Anthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa

Size: px
Start display at page:

Download "Anthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa"

Transcription

1 SECURING THE DIGITAL DIVIDE: COMBATING CYBERCRIME Anthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa

2 INTRODUCTION q Given modern societies increased reliance on borderless and decentralized information technologies, cyberspace has been identified as an easy target for organised criminals, hacktivists, governments themselves or even terrorist networks for the perpetration of a number of wide-ranging illegal activities not all purely criminal.

3 INTRO q nothing is hackproof with old cybersecurity models collapsing. q Information security has become an increasingly critical concern for organisations of all kinds.

4 q TRENDS - Exponential increase in sophistication of technologies - increased broadband capabilities - Improved wi-fi connectivity; - cloud computing (methods of data storage) - proliferation of & device mobility (of smartphones, tablets/i-pads and notebooks) - consumerisation (online shopping) - recourse to unsecured social media sites - implementation of flexi-work or bring-your-owndevices (BYOD) to work mean that more people are accessing an organisation s applications and data from more places and in more ways than ever before

5 VULNERABILITIES q A further vulnerability to information security systems has been that posed by the so-called insider threat. q All of these new trends has led to an increase in cybersecurity vulnerabilities and created even more opportunities for cybercriminals to exploit.

6 CYBERSPACE q But the digital environment has no international boundaries and the needed measures for combating cybercrime are all in the realm of cybersecurity q The very essence of cyberspace is its unfettered and open nature that is essentially uncontrollable.

7 CYBERTHREATS q Faced with increasingly sophisticated attacks from gangs of cybercriminals and foreign governments probing systems for sensitive data, threats frequently go undetected for days, weeks, and even months. q It is not just financial data being stolen. Terrorists and rogue governments may steal confidential data, including intelligence information, that exposes a country and its citizens to potential harm.

8 NEW THREATS q Unfortunately, the traditional fortress approach no longer suffices. Firewalls, intrusion detection systems and other security devices can stop the average hacker, but new threats use stealth techniques that these defences cannot detect on their own

9 BASIC STRATAGEM q Electronic online approach to a potential victim: e- mail phishing scam q designed to lead a recipient/s to counterfeit websites that aim to trick them into divulging financial data such as account usernames and passwords or credit card details. These s look like they come from trusted sources, such as banks or legitimate companies. q Phishing s typically request that users click on a link ( hyperlink ) in the which will direct users to a spoofed website, where they need to confirm login and other account security information, etc.

10 THEFT OF DIGITAL CERTIFICATES q Digital Certificates (DCs) system is intended to verify the authenticity of a particular website & connection to site is encrypted can t be monitored by outsider q By stealing digital certificates from companies that have the power to issue them, hackers can create fake credentials that allow someone to snoop on Internet connections that appear to be secure q or trick internet users into thinking they were safely connected to a familiar site, while eavesdropping on their online activity and/or steal information for fraudulent use, blackmail, ransom, industrial espionage, etc.

11 ADVANCES IN THE SCIENCE OF HACKING q the art of hacking and the techniques used to access information databases is the cornerstone of all cybercrime and allied illegal cyber activities q Hacking is the deliberate planting of viruses; hacking into databases and stealing sensitive information; or disrupting and destroying network systems. They do this by bypassing the technical systems (upgrades, security kits and high-end encryption of firewalls). q However, gaining network access often means tricking someone into helping an unauthorised person to gain access to IT systems and networks. They therefore prey on the weakest link in a security system the human being by exploiting human vulnerabilities such as ignorance, naiveté, and possibly an individual s own greed, i.e. through bribery and corruption.

12 CYBERATTACKS AND MALWARE q Hackers typically take advantage of system vulnerabilities and software bugs or hacker-installed backdoors that allow a malicious code (malware malicious software programme) to be installed on computers without the owners' consent or knowledge. q Botnets network of individual computers infected with malware are then turned into so-called zombies used as remote attack tools under the control of a hacker q Once such botnets have been set up they are then used and manipulated (leveraged) in order to orchestrate a concerted attack against other computing resources the so-called distributed denial of service - DDoS attack

