  • 21. So how do you defend your devices? Three main attacks …. and defenses Scanning Authentication Malware Hacking AwarenessDeception
  • 22. Scanning doesn’t work if you don’t use it 0% 10% 20% 30% 40% Scan devices while connected Scan devices prior to connection Require AV on mobile devices Measures in use at a sample of 82 healthcare facilities 98% experienced one or more breaches of PHI Ponemon Institute Third Annual Benchmark Study on Patient Privacy & Data Security
  • 23. Authentication beyond passwords Passwords exposed in 2012: 75,000,000 Need to add a second factor to authentication 2FA raises the bar for attackers trying to get at your corporate network
  • 24. Awareness: a powerful weapon • Think before you click/open • If it sounds too good… • Just because your friend said… • Resources: • Securing Our eCity • We Live Security • Podcasts and webinars • ESET Smart Security
  • 25. Security news and how-tos
  • 26. Thank you! • Visit www.WeLiveSecurity.com