Jason C. Belford Information Security Briefing Staff Senate

Slides:

Advertisements

Similar presentations

How to protect yourself, your computer, and others on the internet

Advertisements

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

SECURITY CHECK Protecting Your System and Yourself Source:

Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Other useful information about the presentation ECE 6612 Kyle Koza.

Protecting Information. Who We Are We are working on our Information Assurance MBA This is part of our curriculum; to present on information security.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Your Trusted Partner In All Things IT. 20 Years of IT Experience University Automotive Food Service Banking Insurance Legal Medical Dental Software Development.

Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.

Software Security Testing Vinay Srinivasan cell:

CCT355H5 F Presentation: Phishing November Jennifer Li.

About Phishing Phishing is a criminal activity using social engineering techniques.criminalsocial engineering Phishers attempt to fraudulently acquire.

Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.

Phishing: Trends and Countermeasures Blaine Wilson.

How Phishing Works Prof. Vipul Chudasama.

Internet safety By Kenan.  Viruses are written by malicious programmers who wish to cause problems for other computer users.  The primary source of.

October is National CyberSecurity Awareness Month OIT and IT providers across campus are launching an awareness campaign to provide tips and resources.

Digital Citizen Project By: Frances Murphey Technology and Education.

Computer crimes.

Protecting Yourself from Fraud including Identity Theft Personal Finance.

5 different ways to get tricked on the internet. 1. Viruses A virus is a computer malware program that copies it’s files to the computer. This may allow.

Internet safety. Dangers of a poor password How people guess your password Your partner, child, or pet's name, possibly followed by a 0 or 1 The last.

Cybersecurity Test Review Introduction to Digital Technology.

Malicious Attacks By: Jamie Woznicki Rahul-Anaadi Kurl Alexander Kaufmann Curtis Songer Daniel Cardenas Rivero.

CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)

Cyber security. Malicious Code Social Engineering Detect and prevent.

Fall Phishing - attempt to acquire sensitive information, like bank account information or an account password, by posing as a legitimate entity.

Important Information Provided by Information Technology Center

Technical Implementation: Security Risks

Edexcel GCSE Cyber security threats Computer Science 1CP1

3.6 Fundamentals of cyber security

how to prevent them from being successful

CYBER SECURITY PANDEMIC

DIGITAL CITIZENSHIP What You Should Know!.

Gift Card Risk Mitigation – Presentation A

Lesson 3 Safe Computing.

Secure Software Confidentiality Integrity Data Security Authentication

National Cyber Security Month

I S P S loss Prevention.

Cyber Security Awareness Workshop

Information Security 101 Richard Davis, Rob Laltrello.

Phishing is a form of social engineering that attempts to steal sensitive information.

Protect Your Computer Against Harmful Attacks!

Jon Peppler, Menlo Security Channels

Social Engineering Brock’s Cyber Security Awareness Committee

Cybersecurity Awareness

Cyber Issues Facing Medical Practice Managers

Personal IT Security Cyber Security – Basic Steps

Prepared By : Binay Tiwari

Operating Systems Security

Top Ten Cyber Security Hygiene Tips

Protecting Yourself from Fraud including Identity Theft

Business Compromise and Cyber Threat

Cybersecurity and Cyberhygiene

Phishing “In computing, phishing (also known as carding and spoofing) is a form of social engineering, characterized by attempts to fraudulently acquire.

Spear Phishing Awareness

Dark Web Domain Status Report

Protecting Yourself from Fraud including Identity Theft

Internet Safety By: Ayana Shiggs.

Unit 1.6 Systems security Lesson 1

Internet Safety By: Ayana Shiggs.

Why Cyber Security is important to SME? Useful Tips on how you protect and secure your business. By Ronald Soh from Win-Pro Consultancy Pte Ltd

Cybersecurity Simplified: Phishing

“Workplace Behaviour: Activating your greatest security asset”

Presentation transcript:

Jason C. Belford Information Security Briefing Staff Senate November 2, 2017 Information Security Briefing Staff Senate Jason C. Belford Chief Information Security Officer

Obligatory Legal Disclaimer This presentation is for general educational purposes only, and is not intended as legal or specific security advice. The presenter is neither an attorney nor associated with law enforcement. Opinions presented are those of the presenter, not his employing institution. For legal and information technology security advice, please consult appropriate professionals who can address your particular needs. Slide Number