13 CRIMEWARE/SPYWARE q Spyware uses viruses and/or Trojans to install programmes called key loggers on your computer. Key loggers can be installed as simply as running an attachment that installs the software on a computer. q This spyware then uses the installed key logging system to intercept consumers keystrokes on the device keyboard and capture and send back information q this collected information can include online account user names and passwords and other information including credit card numbers and bank account details

14 DISTRIBUTED DENIAL OF SERVICE ATTACKS q A DDoS attack is a method an attacker uses to deny access for legitimate users of an online service. An attacker, having built themselves a botnet of zombies sends bogus traffic to a site. If the attacker sends enough traffic, legitimate users of a site cannot be serviced, i.e. a denial of service occurs q If the attackers have enough computing resources at their disposal, they can direct enough traffic to overwhelm the target s bandwidth. q DDoS attacks simply flood the network and servers to such an extent that they can no longer process legitimate network traffic because the attacks have saturated the network connectivity of the target it crashes which allows hackers to enter network system databases to steal the stored information

15 BYO(mobile)D to work vulnerabilities q There are also electronic information storage database vulnerabilities linked to mobile devices and the growing practice of bring-your-own-device (BYOD) to work. Mobile devices (notebooks, smartphones and tablets/i-pads) are small and valuable. q Increasingly they are becoming a target of theft, not just for the device itself but also for the information stored on them.

16 BYO(mobile)D to work vulnerabilities q Mobile applications rely increasingly on a browser function, which in itself presents unique challenges to security in terms of usability and scale. q Mobile devices, as information storage devices, allow cyber-attackers to use use SMS, and mobile Web browsers to launch an attack, then silently record and steal data

17 BYO(mobile)D to work vulnerabilities q Mobile phones can facilitate attacks on otherwise pro-tected systems, i.e. when downloading data to a company network or office PC/laptop. q Mobile browsers are more susceptible to attacks launched just by touching the display or pop-up when connecting to the internet web. q Furthermore, unlike network computer systems, mobile devices do not commonly receive patches and security updates.

18 BYO(mobile)D to work vulnerabilities q Keyboards are hard to use or non-existent on phones and tablets. This often results in the owner/user autosaving their passwords for and virtual private network (VPN) access-passwords. q If the device got into the hands of a cybercriminal it could open up an organisation s or company s information and other resources to anyone who takes possession of such mobile device. q For these reasons, the security techniques that work for desktops and PCs are not enough for mobile devices a major vulnerability these days in protecting and securing stored organisational information.

19 CYBERSECURITY COUNTERMEASURES q Cybersecurity defensive or preventative measures include such techniques and information protection software as intrusion protection systems (IPS); preemptive blocks, blacklisting; hunting within networks (actively searching for insiders and other adversaries or malware); passive and active intelligence (including law enforcement) employed to detect cyberthreats; and/or actions to temporarily isolate a system engaged in hostile cyber-activities. q So-called offensive countermeasures (as opposed to purely defensive strategies) might include electronic jamming or other negation measures intended to disrupt an adversary's cyber-capabilities during the execution of the latter s cyberattack

20 IMPLEMENTING ORGANISATIONAL CYBSERSECURITY Installation of specialised on-premises equipment q Instead of relying on existing firewalls (which cannot resist a powerful DDoS attack) individual organisations/companies need to purchase dedicated DDoS mitigation appliances and deploy them in their IT/data centre q These are specialised hardware devices that are connected in front of their normal servers and routers and are specifically built to detect and filter the malicious traffic.

21 MAJOR PROBLEM q These detection devices also cannot handle huge volume attacks. This is to do with an organisation s existing bandwidth so these hardware appliances do not do any good when a cyberattack exceeds the organisation s network capacity

22 CYBERSECURITY PROVISION BY INTERNET SERVICE PROVIDER (ISP) q Some organisations and businesses use their ISP (i.e. the same network provider they get their bandwidth from) to provide network security against DDoS attacks. These ISPs usually have access to much more bandwidth than the organisation itself, and as such could then deal or deflect the big attack volumes of internet traffic.

