NCTSSD Cyber Security Stand-Down Training

• Discuss who needs Cyber Security
• Types of Network threats
• Cyber Security impacts
• Demystification of Cyber Security

Threats

Network Attacks

Malware

Do you know what was in that cool little photoblogging app you installed Tuesday?

It was a Trojan.

Social Engineering

10% are lying...

One of the more common methods of spreading malware on the Internet is through social engineering. Most malicious activity is often successful because users are deceived into believing it is legitimate. Exploitation by social engineering is extremely lucrative and is bound to significantly increase in the mobile market...

A criminal act of attempting to manipulate a victim into providing sensitive information by masquerading as a trustworthy entity.

This is a well established, significant cyber threat, and mobile devices provide unique opportunities for phishing.

Types of Social Engineering:

• PHISHING
• VISHING
• SMISHING

Leverages voice communications primarily. This technique can be combined with other forms of social engineering that entice a victim to call a certain number and divulge sensitive information. Vishing exploits the public's trust in telephone services.

With vishing, fraudsters call multiple phone numbers at once, hoping for unsuspecting victims to pick up the phone. Upon answering, a recorded message instructs you to call in response to fraudulent activity within a bank or credit card account. Once you call in, you’re instructed to enter sensitive numbers on the keypad.

Smishing – phishing in the form of a text message to your mobile phone. (The term “smishing” comes from the idea of SMS phishing.) In this form of phishing fraud, you receive a text message directing you to call or visit a website to confirm or enter personal info.

It's more than casual

It can be professional

Corporate and national espionage takes the path of least resistance. Serious opponents will find a way to get you to give them what they want

You won't even know it happened

Social Networks for Dummies...

Social media provides a wealth of information that can be used against you...

Mobile Phones

Impacts

• Intellectual property
• Corporate data
• Revenue losses
• fines & recovery efforts

Veterans administration

TD Ameritrade

Fidelity

Visa

TJ Maxx

Choicepoint

Should I worry?

Yes.

Security Tools

Who needs CyberSecurity?

Enabling Objectives:

Cyber Security

Awareness Training

N53 Information Assurance

Businesses

CyberSecurity Demystified

CyberSecurity is good business

Individuals

The Art and Science of Secret Communication

Cryptography

Main cyber losses

Lasting Effects

Personal

Financial

• Employment
• Financial
• Safety
• Health

Digital Signature

Cyber risk is of great concern to global enterprises. 42 percent rank it their top concern, more than natural disasters, terrorism and traditional crime.

Mathematical scheme for demonstrating the authenticity of a digital message or document

DNS Poisoning

A method of determining if a person is who they say they are

Authentication

Hacking

Government

Where will it send your data today?

Security Concepts

Denial of Service

Physical Crime has never been stopped, why would electronic crime be any different?

Eavesdropping

Encryption

IP Spoofing

Encoding information so that it cannot be read by anyone without access to the key

Reputational impacts

National Interests

Ping of Death

Confidentiality ensures information is not available to unauthorized recipients

Reputation

Strategic

Confidentiality

• Damage to firm's brand
• Negative publicity
• Customer relationships
• Suppliers
• Employees
• Invitation to Regulation

• Diplomatic
• Communications
• Critical Infrastructure
• Banking System
• Legislative, Judicial & Executive
• Military & Intelligence

2007 cyber attacks on Estonia

• Government websites
• Political parties
• News organizations
• Communications firms
• Banks

Access Control

The ability to selectively control who has access to given information or systems

Today, someone in Uzbekistan owns your Personal Information

Spyware

backdoors

dialers

rootkits

keyloggers

viruses

Malware

URL Injectors

Trojans

worms

exploits

adware

Done right, Cybersecurity is a high value, high margin growth business with high barriers to entry

Has it happened to you?

90% admit to looking at others displays

Disk Encryption

Access Control

Firewall

VPNs

Audit

Anti-Virus

Intrusion Protection

Consider how much important information you carry on your phone

It can all be easily stolen from your phone

iPhones, Blackberries, other smartphones

It may be everything that is important

passwords

contracts

email

contacts

schedule

business plans

personal issues

revenue forecast

Consider how much important information you carry on your phone

Protect your screen too!

Your security spending is wasted if anyone can just look over your shoulder

Is all hope lost? No

N53

Information Assurance

Steps to Protect Yourself

• Identify important processes and info
• Prioritize
• Get professional IT Security support
• Spend real money on real threats
• Review periodically, top-down

• Take it seriously, but be pragmatic

What should I do?