Presented by Security Management Partners Waltham, MA

Slides:



Advertisements
Similar presentations
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
Advertisements

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
7 Effective Habits when using the Internet Philip O’Kane 1.
David A. Brown Chief Information Security Officer State of Ohio
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
InformationWeek 2014 Strategic Security Survey Research Findings © 2014 Property of UBM Tech; All Rights Reserved.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Cyber Crimes.
Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:
An Insight into the Relationship Between Social Media and the Susceptibility to Malicious Intent Presented by Rebecca Morgan 15/05/2015 >>>>2.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.
Credit unions use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback.
Dell Connected Security Solutions Simplify & unify.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Class 8 The State of Cybercrime Today- Threads & Solutions.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Topic 5: Basic Security.
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
MANAGED SECURITY TESTING PROACTIVELY MANAGING VULNERABILITIES.
Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.
INTRODUCTION & QUESTIONS.
February 2, 2016 | Chicago NFA Cybersecurity Workshop.
Information Security and Technology Overview Presented By: Enterprise Risk Management (ERM) Division Jill Martucci, CISA, SSCP, Senior Allison Hall, Experienced.
FLTCYBERCOM / C10F    U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET    1 Overall Classification of this Briefing is UNCLASSIFIED//FOUO Phishing.
Safe Computing Practices. What is behind a cyber attack? 1.
CURRENT STATUS OF CYBERCRIME  Security is the fastest growing service in IT  Cyber Crime Costs $750 Billion annually  70% of threats arrive via .
CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)
November 14, 2016 bit.ly/nercomp_defendingyourdata16
Presented by: SBS CyberSecurity © SBS CyberSecurity, LLC
Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.
Managing Compliance for All Departments
CYBERSECURITY INCIDENCE IN THE FINANCIAL SERVICES SECTOR March 28, 2017 Presented by Osato Omogiafo Head IT Audit.
Executive Director and Endowed Chair
Cyber Warfare and Importance of Cyber Awareness
Cybersecurity - What’s Next? June 2017
Information Security.
Cyber Crime What’s all the fuss about?
Information Technology Sector
Trends in my profession, Information Technology
Cyber Attacks on Businesses 43% of cyber attacks target small business Only 14% of small business rate their ability to mitigate cyber risk highly.
Dissecting the Cyber Security Threat Landscape
DETAILED Global CYBERSECURITY SURVEY Summary RESULTS
Forensics Week 11.
Jon Peppler, Menlo Security Channels
Today’s Risk. Today’s Solutions. Cyber security and
Cybersecurity Awareness
I have many checklists: how do I get started with cyber security?
Risk of the Internet At Home
Company Overview & Strategy
Cyber Security in the Mortgage Industry
Internet Security Threat Status
Home Internet Vulnerabilities
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
David J. Carter, CISO Commonwealth Office of Technology
Cybersecurity Am I concerned?
Keeping your data, money & reputation safe
Cybercrime and Canadian Businesses
Anatomy of a Large Scale Attack
Steppa Cyber Security Training Tips Your Business Was Seeking For With Cyber Security Training!
How to keep the bad guys out and your data safe
Tom Murphy Chief Information Security Officer
What is Phishing? Pronounced “Fishing”
Spear Phishing Awareness
Security in mobile technologies
In the attack index…what number is your Company?
CYBER RISKS IN SECURITIES SERVICES
Anatomy of a Common Cyber Attack
Presentation transcript:

Presented by Security Management Partners Waltham, MA Cybersecurity Presented by Security Management Partners Waltham, MA Security Management Partners Internal Use Only

Security Management Partners Internal Use Only Your Speaker Peter Bamber, CISA, CRISC, CISSP VP, Information Security Consulting Services, SMP Security Management Partners Internal Use Only

Cybersecurity Awareness The Federal Financial Institutions Examination Council (FFIEC) members are taking a number of initiatives to raise the awareness of financial institutions and their critical third-party service providers with respect to cybersecurity risks and the need to identify, assess, and mitigate these risks in light of the increasing volume and sophistication of cyber threats https://www.ffiec.gov/cybersecurity.htm Security Management Partners Internal Use Only

Assesses the complexity of an institution’s operating environment Data/communication connections Transaction and payment initiation process Management of information technology products and services Security Management Partners Internal Use Only

Assess Current Practices Current cybersecurity posture Target state for cyber security Identify and prioritize opportunities for improvement Within the context of a continuous and repeatable process Assess progress toward the target state Communicate among internal and external stakeholders about cyber security risk http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214-final.pdf Security Management Partners Internal Use Only

No longer just focus on Fraud Internet based threats Fall-out from Cyberwar Security Management Partners Internal Use Only

FFIEC Cyber Review Feedback Increase your understanding of the specific threats you face! Be prepared to demonstrate your threat management process is effective! Security Management Partners Internal Use Only

Security Management Partners Internal Use Only What is expected Demonstrate understanding of cybersecurity risks your institution and the banking industry Strategies and tactics to identify and mitigate those risks Documenting a program is not enough! Security Management Partners Internal Use Only

Major hazards per the FBI Account takeovers Third-party payment processor breaches Securities and market trading company breaches ATM skimming breaches Mobile banking breaches Insider access Supply chain infiltration Telecommunication network disruption http://newjersey.nacdonline.org/files/ChaptersLayout/ChapterContent/NewJersey/Advisen_Cyber_Whitepaper_Financial_Institutions%20%28Oct-2012%29%20%283%29_1355946722466_1.pdf Security Management Partners Internal Use Only