23 MAJOR PROBLEM q ISPs are in the business of selling bandwidth so are not in the habit of investing unnecessarily the required capital and resources to stay ahead of the latest DDoS threats. q No cloud protection: ISPs simply cannot protect an organisation s traffic to and from these cloud services

24 CLOUD SECURITY PROVIDERS q These are the experts at providing network protection from the cloud against DDoS cyberattacks. This means they have developed massive amounts of network bandwidth capacity and DDoS mitigation capacity at multiple sites all over the Internet q can take in any type of network traffic (whether use is made of multiple ISPs, own data centre, any number of cloud information storage service providers, etc.), q Such cloud security providers typically scrub the internet traffic for a client and send the clean traffic back towards an organisation s information hub or data centre.

25 Use of term mitigation q one can never prevent a cyberattack but can only mitigate (lessen) its impact. q One of the ways to do that is to be constantly alert and utilise intrusion detection software. In other words the software programme will alert the security centre that a cyberattack (network intrusion) is underway. q The scale of impact is lessened therefore by the speed of the response or counterattack measures taken. This speed factor again requires expensive services such as 24/7 live or real time monitoring. q Often to break up or deflect a cyberattack a network security provider can instruct an organisation to immediately shutdown their server

26 ENTRY LEVEL RISKS AND VULNERABILITIES q The bottom line is that any network cybersecurity system is only as good as its weakest link. Simple passwords for a PC or mobile device for gaining access to an organisations network, LAN or intranet is simply no longer sufficient q There is a need for the implementation and use of additional cybersecurity measures, For example biometrics, e.g. fingerprint, voice, or even iris and/or facial recognition software on a computing device q But mobile devices (and of course human beings on the inside) remain the most vulnerable routes for hacker intrusions

27

Detailed Description about course module wise:

Detailed Description about course module wise: Detailed Description about course module wise: Module 1: Basics of Networking and Major Protocols 1.1 Networks and its Types. 1.2 Network Topologies 1.3 Major Protocols and their Functions 1.4 OSI Reference

More information

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft) 1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction

More information

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest DDoS Attacks: The Latest Threat to Availability Dr. Bill Highleyman Managing Editor Availability Digest The Anatomy of a DDoS Attack Sombers Associates, Inc. 2013 2 What is a Distributed Denial of Service

More information

Top tips for improved network security

Top tips for improved network security Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a

More information

OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875

OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 Understanding Information Security Information Security Information security refers to safeguarding information from misuse and theft,

More information

Head of Corporate Services

Head of Corporate Services ITEM 8 Report to Audit Committee 26 October 2016 Title: Report of: Cyber Crime Head of Corporate Services Purpose of Report 1. The purpose of this report is to inform the committee of the types of cyber-crime

More information

The Hidden Dangers of Public WiFi

The Hidden Dangers of Public WiFi WHITEPAPER: OCTOBER 2014 The Hidden Dangers of Public WiFi 2 EXECUTIVE SUMMARY 4 MARKET DYNAMICS 4 The Promise of Public WiFi 5 The Problem with Public WiFi 6 MARKET BEHAVIOR 6 Most People Do Not Protect

More information

Computer Crime and Cybercrime

Computer Crime and Cybercrime Computer crimes o Computer-based activities that violate the law s o Crimes perpetrated through the Internet o Many Web sites educate users about cybercrime and cybercriminals Cyberlaw o Area of law dedicated

More information

Multi-factor authentication

Multi-factor authentication CYBER SECURITY OPERATIONS CENTRE (UPDATED) 201 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL

More information

TLP WHITE. Denial of service attacks: what you need to know

TLP WHITE. Denial of service attacks: what you need to know Denial of service attacks: what you need to know Contents Introduction... 2 What is DOS and how does it work?... 2 DDOS... 4 Why are they used?... 5 Take action... 6 Firewalls, antivirus and updates...

More information

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Today s bank customers can perform most of their financial activities online. According to a global survey

More information

Don t Fall Victim to Cybercrime:

Don t Fall Victim to Cybercrime: Don t Fall Victim to Cybercrime: Best Practices to Safeguard Your Business Agenda Cybercrime Overview Corporate Account Takeover Computer Hacking, Phishing, Malware Breach Statistics Internet Security

More information

WEB PROTECTION. Features SECURITY OF INFORMATION TECHNOLOGIES

WEB PROTECTION. Features SECURITY OF INFORMATION TECHNOLOGIES WEB PROTECTION Features SECURITY OF INFORMATION TECHNOLOGIES The web today has become an indispensable tool for running a business, and is as such a favorite attack vector for hackers. Injecting malicious

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

E-Commerce Security and Fraud Protection CHAPTER 9

E-Commerce Security and Fraud Protection CHAPTER 9 E-Commerce Security and Fraud Protection CHAPTER 9 LEARNING OBJECTIVES 1. Understand the importance and scope of security of information systems for EC. 2. Describe the major concepts and terminology of

More information

Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.

Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA. Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA. What is Mobile Security? Mobile security is the protection of both personal and business information stored on and transmitted

More information

HAVE YOU EVER BEEN HACKED?

HAVE YOU EVER BEEN HACKED? HAVE YOU EVER BEEN HACKED? 90% of companies have been hacked 70% of attacks go undetected 60% of all small/med size businesses go out of business within 6 months of a data security breach 32% of computers

More information

Information Security Threat Trends

Information Security Threat Trends Talk @ Microsoft Security Day Sep 2005 Information Security Threat Trends Mr. S.C. Leung 梁 兆 昌 Senior Consultant 高 級 顧 問 CISSP CISA CBCP M@PISA Email: scleung@hkcert.org 香 港 電 腦 保 安 事 故 協 調 中 心 Introducing

More information

NATIONAL CYBER SECURITY AWARENESS MONTH

NATIONAL CYBER SECURITY AWARENESS MONTH NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the

More information

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord Building The Human Firewall Andy Sawyer, CISM, C CISO Director of Security Locke Lord Confidentiality, Integrity, Availability Benchmarks of Cybersecurity: Confidentiality Information is protected against

More information

Almost 400 million people 1 fall victim to cybercrime every year.

Almost 400 million people 1 fall victim to cybercrime every year. 400,000000 Almost 400 million people 1 fall victim to cybercrime every year. A common way for criminals to attack people is via websites, unfortunately this includes legitimate sites that have been hacked

More information

FraudAction Knowledge Delivery Anti-Phishing Service EMPLOYEE EDUCATION: SPEAR PHISHING, TROJANS, AND SOCIAL ENGINEERING

FraudAction Knowledge Delivery Anti-Phishing Service EMPLOYEE EDUCATION: SPEAR PHISHING, TROJANS, AND SOCIAL ENGINEERING FraudAction Knowledge Delivery Anti-Phishing Service EMPLOYEE EDUCATION: SPEAR PHISHING, TROJANS, AND SOCIAL ENGINEERING 2012 TABLE OF CONTENTS Why would a hacker target me at work?... 3 What kind of data

More information

COB 302 Management Information System (Lesson 8)

COB 302 Management Information System (Lesson 8) COB 302 Management Information System (Lesson 8) Dr. Stanley Wong Macau University of Science and Technology Chapter 13 Security and Ethical Challenges 安 全 與 倫 理 挑 戰 Remarks: Some of the contents in this

More information

DDoS Attacks Can Take Down Your Online Services

DDoS Attacks Can Take Down Your Online Services DDoS Attacks Can Take Down Your Online Services Dr. Bill Highleyman Managing Editor, Availability Digest Continuity Insights New York 2014 October 8, 2014 editor@availabilitydigest.com Who Am I? Dr. Bill

More information

Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media

Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 All contents are Copyright 1992 2012 Cisco Systems, Inc. All rights reserved. This document

More information

Trust the Innovator to Simplify Cloud Security

Trust the Innovator to Simplify Cloud Security Trust the Innovator to Simplify Cloud Security Contents MailGuard Pty Ltd Page 1 of 7 2 Let s get real for a moment. Your antivirus software isn t stopping fastbreak phishing and other spam attacks like

More information

10 Smart Ideas for. Keeping Data Safe. From Hackers

10 Smart Ideas for. Keeping Data Safe. From Hackers 0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000

More information

Spyware Technologie, Auswirkungen, Massnahmen. H. Lubich IT Security Strategist Computer Associates

Spyware Technologie, Auswirkungen, Massnahmen. H. Lubich IT Security Strategist Computer Associates Spyware Technologie, Auswirkungen, Massnahmen H. Lubich IT Security Strategist Computer Associates 1 A Word on Terminology Virus: An unwanted program which places itself into other programs, which are

More information

Online security. Defeating cybercriminals. Protecting online banking clients in a rapidly evolving online environment. The threat.

