SLIDE 1
Lance Spitzner
www.securingthehuman.org facebook.com/securethehuman @securethehuman
Lance Spitzner www.securingthehuman.org facebook.com/securethehuman - - PowerPoint PPT Presentation
Lance Spitzner www.securingthehuman.org facebook.com/securethehuman - - PowerPoint PPT Presentation
Lance Spitzner www.securingthehuman.org facebook.com/securethehuman @securethehuman 1 in 251,800,000 Source: http://www.bookofodds.com/content/view/full/252163 1 in 112,000,000 Source: http://www.bookofodds.com/content/view/full/248157 The Human
SLIDE 2
SLIDE 3
SLIDE 4
1 in 251,800,000
Source: http://www.bookofodds.com/content/view/full/252163
SLIDE 5
1 in 112,000,000
Source: http://www.bookofodds.com/content/view/full/248157
SLIDE 6
The Human Risk
People underestimate risks on the Internet
– They feel they are in control – Impact is often not seen – Combine this with the fact the Internet makes it simple to spoof things victims trust
SLIDE 7
Targeting You
You and your organization is specifically targeted
– Advanced Persistent Threat (APT) – Insider Threat – Hactivisim
SLIDE 8
Targeting Everyone
- Primary motive is money (ROI)
- Fraud, identity theft, and extortion always
existed
- Internet simply makes crime highly profitable
with minimal risk/effort
- The more people criminals hack, the more
money they make
SLIDE 9
Social Engineering
- Not a technical attack, it is a psychological
attack that leverages technology
- Most human based attacks involved social
engineering
- Hotel room example
SLIDE 10
SLIDE 11
Social Networking Sites
Social networking websites became a breeding ground for social engineering attacks
– London mugging – Malicious messages/links – Used by APT to learn about and target individuals within an organization
SLIDE 12
Phone
- E-mail filtering and other security
technologies becoming more effective
- Bad guys bypass these by calling
people directly
- The classic “Microsoft Support”
attack
SLIDE 13
Protecting Yourself
- You Are The Target
- Social Engineering
- Email & Messaging
- Social Media
- Passwords
- Mobile Devices
- Hacked
SLIDE 14
You Are the Target
- Most people do not realize they are a
- target. Never forget you, your devices and
your information have tremendous value to many different people.
- By taking some basic steps, you can
continue to safely use the latest in technology.
SLIDE 15
Social Engineering
- Social engineering is the foundation of most
human based attacks
- These type of attacks will always be
evolving and changing
SLIDE 16
E-mail & Messaging
- Infected attachments
- Malicious links
- Scams
- Messaging
SLIDE 17
Social Media
- Ultimately there is no privacy on social
media, assume anything you post your mom or boss will eventually read
- Scams and attacks are prevalent
- Do not post work related information
SLIDE 18
Passwords
- Passphrases
- Use passwords / passphrases securely
– Use different passwords for different accounts (password manager) – Always use VPN when logging into your computer away from the office – Do not share with anyone – The dangers of questions as passwords – Two-step verification
SLIDE 19
Mobile Devices
- Use PIN and encryption to protect phone
- Be careful when downloading apps
- Update OS and apps
- Don’t trust SMS messages
SLIDE 20
Hacked
Security is not just about preventing attacks but also detecting and responding. The sooner an incident is reported, the more you can mitigate the impact
– Happens to everyone – Things to look for – Whom to report to
SLIDE 21
Summary
- You are a target.
- By taking some basic steps you can protect
yourself and your family.
SLIDE 22
Resources
- OUCH! free monthly security awareness
newsletter
- Posters & presentations
www.securingthehuman.org/resources
SLIDE 23