Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jttconnect.com Cyber Security Threats: Understanding and Mitigating the Risk Nic Cofield | Jackson Thornton Technologies.

Similar presentations


Presentation on theme: "Jttconnect.com Cyber Security Threats: Understanding and Mitigating the Risk Nic Cofield | Jackson Thornton Technologies."— Presentation transcript:

1 jttconnect.com Cyber Security Threats: Understanding and Mitigating the Risk Nic Cofield | Jackson Thornton Technologies

2 Cybersecurity Facts jttconnect.com Key Statistics* Heading up the list of the FBI’s Most Wanted List of Cyber Criminals is Evgeniy Bogachev, whose malicious activities are thought to have been responsible for financial losses of up to $100 Million USD.FBI’s Most Wanted List of Cyber Criminals The most costly piece of malicious software, the MyDoom e-mail worm, is thought to have caused $38.5 Billion USD in damages worldwide.the MyDoom e-mail worm A recent spear-phishing attack, based in Eastern Europe, is thought to have caused the theft of $1 Billion USD over 2 years from over 100 different banks.recent spear-phishing attack Leaked documents revealed that Chinese attacks recently cost the US Defense Department over $100 Million USD. Leaked documents A recent study, which polled a sample of US-based companies, showed that the average annualized cost of cyber crime was $12.7 million (96% increase over the past 5 years). Overall, there was a 176% increase in the number of cyber attacks.recent study, Additionally, it was determined that 68% of all funds lost as a result of a cyber-attack were never recovered.68% of all funds lost *Source - Heimdal SecuritySource - Heimdal Security

3 Cybersecurity – What to Know jttconnect.com Given the significant costs of an attack, it’s always good to know exactly that the threats are.

4 Hacking jttconnect.com Hacking Actions taken by someone to gain unauthorized access to a computer. Hackers seek to find weakness in security settings and protocols in order to exploit and gain entry into private systems. Due to widespread access to information, it is very easy for someone to obtain the tools and education needed to perform a sophisticated attack.

5 Hacking - Example jttconnect.com Brute Force Attacks

6 Malware jttconnect.com Malware Generic term for any malicious software that is designed to damage or disable computers and computer systems. Trojans, worms, viruses, spyware, etc. are all type of Malware. Malware can be used to intimidate users, alter or delete information, steal sensitive data, or take control of remote systems.

7 Malware jttconnect.com Examples of Malware

8 Spyware & Adware jttconnect.com Spyware & Adware Used by third-party groups to infiltrate your computer. Collects personal information from the user without his/her knowledge. Spyware & Adware can be difficult to detect and even more difficult to remove. These applications can send usernames, passwords, surfing habits, etc. to unauthorized organizations.

9 Spyware & Adware - Example jttconnect.com Toolbars very commonly carry spyware and adware. It is never recommended to download and install any sort of toolbar within your internet browser.

10 Ransomware jttconnect.com Ransomware Ransomware is a type of malware that restricts access to your computer or your files and displays information requiring payment in order for the restriction to be removed. Data is in a sense “held hostage”. Ransomware can either lock a users’ screen, preventing access, or encrypt local or network drives, preventing access to any of the data that resides within. Commonly spread through phishing e-mails and website pop-up advertisements.

11 Ransomware - Example jttconnect.com In order to lessen the impact of a ransomware infection, it is highly recommended that all sensitive data be backed up regularly. Paying the ransom is no guarantee that access will be restored. Often times, payment of ransom does not lead to resolution of the issue.

12 Phishing jttconnect.com Phishing Phishing is the creation of fraudulent e-mails, text messages, and/or websites in order to try and fool a user into giving out personal or confidential information. Phishing attempts can trick by asking for personal account updates, validation of specific personal information, and can often intimidate a user into taking action that leads to sensitive information being stolen. More targeted attacks, known as Spear Phishing, are becoming more common.

