IT Security: Hacking News - PowerPoint Presentation

Slide1

IT Security: Hacking News

IT Security: Hacking News

6/1/16: Hackers infected

, at least,

3 regional

power authorities in Ukraine, causing blackouts across the Ivano-Frankivsk

region.

IT Security: Hacking News

5

/1/16: Hackers

place the malicious file inside emails masquerading as delivery notifications, unpaid invoices, and

such.

Once the file is launched, encrypts the victim’s hard-disk, displays ransom note where victims are supposed to pay to recover their files.

IT Security: Hacking News

24/12/15:

Hyatt Hotels Corporation

notified

its customers that credit card numbers

& other

sensitive

info

may have been stolen after it found malware on the computers that process customer payments. 

IT Security: Hacking News

17/12/15

: downloaded 1.6m passengers info,

used

it to defraud

hundreds of customers by convincing them that there was some issue with their booking flights, and they had to pay extra fees 

IT Security: Hacking News

30/11/15:

the personal details of about

4.8m

parents and photos of more than 200,000

children

were

leaked.

Verizon’s 2015 Data Breach Investigations Report (70

organisations

from 61

countries)

700 million compromised records.

Phishing is a major and growing problem. Accounts for 20% of recorded incidents. According to Verizon, “a campaign of 10 emails yields a greater than 90% chance that at least one person will become the criminal’s prey”

Almost 85% of the breaches were attributed to external hacking.

99.9% of vulnerability exploits happen more than a year after the vulnerability was disclosed.

Insider incidents usually involve privilege abuse. Verizon reported that 55% of insider incidents involved abuse of privileges.

2015 UK Information Security Breaches Survey by

PwC

. Total 664 respondents

73.5% of the

organisations

suffered an infection by malware. This was an increase in the equivalent 2014 figures of at least 15%.

2015 security breaches increased in the equivalent 2014 figures of 10.1

%

Privacy Rights

Clearinghouse 2015

– security breaches in US

The number of records

compromised are

on the rise. 2015 almost doubled the 2014 tally of breached records.

External hacking is far and away the leading source of breaches, and the percentage is growing. Of the total records that were compromised

In 2013, external hacking accounted for 83.77%

In 2014, 98.73%

In 2015, 99.99%

Recommendation

Risks Mitigation

Timeline

Regular systems / software patches

External Hacking, Malwares, Vulnerability Exploits

Ongoing

Employee Awareness

Phishing, Malwares

Staff

Induction

FTP

MMM

(Quarterly)

Baseline Phishing Susceptibility

Phishing, Malwares

Done using Dec 2015.

Conduct Random (groups) – Random (schedules) Phishing Attacks

Phishing, Malwares

Last done in Dec 2015.

Quarterly.

Recommendation

Risks Mitigation

Timeline

Encryption of data in servers

External Hacking, Malwares, Vulnerability Exploits

Q1 2016

2FA

External Hacking

Q1 2016

Vulnerability Scans

External Hacking, Vulnerability Exploits

Last done for finexis advisory portal, nexus, finexis website in Jan 2016.

Twice a year

Penetration Test by Certified Information Systems Security Professional (CISSP)

External Hacking, Vulnerability Exploits

Q1 2016

Once a year

Recommendation

Risks Mitigation

Timeline

Daily monitoring of any changes to web application files

External Hacking, Malwares, Vulnerability Exploits

Feb 2016

Web Application Firewall

External Hacking, Malwares, Vulnerability Exploits

Q2

2016

Tools to prevent system/database administrator to read the data

Insider Incidents

Q2

2016

External hosting of finexis website, portal, vepo

External Hacking and segregates from client data

Q2 2016