Online security. Defeating cybercriminals. Protecting online banking clients in a rapidly evolving online environment. The threat. Defeating cybercriminals Protecting online banking clients in a rapidly evolving online environment The threat As the pace of technological change accelerates, so does the resourcefulness and ingenuity

More information

Cybersecurity has never been more important

Cybersecurity has never been more important Cybersecurity has never been more important Ohioans increasingly use multiple devices to connect to the Internet. From desktop and laptop computers, to smartphones and tablets, we are online more often

More information

Security Best Practices for Mobile Devices

Security Best Practices for Mobile Devices Security Best Practices for Mobile Devices Background & Introduction The following document is intended to assist your business in taking the necessary steps needed to utilize the best security practices

More information

Security guide. small businesses and freelancers. Security guide 1

Security guide. small businesses and freelancers. Security guide 1 Security guide small businesses and freelancers Security guide 1 1. Introduction 3. The most dangerous types of threats 5. Will you let us protect you? 2. Where is the danger and how can we protect ourselves?

More information

Cybersecurity Awareness. Part 1

Cybersecurity Awareness. Part 1 Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat

More information

Managing Web Security in an Increasingly Challenging Threat Landscape

Managing Web Security in an Increasingly Challenging Threat Landscape Managing Web Security in an Increasingly Challenging Threat Landscape Cybercriminals have increasingly turned their attention to the web, which has become by far the predominant area of attack. Small wonder.

More information

BE SAFE ONLINE: Lesson Plan

BE SAFE ONLINE: Lesson Plan BE SAFE ONLINE: Lesson Plan Overview Danger lurks online. Web access, social media, computers, tablets and smart phones expose users to the possibility of fraud and identity theft. Learn the steps to take

More information

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Agenda Information Security Trends Year 2014 in Review Outlook for 2015 Advice to the Public Hong Kong Computer Emergency Response Team Coordination

More information

Security Practices for Online Collaboration and Social Media

Security Practices for Online Collaboration and Social Media Cisco IT Best Practice Collaboration Security Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 2013 Cisco and/or its affiliates. All rights reserved.

More information

Network Security and the Small Business

Network Security and the Small Business Network Security and the Small Business Why network security is important for a small business Many small businesses think that they are less likely targets for security attacks as compared to large enterprises,

More information

Promoting Network Security (A Service Provider Perspective)

Promoting Network Security (A Service Provider Perspective) Promoting Network Security (A Service Provider Perspective) Prevention is the Foundation H S Gupta DGM (Technical) Data Networks, BSNL hsgupta@bsnl.co.in DNW, BSNL 1 Agenda Importance of Network Security

More information

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA s online training course: Cybersecurity for Small Businesses. SBA s Office of Entrepreneurship Education provides this self-paced

More information

Online Banking Fraud Prevention Recommendations and Best Practices

Online Banking Fraud Prevention Recommendations and Best Practices Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee at Continental National Bank of Miami needs to know

More information

SPEAR PHISHING UNDERSTANDING THE THREAT

SPEAR PHISHING UNDERSTANDING THE THREAT SPEAR PHISHING UNDERSTANDING THE THREAT SEPTEMBER 2013 Due to an organisation s reliance on email and internet connectivity, there is no guaranteed way to stop a determined intruder from accessing a business

More information

Information Security Summit 2005

Information Security Summit 2005 Information Security Summit 2005 Forensically Sound Information Security Management in a Risk Compliance Era Keynote Opening Address by Mr. Howard C Dickson Government Chief Information Officer Government

More information

Practical guide for secure Christmas shopping. Navid

Practical guide for secure Christmas shopping. Navid Practical guide for secure Christmas shopping Navid 1 CONTENTS 1. Introduction 3 2. Internet risks: Threats to secure transactions 3 3. What criteria should a secure e-commerce page meet?...4 4. What security

More information

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com

More information

Spyware. Summary. Overview of Spyware. Who Is Spying?

