Cybersecurity Threats in the Public Sector - How Prepared are you? - - PowerPoint PPT Presentation

cybersecurity threats in the public sector how prepared
SMART_READER_LITE
LIVE PREVIEW

Cybersecurity Threats in the Public Sector - How Prepared are you? - - PowerPoint PPT Presentation

Apr 04, 2023 48 likes •402 views

Cybersecurity Threats in the Public Sector - How Prepared are you? Rory Ebanks Symptai Consulting Ltd. Director, Information Security Advisory Certifications CCISO, CEH, CHFI, CND, CISSP, CCSP, CISM, CISA, CSX Presenter: Rory Ebanks The

slide-1
SLIDE 1

Cybersecurity Threats in the Public Sector - How Prepared are you?

slide-2
SLIDE 2

Symptai Consulting Ltd. Director, Information Security Advisory Certifications CCISO, CEH, CHFI, CND, CISSP, CCSP, CISM, CISA, CSX

Rory Ebanks

slide-3
SLIDE 3

Importance of Cyber Security

The internet allows an attacker to work from anywhere on the planet. Security: We must protect our computers and data in the same way that we secure the doors to our homes. Safety: We must behave in ways that protect us against risks and threats that come with technology.

Presenter: Rory Ebanks

slide-4
SLIDE 4

Some questions to ask yourself

  • Do you know if your organization is secure?
  • What security strategy does your organization have in

place?

  • When was the last time you updated your passwords?
  • Do you use the same password for all of your

accounts?

  • Do you have your data backed up and can you easily

restore it?

  • Do you frequently use open Wi-Fi networks?
  • Do you have anti-virus and anti-malware software

installed?

  • Do you always check and install the latest updates for

your operating system and software?

Presenter: Rory Ebanks

slide-5
SLIDE 5

Presenter: Rory Ebanks

slide-6
SLIDE 6

Major threats faced by Public Sector

  • Identity theft, fraud, extortion
  • Malware (spyware, Trojans and viruses)
  • Phishing, spamming
  • Social Engineering
  • Stolen hardware
  • Denial-of-service and distributed denial-of-service attacks
  • Malicious insiders
  • Human Error/Careless employees

Presenter: Rory Ebanks

slide-7
SLIDE 7

Major threats faced by Public Sector

  • Man-in-the-middle/Sniffing
  • Password attack (Brute force or dictionary)
  • Website defacement
  • Social Media Threat
  • Vulnerability exploitation
  • Open/Free Wireless

Presenter: Rory Ebanks

slide-8
SLIDE 8
slide-9
SLIDE 9
slide-10
SLIDE 10

Physical Security

Presenter: Rory Ebanks

slide-11
SLIDE 11

Wireless

Presenter: Rory Ebanks

slide-12
SLIDE 12

Wireless Attack

Presenter: Rory Ebanks

slide-13
SLIDE 13

Wireless Traffic

Presenter: Rory Ebanks

slide-14
SLIDE 14

Examples of Incidents this Year

  • Exactis - Before June 27th 2018 most people were not familiar with

the Florida-based firm Exactis. The company left its database open to the public exposing nearly 340 million individual records, affecting about 230 million US consumers and 110 million businesses.

  • Tesla - On June 14th a disgruntled Tesla employee admitted to

hacking the company’s secret trade information and sharing the data with unnamed 3rd parties.

  • Facebook – September 2018 Facebook shared details on a flaw in its

“View As” feature that allowed hackers to takeover Facebook

  • accounts. “View As” is what allows users to look at their profile as
  • thers see it.

Presenter: Rory Ebanks

slide-15
SLIDE 15

Presenter: Rory Ebanks

slide-16
SLIDE 16

SOURCE: JIS (http://jis.gov.jm/everyone-risk- cybercrime) Published: October 12, 2017

Senior Advisor in the Ministry of Science, Energy and Technology, Trevor Forrest “The country lost US$100M due to cyber criminal activity” “…more than 230,000 threats were detected in the space of a month.” 230K x 12 months = 2.76M INCIDENTS p/yr

2016 LOCAL INCIDENT STATISTICS

1% of

  • f 2.76

.76M = = 27.6K .6K BR BREACHES PER ER DAY

Presenter: Rory Ebanks

slide-17
SLIDE 17

Who are Hackers?

People committed to circumvention of computer security.

  • Employees
  • Contractors
  • Ethical Security professionals
  • Neighbors
  • Friends
  • Customers
  • Our Children

Presenter: Rory Ebanks

slide-18
SLIDE 18

The Enemy

What was advanced is now average.

  • Well planned, strategic approach
  • Automation assisted manual attacks
  • Sophisticated Malware
  • Clear objectives
  • Lots of resources

Presenter: Rory Ebanks

slide-19
SLIDE 19

Passwords

First Line of Defence

  • Users
  • Authentication (username & password)
  • P@ssw0rds: How weak are they?

