cybersecurity solutions
play

Cybersecurity Solutions Jessie Pudelek Kevin Hill This manuscript - PowerPoint PPT Presentation

Feb 23, 2024 •438 likes •729 views

FERMILAB-SLIDES-19-037-CD End-User Security: A Cornerstone of Defense-in-Depth Cybersecurity Solutions Jessie Pudelek Kevin Hill This manuscript has been authored by Fermi Research Alliance, LLC under Contract No. DE-AC02-07CH11359 with the

  1. FERMILAB-SLIDES-19-037-CD End-User Security: A Cornerstone of Defense-in-Depth Cybersecurity Solutions Jessie Pudelek Kevin Hill This manuscript has been authored by Fermi Research Alliance, LLC under Contract No. DE-AC02-07CH11359 with the U.S. Department of Energy, NLIT 2019 Office of Science, Office of High Energy Physics

  2. Speakers • Jessie Pudelek • Kevin Hill Fermilab Fermilab Cybersecurity Analyst Cybersecurity Analyst • Contact: • Contact: kevinh@fnal.gov jpudelek@fnal.gov 630-840-2068 630-840-5464 2 5/1/2019

  3. Outline • Background on the importance of cybersecurity awareness as part of end-user security and defense-in-depth • Review of Fermilab’s upgraded cybersecurity awareness platform • Discussion on how Fermilab’s Cybersecurity Team is evaluating the effectiveness of the upgraded awareness platform 3 5/1/2019

  4. Statistics regarding the targeting of end-users • 98% of cyber attacks rely on social engineering • 91% of cyber attacks start with a phishing email • Credential compromise rose 70% in 2018 compared to 2017 • Business Email Compromise (BEC) scams account for over $12 billion in losses • 15% of people successfully phished will be targeted at least once more time within the year https://www.knowbe4.com/hubfs/PhishingandSocialEngineeringin2018.pdf https://www.darkreading.com/endpoint/91--of-cyberattacks-start-with-a-phishing-email/d/d-id/1327704 https://www.proofpoint.com/us/security-awareness/post/latest-phishing-first-2019 https://retruster.com/blog/2019-phishing-and-email-fraud-statistics.html 4 5/1/2019

  5. Example: Alamogordo, New Mexico • July 2018 • Procurement officer for city of Alamogordo received a legitimate-looking email from an agent representing the Cooperative Education Exchange (CES), a real co-op that the city works with • The email said that CES banking info needed to be changed to pay outstanding invoices • The only phishing indicator was an outdated version of the CES logo • The email was forwarded to the Finance Department, who paid the requested $250,000 • Scam was discovered when the real CES inquired about a real payment that the city thought it had already paid • Two scams: Procurement officer and finance department https://blog.knowbe4.com/250000-ceo-fraud-in-a-municipal-finance-department 5 5/1/2019

  6. Humans are an easy target • General attacker goals: – Monetary gain – Steal credentials – Run malicious code – Use computer as part of a botnet • Social engineering is the easiest way for attackers to achieve their goals • Social engineering is used because it works; humans still fall for these schemes Until attackers stop targeting humans, the need for cybersecurity awareness remains. 6 5/1/2019

  7. Social engineering and Fermilab • June 2017 Fermilab Cybersecurity sent the first test phishing email to the lab community • Standard UPS package delivery scam • 2748 mailboxes received the message • 27% clicked on the ‘malicious’ link • 28 users reported the message 7 5/1/2019

  8. Cybersecurity Team addresses the problem • New security awareness website – Blog articles – Printable handouts – Video lessons – Suspicious Emails of the Week page • New branding – Logo and slogan – User-friendly contact information • Updated events – Cybersecurity Awareness Day – Cyber Sleuths Phishing Awareness Campaign – Outreach 8 5/1/2019

  9. Security Awareness Website • One central location for all cybersecurity awareness materials • Dynamic content • Materials include: – Articles – Suspicious Emails of the Week – Resources – Video series securityawareness.fnal.gov 9 5/1/2019

