Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity: Don’t Be Scared; Be Prepared Dean Choudhri, CISSP, CISM, CRISC Assistant Vice President, Cybersecurity and Information Assurance Alloya.

Published byLeo Nichols Modified over 5 years ago

Similar presentations

Presentation on theme: "Cybersecurity: Don’t Be Scared; Be Prepared Dean Choudhri, CISSP, CISM, CRISC Assistant Vice President, Cybersecurity and Information Assurance Alloya."— Presentation transcript:

1 Cybersecurity: Don’t Be Scared; Be Prepared Dean Choudhri, CISSP, CISM, CRISC Assistant Vice President, Cybersecurity and Information Assurance Alloya Corporate FCU

2 Agenda Current Cybersecurity Landscape
What You Can Do to Protect Your Credit Union & Members What the Future Holds (Hint: Wash, Rinse, Repeat)

3 Everything Old Is New Again
Analyzed current cybersecurity investigative reports from FBI and large security services provider What we learned: Small businesses are primary targets Ransomware is on the rise Phishing attacks continue to dominate The human factor continues to be a weakness

4 Cybersecurity Threats
The threats below accounted for nearly 2/3 of all security incidents at financial institutions: Ransomware Financial Malware Phishing and Business Compromise

5 Who Are The Perpetrators
Nearly 75% of attacks were by outsiders Generally, members of small criminal organizations Small percentage of nation states (comparatively) Remaining 25% were insiders Difficult to detect a legitimate user who is stealing your data (Honest) mistakes happen; nearly 20% of incidents caused by insiders were accidental

6 Data Breach Costs

7 How Much Is This Going To Cost?
Reputational damage Members leaving the credit union Everyday, operational costs (you still need to run your credit union!) Consider a Cyber Insurance Policy

8 Who Are The Victims? The short answer is EVERYONE
Senior citizens experienced the greatest losses: What is the member demographic of your credit union?

9 Top 10 States By Number Of Victims
Combined NJ, NY and PA rank second highest in country

10 Top 10 Sates By Victim Loss
Source: 2017 IC3 Report

11 Top 10 Crimes

12 Types Of Crimes

13 Ransomware Malicious software installed on your computer often via phishing s Encrypts data on your computer or network Must pay a ransom for decryption key!

14 Hackers Most Preferred Method
is the primary way to conduct business AND is the primary attack method used to: Commit fraud Steal your identity Install ransomware Steal personal account information Capture your online credentials

15 Phishing/Business Email Compromise
s that appear to be from legitimate institutions NACHA, Amazon, FedEx, Microsoft, LinkedIn, Facebook, etc. Entice you to click on link or attachment 4% of users will always click! Business Compromise (BEC) Spoof company accounts and impersonate executives Use hacked accounts of your vendors to send invoices to AP department

16

17 Not a real Amazon.com email address
More links… Clicking on any of the links in this could result in malware being installed on your computer, credential theft, and account takeover

18

19 Not a valid Microsoft.com email address
Includes link to click on Safety Tip: Hovering over the link will show you the actual website you will be direct to. It’s not Microsoft!

20 BEC Is On The Rise July 2018 FBI issues PSA regarding BEC
Asian banks primary destination of funds Since 2013 $12 billion in losses worldwide Nearly $3 billion from U.S. victims More than half of that amount was during the previous 18 months

21 Business Email Compromise
Who are the targets?

22 Business Email Compromise
Ransomware is on the rise Phishing attacks continue to dominate The human factor continues to be a weakness

23

24 Generic. There is no contact number, email address, etc.
To prevent spoofing, Alloya tags all s that originate from outside of the organization Hovering over the link shows you the actual website you will be visiting. Generic. There is no contact number, address, etc. Staff should be instructed to call a verified number to validate

25

26 Include Link which would ask for me to sign in with my account credentials

27 Possible Initiatives To Enhance Cybersecurity
Upgrade systems and third-party tools Move (carefully and with a lot of thought) additional systems and applications to the Cloud Increase member and staff education Further restrict non-business use of credit union systems

28 How To Inform Members And Staff About Cybersecurity
Newsletters Postings on website blasts In person (at branch or in office)

29 Low Cost, High Impact Protection/Prevention
Security awareness costs nothing and can save big $$$ Inform staff about the dangers of phishing and BEC. Advise staff that they should contact the requestor (even the CEO) via phone or in person (not via !) to verify a request. Use known and verified contact numbers. Security awareness culture starts at the top. Be aware of your online presence. Your LinkedIn profile can make you a potential target.

