W4L3

avatar
Created by
Chelsey Acosta

Cards (40)

  • Phishing - Fake messages to trick a business into giving its private personal, commercial, or financial details.

    Via email, text message, social media, or over the phone
  • Pharming - Scammer puts a malicious code on a business’s device which directs its users to a fake version of a legitimate website

    E-commerce and online banking sites have become significantly popular pharming targets
  • Malware - Malicious software used by criminals to steal a business’s confidential information, hold their system or device to ransom, or install damaging programs onto their device without their knowledge

    Spread viruses, trojans, worms and spyware email messages, bogus websites, pop-ups, and infected files
  • Ransomware - Ransomware is a type of malware, often spread through phishing emails or a bad app, which locks a business’s computers’ content

    The victim clicks on a link or downloads a file that allows the cybercriminal to demand a ransom to unlock a business’s compute
  • Initial Compromise - Gain initial access into target
  • Establish Foothold - Strengthen position within target
  • Escalate Privileges - Steal valid user credentials
  • Internal Reconnaissance - Identify target data
  • Complete Mission - Package and steal target data
  • Maintain Presence
  • Move laterally
  • THE ATTACK LIFECYCLE
    Initial Reconnaissance
    Initial Compromise
    Establish Foothold
    Escalate Privileges
    Internal Reconnaissance
    Move laterally
    Maintain Presence
    Complete Mission
  • Financial Loss - From theft of money, information, and disruption to business
  • Business Loss - Damage to reputation and damage to other companies one rely on to do business
  • Costs - Getting a business’s affected systems up and running
  • Investment Loss - Delay in notifying the relevant authorities and institutions of the incident
  • WHAT COULD BE AT RISK?
    • Customers / Citizens Records (Personal Information)
    • Email Records
    • Financial Records
    • Existing Business Plans and New Business Ideas
    • Marketing Plans
    • Intellectual Property
  • Back-up Data - Back-up business’s data. This helps recover information a business lose if they experience a cyber incident
    Daily incremental back-ups, end-of-week / quarterly / yearly server back-ups
  • Secure Devices & Network - Ensure operating system and security software to update frequently, install security software on business’s computers and devices, and set up an appropriate firewall. Finally, turn on the spam filters
  • Encrypt Key Information - Make sure you turn on your network encryption and encrypt data when stored or sent online
  • Use Two-factor authentication - 2FA is a two-step verification security process you need to provide before you can access your account
  • Manage Passwords - Having a password such as, ‘123456’, or worse still, ‘password’, is leaving yourself open to being hacked
  • Put Policies in Place to Guide the Staff - A cyber security policy helps your staff to understand their responsibilities and what is acceptable when they use or share data, computers and devices, emails, and internet sites
  • Training of Staff - Staff is a business’ most important and last line of defense. It’s important to make sure that the staff know about the threats they can face online and the major role they play in keeping your business safe
    Educate staff about their computer rights and responsibilities, their network access and use, acceptable online practices when using email, work computers, and devices, etc.
  • Protecting Business - Consider cyber insurance to protect your business. The cost of dealing with a cyberattack can be more than just repairing databases, strengthening security, or replacing machines. Cyber liability insurance cover can help a business with the costs of recovering from an attack
  • Challenges of Cyber Threats
    • Lack of Proper Understanding of Cyber Security Risks
    • Shortage of Qualified Personnel
    • Lack of Budget and Resources
    • Unable to Keep Pace with the Technological Advances
  • Cyber Protections
    • Back-up Data
    • Secure Devices & Network
    • Encrypt Key Information
    • Use Two-factor authentication
    • Manage Passwords
    • Put Policies in Place to Guide the Staff
    • Training of Staff
    • Protecting Business
  • BUSINESS & GOVERNMENT ORGANIZATIONS
    According to the latest estimates, the world is “on pace to reach a cyber security workforce gap of 1.8 million by 2022, a 20 percent increase over the forecast made in 2015”.
  • Cyber Governance is the glue that binds together all the core elements of cyber defense and effective risk management. Without it, dangers persist, and the resulting compromise of assets is inevitable.
  • Attacks on any organization are inevitable. But the sophistication and persistence of those attacks depend on the attractiveness of that organization as a target – primarily its role and assets. Today, threats originating from misguided individuals have been replaced by highly skilled international organized crime groups or foreign nations / states that have the skills, personnel, and tools to conduct sophisticated covert cyberespionage attacks.
  • every organization faces cyber attacks nowadays. But the level of danger and sophistication of these attacks depends on how valuable the organization is as a target. In the past, most cyber attacks might have been done by individuals messing around, but now, it's more likely to be highly skilled groups or even foreign countries with the resources and knowledge to carry out really sophisticated cyber attacks.
  • leaders of organizations can't just rely on their tech team to handle everything. Cybersecurity isn't just about fixing technical glitches anymore; it's become a crucial part of how businesses operate safely in this digital world.
  • Thus, compliance is the critical feedback loop in cyber security governance. It ensures that everyone is working according to plan, as a team, to deliver business activities and ensure the protection of assets within the context of risk management and security strategy and direction. Where that is not possible, it ensures that variances that result in risk exposures are made known at the leadership level, so that they can either decide to accept these risks or provide mitigating direction and the resources necessary to address them.
  • Compliance is like having a rulebook for everyone in the company. It ensures that everyone is playing by the same rules and working together to keep the business safe. If someone isn't following the rules or if there are risks, compliance tells the bosses so they can decide what to do about it. It's all about keeping things fair and the company running smoothly.
  • Initial Reconnaissance - Identify exploitable vulnerabilities
  • Initial Compromise - Gain initial access into target
  • Establish Foothold - Strengthen position within target
  • Escalate Privileges - Steal valid user credentials
  • Internal Reconnaissance - Identify target data
  • Integrated governance for balanced risk
    • Identify Strategic Direction
    • Develop standards Policies and Processes
    • Implement & Operate
    • Audit & Review
    • Mitigate Variations
    • Assess Residual Risk
    • Raise Executive Awareness