Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Pre-Talk Vote!
https://tinyurl.com/fartech
Point your camera at this thing with your iPhone built-in camera or Android QR scanner:
Cybersecurity Awareness:C-Suite Considerations
FAR Luncheon
1/17/18
Overview
•Who, why, where, what
•HOW the fun part
•4 things to ask your IT team
•4 things to start doing today
•Further reading and additional resources
Who?
A hacker bypasses systems and passwords to access confidential information.
Why?
•Political
•$$$ (extortion, cc fraud, company secrets)
•Fun
Where? Attack sources
Internal
Intentional
External
Accidental
Source: Electronic Frontier Foundation
Where?
What data can be targeted?
Proprietary info
Personal info
Passwords
No data
How?The fun part…
How is data compromised?
Physical theft
SQL injection
CrackingSocial
engineering
Malware
Internal
Discussion
•Have you witnessed an attempted attack?
•Have you witnessed a successful attack?
•How did your organization recover?
Let’s Get Hacking!
Step 1: Reconnaissance
•Email harvesting
•Web vulnerability scanning
•Targeted recon
demo
Nessus scan sample result
Nmap scan sample result
Email harvesting sample result
Targeting an individual
• White Pages
• Corporate website
Step 2: Design The Trap
•Trap 1: a virus
•Trap 2: a wireless network
demo
Virus sample
Rogue Wi-Fi Sample
Step 3: Social Engineering
•Gain trust: easier than you think!
•Say please, thank you, smile
•Look official physicallyor virtually (email)
Step 4: Compromise target
•Get target to give me information (fake login)
•Get target to click on my link
Step 5: …profit?
Ransomware
Next Target
Sell info
Leak info
Fun / Grudge
Step 5: impact
Reputational damage
Data loss
Financial loss
Fines
Hidden costs
Further reading
Further reading
Further reading
Next Steps
4 questions to ask your IT team
1. Where is our data?
2. How are we protecting our digital assets?
3. What is our plan to recover from disaster x?
4. When was our last security assessment?
4 things to start doing today
1. As an executive: get involved in infosec
2. Enforce security standards evenly
3. Train your staff
4. Multifactor Authentication
Source: ISACA State of Cybersecurity 2017
Cybersecurity/Risk AssessmentsHow do they work?
Risk Assessment: Goals
Compliance
Specific concern
Independent review
Budget allocation
Risk Assessment: What To Expect
Network Policies and Procedures Vulnerability Scanning
Penetration Testing Phishing simulation
Risk Assessment: Deliverables
•List of identified vulnerabilities/issues
•Recommended solutions
•LOE estimate for remediation
Additional resources
•Learn about cybersecurity:•Coursera.org – online courses•Hackallthethings.com – online courses•Overthewire.org – war games
•Certifications•CEH•CISSP•CCNP-Security
Dan LautmanDelCor Technology Solutions