WBA Secur-IT Conference The Art of Human Hacking You can trust me. - - PowerPoint PPT Presentation

WBA Secur-IT Conference The Art of Human Hacking “You can trust me.”

WHAT ARE THE EFFECTS?

 The global cost of cybercrime will reach $6 trillion by 2021, twelve times increase from the 2016 estimate of $450 billion.

 May only be tip of the iceberg.

 Of the 419 organizations surveyed that suffered at least one breach in 2016, the average cost per breach was $3.62 million. That figure rose to $7.35 million in the U.S.  Cost per record stolen averages $141 globally, but tops $225 in the U.S.

 More than 4.2 billion records were exposed in 4,149 publicized breaches

 The costs per breach to organizations in the health care ($380) and financial services ($245) sectors top all other industry groups.  50 percent of small and midsized organizations reported suffering at least one cyberattack in the last 12 months.  The average cost of a data breach involving theft of assets totaled $879,582 for these SMBs. They spent another $955,429 to restore normal business in the wake of successful attacks.  57% of businesses say finding and recruiting talented IT security staff is a large challenge

WHO ARE THE VICTIMS?

• 2017 Data Breach Investigations Report, Verizon
• f incidents affected

financial organizations

24%

• f incidents affected the

accommodations industry

10%

• f incidents affected the

information industry

5%

Incidents of confirmed data loss:

DOES THIS REALLY AFFECT US?

You may be thinking:

WHY US?

Small town, big trust.

HOW DO WE PROTECT OURSELVES?

You may be thinking:

DEFENSE IN DEPTH

MCCUMBER CUBE

The use of people, process, and technology to ensure the confidentiality, integrity, and availability of information while it is transmitted, stored, and processed.

TALKING STRATEGY

Every con artist needs a game plan.

“Social engineering uses influence and persuasion to deceive people by convincing them that the social engineer is someone he is not, or by manipulation. As a result, the social engineer is able to take advantage of people to obtain information with or without the use of technology.”

– Kevin Mitnick, Notorious Hacker and Author of The Art of Deception

“The weakest link in the security chain is the human element.” “..in more than half of his successful network exploits he gained information about the network, sometimes including access to the network, through social engineering.”

• Kevin Mitnick, Notorious Hacker and Author of The Art of Deception

THE BIG THREE

1) In-Person 2) Email 3) Phone

IN-PERSON METHODS

WALK RIGHT IN

Step on up.

Video.

WALK WITH A PURPOSE

I belong here.

TAILGATING

I’m with this guy.

BAITING

Free Stuff!

DUMPSTER DIVING

It’s mine now.

IMPERSONATION

Who, me?

SEEKING EMPLOYMENT

I’d like a job please.

DEVICE MODIFICATION

It looks fine to me.

MALICIOUS DEVICES

Look what I found.

HOW CAN WE PREVENT THIS?

• Security Awareness Training
• Be Aware of the Environment
• Clean Desk\Workspace Policies
• Security Policy
• Periodic Testing

EMAIL PHISHING

YOU HAVE BEEN TAGGED!

Your credentials are recorded and you are re- directed to Facebook’s homepage….Gotcha.

HOW CAN WE PREVENT THIS?

• Security Awareness Training
• Security Policy
• Periodic Testing

PHONE PHISHING

THEY’LL NEVER KNOW!

LET ME HELP YOU.

UNSOLICITED SALES

SHORT MESSAGE SERVICE (SMS)

You've been selected for a free $1000 giftcard!

Enter the code 'FREE' at yourfavestore.com.s hop.biz to get it now. Only 112 left! Text OUT to stop.

HOW CAN WE PREVENT THIS?

• Security Awareness Training
• Security Policy
• Periodic Testing

CUI BONO?

• For Whose Benefit
• For What Purpose

REGULATORY REQUIREMENTS

• Incident Response
• Assessments
• Training
• Top Down Accountability

WINNING THE GAME

 Don’t Assume Anything  Know Your Attacker  Identify Your Weaknesses  Lock Down and Secure  Educate Your Employees  Audit Your Network  Understand Security is an Asset, not an Expense  Subscribe to Security Alerts  Cross Your Fingers  Use Outside Resources  Rinse, Lather, and Repeat

Questions?

VPS PROFILE

We combine professional engineering, technical expertise and extensive regulatory knowledge to design the most technically advanced and economically viable solutions customized for our clients. Progressive thinking makes Vantage Point well-known and respected in the industry. At VPS we tailor each project to fit the individual needs of the client. With over 400 clients in more than 40 states and 8 foreign countries, VPS has the vast experience necessary to understand the best solution for any company.

OUR SERVICES

Vantage Point has professionals with credit review expertise to help with loan policy formation, underwriting, risk management, routine monitoring, and problem loan

• resolution. We will help you face the challenges of greater

borrower sophistication, regulatory scrutiny, and a constantly changing economic environment. Vantage Point has in-house regulatory expertise to help you face the challenges of increasing and more complex regulations affecting the financial industry. We will help you customize and streamline your programs and processes.

Credit Reviews Regulatory Compliance & Risk Management

OUR SERVICES

Vantage Point’s security consultants stay abreast of emerging IT risks to help you face the increasing challenge to stay current as business operations continue relying more heavily

• n electronic communication.

Vantage Point’s team can assist in making decisions about “cloud” strategies, network infrastructure, security and virtualization; ensuring business operations run smoothly

• n a daily basis.

Information Security Technology

THANK YOU!