Presentation is loading. Please wait.

Presentation is loading. Please wait.

UNIVERSITY Common Cyber Security Myths An Update on Cyber Security.

Published byせとか こやぎ Modified over 5 years ago

Similar presentations

Presentation on theme: "UNIVERSITY Common Cyber Security Myths An Update on Cyber Security."— Presentation transcript:

1 UNIVERSITY Common Cyber Security Myths An Update on Cyber Security

2 it.troy.edu/security

3 Equifax suffered another breach (sarcasm)
During the minute… last 45 new viruses emerged 200 new malicious websites launched 180 identities stolen 5,000 new versions of malware created $2,000,000 lost Equifax suffered another breach (sarcasm) it.troy.edu/security

4 of Cybersecurity Issues
Principles of Effective Cybersecurity Prevalence of Cybersecurity Issues 2016 – Almost 80,000 documented incidents and 2,100+ confirmed data breaches Ten vulnerabilities accounted for 97% of all documented exploits The remaining 3% consist of over 7,000,000 different vulnerabilities, some dating to 1999 Average cost per stolen record: ~ $200.00 Since 2005, 4,500+ data breaches have been announced Average breach time is less than two minutes 23% response to Phishing attempts it.troy.edu/security

5 Principles of Effective Cybersecurity
Cybersecurity Trends • Specificity of targets have increased since 2005 • Casting a wider net, with a directed approach • Users continue to be a major source of problems • 73% of successful attacks are attributed to user problems • 42% of successful attacks result from misconfigured systems • 31% of successful attacks result from end-user error • Poor security awareness and IT product management • 99.9% of the exploited vulnerabilities in 2016 had associated patches that were over 1 year old • Awareness campaigns are often poorly designed and lack “teeth” • 96% of mobile malware targets Android devices it.troy.edu/security

6 Attacks and Incidents it.troy.edu/security

7 Small doesn't mean overlooked We don't store anything significant
Principles of Effective Cybersecurity Myth #1 – It Won’t Happen to Me! Common misconception Small doesn't mean overlooked We don't store anything significant All of my stuff is stored in "the cloud" My wife's cousin's son is really smart Small businesses suffer the majority of attacks - However, colleges remain a prime target it.troy.edu/security

8 They are already in… it.troy.edu/security

9 Cybersecurity Trends – Small Businesses, Colleges
Principles of Effective Cybersecurity Cybersecurity Trends Small Businesses, Colleges it.troy.edu/security

10 Myth #2 – Hackers are geniuses from over there…
Principles of Effective Cybersecurity Myth #2 Hackers are geniuses from over there… it.troy.edu/security

11 Myth #2 – Hackers are geniuses from over there…
Principles of Effective Cybersecurity Myth #2 Hackers are geniuses from over there… it.troy.edu/security

12 Myth #3 – “But I bought that thingy…”
Principles of Effective Cybersecurity Myth #3 “But I bought that thingy…” it.troy.edu/security

13 “Are you sure?” Principles of Effective Cybersecurity
it.troy.edu/security

14 Attacks and Incidents it.troy.edu/security

15 • Regulatory – FERPA, PCI, GLBA, HIPAA, EUGDPR,
Principles of Effective Cybersecurity What’s Hot? • Social Engineering – Phishing, Spear-Phishing • Wifi Hijacking • Side-Jacking • Ransomware • Poor patching practices • Close loop on poor HR processes – know who’s in, and who shouldn’t • Regulatory – FERPA, PCI, GLBA, HIPAA, EUGDPR, NIST 800 it.troy.edu/security