  10. Resources – Suspicious emails of the week • Resource to highlight phishing emails that are circulating at the lab for that week • Contains a screenshot, short description, and date it was reported • Intended to help Fermilab community identify phishing emails • Secondary benefit: encourages reporting • Related resource: Legitimate emails page 10 5/1/2019

  11. Resources – Printable handouts • Available from the left-hand menu on securityawareness.fnal.gov • Contains pdf handouts with detailed information for how to identify phishing emails • PDFs can be saved and/or printed for future use 11 5/1/2019

  12. Resources – Video series • Multi-modal security awareness platform • Irwin’s Cybersecurity Corner is a quirky video series featuring Fermilab CISO Irwin Gaines • Covers many topics from IOT to phishing scams • https://www.youtube.com/watch ?v=uTQT53hrWrU 12 5/1/2019

  13. New branding and slogan • Computer Security Team becomes Cybersecurity Team • New logo represents the partnership between the Cybersecurity Team (CST), lab management, users to keep the lab cyber secure • New email address to simplify reporting • Slogan drives home this point: Cybersecurity is everyone’s responsibility! 13 5/1/2019

  14. New branding continued Lock-shaped contact cards provide details on all cybersecurity awareness resources and contact information. front back 14 5/1/2019

  15. Events – Cybersecurity Awareness Day • Yearly event with cybersecurity training and presentations • Theme: Cybersecurity Starts with You! • Updated materials • Collaboration for presentations • Cartoon Irwin selfie station and video series 15 5/1/2019

  16. Events – Cyber Sleuths • October DHS Cybersecurity Awareness Month • Sleuths = mascots of phishing awareness • Materials included: – Video lesson on phishing – Posters – Blog articles – Weekly tips 16 5/1/2019

  17. Events - Outreach Goal: Consistently remind members of the Fermilab community what they do matters, and they have an active role in cybersecurity. • Increased cyber training presentations to various groups in the lab community • Special training for summer students and interns • Participation in STEM outreach • Remedial phishing training 17 5/1/2019

  18. Evaluating new awareness program • Phishing assessment metrics dropped – 10/17 FedEx Tracking Email: 13% clickthrough rate – 07/18 UPS Notification Email: 13% clickthrough rate • Reporting metrics rose – 10/17 FedEx Tracking Email: 110 reports – 07/18 UPS Notification Email : 141 reports • People are engaged in cybersecurity awareness – Positive feedback on Irwin video series – Positive feedback on Cyber Sleuths 18 5/1/2019

  19. Evaluation continued • Phishing assessments based off real phishing reports and broken into categories to evaluate clickthrough trends – PayPal assessment: 1% – Facebook assessment: 6% – LinkedIn request assessment: 11% • Reporting increasing in general – Increased level of questions – Increased number of people asking for email reviews 19 5/1/2019

  20. Moving forward…awareness and training • Continued research on psychology of clicking • Continued investigation of phishing categories and targeted phishing groups • Continued outreach and education based on current events and results of phishing assessments • Continued education on all topics in cybersecurity to help people at work but also at home 20 5/1/2019

  21. Moving forward…technical improvements • Multi-modal security awareness platform extending to technical solutions • Training is important, but not the only way Fermilab is working to secure users • Enter the PhishAlarm button – Simplifies reporting for Outlook users and increases reporting – Performs automated analysis – Integrates into our security controls for automatic black-hole routing 21 5/1/2019

  22. Overview of Beholder • Beholder is a custom system at Fermilab to coordinate system scanning and blocking – Networking systems notify Beholder when new system is connected to network – New systems are scanned with multiple scanners – Scan results are analyzed for blockable vulnerabilities – Vulnerable systems are blocked, users are notified – User can fix issue and request access via Service Now tickets 22 5/1/2019

  23. Overview of Phish Reporting • Traditionally people manually forwarded suspected phish to cybersecurity • Cybersecurity primary would manually review and block as necessary • Report Phish Add-in adds button to report suspected phish in outlook clients on Windows, Mac and Android 23 5/1/2019