Spyware. Summary. Overview of Spyware. Who Is Spying? Spyware US-CERT Summary This paper gives an overview of spyware and outlines some practices to defend against it. Spyware is becoming more widespread as online attackers and traditional criminals use it

More information

Malware & Botnets. Botnets

Malware & Botnets. Botnets - 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online

More information

Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers 2012. Your Interactive Guide to the Digital World

Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers 2012. Your Interactive Guide to the Digital World Chapter 11 Manage Computing Securely, Safely and Ethically Discovering Computers 2012 Your Interactive Guide to the Digital World Objectives Overview Define the term, computer security risks, and briefly

More information

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,

More information

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1 Threats and Attacks Modifications by Prof. Dong Xuan and Adam C. Champion Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to:

More information

Marble & MobileIron Mobile App Risk Mitigation

Marble & MobileIron Mobile App Risk Mitigation Marble & MobileIron Mobile App Risk Mitigation SOLUTION GUIDE Enterprise users routinely expose their employers data and threaten network security by unknowingly installing malicious mobile apps onto their

More information

Best Practices Guide to Electronic Banking

Best Practices Guide to Electronic Banking Best Practices Guide to Electronic Banking City Bank & Trust Company offers a variety of services to our customers. As these services have evolved over time, a much higher percentage of customers have

More information

2012 Francisco Delgadillo

2012 Francisco Delgadillo Security and Ethics in Information Systems Technology Ethics, Computer Crime, Cybercrime, Hacking Tactics, Cyber Theft,, Software Piracy, Theft of Intellectual Property, Viruses, Worms, Adware, Spyware,

More information

Presented by: Islanders Bank

Presented by: Islanders Bank Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives: Define Cybersecurity & why it s important Provide information about Dept. Homeland Security Cybersecurity Campaigns:

More information

Promoting a cyber security culture and demand compliance with minimum security standards;

Promoting a cyber security culture and demand compliance with minimum security standards; Input by Dr. S.C. Cwele Minister of State Security, Republic of South Africa Cyber Security Meeting, Johannesburg 27 March 2014 I would like to thank the Wits School of Governance for inviting us to contribute

More information

JUST A GAME? Only install apps from official app stores. #MobileMalware CHECK OTHER USERS REVIEWS AND RATINGS

JUST A GAME? Only install apps from official app stores. #MobileMalware CHECK OTHER USERS REVIEWS AND RATINGS APPS JUST A GAME? Only install apps from official app stores Before downloading an app, research the app and its publishers. Be cautious of links you receive in email and text messages that might trick

More information

Security Statement. I. Secure Your PC

Security Statement. I. Secure Your PC Security Statement The security of your accounts and personal information is Sonabank s highest priority. Regardless of your preferred method of banking in person, by telephone or online you need to know

More information

Tips for Banking Online Safely

Tips for Banking Online Safely If proper attention is given to safety and security, banking and monetary activities can be completed online in a convenient and effective fashion. This guide helps to establish procedures for remaining

More information

Keynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation.

Keynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation. Keynote Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation 6 & 7 Nov 2013 So many of us now don t just work online but live part

More information

IT SECURITY Syllabus Version 2.0

IT SECURITY Syllabus Version 2.0 ECDL MODULE IT SECURITY Syllabus Version 2.0 Purpose This document details the syllabus for the IT Security module. The syllabus describes, through learning outcomes, the knowledge and skills that a candidate

More information

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details: Malicious software About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for

More information

Keep Hackers Guessing: Protecting Corporate Information While On The Go

Keep Hackers Guessing: Protecting Corporate Information While On The Go Keep Hackers Guessing: Protecting Corporate Information While On The Go Proactive tips for wireless information security for traveling professionals. In today s world where WiFi hotspots are available

More information

WHAT ARE THE BIGGEST THREATS TO BUSINESS DATA SECURITY?

WHAT ARE THE BIGGEST THREATS TO BUSINESS DATA SECURITY? WHAT ARE THE BIGGEST THREATS TO BUSINESS DATA SECURITY? Contents Introduction... 3 Primary Sources of Security Threats... 3 Instant Messaging... 3 Email... 4 Optical and Flash Media... 4 Social Media...

More information

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning Lee Zelyck Network Administrator Regina Public Library Malware, Spyware, Trojans

More information

Protecting your business from fraud

Protecting your business from fraud Protecting your business from fraud KEY TAKEAWAYS > Understand the most common types of fraud and how to identify them. > What to do if you uncover fraudulent activity or suspect you are a victim of fraud.