16 Five major areas of concern Principles of Effective Cybersecurity
it.troy.edu/security

17 Lateral Movement – exfiltration – watch the logs - CnC
Principles of Effective Cybersecurity How? Patch Management – Secunia, SCCM, WSUS Whitelisting, Remove local admin Better A/V – Cylance, Carbon Black SIEM – Splunk, Alien Vault, Qradar, OpenSource Security Response Team External Audits Close the HR loop NAC with onboarding Encryption – MBAM Lateral Movement – exfiltration – watch the logs - CnC Recursive DNS – create blackhole routing paths Mandatory password expiration – REACT, NO! Complex Network Segmentation, no, Segregation – VPN internally Mandatory Security Training – Secure the Human – SANS Phishing – phish yourselves, Phish.Me, Metasploit it.troy.edu/security

18 In the media… Principles of Effective Cybersecurity
it.troy.edu/security

19 Are you training users on the dangers of phishing?
Principles of Effective Cybersecurity Ransomware 1. 2. 3. 4. Are you training users on the dangers of phishing? Do you back up your business data regularly? Do you have anti-phishing security? Have you deployed endpoint security with specific ransomware protection? 5. 6. Are your mobile devices secure? Do you have a patch management policy? it.troy.edu/security

20 From a malformed domain/sender Came a faux message (phishing)
Principles of Effective Cybersecurity Well From an message From a web scrape From a malformed domain/sender Came a faux message (phishing) ~ 68% open rate, 16% visit URL it.troy.edu/security

21 In the media… Principles of Effective Cybersecurity
it.troy.edu/security

22 In the media… Principles of Effective Cybersecurity
it.troy.edu/security

23 Principles of Effective Cybersecurity
Quick tips it.troy.edu/security

24 Protecting Today's Kids Online - Security Awareness Video

25 W. Greg Price, PhD wgprice@troy.edu Cyber Security
C 0 it.troy.edu/security/ �troy.edu Q. Search C• Logout 9 System Notice Information Technology Security Cyber Security Troy University Cyber Security works with campus divisions to identify, deter and thwart attacks on campus IT resources and data. We endeavor to educate users about cyber threats, and ensure compliance with information security laws and policies. We invite you to review our resources and to offer feedback for improvement. Your participation in our efforts will foster greater success in protecting Troy's resources. W. Greg Price, PhD

26 Principles of Effective Cybersecurity
it.troy.edu/security

27 Principles of Effective Cybersecurity
it.troy.edu/security

28 Principles of Effective Cybersecurity
it.troy.edu/security

29 Principles of Effective Cybersecurity
it.troy.edu/security

30 Principles of Effective Cybersecurity
it.troy.edu/security

31 Principles of Effective Cybersecurity
it.troy.edu/security

32 Principles of Effective Cybersecurity
it.troy.edu/security

33 Principles of Effective Cybersecurityv
it.troy.edu/security

Download ppt "UNIVERSITY Common Cyber Security Myths An Update on Cyber Security."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
Security for Today’s Threat Landscape Kat Pelak 1.

Security for Today’s Threat Landscape Kat Pelak 1.
IDENTITY THEFT ARE YOU SAFE?. HOW DOES THIS HAPPEN TO ME? Internet “Security “ When using a public computer, never access any vital accounts like banking.

IDENTITY THEFT ARE YOU SAFE?. HOW DOES THIS HAPPEN TO ME? Internet “Security “ When using a public computer, never access any vital accounts like banking.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Steering Committee CSRIC Working Group 2A Cyber Security Best Practices October 7, 2010.

Steering Committee CSRIC Working Group 2A Cyber Security Best Practices October 7, 2010.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
InformationWeek 2014 Strategic Security Survey Research Findings © 2014 Property of UBM Tech; All Rights Reserved.

InformationWeek 2014 Strategic Security Survey Research Findings © 2014 Property of UBM Tech; All Rights Reserved.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.

Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.
01110000011100100110100101101111011100100110100101110100011110010010000001100 10001100001011101000110000101110000011100100110100101101111011100100110100101.

CCT355H5 F Presentation: Phishing November 22. 2012 Jennifer Li.

CCT355H5 F Presentation: Phishing November Jennifer Li.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Frontline Enterprise Security

Frontline Enterprise Security

Similar presentations

Ads by Google