  24. Phish Reports Phish reports include useful information: • Phishing certainty • Domains that handled the emails • Links in the email 24 5/1/2019

  25. Analyzing Phish Reports • Traditionally the phishing reports have to be reviewed manually • Suspect URLs need to be blocked • Can we remove this delay? • Yes! 25 5/1/2019

  26. Integrating Phish Reports into Beholder • Phishing analysis reports are emailed to account that filters via procmail Listserv • Procmail recognizes phishing analysis reports and hands email to a python script Procmail • Python script extracts hostnames in the Python phishing links • Hostnames are added to beholder via http api Beholder call 26 5/1/2019

  27. Interpreting Imported URLs • Phishing reports list all links in the phish emails, not just suspected malicious links – Need to make sure we don’t block google.com, URL shorteners, OneDrive, etc. • Imported hostnames get tagged as potential phishing links in Beholder • Someone from Cybersecurity Team either blocks or whitelists the hostnames as necessary • Will automate process once the number of new whitelist entries drops 27 5/1/2019

  28. Questions? 28 5/1/2019

Recommend

Cybersecurity Introductions Skyline Technology Solutions Tom Burgoon - BD ITS Practice

Cybersecurity Introductions Skyline Technology Solutions Tom Burgoon - BD ITS Practice

The Why, What, and How of Cybersecurity Introductions Skyline Technology Solutions Tom Burgoon - BD ITS Practice Laura Gomez-Martin Cybersecurity Compliance Advisor Chip Stewart Principal Consultant Mission Secure

664 views • 29 slides
U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity cybersecurity? William J. Perry Martin Casado Keith Coleman Dan Wendlandt MS&E 91SI Spring 2004 Stanford University U.S. National Cybersecurity

79 views • 7 slides
Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives:

Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives:

Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives: Define Cybersecurity & why its important Provide information about Dept. Homeland Security Cybersecurity Campaigns: National

328 views • 22 slides
SPINBACKUP SAAS BACKUP & CYBERSECURITY FOR G SUITE 2017 S P I N B A C K U P 2 0 1 7 I N T

SPINBACKUP SAAS BACKUP & CYBERSECURITY FOR G SUITE 2017 S P I N B A C K U P 2 0 1 7 I N T

SPINBACKUP SAAS BACKUP & CYBERSECURITY FOR G SUITE 2017 S P I N B A C K U P 2 0 1 7 I N T R O D U C T I O N 0 2 SPINBACKUP Cloud Cybersecurity & Disaster Recovery solutions provider for G Suite P R E S E N T A T I O N S P I N B

539 views • 10 slides
Cybersecurity A presentation to the National Association of Black Accountants Cleveland

Cybersecurity A presentation to the National Association of Black Accountants Cleveland

Cybersecurity A presentation to the National Association of Black Accountants Cleveland Chapter Contents Cybersecurity and risk management 1 Cybersecurity and the regulatory 2 environment Cybersecurity and the audit 3 4 Appendix

685 views • 37 slides
KACo Cybersecurity Training KACo Cybersecurity Training Cybersecurity Threats Phishing

KACo Cybersecurity Training KACo Cybersecurity Training Cybersecurity Threats Phishing

7/17/2020 KACo Cybersecurity Training KACo Cybersecurity Training Cybersecurity Threats Phishing Attacks Malware/Ransomware Hacking Imposter Scams 1 7/17/2020 KACo Cybersecurity Training BEWARE OF Phishing Phishing attacks

248 views • 6 slides
Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright

Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright

Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright CyberSecurity Scholar 4 September 2018 James Davenport Formal Methods and CyberSecurity CyberSecurity CyberSecurity failures abound: tens daily in the

325 views • 18 slides
Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright

Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright

Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright CyberSecurity Scholar 4 September 2019 James Davenport Formal Methods and CyberSecurity CyberSecurity CyberSecurity failures abound: tens daily in the

212 views • 19 slides
ITU Mandate and Activities ITU Mandate and Activities Related to Cybersecurity Cybersecurity

