Post on 26-May-2015
description
LATEST THREATS ON DIGITAL SECURITY (WORMS, ATTACKS, VIRUSES, FLAWS)
Santosh Satam, CEO SecurBay
Supported by In association with Presented by
Hotel Digital Security Seminar SEPT 19, 2014
Presented by
In association with
Supported by
Agenda
By X Events Hospitality (www.x-events.in) Hotel Digital Security Seminar & Webinar, Sept 19, 2014
2
Current Landscape
Hospitality Industry - Attack Vectors
How to Secure Yourself
Q&A
Presented by
In association with
Supported by
Current Landscape
By X Events Hospitality (www.x-events.in)
3
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Presented by
In association with
Supported by
Digital Universe is Growing
By X Events Hospitality (www.x-events.in)
4
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
180 EB
2006 2008
2011
200 EB 1800 EB 44 ZB
2014
1 Exabyte=1 Billion GB
1 Zettabyte = 1 Trillion GB
Source IDC 2014
Digital Universe is huge and growing exponentially
Presented by
In association with
Supported by
Growth Drivers
By X Events Hospitality (www.x-events.in)
5
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Source:
http://thenextweb.com/apple/2012/01/25/there-are-now-more-
iphones-sold-than-babies-born-in-the-world-every-day/
371 K
Babies born per day
378 K
iPhones sold per day
Presented by
In association with
Supported by
Next Big Thing - IoT
By X Events Hospitality (www.x-events.in)
6
Hotel Digital Security Seminar & Webinar, Sept 19, 2014 Source IDC 2014
IoT consists of adding
computerization, software,
and intelligence to things as
varied as cars, toys, airplanes,
dishwashers, turbines, and
dog collars.
Presented by
In association with
Supported by
Is our information safe ?
By X Events Hospitality (www.x-events.in)
7
Hotel Digital Security Seminar & Webinar, Sept 19, 2014 Source IDC 2014
of the data that needs to be
protected is not protected
52%
DIGITAL
UNIVERSE
Data needing Protection:
• Corporate Data
• Medical Records
• User Account
Information
• Personal Identifiable
Information
Presented by
In association with
Supported by
The Numbers Don’t Lie
By X Events Hospitality (www.x-events.in)
8
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Source: http://online.wsj.com/news/articles/SB10001424052702303933404577504790964060610
76% of the US Companies had
a cyber security incident
reported in the last year
Presented by
In association with
Supported by
Attack Vectors for Hospitality Industry
Attack Vectors
By X Events Hospitality (www.x-events.in)
9
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Presented by
In association with
Supported by
Data Breach hit 14 Hotels
By X Events Hospitality (www.x-events.in)
10
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Source: http://www.cnbc.com/id/101396464#.
In 13 of the 14 cases, the malware
was in the credit and debit card
readers at the hotels' restaurants
and gift shops.
Presented by
In association with
Supported by
Keylogger Malware
By X Events Hospitality (www.x-events.in)
11
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Source: http://krebsonsecurity.com/2014/07/beware-keyloggers-at-hotel-business-centers/
The U.S. Secret Service is
advising the hospitality
industry to inspect computers
made available to guests in
hotel business centers,
warning that crooks have been
compromising hotel business
center PCs with keystroke-
logging malware in a bid to
steal personal and financial
data from guest.
Presented by
In association with
Supported by
Repeated Computer Hacks
By X Events Hospitality (www.x-events.in)
12
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Source: http://edition.cnn.com/2012/06/26/travel/wyndham-hacking/index.html
Wyndham Hotels' lax security
policies allowed Russian
hackers to access more than
500,000 customer accounts on
three separate occasions
between 2008 and 2010.
Hackers used the data to rack
up more than $10.6 million in
fraudulent credit card
transactions, according to the
suit filed in the U.S. District
Court of Arizona.
Presented by
In association with
Supported by
Attacks on Website
By X Events Hospitality (www.x-events.in)
13
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
S Can you spot
Security Risk on
this compromised
Website ?
Presented by
In association with
Supported by
Social Engineering Attacks
By X Events Hospitality (www.x-events.in)
14
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Operator to Guest:
Excuse me sir, I am
calling from Front
Desk, Can I have your
credit card number
please ?
What you will do ?
Presented by
In association with
Supported by
How safe I am ?
By X Events Hospitality (www.x-events.in)
15
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
No business is
immune from threats.
Threats can come in
any shape and size
Need Threat
Intelligence
Presented by
In association with
Supported by
Most Common Attacks
By X Events Hospitality (www.x-events.in)
16
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Source: Verizon DBIR 2014 Data Breach Report
"The universe of threats
may seem limitless, but
92% of the 100,000
incidents we've analyzed
from the last 10 years
can be described by just
nine basic patterns.“
-Verizon DBIR 2014
Presented by
In association with
Supported by
Is it applicable to me?
By X Events Hospitality (www.x-events.in)
17
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Source : DBIR 2014 Data Breach Report
Presented by
In association with
Supported by
Cyber Risks in India
By X Events Hospitality (www.x-events.in)
18
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Source: https://gigaom.com/2013/06/25/new-google-report-shows-malware-by-country-highest-rates-in-india-
central-europe/
The highest rate of
malware, however, doesn’t
belong to obvious suspects
like Russia or Ukraine (8%
each), but instead India
(15%) and many Latin
American countries like
Mexico (12%) and Chile
(11%).
Presented by
In association with
Supported by
Cyber Risks in India
By X Events Hospitality (www.x-events.in)
19
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Source: http://zeenews.india.com/news/nation/9174-indian-websites-hacked-till-may-it-minister_947431.html
9,174 Indian websites were hacked
by various hacker groups from
different parts of the world till May
2014.
62,189 security incidents were
reported during the same period
to the Indian CERT-In
Presented by
In association with
Supported by
How to Secure Yourself ?
By X Events Hospitality (www.x-events.in)
20
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Presented by
In association with
Supported by
Need Systemic Approach
By X Events Hospitality (www.x-events.in)
21
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Ad-hoc Approach Systemic Approach
Presented by
In association with
Supported by
What can I do about it?
By X Events Hospitality (www.x-events.in)
22
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
EXECUTE ASSESS MONITOR
Find out your current
Security Posture by
doing Gap
Assessment
Vulnerability
Assessment
and Penetration
Testing
Implement the
Roadmap
Monitor and Improve
DEFINE
Define a Roadmap
with Short, Medium
and Long tem Action
Plan
Presented by
In association with
Supported by
People, Process & Technology
By X Events Hospitality (www.x-events.in)
23
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
- UTM. Firewalls
- IDS/IPS
- Data Center Security
- Physical Security
- DLP
-IRM
- SIM/SIEM
-Managed Security
Services
-Encryption
- Malware Protection
- Threat Intelligence
- Training
- Awareness
- HR Policies
- Background
Checks
-Roles /
responsibilities
- Social Engineering
- Social Networking
-Acceptable Use
- Risk Management
- Asset Management
- Data Classification
-Info Rights Mgt
- Access Management
- Change Management
- Patch Management
- Configuration Mgmt
- Incident Response
- Incident Management
Technology People Process
Presented by
In association with
Supported by
Q & A
By X Events Hospitality (www.x-events.in)
24
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Presented by
In association with
Supported by
By X Events Hospitality (www.x-events.in) Hotel Digital Security Seminar & Webinar, Sept 19, 2014
25
Stay Safe!
@satamsantosh
santosh@securbay.com
/securbay
www.SecurBay.com