1

Cybersecurity 2020Attackers, Attacks and Security Strategies

2

Cybersecurity Challenge

Open and Accessible

IoT Adoption

Budget

ConstraintsExpertise

3

Attack Process

Identification Enumeration Arm UpInitial

ContactCompromise Persistence

Lateral Movement

Exfiltration/ Exploitation

Reuse / Resell / Recycle

4

People Centric Targets

5

Device Centric Targets

6

ncreased sophistication and targeted.

• Successful attacks often lead to password compromise, malware infection, corporate/personal data loss and financial fraud.

7

8

Getting to Know You!

10

Get your Credentials

Hack You

Hack a Site

Buy Them.

Re-engineer your credentials

01 – 02

Password –Pa55W0rD

Facebook PW with FB

Use your Credentials

Social Media

Email

Banking / Financial

Anything else

Credentials

11

12

13

• New breed of highly persistent and stealthy malware.

• Rise in fileless malware and droppers.

• Using highly sophisticated exploits for delivery. No longer need to be in a nation states crosshair to be impacted by their advance cyber weapons.

• Ransomware still common but also seeing increase in stealthier crypto-mining malware.

• Rise in ease of use and availability of cyber crime platforms, Malware/Ransomware as a Service.

14

Ransomware

15

0-Days

Supply Chain Attacks

17

Device

Vulnerability

Target On-Site

Remote Access

Firmware

Remote Access

Company

Credential Theft

Firmware Manipulation

Direct Access

IoT Supply Chain Attacks

18

What Next for Security?

19

Security As A Process

• Visibility

• Detection

• Control

• Reporting

• Measurement

20

Hacking 101 –Phishing to Credential Theft

21

Cybersecurity 2020

Hacking is a process.

Defense should also be a process.

You can be easily targeted.

Network Segmentation is key for IoT.

Passwords are weak use 2FA.

Integrated and automated gives the highest security.