ITU Mandate and Activities ITU Mandate and Activities Related to Cybersecurity Cybersecurity

ITU Mandate and Activities ITU Mandate and Activities Related to Cybersecurity Cybersecurity Related to Subregional Seminar on Cybersecurity for Information and Communication Networks 21 June 2005 Lima, Peru Christine Sund Christine Sund

921 views • 48 slides
Being Strategic about Cybersecurity Regional Cybersecurity Forum, 29-30 Nov 2016, Grand Hotel

Being Strategic about Cybersecurity Regional Cybersecurity Forum, 29-30 Nov 2016, Grand Hotel

Being Strategic about Cybersecurity Regional Cybersecurity Forum, 29-30 Nov 2016, Grand Hotel Sofia, Bulgaria Mr. Joaqun Castelln , Operational Director Spanish National Security Department Ms. Anita TIKOS , Desk Officer for International

197 views • 15 slides
EU in action about cybersecurity NIS Directive 5G Cybersecurity Act GDPR Contractual ISACs

EU in action about cybersecurity NIS Directive 5G Cybersecurity Act GDPR Contractual ISACs

EU Cybersecurity European policy overview e-IRG e-IRG 4 December 2019 Brussels Anni Hellman, Senior Expert, Permanent Representation of Finland to the European Union Seconded for the Finnish Presidency from the Directorate General

320 views • 28 slides
MAYASEVENs Hacking Diary Who are we? Nop Phoomthaisong MAYASEVEN Team Cybersecurity

MAYASEVENs Hacking Diary Who are we? Nop Phoomthaisong MAYASEVEN Team Cybersecurity

MAYASEVENs Hacking Diary Who are we? Nop Phoomthaisong MAYASEVEN Team Cybersecurity Consultants, The Cybersecurity Expert Guys Cybersecurity Researcher 2 Agenda 1. Account Takeover via Forgot Password Function 2. Amazon S3

2.36k views • 75 slides
Cybersecurity Today CYBERSECURITY IN TODAYS WORLD Cyberattacks in Wyoming Medical

Cybersecurity Today CYBERSECURITY IN TODAYS WORLD Cyberattacks in Wyoming Medical

Cybersecurity Today CYBERSECURITY IN TODAYS WORLD Cyberattacks in Wyoming Medical Facilities Local Government Schools Law Enforcement Media Outlets The threat and how to think about it Ransomware has rapidly emerged as the most

398 views • 15 slides
INTRODUCTION Institute 12/10/2018 1 OBJECTIVES Current cybersecurity statistics and

INTRODUCTION Institute 12/10/2018 1 OBJECTIVES Current cybersecurity statistics and

Section 1 Dr. Bruce Burton California Cybersecurity INTRODUCTION Institute 12/10/2018 1 OBJECTIVES Current cybersecurity statistics and implications Learn from past attacks Understand the NIST Cybersecurity Framework (CSF) &

368 views • 33 slides
Cybersecurity and the AICPA Cybersecurity Attestation Project Chris Halterman Executive

Cybersecurity and the AICPA Cybersecurity Attestation Project Chris Halterman Executive

Cybersecurity and the AICPA Cybersecurity Attestation Project Chris Halterman Executive Director EY Chair AICPA Trust Information Integrity Task Force Agenda Item 8-D IAASB Meeting, September 21-25, 2015 New York, USA Page 1 Increasing

444 views • 17 slides
CYBERSECURITY Situational awareness Franois Thill, Director Cybersecurity, Ministry of the

CYBERSECURITY Situational awareness Franois Thill, Director Cybersecurity, Ministry of the

CYBERSECURITY Situational awareness Franois Thill, Director Cybersecurity, Ministry of the economy Agenda The actual situation Strategy of the ministry Risk management a common language Some good practice examples 2 The

427 views • 21 slides
Internet and CyberSecurity 101 U.S. National Cybersecurity, 10/5/06 presented by: Martin Casado

