Lance Spitzner www.securingthehuman.org facebook.com/securethehuman @securethehuman
1 in 251,800,000 Source: http://www.bookofodds.com/content/view/full/252163
1 in 112,000,000 Source: http://www.bookofodds.com/content/view/full/248157
The Human Risk People underestimate risks on the Internet – They feel they are in control – Impact is often not seen – Combine this with the fact the Internet makes it simple to spoof things victims trust
Targeting You You and your organization is specifically targeted – Advanced Persistent Threat (APT) – Insider Threat – Hactivisim
Targeting Everyone • Primary motive is money (ROI) • Fraud, identity theft, and extortion always existed • Internet simply makes crime highly profitable with minimal risk/effort • The more people criminals hack, the more money they make
Social Engineering • Not a technical attack, it is a psychological attack that leverages technology • Most human based attacks involved social engineering • Hotel room example
Social Networking Sites Social networking websites became a breeding ground for social engineering attacks – London mugging – Malicious messages/links – Used by APT to learn about and target individuals within an organization
Phone • E-mail filtering and other security technologies becoming more effective • Bad guys bypass these by calling people directly • The classic “Microsoft Support” attack
Protecting Yourself • You Are The Target • Passwords • Social Engineering • Mobile Devices • Email & Messaging • Hacked • Social Media
You Are the Target • Most people do not realize they are a target. Never forget you, your devices and your information have tremendous value to many different people. • By taking some basic steps, you can continue to safely use the latest in technology.
Social Engineering • Social engineering is the foundation of most human based attacks • These type of attacks will always be evolving and changing
E-mail & Messaging • Infected attachments • Malicious links • Scams • Messaging
Social Media • Ultimately there is no privacy on social media, assume anything you post your mom or boss will eventually read • Scams and attacks are prevalent • Do not post work related information
Passwords • Passphrases • Use passwords / passphrases securely – Use different passwords for different accounts (password manager) – Always use VPN when logging into your computer away from the office – Do not share with anyone – The dangers of questions as passwords – Two-step verification
Mobile Devices • Use PIN and encryption to protect phone • Be careful when downloading apps • Update OS and apps • Don’t trust SMS messages
Hacked Security is not just about preventing attacks but also detecting and responding. The sooner an incident is reported, the more you can mitigate the impact – Happens to everyone – Things to look for – Whom to report to
Summary • You are a target. • By taking some basic steps you can protect yourself and your family.
Resources • OUCH! free monthly security awareness newsletter • Posters & presentations www.securingthehuman.org/resources
Recommend
More recommend