Presenter: Rory Ebanks

slide-20
SLIDE 20
slide-21
SLIDE 21

Social Engineering

Social engineering, or the “con game,” is the art of manipulating end users into providing confidential or personal information. Phishing: Hackers pretend to be trusted

  • rganizations such as banks, company

suppliers, IT staff, or mobile carriers, in

  • rder to get your personal information,

such as credit card details or confidential corporate information. Piggybacking/Tailgating: This is when an unauthorized hacker physically follows an authorized employee into a restricted area (e.g. pass through locked doors) or uses their computer to access locked IT systems.

Pharming: Hackers re-create websites that look identical to the original but instead contain malware and/or key loggers to gain your personal

  • information. The website URL will look very similar, although it may

have a slight typo or a slightly different domain name. E.g. URLs with a different suffix such as .net instead of .com Social Media: Similar to phishing, hackers will act as a trusted organization or friend and try to obtain your personal information through messages, or get you to click malicious links through posts.

Presenter: Rory Ebanks

slide-22
SLIDE 22

Scenarios

Phone Call: This is John, the System Administrator. What is your password? Email: Symptai Bank has noticed a problem with your account… In Person: What ethnicity are you? Your mother’s maiden name? and have some lovely software patches! I have come to repair your machine…

Presenter: Rory Ebanks

slide-23
SLIDE 23

Phishing

  • Keep an eye out for phony email messages.
  • Things that indicate a message may be fraudulent are:
  • misspellings,
  • poor grammar
  • odd phrasings
  • Web site addresses with strange extensions
  • Web site addresses that are entirely numbers where there are normally

words

Presenter: Rory Ebanks

slide-24
SLIDE 24

Phishing Tips

  • Don’t trust the display name of who the email is coming from
  • Look but don’t click
  • Consider the Salutation
  • Is the email asking for personal information?
  • Beware of Urgency
  • Check the email signature
  • Be careful with attachments
  • Don’t believe everything you see

Presenter: Rory Ebanks

slide-25
SLIDE 25

Presenter: Rory Ebanks

slide-26
SLIDE 26

Phishing Workflow

Presenter: Rory Ebanks

slide-27
SLIDE 27

Denial of Service

Presenter: Rory Ebanks

slide-28
SLIDE 28

Man in the Middle

blog.trendmicro.com

Presenter: Rory Ebanks

slide-29
SLIDE 29

What would you do?

Presenter: Rory Ebanks

slide-30
SLIDE 30

Do not

  • Password:
  • Don’t use your login name
  • Don’t use your personal information such as last name, first name
  • Don’t use numbers significant to you or someone close to you
  • Don’t use passwords based on simple keyboard patterns
  • Don’t share passwords
  • Do not turn off security applications
  • Do not let unknown people touch your computer/device
  • Do not give out your password to anyone including IT Staff
  • Do not use insecure wireless connections
  • Do not open an unknown website or link
  • Do not open an email attachment unless you are certain

Presenter: Rory Ebanks

slide-31
SLIDE 31

Ways To Protect Yourself

  • Strong passwords
  • Keep your passwords in a safe place and try not to use the same

password for every service you use online.

  • Stay out of Bad Neighbourhoods
  • Don't Fall for Pop-ups
  • Screen your email
  • Keep your devices current with the latest patches and updates
  • Protect your computer with security software
  • Backup your data

Presenter: Rory Ebanks

slide-32
SLIDE 32

Ways To Protect Yourself

  • Check your financial accounts regularly to ensure no fraudulent

activity has taken place.

  • Do the Two-Step: Many companies now offer two-factor

authentication, or two-step verification, for your online accounts.

  • Be wary of wireless hot-spots.
  • Be wary of applications and files downloaded from the internet.
  • When entering information on a website, check the

domain’s security.

  • Use secure connections - Encryption: Websites should use SSL

(secure socket layer) to encrypt data.

Presenter: Rory Ebanks

slide-33
SLIDE 33

Final Remarks

  • Plan for failures
  • Collaborate with stakeholders and even competitors on common

battles

  • The key to protecting yourself is being aware.
  • Continuously perform security sensitization sessions for end users.
  • User is ultimately responsible.
  • We all have a role to play in Cybersecurity.

The only system which is truly secure is one which is switched off and unplugged

Presenter: Rory Ebanks

slide-34
SLIDE 34

Questions

Presenter: Rory Ebanks

slide-35
SLIDE 35

References

  • https://www.gadgetsnow.com/infographics/symantecs-

cybersecurity-predictions-for-2018/articleshow/61980660.cms

  • https://appspider.help.rapid7.com/docs/conduct-mobile-application-

testing-using-wifi-pineapple

  • https://thebestvpn.com/cyber-security-statistics-2018/
  • https://samsclass.info/123/proj10/p3-sniff.htm
  • https://jis.gov.jm/everyone-risk-cybercrime/
  • https://ifflab.org/top-5-types-of-cybercrimes-tips-for-cybercrime-

prevention/

Presenter: Rory Ebanks