CYBER SECURITY DISCUSSION Dubai 2016

Ronald L Merriman Paul Samadani Henry Wu

USE AT YOUR OWN RISK!IS FOR ENTERTAINMENT PURPOSES ONLY

This Presentation

OUR AGENDA

‣ Defining Cyber Security‣ How Do Hackers Find & Compromise Systems ‣ 5 Steps to Avoid becoming an Easy Target‣ In Real Life…‣ Group Discussion

WHAT IS AT RISK?

Brand Reputation Consumer Trust Intellectual Property Bank Fees, Penalties & Credit Company Fines

Loss of Revenue

WE ARE CREATING A CYBER SECURITY NIGHTMARE

WE ARE CREATING A CYBER SECURITY NIGHTMARE

HACKERS CAN:

▸ Take Control of Your Car

▸ Add Virtual Airplanes to Radar

▸ Control a Rollercoaster

▸ Shut Down the Power

▸ Know Where You Are

▸ Who You Are Talking to

▸ Share Your Deepest Secrets

COMMON WAYS HACKERS FIND YOU?

‣Google to Find Un-Patched PCs‣Embedded Link on an Email‣USB Stick‣Supplier / Vendor Backdoors‣Social Engineering

COMMON WAYS HACKERS FIND YOU?

‣ Google to Find Un-Patched PCs‣ Embedded Link on an Email‣ USB Stick‣ Supplier / Vendor Backdoors‣ Social Engineering

IDENTIFY PROTECT DETECT

RESPOND RECOVER

YOU CAN’T PROTECT IT IF YOU DON’T KNOW ABOUT IT

‣ Credit Card – Parking, Gift Shop… ‣ Back Door Vendor System Access ‣ Internet Connected Devices ‣ Rogue Access Points

IDENTIFY

YOU CAN’T PROTECT IT IF YOU DON’T KNOW ABOUT IT

‣ Credit Card – Parking, Gift Shop… ‣ Back Door Vendor System Access ‣ Internet Connected Devices ‣ Rogue Access Points

AUTOMATED TOOLS FOR DISCOVERING DEVICES

‣The Dude by Mikro Tik http://www.mikrotik.com/thedude

‣GFI LanGuard http://www.gfi.com

‣KALI Linux https://www.kali.org/

IF YOU WANT TO KEEP IT - PROTECT IT

‣Provide Training for Your Staff ‣SPAM & Web Filtering ‣Remove Admin Access ‣Patch Your Systems ‣Segment Your Network

PROTECT

IF YOU WANT TO KEEP IT - PROTECT IT

‣Provide Training for Your Staff ‣SPAM & Web Filtering ‣Remove Admin Access ‣Patch Your Systems ‣Segment Your Network

AUTOMATED PATCHING TOOLS

‣GFI LanGuardhttp://www.gfi.com

‣ Windows Server Update Services (WSUS) www.Microsoft.com

‣Hire Experts for Network Segmentation

TRUST BUT VERIFY

‣Hack Yourselfhttps://www.shodan.io

http://routersecurity.org/testrouter.php

‣KALI Linux https://www.kali.org/

‣Offer Bug Bounty

DETECT

TRUST BUT VERIFY

‣Hack Yourselfhttps://www.shodan.io

http://routersecurity.org/testrouter.php

‣KALI Linux https://www.kali.org/

‣Offer Bug Bounty

“A GOAL WITHOUT A PLAN IS JUST A WISH”

‣ Actionable Response Plan ‣ Test Your Plan ‣ FCC Cyber Planner

https://www.fcc.gov/cyberplanner

‣ Explore Insurance Options ‣ Not Just IT Related…Should Include Disasters ‣ Know Your Law Enforcement Agencies

RESPOND

“A GOAL WITHOUT A PLAN IS JUST A WISH”

‣ Actionable Response Plan ‣ Test Your Plan ‣ FCC Cyber Planner

https://www.fcc.gov/cyberplanner

‣ Explore Insurance Options ‣ Not Just IT Related…Should Include Disasters ‣ Know Your Law Enforcement Agencies

WHAT WILL IT TAKE TO RESUME OPERATIONS?

‣Put Your Plan in Action ‣Consider All Dependencies ‣It is All About Minimizing the Loss ‣Set Aside Cash Reserves ‣It Usually Happens at the Worse Possible Time ‣Work Closely with Attorneys & PR Firms

RECOVER

WHAT WILL IT TAKE TO RESUME OPERATIONS?

‣Put Your Plan in Action ‣Consider All Dependencies ‣It is All About Minimizing the Loss ‣Set Aside Cash Reserves ‣It Usually Happens at the Worse Possible Time ‣Work Closely with Attorneys & PR Firms

ANYONE CAN BE A VICTIM OF A MAJOR CYBER ATTACK

IT CAN HAPPEN TO YOU

‣ More than just Financially & Operationally Costly‣ Incredibly Consuming ‣ Further Breaches Inevitable

What Can We Do About it?

LAX CYBER SECURITY RESULTS IN CRIPPLING ECONOMIC & REPUTATIONAL PENALTIES

LESSONS LEARNED

‣ Stay Up-to-Date with Credit Card Transaction Technology

‣ Limit Exposure‣ Segregated and Secure Network & Critical Computers‣ Backup, Then Backup Again‣ Protect High-Volume Email Accounts

Paul Samadani itguardian@gmail.com

Henry Wu henrymwu@gmail.com

Ronald L Merriman rlewismerriman@me.com

For Cyber Security Links Email:

paulsamadani.cyber@gmail.com