Internet and CyberSecurity 101 U.S. National Cybersecurity, 10/5/06 presented by: Martin Casado

Internet and CyberSecurity 101 U.S. National Cybersecurity, 10/5/06 presented by: Martin Casado Network vs. Internet a network is a system of computers that talk over some communication medium: phone line (analogue modem, DSL), cable,

957 views • 47 slides
CYBERSECURITY @ STEVENS CYBERSECURITY@STEVENS THE WORLD IS A DANGEROUS AND COSTLY PLACE

CYBERSECURITY @ STEVENS CYBERSECURITY@STEVENS THE WORLD IS A DANGEROUS AND COSTLY PLACE

GIUSEPPE ATENIESE FARBER CHAIR AND CS DEPT CHAIR CYBERSECURITY @ STEVENS CYBERSECURITY@STEVENS THE WORLD IS A DANGEROUS AND COSTLY PLACE According to insurance company Lloyds, cyberattacks cost businesses $400 billion a year A

123 views • 9 slides
Managing Cybersecurity & Safety Risk CTO, Industrial Cybersecurity CRO, TV Rheinland 2mc

Managing Cybersecurity & Safety Risk CTO, Industrial Cybersecurity CRO, TV Rheinland 2mc

Nigel Stanley MSc CEng FIET MIEEE Anthony Dickinson BSc MBA Managing Cybersecurity & Safety Risk CTO, Industrial Cybersecurity CRO, TV Rheinland 2mc In the Aluminium Industry nigel.stanley@us.tuv.com adickinson@2mc.co Building Cyber

405 views • 12 slides
Shaping the Future of Cybersecurity Education Is N.I.C.E. NATIONAL INITIATIVE FOR CYBERSECURITY

Shaping the Future of Cybersecurity Education Is N.I.C.E. NATIONAL INITIATIVE FOR CYBERSECURITY

UNCLASSIFIED Shaping the Future of Cybersecurity Education Is N.I.C.E. NATIONAL INITIATIVE FOR CYBERSECURITY EDUCATION (NICE) March 2011 UNCLASSIFIED UNCLASSIFIED 60 Day Cyber Review Building Capacity for a Digital Nation Promote

526 views • 14 slides
Cybersecurity research and education: Helping meet the high demand for cybersecurity experts

Cybersecurity research and education: Helping meet the high demand for cybersecurity experts

West Virginia University Cybersecurity research and education: Helping meet the high demand for cybersecurity experts Katerina Goseva-Popstojanova Professor Lane Department of Computer Science and Electrical Engineering (LCSEE) West

538 views • 21 slides
Welcome Clients of Mariner Wealth Advisors Cybersecurity Education Series Email Security

Welcome Clients of Mariner Wealth Advisors Cybersecurity Education Series Email Security

Welcome Clients of Mariner Wealth Advisors Cybersecurity Education Series Email Security Practices & File Encryption Content provided by Presenter: Ray Cool, CEO PBSI Technology Solutions Webinar will begin at 10:00 Page 1 Series Goals

551 views • 20 slides
Welcome Clients of Mariner Wealth Advisors Cybersecurity Education Series Password Management

Welcome Clients of Mariner Wealth Advisors Cybersecurity Education Series Password Management

Welcome Clients of Mariner Wealth Advisors Cybersecurity Education Series Password Management & Public Wi-Fi Security Content provided by Presenter: Ray Cool, CEO PBSI Technology Solutions Webinar will begin at 10:00 Page 1 Series Goals

392 views • 18 slides
Cybersecurity, Phishing, and MFA for VPN Irwin Gaines Report to UEC Dec 7 2018 Rebranding

Cybersecurity, Phishing, and MFA for VPN Irwin Gaines Report to UEC Dec 7 2018 Rebranding

Cybersecurity, Phishing, and MFA for VPN Irwin Gaines Report to UEC Dec 7 2018 Rebranding of former computer security team We are now the Cybersecurity team All communication to cybersecurity@fnal.gov (including incident reports,

911 views • 36 slides

More recommend