30 Protection/Prevention
Continuous security training at Alloya: Annually Online, one hour session required for everyone Periodically Online, short five-minute sessions Send notifications and reminders Test users by sending phishing s Results: We have seen significant and measurable improvements: Understanding danger and their security role Ability to detect phishing and business compromise scams

31 Protection/Prevention
Do not allow users to install software. is for work purposes only. Do not tie your personal business (Amazon, Apple, personal banking) to your work address. Patch systems quickly. Use and UPDATE your anti-virus software, use anti-malware software. Newer AV uses AI for increased protection.

32 What’s Around The Corner?
It is expected that current threats facing financial institutions will continue to make up majority of incidents. Ransomware will continue to be a growing threat. Low cost; hackers make money by asking for money Virtual currency payments Social engineering via: Business Compromise Phishing! Phone and Text

33 Free Cybersecurity Resources
NCUA Cybersecurity: Phishing: Center For Internet Security: SANS: Premier View! We regularly post alerts regarding the latest security topics.

34

35 Thank you! Dean Choudhri, CISSP, CISM, CRISC Assistant Vice President, Cybersecurity & Information Assurance (518)

Download ppt "Cybersecurity: Don’t Be Scared; Be Prepared Dean Choudhri, CISSP, CISM, CRISC Assistant Vice President, Cybersecurity and Information Assurance Alloya."

Similar presentations

Account HIGHJACKING & IDENTITY THEFT GPCE Credit Union has prepared a slide show presentation to examine the most prevalent financial crimes at work today.

Account HIGHJACKING & IDENTITY THEFT GPCE Credit Union has prepared a slide show presentation to examine the most prevalent financial crimes at work today.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.

Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
FRAUD, ONE OF THE FASTEST GROWING SEGMENTS OF OUR INDUSTRY Joseph Bajic, Chief Compliance Officer and Vice-President, Compliance.

FRAUD, ONE OF THE FASTEST GROWING SEGMENTS OF OUR INDUSTRY Joseph Bajic, Chief Compliance Officer and Vice-President, Compliance.
BTT12OI.  Do you know someone who has been scammed online? What happened?  Been tricked into sending someone else money (not who they thought they were)

BTT12OI.  Do you know someone who has been scammed online? What happened?  Been tricked into sending someone else money (not who they thought they were)
Grants Management Training 200 Cyber Security There are two kinds of people in America today: Those who have experienced a cyber-attack and know it, and.

Grants Management Training 200 Cyber Security There are two kinds of people in America today: Those who have experienced a cyber-attack and know it, and.
U.S. Businesses Targeted Randy Wolverton Brian J. Koechner.

U.S. Businesses Targeted Randy Wolverton Brian J. Koechner.
Proprietary and Confidential Don’t be the Next Cyber Crime Statistic C. Kevin deBrucky, Vice President PINACLE ® Security Manager.

Proprietary and Confidential Don’t be the Next Cyber Crime Statistic C. Kevin deBrucky, Vice President PINACLE ® Security Manager.
Https://www.youtube.com/watch?v=1hpU_Neg1KA. INTRODUCTION & QUESTIONS.

INTRODUCTION & QUESTIONS.
Computer Crime: Identity Theft, Misuse of Personal Information, and How to Protect Yourself (Tawny Walsh, Irina Lohina, Renair Jackson, Jahmele Betterson,

Computer Crime: Identity Theft, Misuse of Personal Information, and How to Protect Yourself (Tawny Walsh, Irina Lohina, Renair Jackson, Jahmele Betterson,
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.

Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.

Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.
CURRENT STATUS OF CYBERCRIME  Security is the fastest growing service in IT  Cyber Crime Costs $750 Billion annually  70% of threats arrive via email.

CURRENT STATUS OF CYBERCRIME  Security is the fastest growing service in IT  Cyber Crime Costs $750 Billion annually  70% of threats arrive via .
PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.

PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.
Cyber security. Malicious Code Social Engineering Detect and prevent.

Cyber security. Malicious Code Social Engineering Detect and prevent.

Similar presentations

Ads by Google