tackling the cyber security threat (2016 - v1.0)
TRANSCRIPT
Rui Miguel FeioSharing knowledge with the world
TACKLING THE CYBER SECURITY THREATBusinessAcceleratorEvent(2016)
Rui Miguel FeioSharing knowledge with the world
RUI MIGUEL FEIO
• Workingwithcomputerssince9yearsold,backin1984• WorkedforCitibank, IBM,Xerox• WorkedwithmanyBlueChipcompaniesaroundtheworld• Specialises inCyberSecurity• Experienceindifferentsystems(Mainframe,Linux,Windows,Unix,…)• WorkswithRSMPartnersasaSeniorTechnicalLead• Giveslecturesandpresentationsallovertheworld
Key facts:
CYBER SECURITY CONSULTANT
Rui Miguel FeioSharing knowledge with the world
The ”online world” is worth trillions of British Pounds and it’s being
targeted by the criminal world.
But How Safe is It?Almost every
business requires an online presence
today
Online Presence
20%
30%
25%
40%
30%
Contact people / institutions
Customers
Online Education
Social Media
Collaboration
E-commerce
Institutions
Increase Revenue
Security
Business Goals
World Wide Markets
New Ideas
Internet Search
YOUR BUSINESS ONLINE
Rui Miguel FeioSharing knowledge with the world
ONLINE SECURITY THREATS
Risks
Virus
X-SiteScripting
Spoofing
Denial-of-Service attack is a cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users.
Malicious Software is a computer program designed to infiltrate and damage computers without the users consent. It’s the general term covering all the different types of threats to your computer such as viruses, spyware, worms, trojans, rootkits and so on.
Virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes.
Phishing is the attempt to obtain sensitive information such as usernames, passwords, and confidential data, often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.
Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid.
Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application.
Spoofing is the act of falsifying the origin of an internet communication in order to mislead the recipient. It's widely used to create bogus emails or web pages in order to steal money, passwords or banking credentials.
Rui Miguel FeioSharing knowledge with the world
Thedatabreachcostperrecordisinaverageof$154(USD)worldwide.IntheUK,theaveragecostperrecordisof$159(USD)/£128(GBP).
$154COST PER RECORD
ThemosttargetedsectorbyattackerswastheHealthcare,followedbyEducation,Financial,Services,LifeScience,Retail,Communications,Industrial,EnergyandTechnology.
HEALTHTARGETED SECTOR
Theglobalaveragenumberofbreachedrecordswas23,834.IntheUK,theaveragenumberwasof22,759breachedrecords.
23,834RECORDS BREACHED
Globally,maliciousorcriminalattacksaccountedfor48%oftherootcauseofthedatabreach,followedby27%forsystemglitchand25%forhumanerror.IntheUKthesenumberswere51%,24%,and25%respectively.
48%ROOT CAUSE
2016 RESEARCH
* Benchmark research sponsored by IBM Independently conducted by Ponemon Institute LLC June 2016
Rui Miguel FeioSharing knowledge with the world
01HACKERS
Thetermhackerisusedinpopularmediatodescribesomeonewhoattemptstobreakintocomputersystems.Typically,thiskindofhackerwouldbeaproficientprogrammerorengineerwithsufficienttechnicalknowledgetounderstandtheweakpointsinasecuritysystem.
02CRIMINAL ORGS
Criminalactivitiescarriedoutbycriminalorganisations bymeansofcomputersortheInternet.
03HACKTIVISTS
Hacktivistisapersonwhogainsunauthorised accesstocomputerfilesornetworksinordertofurthersocialorpoliticalends.
04NATION STATES
TheNationStateactorhasa'Licence toHack'.Theyworkforagovernmenttodisruptorcompromisetargetgovernments,organisations orindividualstogainaccesstovaluabledataorintelligence,andcancreateincidentsthathaveinternationalsignificance.
05CYBER TERRORISTSAcyber-terroristisacriminalwhousescomputertechnologyandtheInternet,especiallytocausefearanddisruption.Somecyber-terroristsspreadcomputerviruses,andothersthreatenpeople,organisations andnationselectronically.
‘ACTORS’ OF THE ONLINE THREATS
Rui Miguel FeioSharing knowledge with the world
INTERNET OF THINGS
IoT
Manufacturers of the IoTdevies are under pressure to release new gadgets with new functionalities to an ever more demanding customer. However, security is not greatly taken in consideration which creates security risks to individuals, organisations and governments.
Security RiskThere are currently 6.4 billion IoTdevices connected to the internet. It’s estimated that by 2020, there will be 20 to 50 billion IoTdevices connected to the internet.
Internet of Things
Rui Miguel FeioSharing knowledge with the world
MOBILITY
• Mobile devices are moving targets• Most mobile devices are easy to hack
and compromise• Mobile devices may contain private
and business data• Hackers ‘love’ mobile devices• If compromised, they can become entry
points to your home or business IT network
The Downside
• Being able to access data and do business wherever you are is a major advantage and a requirement in the modern world.
Mobility is Good
• Old devices• Operating system not up-to-date• Apps can leak and collect personal
data• Connected to ‘dubious’ free WiFi spots• Devices not protected with access
credentials
Risks and Threats
Rui Miguel FeioSharing knowledge with the world
THE DARK WEB
DarkWebAccessible only through special browsers like TOR, that are designed for anonymity.
Website addresses are not in clear text (e.g. http://3g2upl4pq6kufc4m.onion)
You can get access to drugs, weapons, illegal information, hacking tools, hackers, criminals, credit cards details, private confidential data, login credentials, etc.
InternetThe visible internet that we see when we browse. E.g. Google, Facebook, BBC, company websites, etc.
Rui Miguel FeioSharing knowledge with the world
BE PROACTIVEBE AWAREBE MINDFUL
THREE Bs TO BE SECUREDThesearethe3Bs tohelpyoubesecuredinthecyberworld.Bemindfulofwhatyoudo;alwaysquestionifyou
shouldclickonalink,onanoption,ifyoushouldopenadocument,thesourceofthedocumentoremail.Beawareofthesecurityrisks;keepinformed,askquestions.Don’tputyourselfandyourbusinessatrisk.Beproactive.Don’twaituntilyoursystemsarecompromised.Keepthemup-to-datewiththelatestversionsoftheoperatingsystem,
andsoftware.Applythesecurityfixes.Haveafirewallandananti-virusandkeepthemupdated.Askforprofessional,experiencedhelp.Inthelongrunthiscansaveyoualotofmoney!!
WHAT TO DO
Rui Miguel FeioSharing knowledge with the world
CONTACTS
�
UK [email protected]+44(0)7570911459
www.RuiFeio.com
tf g
lADDRESS EMAIL SOCIAL MEDIA
twitter.com/rfeio
facebook.com/RuiMiguelFeio
linkedin.com/in/rfeio
google.com/+RuiMiguelFeio