Cyber Security: The Current Threat T/Detective Chief Inspector Paul - - PowerPoint PPT Presentation

cyber security the current threat
SMART_READER_LITE
LIVE PREVIEW

Cyber Security: The Current Threat T/Detective Chief Inspector Paul - - PowerPoint PPT Presentation

May 20, 2023 30 likes •333 views

Cyber Security: The Current Threat T/Detective Chief Inspector Paul Peters Regional Cyber Crime Unit RCCU-Tarian@south-wales.pnn.police.uk The criminal landscape is changing OFFICIAL Why worry about Cybercrime? Reduce Threat

slide-1
SLIDE 1

Cyber Security: The Current Threat

T/Detective Chief Inspector Paul Peters

Regional Cyber Crime Unit RCCU-Tarian@south-wales.pnn.police.uk

§

slide-2
SLIDE 2

The criminal landscape is changing……

slide-3
SLIDE 3

OFFICIAL OFFICIAL

Why worry about Cybercrime?

Reduce Vulnerability Reduce Threat

slide-4
SLIDE 4

Threats

  • Social engineering
  • Phishing
  • Data Breach
  • Ransomware
  • DDOS
  • GDPR
slide-5
SLIDE 5

Social engineering

slide-6
SLIDE 6

Interview with a Hacker

slide-7
SLIDE 7

Phishing

slide-8
SLIDE 8

Phishing

slide-9
SLIDE 9

Data Breach

Data Breaches are becoming more commonplace and cost is measured in financial terms and loss of reputation.

slide-10
SLIDE 10

Ransomware

slide-11
SLIDE 11

www.nomoreransom.org

slide-12
SLIDE 12

Denial of Service Attacks For Sale

slide-13
SLIDE 13

OFFICIAL OFFICIAL

General Data Protection Regulations

slide-14
SLIDE 14

OFFICIAL OFFICIAL

GDPR

  • All organisations holding or processing personal information will

be affected (personal information can be as granular as an IP address)

  • The Regulation will come into existence on 25th May 2018
  • If there is a data breach (yet to be fully classified) the data

handler/processor MUST inform the ICO

  • If there is a data breach (yet to be fully classified) the data

handler/processor MUST inform ALL customers affected

URL = https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/

slide-15
SLIDE 15

OFFICIAL OFFICIAL

General data Protection Regulations

The maximum fine to be imposed will increase from £500,000 to 4% of global annual turnover for the preceding financial year or €20m whichever is the greater. As an example Talk Talk were fined £400,000 by the ICO. When the new regulation is in place that could increase to: £70,000,000 !!

slide-16
SLIDE 16

OFFICIAL OFFICIAL

Case Study: Operation Purple Obsidian

slide-17
SLIDE 17

OFFICIAL OFFICIAL

  • DDoS attacks against Coleg Sir Gar between September 2013 –

August 2014.

  • Part of the Public Sector Broadband Aggregation Network

(PSBA).

  • DDoS attacks were impacting other public sector organisations

E.g: transfer of patient data between hospitals.

  • PSBA part of Joint Academic Network (JANET) who were

required to purchase / install a Corero SmartWall - £400k.

Operation Purple Obsidian

slide-18
SLIDE 18

OFFICIAL OFFICIAL

Pleaded guilty to 11 counts including hacking, blackmail, fraud and money laundering.

Daniel Kelly

slide-19
SLIDE 19

OFFICIAL OFFICIAL

The Law Enforcement Response.

slide-20
SLIDE 20

OFFICIAL OFFICIAL

National Cyber Security Strategy

slide-21
SLIDE 21

OFFICIAL OFFICIAL

National Cyber Security Strategy

DEFEND

To respond effectively to incidents, and to ensure UK networks, data and systems are protected and resilient. Citizens, businesses and the public sector have the knowledge and ability to defend themselves.

DETER

We detect, understand, investigate and disrupt hostile action taken against us, pursuing and prosecuting offenders.

DEVELOP

We have an innovative, growing cyber security industry, underpinned by world leading scientific research and development. We have a self-sustaining pipeline of talent providing the skills to meet our national needs across the public and private sectors.

slide-22
SLIDE 22

OFFICIAL OFFICIAL

The CONTEST Strategy

Pursue: Prosecute and disrupt those engaged in Cyber Crime Prevent: Prevent people from engaging in Cyber Crime & people becoming victims Prepare: Reduce the impact of Cyber Crime Protect: Protect vulnerable groups, working in partnership to reduce risk

Reduce Level

  • f

Cyber Crime

Reduce Vulnerability Reduce Threat

slide-23
SLIDE 23

National Cyber Security Strategy 2016-2021

Cyber-security Information Sharing Partnership

  • National CiSP launched March 2013.
  • CiSP is an online social networking tool to exchange information
  • n threats and vulnerabilities.
  • Engagement with industry and government counterparts in a

secure environment - Ability to learn from experiences, mistakes and successes of others and seek advice

  • Early warning of cyber threats
slide-24
SLIDE 24

OFFICIAL OFFICIAL

CiSP

slide-25
SLIDE 25

Cyber Essentials

slide-26
SLIDE 26

Cyber Essentials

Cyber Essentials concentrates on five key controls:

  • 1. Boundary firewalls and internet gateways - these are devices designed to

prevent unauthorised access to or from private networks, but good setup of these devices either in hardware or software form is important for them to be fully effective.

  • 2. Secure configuration – ensuring that systems are configured in the most

secure way for the needs of the organisation.

  • 3. Access control – Ensuring only those who should have access to systems to

have access and at the appropriate level.

  • 4. Malware protection – ensuring that virus and malware protection is

installed and is up to date.

  • 5. Patch management – ensuring the latest supported version of applications is

used and all the necessary patches supplied by the vendor been applied.

slide-27
SLIDE 27

10 Steps to Cyber Security

slide-28
SLIDE 28

OFFICIAL OFFICIAL

Report Cybercrime

slide-29
SLIDE 29

OFFICIAL OFFICIAL

Question: Do you have an incident response plan?

  • RCCU can provide Cybercrime templates

✴Website defacement ✴Ransomware ✴Hacking ✴DDoS ✴Banking malware

  • Guide on evidential standards
slide-30
SLIDE 30

OFFICIAL OFFICIAL

Questions?