More information

of firms with remote users say Web-borne attacks impacted company financials.

of firms with remote users say Web-borne attacks impacted company financials. Introduction As the number of users working from outside of the enterprise perimeter increases, the need for more efficient methods of securing the corporate network grows exponentially. In Part 1 of this

More information

Cyber Security: Beginners Guide to Firewalls

Cyber Security: Beginners Guide to Firewalls Cyber Security: Beginners Guide to Firewalls A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers This appendix is a supplement to the Cyber Security: Getting Started

More information

Commissioned Study. SURVEY: Web Threats Expose Businesses to Data Loss

Commissioned Study. SURVEY: Web Threats Expose Businesses to Data Loss Commissioned Study SURVEY: Web Threats Expose Businesses to Data Loss Introduction Web-borne attacks are on the rise as cybercriminals and others who do harm to computer systems for profit or malice prey

More information

I N T E L L I G E N C E A S S E S S M E N T

I N T E L L I G E N C E A S S E S S M E N T I N T E L L I G E N C E A S S E S S M E N T (U//FOUO) Malicious Cyber Actors Target US Universities and Colleges 16 January 2015 Office of Intelligence and Analysis IA-0090-15 (U) Warning: This document

More information

SMB Threat Awareness Poll GLOBAL RESULTS

SMB Threat Awareness Poll GLOBAL RESULTS SMB Threat Awareness Poll GLOBAL RESULTS CONTENTS Introduction... 4 Methodology... 6 Finding 1: Small businesses have a strong interest in virtualization... 8 Finding 2: Small businesses are still grappling

More information

The Benefits of SSL Content Inspection ABSTRACT

The Benefits of SSL Content Inspection ABSTRACT The Benefits of SSL Content Inspection ABSTRACT SSL encryption is the de-facto encryption technology for delivering secure Web browsing and the benefits it provides is driving the levels of SSL traffic

More information

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime sponsored by Introduction

More information

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation By Marc Ostryniec, vice president, CSID The increase in volume, severity, publicity and fallout of recent data breaches

More information

isheriff CLOUD SECURITY

isheriff CLOUD SECURITY isheriff CLOUD SECURITY isheriff is the industry s first cloud-based security platform: providing fully integrated endpoint, Web and email security, delivered through a single Web-based management console

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 1 Introduction to Security

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 1 Introduction to Security Security+ Guide to Network Security Fundamentals, Third Edition Chapter 1 Introduction to Security Objectives Describe the challenges of securing information Define information security and explain why

More information

Types of cyber-attacks. And how to prevent them

Types of cyber-attacks. And how to prevent them Types of cyber-attacks And how to prevent them Introduction Today s cybercriminals employ several complex techniques to avoid detection as they sneak quietly into corporate networks to steal intellectual

More information

white paper Malware Security and the Bottom Line

white paper Malware Security and the Bottom Line Malware Security Report: Protecting Your BusineSS, Customers, and the Bottom Line Contents 1 Malware is crawling onto web sites everywhere 1 What is Malware? 2 The anatomy of Malware attacks 3 The Malware

More information

Whitepaper on AuthShield Two Factor Authentication with ERP Applications

Whitepaper on AuthShield Two Factor Authentication with ERP Applications Whitepaper on AuthShield Two Factor Authentication with ERP Applications By INNEFU Labs Pvt. Ltd Table of Contents 1. Overview... 3 2. Threats to account passwords... 4 2.1 Social Engineering or Password

More information

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious programs,

More information

Cyber Security. Securing Your Mobile and Online Banking Transactions

Cyber Security. Securing Your Mobile and Online Banking Transactions Cyber Security Securing Your Mobile and Online Banking Transactions For additional copies or to download this document, please visit: http://msisac.cisecurity.org/resources/guides 2014 Center for Internet

More information

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and

More information

Protecting your Identity, Computer and Property

Protecting your Identity, Computer and Property Cyber Security and Self Defense Protecting your Identity, Computer and Property Part 1: There are sharks in the water! Author: Neil Rosenberg, neil@vectorr.com Top Ten Famous Last Words: 1. Identity theft

More information

Keystroke Encryption Technology Explained

Keystroke Encryption Technology Explained Keystroke Encryption Technology Explained Updated February 9, 2008 information@bluegemsecurity.com (800) 650-3670 www.bluegemsecurity.com Executive Summary BlueGem Security is introducing keystroke encryption

More information

Who s Doing the Hacking?

