Download presentation
Presentation is loading. Please wait.
Published byGervais Doyle Modified over 7 years ago
1
November 14, 2016 bit.ly/nercomp_defendingyourdata16
2
Agenda 9:00 -9:15 Agenda and Introductions
9:15 to 9:45 2016 Threat Landscape, Patty Patria 9: :30 Practical Advice for Finding Threats on Your Network, Tim LaGrant 10:30 – 10:45 Break 10: :00 Digital Forensics & Incident Response, Andy Obuchowski 12:00 - 1:00 Lunch 1: :00 Hands on Training, Tim LaGrant and Sherry Horeanopoulous
3
About the Presenters…. Patty Patria, VP for Information Technology, Becker College; CISSP and PMP Tim LaGrant, Technical Director, Becker College Sherry Horeanopoulos, Information Security Officer, Fitchburg State University; CISA Andy Obuchowski, Director at RSM
4
About the Day.... Let’s make this interactive!
Ask questions as they come up. Share ideas you might have on how you address similar problems. Introduce yourself and what you would like to get from the day.
5
Session 1 2016 Threat Landscape
6
2016 Verizon Breach Report Industry Total Small Large Unknown
Education 254 16 29 209 Source: 2016 Verizon Data Breach Report
7
Threat Sources Source: 2016 Verizon Data Breach Report
8
Threat reasons Source: 2016 Verizon Data Breach Report
9
Threat Vectors Source: 2016 Verizon Data Breach Report
10
Threat by device Source: 2016 Verizon Data Breach Report
11
Amount of time to compromise
Source: 2016 Verizon Data Breach Report
12
Major areas of compromise-CVE
Software Vulnerabilities in Adobe and Microsoft are exploited quickly. Source: 2016 Verizon Data Breach Report
13
Major areas of compromise- Phishing
Top Solutions for Phishing: Filter It Continuous Education Layer your most confidential data so even end user malware can’t get to it. Source: 2016 Verizon Data Breach Report
14
Major areas of compromise- Credential compromise
Top Solutions for Credential Compromise: Require strong passwords that change frequently Employ 2-factor authentication Source: 2016 Verizon Data Breach Report
15
Incidents by type Source: 2016 Verizon Data Breach Report
16
Affects on higher education
Attempts Breaches Source: 2016 Verizon Data Breach Report
17
Other things to worry about…
Monetarization of Malware- malware needs to produce revenue, not just be disruptive. This has led to an increase in ATM-related malware, banking Trojans, and ransomware. ZDNet expects ransomware profits to hit 1 Billion this year.
18
Other things to worry about…social
Social Media is the hacker’s new favorite target. Like-jacking is a new exploit where criminals post fake Facebook “like” buttons which download malware to your device. 1 in 10 social media users said they’ve been a victim of a cyber attack . 600,000 Facebook accounts are com-promised every day.
19
Other things to worry about…mobile
In October, an 18 Year old app developer was arrested for almost bringing down 911 systems via cell phones. He posted a link on the TheHackSpot YouTube channel and Twitter and encouraged followers to click on the link. Authorities said they found evidence it had been clicked 1,849 times. Once users clicked the link, their phones were hijacked and the phones constantly dialed 911 until they were turned off. Source:
20
Other things to worry about…Iot
With the Internet of Things (IoT) growing, experts predict large scale DDoS attacks will be the “new normal”. There are currently billions of Internet-connected devices that attackers can hijack and organize into botnets. In October, Netflix, Twitter, Spotify, Reddit, SoundCloud and other major sites went down due to a DDoS attack on Dyn. The Dyn attacked confirmed that tens of millions of IP addresses were utilized as Mirai botnets, many of which were Chinese webcams. Source:
21
Conclusion….. Attacks are on the rise. They are coming from all venues from known vulnerabilities, to phishing, to social media to IoT. It is impossible to stop every attack. However, if you leverage good risk management and employ current technology, you can try to reduce your risk. Source:
22
Questions bit.ly/nercomp_security16
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.