Community Banking Cyberthreats Malicious software, or "malware" DDoS attacks ACH/payment account takeover Data leakage Third-party/cloud vendor risks Mobile/web application vulnerabilities Weaknesses - project management or change management http://www.communitybankingconnections.org/articles/2014/Q1/cybersecurity.cfm Security Management Partners Internal Use Only

Security Management Partners Internal Use Only Targets Majority of cyber attacks in 2013 mimicked social networking sites - 35.4% Financial and phishing targets - fake banking sites, payment systems and online stores -31.45% Mail services - 3rd with 23.3% of attacks https://securelist.com/analysis/kaspersky-security-bulletin/59411/financial-cyber-threats-in-2013-part-1-phishing/ Security Management Partners Internal Use Only

Security Management Partners Internal Use Only Phishing-2013 31.45% of all phishing attacks in 2013 targeted financial institutions 22.2% of all attacks involved fake bank websites Banking phishing doubled from previous year https://securelist.com/analysis/kaspersky-security-bulletin/59411/financial-cyber-threats-in-2013-part-1-phishing/ Security Management Partners Internal Use Only

Security Management Partners Internal Use Only Spearphishing 2013 Targeted attacks aimed at Small Businesses 1-250 employees - 30% of targeted attacks 1 in 5 small business organizations with at least one spear-phishing email 39% of targeted spear-phishing attacks were sent to Large Enterprises 2,500+ employees 1 in 2 of which were targeted with at least one attack http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v19_21291018.en-us.pdf Security Management Partners Internal Use Only

Targeted Attacks – Web-Based Malware was found on 1 in 566 websites -Symantec www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v19_21291018.en-us.pdf Security Management Partners Internal Use Only

Security Management Partners Mobile Threats Malicious apps, mobile malware reaches 1 million mark Trend Micro, there are over one million malicious applications available for download on the Android market 10/1/2013 McAfee Labs- 17,000 new unique forms of mobile malware targeting Android-based devices Q2 2013 21% over 14,000 new unique strains in Q1 2013 http://www.zdnet.com/malicious-apps-mobile-malware-reaches-1-million-mark-7000021371/ "McAfee Threats Report: Second Quarter 2013," http://www.mobilepaymentstoday.com/article/219713/Mobile-malware-to-have-doubled-in-2013-says-McAfee Security Management Partners

Social Engineering-SMS App stores Illegitimate Sources of Mobile Apps Malicious Apps that Look Legitimate “Legitimate” apps used for bad purposes! Security Management Partners Internal Use Only

Security Management Partners Internal Use Only Malware Have also become a cybercriminal target The FAKETOKEN malware mimics the token generator app of a financial institution Users end up giving out their password to avoid receiving an error message Once users enter their password, the malware generates a fake token and sends the stolen information to a specific number http://about-threats.trendmicro.com/us/mobile/monthly-mobile-review/2013-08-mobile-banking-threats Security Management Partners Internal Use Only

Caller ID and SMS Spoofing Legitimate use of apps? http://www.spoofmytext.com/ http://www.sendanonymoussms.com http://textopirate.com/en Security Management Partners Internal Use Only

Physical Social Engineering Attackers will simply go into a building and take the information they need *Content on the “physical“pages from Wikipedia Security Management Partners Internal Use Only

Security Management Partners Internal Use Only Wireless Hotspots WiFi signals are radio waves Anyone near a public WiFi network can listen in Public WiFi hotspots don't encrypt the data being transmitted through them! http://blog.lifestore.aol.com/2013/03/10/public-wifi-hotspot-security/ Security Management Partners Internal Use Only

Security Management Partners Internal Use Only Social Media Concerns Facebook links- “I have found a funny picture of you!” Links to a malware site Charitable requests Are they real should you be accessing on a business system? Amazon and other ecommerce site links sent through Twitter and Facebook! Security Management Partners Internal Use Only

Security Management Partners Internal Use Only Vendor Management Breach at Goodwill Vendor Lasted 18 Months https://krebsonsecurity.com/2014/09/breach-at-goodwill-vendor-lasted-18-months/ 76% of data breaches resulted from a third-party who introduced security deficiencies that were exploited Trustwave 2012 Global Security Report Review vendor security prior to contract Assess and improve vendor program on a regular schedule Align with the business and other stakeholders Put audit language in contracts Business critical vendors must have greater oversight Monitor regularly Security Management Partners Internal Use Only

Security Management Partners Internal Use Only Big Picture Top Down approach Understand the NIST framework http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214-final.pdf Combine cybersecurity and risk management strategy Improve governance Information sharing Cybersecurity training Security Management Partners Internal Use Only

Security Management Partners Internal Use Only Steps to take Understand threats to business critical systems Conduct a review of cyber controls Both in house and outsourced Review impact and controls of all new technologies Prior to introduction Enhance Incident Response plan Utilize outside experts to augment your review process and IR plan Security Management Partners Internal Use Only

Thank you for Time Questions? Please contact us: Doug Gerth Dgerth@smpone.com 781-890-7671 Security Management Partners Internal Use Only

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.