Who s Doing the Hacking? Who s Doing the Hacking? 1 HACKTIVISTS Although the term hacktivist refers to cyber attacks conducted in the name of political activism, this segment of the cyber threat spectrum covers everything from

More information

Cyber Essentials Scheme

Cyber Essentials Scheme Cyber Essentials Scheme Requirements for basic technical protection from cyber attacks June 2014 December 2013 Contents Contents... 2 Introduction... 3 Who should use this document?... 3 What can these

More information

Learn to protect yourself from Identity Theft. First National Bank can help.

Learn to protect yourself from Identity Theft. First National Bank can help. Learn to protect yourself from Identity Theft. First National Bank can help. Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone

More information

Cybercrime: risks, penalties and prevention

Cybercrime: risks, penalties and prevention Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,

More information

Where every interaction matters.

Where every interaction matters. Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper

More information

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop

More information

Current Threat Scenario and Recent Attack Trends

Current Threat Scenario and Recent Attack Trends Current Threat Scenario and Recent Attack Trends Anil Sagar Additional Director Indian Computer Emergency Response Team (CERT-In) Objectives Current Cyber space Nature of cyberspace and associated risks

More information

The SMB Cyber Security Survival Guide

The SMB Cyber Security Survival Guide The SMB Cyber Security Survival Guide Stephen Cobb, CISSP Security Evangelist The challenge A data security breach can put a business out of business or create serious unbudgeted costs To survive in today

More information

References NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household

References NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household This appendix is a supplement to the Cyber Security: Getting Started Guide, a non-technical reference essential for business managers, office managers, and operations managers. This appendix is one of

More information

Ten Tips for Managing Risks on Convergent Networks The Risk Management Group

Ten Tips for Managing Risks on Convergent Networks The Risk Management Group Ten Tips for Managing Risks on Convergent Networks The Risk Management Group April 2012 Sponsored by: Lavastorm Analytics is a global business performance analytics company that enables companies to analyze,

More information

OVERVIEW. 1. Cyber Crime Unit organization. 2. Legal framework. 3. Identity theft modus operandi. 4. How to avoid online identity theft

OVERVIEW. 1. Cyber Crime Unit organization. 2. Legal framework. 3. Identity theft modus operandi. 4. How to avoid online identity theft OVERVIEW 2 1. Cyber Crime Unit organization 2. Legal framework 3. Identity theft modus operandi 4. How to avoid online identity theft 5. Main challenges for investigation 6. Conclusions ORGANIZATION 3

More information

Remote Deposit Quick Start Guide

Remote Deposit Quick Start Guide Treasury Management Fraud Prevention How to Protect Your Business Remote Deposit Quick Start Guide What s Inside We re committed to the safety of your company s financial information. We want to make you

More information

Business ebanking Fraud Prevention Best Practices

Business ebanking Fraud Prevention Best Practices Business ebanking Fraud Prevention Best Practices User ID and Password Guidelines Create a strong password with at least 8 characters that includes a combination of mixed case letters, numbers, and special

More information

AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT FOUR. Principles of Cybersecurity. www.uscyberpatriot.

AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT FOUR. Principles of Cybersecurity. www.uscyberpatriot. AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT FOUR Principles of Cybersecurity www.uscyberpatriot.org AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION

More information

NEW ZEALAND S CYBER SECURITY STRATEGY

NEW ZEALAND S CYBER SECURITY STRATEGY Appendix 1 NEW ZEALAND S CYBER SECURITY STRATEGY June 2011 New Zealand Government 7 June 2011 ISBN: 978-0-478-38200-6 www.med.govt.nz/cyberstrategy MED11 Foreword from the Minister The Internet and digital

More information

Why is a strong password important?

Why is a strong password important? Internet Security Why is a strong password important? Identity theft motives: To gain access to resources For the challenge/fun Personal reasons Theft methods Brute forcing and other script hacking methods

More information