Presentation is loading. Please wait.

Presentation is loading. Please wait.

THINK BEFORE YOU CLICK! Cyber Security is everybody’s responsibility Don Winaker Network Security Manager

Published byAllie Burley Modified over 9 years ago

Similar presentations

Presentation on theme: "THINK BEFORE YOU CLICK! Cyber Security is everybody’s responsibility Don Winaker Network Security Manager"— Presentation transcript:

1 THINK BEFORE YOU CLICK! Cyber Security is everybody’s responsibility Don Winaker Network Security Manager dwinake1@jhu.edu

2 We know what those thieves are after. But Johns Hopkins isn’t a store or a bank. What would people want to steal from us?

3

4

5 Johns Hopkins has technology in place that deflects many attacks 84.2% of all incoming email messages are dropped due to SPAM, viruses, phishing, etc. Inbound network connections blocked due to malware* Per Day: 4,000,068 Per Hour: 166,669 Per Second: 46 Per Day: 88,405 Per Hour: 3,684 Per Second: 1 Unauthorized attempts to access our internal networks blocked Per Day: 75,545,460 Per Hour: 3,147,727 Per Second: 874 Outbound network connections blocked due to malware* Per Day: 882,310 Per Hour: 36,763 Per Second: 10

6 Technology is great and has made our lives and jobs easier, but … Technical Tools Can’t reason or exercise judgment Can only detect broad trends Must quickly sort through more than 2 billion daily events Have to be configured, monitored, and maintained by … people! Technology can provide prevention and detection

7 Is this enough ? What is Johns Hopkins Network Security doing today ?  Extensive Deployment of Cisco Firewalls  Automated Blacklisting  Nessus Vulnerability scanning  Sourcefire Intrusion Detection and Prevention systems installed  JWatch – Intel Security incident and Event Management  LanCope – network traffic flow monitoring

8 People are the first and most important line of cyber defense Humans Can make connections between different pieces of information that don’t seem related but indicate a trend Can recognize when seemingly normal behavior just doesn’t look or sound quite right Can adapt quickly to new information and emerging attacks and threats Provide a principal preventive control Technology can’t do it all

9 People hold the keys to the kingdom What are the most common types of attack? Social Engineering Phishing Malware If you know where to look and have the right level of access, vast amounts of information are available with just one click

10 How do cyber criminals try to get information from us? SOCIAL ENGINEERING Type of confidence trick or con job Uses psychological manipulation to trick people to bypass normal security procedures Often relies on natural helpfulness of people One step in a more complex fraud scheme From 2009-2011, 48% of large businesses suffered attacks costing between $25,000-$100,000 per incident

11 How do cyber criminals try to get our login credentials? PHISHINGSPEAR PHISHING Often sent in an email Pretends to be from an official source Directs users to enter credentials into a fake web site Warn or threaten of consequences for failure to act Targeted phishing attack Attacker has specific target in mind Uses details about the target to sound more legitimate May present a problem and try to elicit sympathy and get a helpful response

12 Be skeptical when you read email How can you tell if it’s phishing? Asks you to reply to an email or go to a web site and enter in personally identifiable information Asks you to click a link to install software (malware) Directs you to a URL that is not a Johns Hopkins address (but might look like one) or starts with an IP address Creates a sense of urgency by warning or threatening that something bad will happen if you don’t comply Is badly written, including misspelled words or poor grammar

13 Phishing email examples Phishing email examples

14 If you never fall for a phishing attack then you are safe, right? MALicious SoftWARE Gets installed on your system and performs unwanted tasks Designed to disrupt, damage, steal information, take control, create bots Many different types: ◦Virus and worm (infectious) ◦Rootkit, Trojan Horse, Backdoor (RAT – remote access tool) ◦Keylogger, Spyware (steal information) ◦Ransomeware (extortion) ◦Dialer, Adware (generate funds) ◦Hybrids and variations

15 You could usually avoid malware if you were careful with your email

16

17 But not anymore 90% of malware comes from web browsing today – only 6% comes from email The biggest threat to corporate networks is employees clicking on infected web pages A 'drive-by-download' attack is a malware delivery technique that is triggered just because you visited a website. You don’t need to click or accept any software, and the malicious code can download in the background to your device.

18 Anatomy of the NBC.com Infection Drive-by download attack One of the top 600 most popular web sites on the Internet – Law of Large Numbers Used the RedKit exploit kit to look for vulnerable versions of Adobe Reader, Acrobat, Java Vulnerable computers were infected with malware: ◦Citadel (spyware) targets financial account details ◦ZeroAccess (adware) generates fake pay-per-view revenues for botnet controllers or their clients This version of Citadel was at the time only recognized by 3 out of the 46 antivirus programs on virustotal.com

19 McAfee Labs catalogs 100,000 new malware samples every day - 69 new pieces of malware a minute!

20 But I’m safe since I only visit legitimate web sites! Number of unsafe websites detected by Google Google blocks 10,000 per day, and 42,000 new malware sites are detected each week

21 Mainstream Websites More Likely to Harbor Malware 1. Blogs 19.8% 2. Web hosting 15.6% 3. Business and economy 10% 4. Shopping 7.7% 5. Education and reference 6.9% 6. Technology, computer, Internet 6.9% 7. Entertainment and music 3.8% 8. Automotive 3.8% 9. Health and medicine 2.7% 10. Porn 2.4% Top 10 Infected Web Site Types 80% are legitimate sites 2013 Cisco Annual Security Report

22 Malware Bottom Line Keep application and operating system patches up-to-date Don’t click on unknown links or attachments Don’t trust sites that ask for your cell phone number or require you to create a login account Keep anti-virus/anti-spyware up to date

23 The internet is overwhelmingly a power for good It provides cheap and easy access every moment of every day to vast amounts of information and entertainment, and it is transforming the nature of government and commerce. However …

24 You hold the keys to the kingdom THINK BEFORE YOU CLICK! Cyber Security is everybody’s responsibility

25 Questions? Don Winaker Network Security Manager dwinake1@jhu.edu

Download ppt "THINK BEFORE YOU CLICK! Cyber Security is everybody’s responsibility Don Winaker Network Security Manager"

Similar presentations

How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
Wichita Public Library Rex Cornelius Electronic Resources Webliography online at:

Wichita Public Library Rex Cornelius Electronic Resources Webliography online at:
Challenges In The Morphing Threat Landscape Apr 2011, Arnhem Tamas Rudnai, Websense Security Labs.

Challenges In The Morphing Threat Landscape Apr 2011, Arnhem Tamas Rudnai, Websense Security Labs.
Let’s Talk About Cyber Security

Let’s Talk About Cyber Security
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via

What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
AVG- Protecting those who are vulnerable.  Free Anti-Virus Software ◦ J.R. Smith President of AVG oversees a lineup of antivirus products used by 110.

AVG- Protecting those who are vulnerable.  Free Anti-Virus Software ◦ J.R. Smith President of AVG oversees a lineup of antivirus products used by 110.
Threats To A Computer Network

Threats To A Computer Network
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
LittleOrange Internet Security an Endpoint Security Appliance.

LittleOrange Internet Security an Endpoint Security Appliance.
INFORMATION SECURITY AWARENESS PRESENTED BY KAMRON NELSON AND ROYCE WILKERSON.

INFORMATION SECURITY AWARENESS PRESENTED BY KAMRON NELSON AND ROYCE WILKERSON.
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.

Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.
Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.

Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.

Similar presentations

Ads by Google