tackling the cyber security threat (2016 - v1.0)

Rui Miguel FeioSharing knowledge with the world

TACKLING THE CYBER SECURITY THREATBusinessAcceleratorEvent(2016)


RUI MIGUEL FEIO

• Workingwithcomputerssince9yearsold,backin1984• WorkedforCitibank, IBM,Xerox• WorkedwithmanyBlueChipcompaniesaroundtheworld• Specialises inCyberSecurity• Experienceindifferentsystems(Mainframe,Linux,Windows,Unix,…)• WorkswithRSMPartnersasaSeniorTechnicalLead• Giveslecturesandpresentationsallovertheworld

Key facts:

CYBER SECURITY CONSULTANT


The ”online world” is worth trillions of British Pounds and it’s being

targeted by the criminal world.

But How Safe is It?Almost every

business requires an online presence

today

Online Presence

20%

30%

25%

40%

30%

Contact people / institutions

Customers

Online Education

Social Media

Collaboration

E-commerce

Institutions

Increase Revenue

Security

Business Goals

World Wide Markets

New Ideas

Internet Search

YOUR BUSINESS ONLINE


ONLINE SECURITY THREATS

Risks

Virus

X-SiteScripting

Spoofing

Denial-of-Service attack is a cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users.

Malicious Software is a computer program designed to infiltrate and damage computers without the users consent. It’s the general term covering all the different types of threats to your computer such as viruses, spyware, worms, trojans, rootkits and so on.

Virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes.

Phishing is the attempt to obtain sensitive information such as usernames, passwords, and confidential data, often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.

Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid.

Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application.

Spoofing is the act of falsifying the origin of an internet communication in order to mislead the recipient. It's widely used to create bogus emails or web pages in order to steal money, passwords or banking credentials.


Thedatabreachcostperrecordisinaverageof$154(USD)worldwide.IntheUK,theaveragecostperrecordisof$159(USD)/£128(GBP).

$154COST PER RECORD

ThemosttargetedsectorbyattackerswastheHealthcare,followedbyEducation,Financial,Services,LifeScience,Retail,Communications,Industrial,EnergyandTechnology.

HEALTHTARGETED SECTOR

Theglobalaveragenumberofbreachedrecordswas23,834.IntheUK,theaveragenumberwasof22,759breachedrecords.

23,834RECORDS BREACHED

Globally,maliciousorcriminalattacksaccountedfor48%oftherootcauseofthedatabreach,followedby27%forsystemglitchand25%forhumanerror.IntheUKthesenumberswere51%,24%,and25%respectively.

48%ROOT CAUSE

2016 RESEARCH

* Benchmark research sponsored by IBM Independently conducted by Ponemon Institute LLC June 2016


01HACKERS

Thetermhackerisusedinpopularmediatodescribesomeonewhoattemptstobreakintocomputersystems.Typically,thiskindofhackerwouldbeaproficientprogrammerorengineerwithsufficienttechnicalknowledgetounderstandtheweakpointsinasecuritysystem.

02CRIMINAL ORGS

Criminalactivitiescarriedoutbycriminalorganisations bymeansofcomputersortheInternet.

03HACKTIVISTS

Hacktivistisapersonwhogainsunauthorised accesstocomputerfilesornetworksinordertofurthersocialorpoliticalends.

04NATION STATES

TheNationStateactorhasa'Licence toHack'.Theyworkforagovernmenttodisruptorcompromisetargetgovernments,organisations orindividualstogainaccesstovaluabledataorintelligence,andcancreateincidentsthathaveinternationalsignificance.

05CYBER TERRORISTSAcyber-terroristisacriminalwhousescomputertechnologyandtheInternet,especiallytocausefearanddisruption.Somecyber-terroristsspreadcomputerviruses,andothersthreatenpeople,organisations andnationselectronically.

‘ACTORS’ OF THE ONLINE THREATS


INTERNET OF THINGS

IoT

Manufacturers of the IoTdevies are under pressure to release new gadgets with new functionalities to an ever more demanding customer. However, security is not greatly taken in consideration which creates security risks to individuals, organisations and governments.

Security RiskThere are currently 6.4 billion IoTdevices connected to the internet. It’s estimated that by 2020, there will be 20 to 50 billion IoTdevices connected to the internet.

Internet of Things


MOBILITY

• Mobile devices are moving targets• Most mobile devices are easy to hack

and compromise• Mobile devices may contain private

and business data• Hackers ‘love’ mobile devices• If compromised, they can become entry

points to your home or business IT network

The Downside

• Being able to access data and do business wherever you are is a major advantage and a requirement in the modern world.

Mobility is Good

• Old devices• Operating system not up-to-date• Apps can leak and collect personal

data• Connected to ‘dubious’ free WiFi spots• Devices not protected with access

credentials

Risks and Threats


THE DARK WEB

DarkWebAccessible only through special browsers like TOR, that are designed for anonymity.

Website addresses are not in clear text (e.g. http://3g2upl4pq6kufc4m.onion)

You can get access to drugs, weapons, illegal information, hacking tools, hackers, criminals, credit cards details, private confidential data, login credentials, etc.

InternetThe visible internet that we see when we browse. E.g. Google, Facebook, BBC, company websites, etc.


BE PROACTIVEBE AWAREBE MINDFUL

THREE Bs TO BE SECUREDThesearethe3Bs tohelpyoubesecuredinthecyberworld.Bemindfulofwhatyoudo;alwaysquestionifyou

shouldclickonalink,onanoption,ifyoushouldopenadocument,thesourceofthedocumentoremail.Beawareofthesecurityrisks;keepinformed,askquestions.Don’tputyourselfandyourbusinessatrisk.Beproactive.Don’twaituntilyoursystemsarecompromised.Keepthemup-to-datewiththelatestversionsoftheoperatingsystem,

andsoftware.Applythesecurityfixes.Haveafirewallandananti-virusandkeepthemupdated.Askforprofessional,experiencedhelp.Inthelongrunthiscansaveyoualotofmoney!!

WHAT TO DO


CONTACTS

�

UK [email protected]+44(0)7570911459

www.RuiFeio.com

tf g

lADDRESS EMAIL SOCIAL MEDIA

twitter.com/rfeio

facebook.com/RuiMiguelFeio

linkedin.com/in/rfeio

google.com/+RuiMiguelFeio