Presentation is loading. Please wait.

Presentation is loading. Please wait.

John Glenn and David Dinkel PC(USA) Information Technology

Published byKatharina Haupt Modified over 6 years ago

Similar presentations

Presentation on theme: "John Glenn and David Dinkel PC(USA) Information Technology"— Presentation transcript:

1 John Glenn and David Dinkel PC(USA) Information Technology
Cyber Security Threats John Glenn and David Dinkel PC(USA) Information Technology

2 What are the top cyber security threats today?
Malware (esp. combined with social engineering) Phishing (for passwords and other sensitive info) Spearphishing Distributed Denial of Service (DDoS) Attacks Man in the Middle Attacks Credential Stealing and Reuse Pharming Spam Spoofing and Social Engineering attacks WiFi eavesdropping Viruses, Trojan Horses, Worms, Spyware, etc.

3 What are the cyber security threats you are likely to face?
From csoonline.com article by Roger A. Grimes, 8/21/2017 Socially engineered malware (Ransomware) Password phishing attacks Unpatched software Social media threats Advanced persistent threats

4 1. Socially Engineered Malware
User is tricked or coerced into running a malicious program Could be clicking a malicious weblink, opening an infected file or installing compromised software Most common example of socially engineered malware is Ransomware Ransomware encrypts key files on your PC—Word docs, Excel spreadsheets, photos, etc. Impossible to recover your files in most cases

5 1. Socially Engineered Malware (cont.)

6 1. Socially Engineered Malware (cont.)
What can I do if I have been infected with Ransomware? Unfortunately not much. Encryption keys are too complicated Cyber criminals have all of the control In cases of attacks which include large amounts of data (hospitals, government agencies, etc.) paying the ransom may be the only solution. Take a chance and pay the ransom…usually in bitcoins and not easy to setup Keep your computer and wait…sometimes cyber criminals reach a point where they are no longer making money and release the decryption codes

7 2. Password Phishing Attacks
Usually arrive in your inbox and appear to come from legitimate companies They will incorporate real company logos and threatening verbiage (You have to change your password now!) They will instruct you to change your password or provide other personally identifiable information How to deal with this type of attack? Be aware—sometimes if you hover your mouse pointer over a link in the , you will notice the link points to an illegitimate source Some of these s will include bad grammar or spelling errors Deleting the is the best approach

8 3. Unpatched Software All vendor operating systems Windows, Apple OSX, Linux, Apple IOS (iPhone and iPads), Android (phones and tablets), etc regularly release patches and new releases Many of these releases include operating system enhancements but they also often include security patches Upgrade your devices on a regular basis Know how to update each of your devices Pay attention to mainstream news stories that report a security related story because it often means you need to upgrade at least one of your devices Sometimes vendors will release a single patch to address a particularly serious issue—it is important that these types of patches are installed immediately

9 4. Social Media Threats Usually arrive as a friend or application install request and sometimes can contain links to spread malware May be in the form of fake accounts (sometimes look like they are legitimate and usually famous people) and used to spread misinformation Unwitting release of information can be dangerous “I will be on vacation… Divulging too much personally identifiable information can be used by criminals Be careful of what you post, requests you receive and the information you consume

10 5. Advanced Persistent Threats
Usually sophisticated, extremely hard to detect and occur over a long period of time Usually used to steal data and not to disable networks or computers Example is Deep Panda in 2015 where it is believed that China hacked the US Government Office of Personnel Management and compromised 4 million employee records Can be started as part of a spearfishing attack Spearfishing is throwing a threat at a particular target and hoping it sticks—an example is getting an employee to open an infected document or link

11 5. Advanced Persistent Threats (cont.)
Here is what an attacker can do once the initial attack is successful: Install additional hacking tools to map out your network and applications Extract data from key databases and move the data out of the network so that it can be used later Remove all evidence that you have been compromised but maintain network presence for future attacks 5. Advanced Persistent Threats What can you do to protect your organization against ATP attacks? Be extremely careful when reviewing messages—don’t open attachments or click on links unless you are completely confident of the source of the Ensure that your AV software is installed, working and up to date This type of attack most always requires advanced expertise—a dedicated security expert on staff or hiring a MSSP (Managed Security Service Provider)

12 What can you do? Stay focused – this is the most important!
Review every carefully before opening attachments or clicking on links If you are even a bit suspicious, delete and empty your trash Protect yourself with the best of breed anti-virus and anti-malware solutions Back up your data – preferably to two different locations (local and cloud) Find a free cyber security course and take it (and take it seriously) ESET.com and Cybrary.it both offer free courses Stay up to date on your patches! PC’s, phones, tablets and iOT devices (stoves, thermostats, light bulbs, refrigerators, etc). Be cautious when surfing the web Freeware and rogue websites can cause big issues

13 Advances in fighting cyber crime
Better anti-virus/anti-malware solutions based on sophisticated predictive mathematical algorithms that can detect malware patterns (Cylance, Carbon Black and others) Some actually try to keep track of infected URL links and will block them if you accidentally click on them More emphasis on security by subscription services like Office 365 (Advanced Threat Protection) Focus on cyber security awareness and education (staysafeonline.org)

14 Awareness is the key! Learn more about various threats
Awareness is the key!

15 Questions?

Download ppt "John Glenn and David Dinkel PC(USA) Information Technology"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
UT Wing Civil Air Patrol. Objective Identify network and cyber vulnerabilities and mitigations Social Media/Metadata/Exfil data MITM Attacks Malware Social.

UT Wing Civil Air Patrol. Objective Identify network and cyber vulnerabilities and mitigations Social Media/Metadata/Exfil data MITM Attacks Malware Social.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Contents  Viruses Viruses  Computer Worms Computer Worms  Trojans Trojans  Spyware Spyware  Adware Adware  Spam Spam  Hoaxes and Scams Hoaxes and.

Contents  Viruses Viruses  Computer Worms Computer Worms  Trojans Trojans  Spyware Spyware  Adware Adware  Spam Spam  Hoaxes and Scams Hoaxes and.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
IT security By Tilly Gerlack.

IT security By Tilly Gerlack.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
What is Spam? d 0-0.49 min.

What is Spam? d min.
Grants Management Training 200 Cyber Security There are two kinds of people in America today: Those who have experienced a cyber-attack and know it, and.

Grants Management Training 200 Cyber Security There are two kinds of people in America today: Those who have experienced a cyber-attack and know it, and.
Module 2.2 1. 2  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.

Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.
IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands 100 200 300 400 500RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.

IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.

Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
Advanced Guide to E-Mailing. Introduction In this e-mail guide you and explain will learn how to use e-mailing in an advanced way. I will go through on.

Advanced Guide to ing. Introduction In this guide you and explain will learn how to use ing in an advanced way. I will go through on.
PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.

PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.
Cyber security. Malicious Code Social Engineering Detect and prevent.

Cyber security. Malicious Code Social Engineering Detect and prevent.
Technical Implementation: Security Risks

Technical Implementation: Security Risks
Security Risks Todays Lesson Security Risks Security Precautions

Security Risks Todays Lesson Security Risks Security Precautions

Similar presentations

Ads by Google