Date post: | 13-Jan-2017 |
Category: |
Documents |
Upload: | andreas-wagner |
View: | 139 times |
Download: | 1 times |
Oct 2016
Cyber Security
Risks, Costs, and Solutions
Andreas Wagner, Arcadeus OPS
Content
✤ Why hack a system?
✤ Who are the victims?
✤ What are the costs of hacking?
✤ What are the solutions to protect your system?
✤ What can Arcadeus OPS do for you?
The Attackers and their methods
✤ Black Hat Hackers know the value of your data is high and therefore worth the effort
✤ Hackers steal data as revenge or to make an issue
✤ Hackers are highly skilled, using complex attack vectors
✤ Can hack from any location using a laptop and a mobile phone
Two main groups of attacks
Types of attacks
The Victims and their assets
✤ any organisation with data and an IT presence
✤ websites can be hacked to gain financial rewards
✤ internal networks are open to attack from simple wifi points
✤ 2015: 3.3 million attacks per day, USD 100-200 billion lost; 38 attacks a second.
✤ most organisations have weak IT defences
Some hacks that made the news (1)
✤ Yahoo 2014 - 2016: 500+ million accounts hacked
✤ Sony pictures 2014
✤ Stuxnet worm, 2010 - 2012
✤ Mt. Gox bitcoin hack, 500 mil USD. Bitfinex hack in HK, 65 mil USD.
✤ Dropbox 2016, 68 million user accounts hacked
Some hacks that made the news (2)
✤ LinkedIn May 2016, 117 million emails stolen
✤ 2016 Tesla car hacks, disabling brakes, and object recognition.
✤ Sept. 2016: 665 Gbps DDoS attack using IoT devices on Brian Krebs’ web site. Biggest DDoS in history of cybercrime
✤ Sept. 14-16, 2016: Massive PDoS attack on PH government offices, law enforcement, ISP’s schools and uni’s. Permanent damage to hardware.
The Costs
✤ financial losses can be HUGE
✤ customer loss of confidence; will go elsewhere!
✤ competition gets YOUR data and YOUR customers
✤ loss of private data with high legal costs/compensation
✤ public loss of confidence; tainted corporate image
Solutions and Defenders
✤ Revise IT Policies, such as passwords, access points, firewalls
✤ Red Team vs Blue Team - Red attackers and Blue defenders can build more secure systems
✤ Vulnerability Analysis to find out application weaknesses
✤ Penetration Tests to find out how easy a system is to attack
✤ Network Management by Defence in Depth
At a glance, the test methods
The Attack Life Cycle
Multilevel defense
Arcadeus OPS skills
✤ Port and Network System Scans
✤ Vulnerability Scan and Recommendations
✤ Penetration Testing and Solutions
✤ System Administration
✤ Complete Packages suited to your organisation
Arcadeus OPS qualifications
✤ Arcadeus OPS complies with the highest industry standards:
✤ CEHv9 - Certified Ethical Hacker Version 9
✤ OSCP - Offensive Security Certified Professional
We often hear…
✤ Our IT department takes care of everything…
✤ We are a small company, we are not a target
✤ There’s nothing on our servers that could be of interest to hackers
✤ We have outsourced all our IT needs
✤ We never had any issues before
Cyber security =/= IT management
Viewing cyber security as simply an Information Technology (IT) issue is parallel to considering safe operation of a vessel as simply a main engine issue.
Addressing cyber security should start with the senior management level of a company rather than being delegated to the Vessel Security Officer or the head of the IT department