1 / 29

Common Cyber Security Myths An Update on Cyber Security

Discover the shocking realities of cybercrime and its impact on businesses. Learn about prevalent cybersecurity issues, emerging trends, and effective measures to protect your organization. It's time to take action!

nikkij
Download Presentation

Common Cyber Security Myths An Update on Cyber Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Common Cyber Security Myths An Update on Cyber Security

  2. Inconvenienttruths… 230,000 new malware samples collected daily 43 percent of all attacks target small businesses Since 2013, 2,645 digital records stolen every minute of every day 3 of 4 healthcare providers infected with malware in past 12 months $100,000,000,000 stolen since 2012 Cybercrime is the greatest threat to every company in the world it.troy.edu/security

  3. Prevalence of Cybersecurity Issues • 2017 – Almost 160,000 documented incidents and 2,200+ confirmed data breaches – double the documented incidents in 2018 • Ten vulnerabilities accounted for 97% of all documented exploits • The remaining 3% consist of over 7,000,000 different vulnerabilities, some dating to 1999 • Average cost per stolen record: $148.00; almost half of 2018; yet cost of data breach is up 6.4% • 134,000 security incidents were related to Ransomware • Average breach time is less than two minutes • 13% response to Phishing attempts – 10% less than 2018; however volume increased by 400% it.troy.edu/security

  4. Cybersecurity Trends • Specificity of targets have increased since 2005 • Casting a wider net, with a directed approach • Users continue to be a major source of problems • 73% of successful attacks are attributed to user problems • 42% of successful attacks result from misconfigured systems • 31% of successful attacks result from end-user error • Poor security awareness and IT product management • 99.9% of the exploited vulnerabilities in 2017 had associated patches that were over 1 year old • Awareness campaigns are often poorly designed and lack “teeth” • 96% of mobile malware targets Android devices it.troy.edu/security

  5. “Are you sure?” it.troy.edu/security

  6. Users, users everywhere it.troy.edu/security

  7. Cloud, you say? it.troy.edu/security

  8. The bad actors find success… it.troy.edu/security

  9. Data classification matters it.troy.edu/security

  10. Measures that affect breach costs it.troy.edu/security

  11. It’s Time to Act. Now! it.troy.edu/security

  12. Myth #1 – It Won’t Happen to Me! • Common misconception • Small doesn't mean overlooked • We don’t store anything significant • All of my stuff is stored in “the cloud” • I can recover with backups… • Small businesses suffer the majority of attacks – • Healthcare and Retail are most popular it.troy.edu/security

  13. They are already in… it.troy.edu/security

  14. Cybersecurity Trends – Small Businesses it.troy.edu/security

  15. Myth #2 – Hackers are geniuses from over there… it.troy.edu/security

  16. Myth #2 – Hackers are geniuses from over there… Honestly, who cares? it.troy.edu/security

  17. Myth #3 – “I’d never click on that” Email provides direct access to the most vulnerable part of the of the network: Users it.troy.edu/security

  18. “Are you sure?” 92.4% of all malware is delivered via email Fake invoices are the #1 disguise for distributing malware BEC scams cost businesses $676 million in 2017 it.troy.edu/security

  19. “Are you sure?” Common file type attachments for delivery of malware it.troy.edu/security

  20. “Are you sure?” Common phishing lures vs successful click rates it.troy.edu/security

  21. “Are you sure?” Common phishing lures vs successful click rates it.troy.edu/security

  22. What’s Hot? • Social Engineering – Phishing, Spear-Phishing • Wifi Hijacking and Impersonation • Cloud attacks • Ransomware • Poor patching practices • Close loop on poor HR processes – know who’s in, and who shouldn’t • Regulatory – FERPA, PCI, GLBA, HIPAA, EUGDPR, NIST 800 it.troy.edu/security

  23. How? • Patch Management – Secunia, SCCM, WSUS • Whitelisting, Remove local admin • Better A/V – Cylance, next gen enduser protection • Mandatory Encryption • Security Response Team • External Audits • Close the HR loop • NAC with onboarding • Multi-factor authentication • Lateral Movement – exfiltration – watch the logs - CnC • Recursive DNS – create blackhole routing paths • Mandatory password expiration – Does it work? • Network Segmentation, no, Segregation – VPN internally • Mandatory Security Training – Secure the Human – SANS • Phishing – phish yourselves, Phish.Me, Metasploit it.troy.edu/security

  24. Ransomware 1. Are you training users on the dangers of phishing? 2. Do you back up your business data regularly? 3. Do you have anti-phishing email security? 4. Have you deployed endpoint security with specific ransomware protection?5. Are your mobile devices secure?6. Do you have a patch management policy? it.troy.edu/security

  25. Time to panic it.troy.edu/security

  26. Time to panic it.troy.edu/security

  27. Quick tips it.troy.edu/security

  28. I’m just curious… it.troy.edu/security

  29. W. Greg Price, PhD wgprice@troy.edu

More Related