IT Security Hacking News 6116 Hackers infected at least 3 regional power authorities in Ukraine causing blackouts across the IvanoFrankivsk region IT Security Hacking News 5 ID: 790815
Download The PPT/PDF document "IT Security: Hacking News" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
IT Security: Hacking News
Slide2IT Security: Hacking News
6/1/16: Hackers infected
, at least,
3 regional
power authorities in Ukraine, causing blackouts across the Ivano-Frankivsk
region.
IT Security: Hacking News
5
/1/16: Hackers
place the malicious file inside emails masquerading as delivery notifications, unpaid invoices, and
such.
Once the file is launched, encrypts the victim’s hard-disk, displays ransom note where victims are supposed to pay to recover their files.
Slide4IT Security: Hacking News
24/12/15:
Hyatt Hotels Corporation
notified
its customers that credit card numbers
& other
sensitive
info
may have been stolen after it found malware on the computers that process customer payments.
Slide5IT Security: Hacking News
17/12/15
: downloaded 1.6m passengers info,
used
it to defraud
hundreds of customers by convincing them that there was some issue with their booking flights, and they had to pay extra fees
Slide6IT Security: Hacking News
30/11/15:
the personal details of about
4.8m
parents and photos of more than 200,000
children
were
leaked.
Verizon’s 2015 Data Breach Investigations Report (70
organisations
from 61
countries)
700 million compromised records.
Phishing is a major and growing problem. Accounts for 20% of recorded incidents. According to Verizon, “a campaign of 10 emails yields a greater than 90% chance that at least one person will become the criminal’s prey”
Almost 85% of the breaches were attributed to external hacking.
99.9% of vulnerability exploits happen more than a year after the vulnerability was disclosed.
Insider incidents usually involve privilege abuse. Verizon reported that 55% of insider incidents involved abuse of privileges.
Slide82015 UK Information Security Breaches Survey by
PwC
. Total 664 respondents
73.5% of the
organisations
suffered an infection by malware. This was an increase in the equivalent 2014 figures of at least 15%.
2015 security breaches increased in the equivalent 2014 figures of 10.1
%
Privacy Rights
Clearinghouse 2015
– security breaches in US
The number of records
compromised are
on the rise. 2015 almost doubled the 2014 tally of breached records.
External hacking is far and away the leading source of breaches, and the percentage is growing. Of the total records that were compromised
In 2013, external hacking accounted for 83.77%
In 2014, 98.73%
In 2015, 99.99%
Slide9Recommendation
Risks Mitigation
Timeline
Regular systems / software patches
External Hacking, Malwares, Vulnerability Exploits
Ongoing
Employee Awareness
Phishing, Malwares
Staff
Induction
FTP
MMM
(Quarterly)
Baseline Phishing Susceptibility
Phishing, Malwares
Done using Dec 2015.
Conduct Random (groups) – Random (schedules) Phishing Attacks
Phishing, Malwares
Last done in Dec 2015.
Quarterly.
Slide10Recommendation
Risks Mitigation
Timeline
Encryption of data in servers
External Hacking, Malwares, Vulnerability Exploits
Q1 2016
2FA
External Hacking
Q1 2016
Vulnerability Scans
External Hacking, Vulnerability Exploits
Last done for finexis advisory portal, nexus, finexis website in Jan 2016.
Twice a year
Penetration Test by Certified Information Systems Security Professional (CISSP)
External Hacking, Vulnerability Exploits
Q1 2016
Once a year
Slide11Recommendation
Risks Mitigation
Timeline
Daily monitoring of any changes to web application files
External Hacking, Malwares, Vulnerability Exploits
Feb 2016
Web Application Firewall
External Hacking, Malwares, Vulnerability Exploits
Q2
2016
Tools to prevent system/database administrator to read the data
Insider Incidents
Q2
2016
External hosting of finexis website, portal, vepo
External Hacking and segregates from client data
Q2 2016