13 Phishing - Example jttconnect.com It.sheridancollege.ca

14 Hidden Costs of A Cyber Attack jttconnect.com There are real, tangible costs associated with a Cyber Attack For example – Ransomware attacks may require payment, or ransom, for the release of compromised information There are other costs associated with Cyber Attacks that need to be taken into consideration Loss of Intellectual Property Damage to Brand – Loss of Customer Trust Furthermore, depending on the type of attack, other financial outlays may be required Organization may be required to purchase identity protection for employees or customers Industry Professionals (IT) may be required to investigate the attack Legal assistance may be required in the event of litigation brought forward as a result of the incident PR/Marketing assistance may be required to assist in “damage control”

15 Safeguards jttconnect.com Consider the administrative, physical, and technical measures that can be put in place to mitigate risk and chance for unauthorized access. Represent the foundation of a strong security posture Ensures that electronic information remains secure and that the organization continues to address security threats

16 Safeguards jttconnect.com Firewall Designed to be first line of defense for your computer network Should filter all data coming in and going out of network Should be configured properly based on organizational policy Should be supported by original manufacturer for hardware failure

17 Safeguards jttconnect.com Malware Protection/Anti-Virus Software Designed to protect against malicious software applications such as viruses, worms, Trojans, etc. Should be installed on all devices that have internet connectivity Should be designed for use in a corporate setting Should be managed and maintained from a central location

18 Safeguards jttconnect.com Mobile Devices Ensure your mobile devices are equipped with strong authentication and access controls. – Ensure laptops have password protection. – Enable password protection on handheld devices (if available). Take extra physical control precautions over the device if password protection is not provided. Protect wireless transmissions from intrusion. Do not transmit unencrypted confidential information across public networks (e.g., Internet, Wi-Fi). Where it is absolutely necessary to commit confidential information to a mobile device or remove a device from a secure area, encrypt the data.

19 Safeguards jttconnect.com Written Policies All organizational policies should be documented All employees should be required to review and sign these policies Suggested Policies include: – Acceptable Use Policy – E-mail Use Policy – Data Backup Policy

20 Safeguards jttconnect.com Passwords Choose a password that is not easily guessed. Below are some examples of strong password characteristics: – At least eight characters in length (the longer the better) – A combination of upper case and lower case letters, one number, and at least one special character, such as a punctuation mark Strong passwords should not include personal information such as: – Birth date – Names of self, family members, or pets – Social security number – Anything that is on your social networking sites or could otherwise be discovered easily by others

21 Safeguards jttconnect.com Passwords Requiring Multi-Factor Authentication For extremely sensitive information, consider multi-factor authentication. Multi-factor authentication combines multiple authentication methods, such as a password plus a fingerprint scan; this results in stronger security protections. Updating Passwords Configure your systems so that passwords must be changed on a regular basis.

22 Developing a Security Culture jttconnect.com Every employee needs to understand the risk and how to protect the information entrusted to them. How to best develop a security culture?

23 Security Culture jttconnect.com Develop a Security Management Strategy Consider a comprehensive plan to detect, defend, prevent, and respond to security incidents. Share the information with your team – confirm that they know the risks and the importance of safeguarding the information. If you are a manager or other leader in your organization, set a good example in attitude and action. Instill taking responsibility for information security as one of your organization’s core values.

24 Security Culture jttconnect.com Organizational Training Educate your workforce Provide an understanding of the current state of security Teach how to properly use e-mail, the internet, etc. Perform regular training – not one and done

25 Risk Assessment IT Security is constantly changing – Threats are evolving everyday – Security professionals work tirelessly to try and stay ahead of the latest trends in IT threats and risks. IT Security can be very daunting – The ability to manage and maintain an appropriate level of security in an organization can be overwhelming – Many organizations simply aren’t aware of their current security posture Independent analysis is often helpful – By identifying and prioritizing potential gaps in an organization’s overall security makeup – By helping to design and plan potential remediation jttconnect.com

26 Summary jttconnect.com Educate yourself and your workforce on Cyber Security threats Ransomware Hackers Malicious Software Assess your organization’s current risk Perform a Security & Risk Assessment Create (if necessary) an IT Risk Management Plan Invest in and develop proper safeguards Technical (Firewalls, Anti-Virus, etc.) Physical (Facility security, DVR Systems, etc.) Administrative (Training, Policies, Procedures, etc.) Create a Security Culture IT Security is an ongoing responsibility – there is non “one and done”

27 Questions? Nic Cofield 334.240.3648 ncofield@jttconnect.com jttconnect.com


Download ppt "Jttconnect.com Cyber Security Threats: Understanding and Mitigating the Risk Nic Cofield | Jackson Thornton Technologies."

Similar presentations


Ads by Google