Pre-Talk Vote!

https://tinyurl.com/fartech

Point your camera at this thing with your iPhone built-in camera or Android QR scanner:

Cybersecurity Awareness:C-Suite Considerations

FAR Luncheon

1/17/18

Overview

•Who, why, where, what

•HOW the fun part

•4 things to ask your IT team

•4 things to start doing today

•Further reading and additional resources

Let’s Log In!But first…

http://login.lautman.net

Who?

A hacker bypasses systems and passwords to access confidential information.

Why?

•Political

•$$$ (extortion, cc fraud, company secrets)

•Fun

Where? Attack sources

Internal

Intentional

External

Accidental

Source: Electronic Frontier Foundation

Where?

What data can be targeted?

Proprietary info

Personal info

Passwords

No data

How?The fun part…

How is data compromised?

Physical theft

SQL injection

CrackingSocial

engineering

Malware

Internal

Discussion

•Have you witnessed an attempted attack?

•Have you witnessed a successful attack?

•How did your organization recover?

Let’s Get Hacking!

Step 1: Reconnaissance

•Email harvesting

•Web vulnerability scanning

•Targeted recon

demo

Nessus scan sample result

Nmap scan sample result

Email harvesting sample result

Targeting an individual

• Google

• LinkedIn

• Twitter

• White Pages

• Corporate website

Step 2: Design The Trap

•Trap 1: a virus

•Trap 2: a wireless network

demo

Virus sample

Rogue Wi-Fi Sample

Step 3: Social Engineering

•Gain trust: easier than you think!

•Say please, thank you, smile

•Look official physicallyor virtually (email)

Step 4: Compromise target

•Get target to give me information (fake login)

•Get target to click on my link

Step 5: …profit?

Ransomware

Next Target

Sell info

Leak info

Fun / Grudge

Step 5: impact

Reputational damage

Data loss

Financial loss

Fines

Hidden costs

Further reading

Further reading

Further reading

Next Steps

4 questions to ask your IT team

1. Where is our data?

2. How are we protecting our digital assets?

3. What is our plan to recover from disaster x?

4. When was our last security assessment?

4 things to start doing today

1. As an executive: get involved in infosec

2. Enforce security standards evenly

3. Train your staff

4. Multifactor Authentication

Survey Results

• Survey results here

Source: ISACA State of Cybersecurity 2017

Cybersecurity/Risk AssessmentsHow do they work?

Risk Assessment: Goals

Compliance

Specific concern

Independent review

Budget allocation

Risk Assessment: What To Expect

Network Policies and Procedures Vulnerability Scanning

Penetration Testing Phishing simulation

Risk Assessment: Deliverables

•List of identified vulnerabilities/issues

•Recommended solutions

•LOE estimate for remediation

Additional resources

•Learn about cybersecurity:•Coursera.org – online courses•Hackallthethings.com – online courses•Overthewire.org – war games

•Certifications•CEH•CISSP•CCNP-Security

Dan LautmanDelCor Technology Solutions

dlautman@delcor.comwww.delcor.com1-877-4DELCOR