Threat Landscape Slide Number

Who are the bad guys? Slide Number Rivals Script Kitty Kiddie Nation State Actors Organized Crime Insider Threat Hacktivism Slide Number

What do they want? Slide Number Money Data Trade Secrets Access Everything Revenge Slide Number

Your Email – the Connection to Everything Slide Number https://krebsonsecurity.com/2013/06/the-value-of-a-hacked-email-account/

How are they going to get it? Disregard for laws, policies, rules Exploit Vulnerabilities Malicious Software Social Engineering Phishing Brute Force Slide Number

Security Incidents Slide Number

It is WHEN not IF 2012 2014 2015 2013 Slide Number

Summer 2015 August 14, 2015 August 14, 2015 The University of Virginia shut down access to many of its information technology systems Friday in response to a cyberattack that originated in China, the university announced in a release. Slide Number

Winter 2016 January 20, 2016 Slide Number

UPDATE! November 22, 2016 ...the arraignment Friday of two Nigerian citizens who were extradited from Kuala Lumpur, Malaysia, to Atlanta to face charges. Damilola Solomon Ibiwoye and Olayinka Olaniyi are accused in a series of alleged “phishing scams” targeting Georgia Tech and other colleges and universities across the country. Guilty

Summer 2017 Slide Number

Fall 2017 October 12, 2017 “student accounts were compromised when a fraudulent email told students they could get a reduction in fees.” Slide Number

Most Popular Method? Slide Number

PHISHING Phishing is a fraudulent activity that attempts to acquire sensitive information such as usernames, passwords and credit card numbers by masquerading as a trustworthy and legitimate entity SCAM https://en.wikipedia.org/wiki/Phishing

Phishing for Username / Password – Example Slide Number

Phishing for Money Transfers – Example trr5r@virginia.edu accounting@gmail.com Slide Number

Phishing for Infections – Example Slide Number

Phishing for Infections – Example Slide Number

Cyber Self Defense Slide Number

https://netbadge.virginia.edu/ https://netbadge.virginia.edu/ Find the Domain https://netbadge.virginia.edu/ https://netbadge.virginia.edu/ https://netbadge.virginia.edu/ https://netbadge.virginia.edu/ Slide Number

https://netbadge.virginia.edu/ Find the Domain https://netbadge.virginia.edu/ Ignore everything before the domain! https://virginia.edu.EveLPhish.com/ Slide Number

https://netbadge.virginia.edu https://netbadge.virginia.edu/index.cgi Find the Domain https://netbadge.virginia.edu The 3rd slash may be optional if the domain is the last part of the line https://netbadge.virginia.edu/index.cgi Slide Number

What is UVA doing to help protect you from Phishing? Slide Number

Technical Controls https://securityblog.switch.ch/2015/05/07/protect- your-network-with-dns-firewall/

Non-technical Controls

Phishing Simulation – Fall 2016 Slide Number

Phishing Simulation – Fall 2016 Slide Number http://payroll.virginia.services/?rid=…

DNS Firewall Block Slide Number

2-Step Slide Number

2-Step 10 different methods

Speaking of authentication… Slide Number

Pick a good password Cav2468! Slide Number

Pick a good password Ca$d0V’n, Slide Number

Pick a good password Mr. Thomas Jefferson Slide Number

Wah-hoo-wah,wah-hoo-wah! Pick a good password Wah-hoo-wah,wah-hoo-wah! Slide Number

Pick a good password passphrase Cav2468! Ca$d0V’n, Mr. Thomas Jefferson Wah-hoo-wah,wah-hoo-wah! Number of Characters 8 9 20 25 Character Classes 4 3 How Secure? Weak Very Strong Time to Crack? ~ 1 minute ~ 2 hour 1.25 thousand trillion centuries 5.53 trillion trillion centuries Slide Number

My Advice Freeze your credit Review your credit reports and financial statements Identify the real ”domain” (only click if it makes sense) Do not open unexpected attachments Verify! Verify! Verify! Use long, unique passwords Use 2-step login for any services that allow it Back up your files, regularly Do not provide sensitive information over email When in doubt, stop and ask Slide Number

He who knows best knows how little he knows. --Thomas Jefferson Questions ? He who knows best knows how little he knows. --Thomas Jefferson