WBA Secur-IT Conference The Art of Human Hacking “You can trust me.”
WHAT ARE THE EFFECTS? The global cost of cybercrime will reach $6 trillion by 2021, twelve times increase from the 2016 estimate of $450 billion. May only be tip of the iceberg. Of the 419 organizations surveyed that suffered at least one breach in 2016, the average cost per breach was $3.62 million. That figure rose to $7.35 million in the U.S. Cost per record stolen averages $141 globally, but tops $225 in the U.S. More than 4.2 billion records were exposed in 4,149 publicized breaches The costs per breach to organizations in the health care ($380) and financial services ($245) sectors top all other industry groups. 50 percent of small and midsized organizations reported suffering at least one cyberattack in the last 12 months. The average cost of a data breach involving theft of assets totaled $879,582 for these SMBs. They spent another $955,429 to restore normal business in the wake of successful attacks. 57% of businesses say finding and recruiting talented IT security staff is a large challenge
WHO ARE THE VICTIMS? Incidents of confirmed data loss: 24% of incidents affected financial organizations 10% of incidents affected the accommodations industry 5% of incidents affected the information industry - 2017 Data Breach Investigations Report , Verizon
You may be thinking: DOES THIS REALLY AFFECT US?
WHY US? Small town, big trust.
You may be thinking: HOW DO WE PROTECT OURSELVES?
DEFENSE IN DEPTH MCCUMBER CUBE The use of people, process, and technology to ensure the confidentiality, integrity, and availability of information while it is transmitted, stored, and processed.
Every con artist needs a game plan. TALKING STRATEGY
“Social engineering uses influence and persuasion to deceive people by convincing them that the social engineer is someone he is not, or by manipulation. As a result, the social engineer is able to take advantage of people to obtain information with or without the use of technology.” – Kevin Mitnick, Notorious Hacker and Author of The Art of Deception
“The weakest link in the security chain is the human element .” “..in more than half of his successful network exploits he gained information about the network, sometimes including access to the network, through social engineering .” -Kevin Mitnick, Notorious Hacker and Author of The Art of Deception
THE BIG THREE 1) In-Person 2) Email 3) Phone
IN-PERSON METHODS
Video. Step on up. WALK RIGHT IN
I belong here. WALK WITH A PURPOSE
I’m with this guy. TAILGATING
Free Stuff! BAITING
It’s mine now. DUMPSTER DIVING
Who, me? IMPERSONATION
I’d like a job please. SEEKING EMPLOYMENT
It looks fine to me. DEVICE MODIFICATION
Look what I found. MALICIOUS DEVICES
HOW CAN WE PREVENT THIS? • Security Awareness Training • Be Aware of the Environment • Clean Desk\Workspace Policies • Security Policy • Periodic Testing
EMAIL PHISHING
Your credentials are recorded and you are re- directed to Facebook’s homepage….Gotcha. YOU HAVE BEEN TAGGED!
HOW CAN WE PREVENT THIS? • Security Awareness Training • Security Policy • Periodic Testing
PHONE PHISHING
THEY’LL NEVER KNOW!
LET ME HELP YOU.
UNSOLICITED SALES
Only 112 left! Text You've been selected OUT to stop. for a free $1000 giftcard! Enter the code 'FREE' at yourfavestore.com.s hop.biz to get it now. SHORT MESSAGE SERVICE (SMS)
HOW CAN WE PREVENT THIS? • Security Awareness Training • Security Policy • Periodic Testing
CUI BONO? • For Whose Benefit • For What Purpose
REGULATORY REQUIREMENTS • Incident Response • Assessments • Training • Top Down Accountability
WINNING THE GAME Don’t Assume Anything Know Your Attacker Identify Your Weaknesses Lock Down and Secure Educate Your Employees Audit Your Network Understand Security is an Asset, not an Expense Subscribe to Security Alerts Cross Your Fingers Use Outside Resources Rinse, Lather, and Repeat
Questions?
VPS PROFILE We combine professional engineering, technical expertise and extensive regulatory knowledge to design the most technically advanced and economically viable solutions customized for our clients. Progressive thinking makes Vantage Point well-known and respected in the industry. At VPS we tailor each project to fit the individual needs of the client. With over 400 clients in more than 40 states and 8 foreign countries, VPS has the vast experience necessary to understand the best solution for any company.
OUR SERVICES Credit Reviews Vantage Point has professionals with credit review expertise to help with loan policy formation, underwriting, risk management, routine monitoring, and problem loan resolution. We will help you face the challenges of greater borrower sophistication, regulatory scrutiny, and a constantly changing economic environment. Regulatory Compliance & Risk Management Vantage Point has in-house regulatory expertise to help you face the challenges of increasing and more complex regulations affecting the financial industry. We will help you customize and streamline your programs and processes.
OUR SERVICES Information Security Vantage Point’s security consultants stay abreast of emerging IT risks to help you face the increasing challenge to stay current as business operations continue relying more heavily on electronic communication. Technology Vantage Point’s team can assist in making decisions about “cloud” strategies, network infrastructure, security and virtualization; ensuring business operations run smoothly on a daily basis.
THANK YOU!
Recommend
More recommend