Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Attack – Not a case of if, but when! Housing Technology 2016 Kevin Doran – Chief Technology Officer Tim Cowland – Principal Consultant.

Published byMark Cannon Modified over 8 years ago

Similar presentations

Presentation on theme: "Cyber Attack – Not a case of if, but when! Housing Technology 2016 Kevin Doran – Chief Technology Officer Tim Cowland – Principal Consultant."— Presentation transcript:

1 Cyber Attack – Not a case of if, but when! Housing Technology 2016 Kevin Doran – Chief Technology Officer Tim Cowland – Principal Consultant

2 The current landscape Why are you at risk? Why worry about Ransomware? How can it get to me? How does it work? What will be the impact? How can I recover? 12 Point Plan Agenda

3 The Current Landscape 86% of UK adults have used the internet in the past 3 months Continued growth of cyber attacks 90% of large and 74% of small organisations suffered a breach in 2014 38% increase in incidents since 2014 Wider hacking community and resources Some organisations failing to keep pace with new threats Greater reliance on IT to deliver services Self service Internet of Things Social Media 480m leaked records reported in 2015 Increase in use of mobile devices to access web (57% - 61%) Estimated that approx. 30,000 web sites are hacked each day

4 Examples of Incidents Examples of reported incidents in the last 12 months: Anthem Insurance Unauthorised access of 80 million records Hackers accessed DOB, e-mail addresses, social security numbers, correspondence Ashley Madison Accessed and subsequently released e-mails and physical addresses of 37m users Followed up with larger release of corporate e-mails Attack designed to extort money V-tech Gained access to parent and child records in ‘Learning Lodge’ 4m parent accounts and 6m ‘kids profiles’ affected (1.2m ‘kid connect’) Threat of customers boycotting use after new T’s and C’s issued Lincolnshire County Council Ransomware attack

5 What Threats Are Out There? Trojan HorseWormRansomwareSpam Phishing Watering Hole DDoS AttackScareware Virus Spear Phishing RootkitSpyware

6 Why are you at risk? Random attacks will reach your staff Often poor staff practices i.e. password controls Potential of targeted ‘spear phishing’ attacks Are you the weakest link in the chain? Could be seen as an easier target Growing volume of information held by organisations Previously cyber risks related to mischief making, now greater risk of financial loss Can the quality of your defence keep pace with growing sophistication of attacks ConfidentialityAvailabilityIntegrity

7 Staff Practices Some questions to ask yourself How aware are your staff of security risks? Do you have a staff guide on what they should look out for? Do you deliver briefing sessions / training? Do you have a tested plan for how to respond to an incident? How effective are your password controls? Use of random characters – not names / dictionary words Increase minimum length Stop the use of sequential passwords Use memorable sentence Consider using a password locker to store and generate secure passwords Approx. 90% of user passwords can be cracked within 1 day 123456 Password1 StarWars Andrew1 Qwerty

8 Focus on Ransomware What is it? A specific type of Malware or malicious code Usually overt in nature, most often advises the victim of infection Designed to elicit a financial ‘ransom’ from the victim Highly evolutionary software adapting in terms of encryption and attack vectors Code is widely available to anyone with intent Only a module in the arsenal of possible malicious code stacks Many ransomware packages are secondary infections of other malware, for example Cryptoware is known to be downloaded by TrojanDownloader:Win 32/Onkods and Upatre

9 Common methods that are used to deploy Ransomware Unsolicited emails, with attachments or web links Compromised web site Part of a wider compromise from other malicious software Increased awareness of anyone using IT systems, that threats and risks are real and the implications of these, is key to any ongoing security strategy. How can it get to me?

10 There are lots of considerations once an incident has occurred: Data loss or even theft Business downtime due to loss of data and during investigation How did the breach occur? Has it affected any B2B systems? Should we pay the ransom? Who is/should be aware of the breach? What could be the impact?

11 There are lots of considerations before or after an incident has occurred: Incident response process in place? Identify the threat, invoke appropriate analysis, plan for systems outage Potential infection may be waiting in multiple mail systems Consider Incident Response Retainer Data recovery could be lengthy and complex Not all data will be affected Subject to access rights, execution time and data types - selective scripted data restores may be needed Is restore media to hand, catalogued, will large volumes need to be mounted to allow small selected restores to take place Ensure there is no re-infection from restored data? How can I Recover?

12 12 Practical Steps to Reduce Risk 1.User education and awareness program 2.Enlist the help of independent security experts to validate your approach 3.Effective email and web content filtering 4.Firewall review and response process 5.Intrusion prevention systems 6.Application firewalls 7.Limitation of access rights, behavioural analysis tools 8.Effective AV deployment 9.Patch Management policy and schedule 10.Compliance, governance 11.Effective, efficient and proven backup and recovery 12.Have an agreed response plan ready

13 Thank you! Kevin Doran – kdoran@sovereign-plc.co.uk Tim Cowland – tcowland@sovereign- plc.co.uk 0208 216 3333 @Tim_sbig / @SovereignPlc

Download ppt "Cyber Attack – Not a case of if, but when! Housing Technology 2016 Kevin Doran – Chief Technology Officer Tim Cowland – Principal Consultant."

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
POSSIBLE THREATS TO DATA

POSSIBLE THREATS TO DATA
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
By Ashlee Parton, Kimmy McCoy, & Labdhi Shah

By Ashlee Parton, Kimmy McCoy, & Labdhi Shah
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.

Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Nate Olson-Daniel Director of Strategic Development & Principal Engineer The Inevitable Attack.

Nate Olson-Daniel Director of Strategic Development & Principal Engineer The Inevitable Attack.
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
First Community Bank www.fcbnm.com Prevx Safe Online Rollout & Best Practice Presentation.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
[Name / Title] [Date] Effective Threat Protection Strategies.

[Name / Title] [Date] Effective Threat Protection Strategies.
Your Trusted Partner In All Things IT. 20 Years of IT Experience University Automotive Food Service Banking Insurance Legal Medical Dental Software Development.

Your Trusted Partner In All Things IT. 20 Years of IT Experience University Automotive Food Service Banking Insurance Legal Medical Dental Software Development.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

Similar presentations

Ads by Google