bitlynercompdefendingyourdata16 Agenda 900 915 Agenda and Introductions 915 to 945 2016 Threat Landscape Patty Patria 945 1030 Practical Advice for Finding Threats on Your Network Tim LaGrant ID: 737534
Download Presentation The PPT/PDF document "Defending your Data November 14, 2016" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Defending your Data
November 14, 2016
bit.ly/nercomp_defendingyourdata16Slide2
Agenda
9:00 -9:15 Agenda and Introductions
9:15 to 9:45 2016 Threat Landscape, Patty Patria
9:45 - 10:30 Practical Advice for Finding Threats on Your Network, Tim LaGrant10:30 – 10:45 Break10:45 - 12:00 Digital Forensics & Incident Response, Andy Obuchowski12:00 - 1:00 Lunch1:00 - 3:00 Hands on Training, Tim LaGrant and Sherry HoreanopoulousSlide3
About the Presenters….
Patty Patria, VP for Information Technology, Becker College; CISSP and PMP
Tim LaGrant, Technical Director, Becker College
Sherry Horeanopoulos, Information Security Officer, Fitchburg State University; CISAAndy Obuchowski, Director at RSMSlide4
About the Day....
Let’s make this interactive!
Ask questions as they come up.
Share ideas you might have on how you address similar problems. Introduce yourself and what you would like to get from the day. Slide5
Session 1
2016 Threat LandscapeSlide6
2016 Verizon Breach Report
Industry
Total
Small
Large
Unknown
Education
254
16
29
209
Source: 2016 Verizon Data Breach ReportSlide7
Threat Sources
Source: 2016 Verizon Data Breach ReportSlide8
Threat reasons
Source: 2016 Verizon Data Breach ReportSlide9
Threat Vectors
Source: 2016 Verizon Data Breach ReportSlide10
Threat by device
Source: 2016 Verizon Data Breach ReportSlide11
Amount of time to compromise
Source: 2016 Verizon Data Breach ReportSlide12
Major areas of compromise-CVE
Source: 2016 Verizon Data Breach Report
Software Vulnerabilities in
Adobe and Microsoft are exploited quickly. Slide13
Major areas of compromise- Phishing
Source: 2016 Verizon Data Breach Report
Top Solutions for Phishing:
Filter It
Continuous Education
Layer your most confidential data so even end user malware can’t get to it. Slide14
Major areas of compromise- Credential compromise
Source: 2016 Verizon Data Breach Report
Top Solutions for Credential Compromise:
Require strong passwords that change frequently
Employ 2-factor authenticationSlide15
Incidents by type
Source: 2016 Verizon Data Breach ReportSlide16
Affects on higher education
Source: 2016 Verizon Data Breach Report
Attempts
BreachesSlide17
Other things to worry about…
Monetarization of Malware- malware needs to produce revenue, not just be disruptive.
This has led to an increase in ATM-related malware, banking Trojans, and ransomware.
ZDNet expects ransomware profits to hit 1 Billion this year. Slide18
Other things to worry about…social
Social Media is the hacker’s new favorite target.
Like-jacking is a new exploit where criminals post fake Facebook “like” buttons which download malware to your device.
1 in 10 social media users said they’ve been a victim of a cyber attack . 600,000 Facebook accounts are com-promised every day. Slide19
Other things to worry about…mobile
In October, an 18 Year old app developer was arrested for almost bringing down 911 systems via cell phones.
He posted a link on the
TheHackSpot YouTube channel and Twitter and encouraged followers to click on the link. Authorities said they found evidence it had been clicked 1,849 times.Once users clicked the link, their phones were hijacked and the phones constantly dialed 911 until they were turned off.
Source: http://arstechnica.com/security/2016/10/teen-arrested-for-iphone-hack-that-threatened-emergency-911-system/Slide20
Other things to worry about…Iot
With the Internet of Things (
IoT
) growing, experts predict large scale DDoS attacks will be the “new normal”.There are currently billions of Internet-connected devices that attackers can hijack and organize into botnets.In October, Netflix, Twitter, Spotify, Reddit,
SoundCloud
and other major sites went down due to a
DDoS
attack on
Dyn
.
The
Dyn
attacked confirmed that tens of millions of IP addresses were utilized as
Mirai
botnets, many of which were Chinese webcams.
Source: http://www.recode.net/2016/10/24/13393922/ddos-attack-denial-service-cybercriminals-hackersSlide21
Conclusion…..
Attacks are on the rise. They are coming from all venues from known vulnerabilities, to phishing, to social media to
IoT
. It is impossible to stop every attack. However, if you leverage good risk management and employ current technology, you can try to reduce your risk.
Source: http://www.recode.net/2016/10/24/13393922/ddos-attack-denial-service-cybercriminals-hackersSlide22
Questions
bit.ly/nercomp_security16