Security 101 for No- techies

Click here to load reader

download Security 101 for No- techies

of 114

  • date post

    20-Mar-2017
  • Category

    Technology

  • view

    12
  • download

    0

Embed Size (px)

Transcript of Security 101 for No- techies

PowerPoint Presentation

1

Security for Non-Techs

Bulletproof

With all of the recent security breaches in the news, it's easy to get caught up in the "technical" side of information security. Sure, there is a lot of work to be done to keep your information safe from hackers and malicious software programs, however, there's another side to the coin, and that's physical security. Many offices don't enforce best practices for physical information security, and frankly may just not be aware of them.

As their MSP, your job is to educate them on these best practices, both from a technology standpoint and from a physical standpoint.So, time to put your knowledge to the test. Can you find the 13 security flaws in this picture?

2

Format

Understanding the Modern Business Landscape

Understanding the core principles of IT Security

Where IT Leaders are focusing

3

Before We StartGround Rules

4

Ask Questions

Ask Questions, Challenge Assumptions, Be Brave5

Tell me if this is what you hear!

This is a Non Technical Workshop No Techno Gibber Gabber Allowed!6

Slides will be availible afterwards!

7

Obviously Confidential

If anyone shares anything, its important you keep that confidential.8

9

The World Has Changed!

Over 90% of you feel SMB's are more or less vulnerable to risk today than it was five years ago.

Why?

10

Almost all customer information and interactions are digitally recorded. - 1 billion messages are sent between people and businesses each month on Facebook

Disruption has forced companies to go digital or go home.

This has introduced new challenges around security11

Agility & Mobility

How do we protect users inside and outside the office?

How do we streamline processes to allow organisations to move faster than they do now?

Agility and Mobility bring new challenges security challenges we havent had to deal with before.ExampleSetting up an instant publishing account within 60 seconds (twitter)Users working outside of the office where a firewall wont protect them

12

Increased Complexity

IT security used to be owned and controlled by IT. Now it requires a whole organisational approach and relies more on the literacy of the users than the expertise of the techs.

There are more potential access points into a organisation making it more difficult than every to manage and lock down.

There are no silver bullets, everything is constantly changing and evolving and orgs need to keep up.13

14

Top 3

Focus Areas of IT Leaders around the world

https://www.spiceworks.com/it-articles/it-security/

15

Top Challenges Focus on Users

Top security challenges are related to end users.More specifically, IT pros are worried about the vulnerabilities created when employees dont understand or arent invested in avoiding risky behavior around company data.

Theyre muscling up security measures.IT pros expect to increase security in 2016, with plans to implement even some of the newer security solutions such as intrusion detection, penetration testing, and advanced threat protection.

IT pros believe their role is key in maintaining security.According to our survey respondents, it takes the entire organizationnot just the latest technologyto keep sensitive data and people safe. That said, they ultimately feel that the responsibility for their organizations security is in the hands of IT.

LAYER 816

Increasing Security Measures

Theyre muscling up security measures.IT pros expect to increase security in 2016, with plans to implement even some of the newer security solutions such as;

intrusion detection,penetration testing, and advanced threat protection.

For example. MFA grow from 1bn to 13bn in 5 years.

17

It Takes The Entire Organization Not Just The Latest Technologyto Keep Sensitive Data And People Safe

IT pros believe their role is key in maintaining security.According to our survey respondents, it takes the entire organizationnot just the latest technologyto keep sensitive data and people safe. That said, they ultimately feel that the responsibility for their organizations security is in the hands of IT.

Technology is not a Panacea

18

Whats Your Security Strategy?

19

Security Through Risk ManagementSecurity Through Obscurity

20

Security Through ObscurityWe store our passwords at uptakedigital.com.au/passwords but no one knows its there so we are safe.

Our staff are good people and would never steal or compromise data in our organisation.

We are only a small business, we are one of millions.who will attack us when they can attack the big targets?

21

The End of Security Though Obscurity

22

23

24

Security Through Risk ManagementWe use a Password Manager to encrypt, control and store company passwords.

We have strong policies and procedures to protect company information from being compromised

We encrypt our sensitive files to protect our customers information.

25

26

The Two Most Important Ideas of IT Security

Write these two things down, this is what you must remember.27

28

Think Layers

Does anyone know how bulletproof glass works?

29

Think Trust

Simply, who has access to what and why?

Customer Lockbox Microsoft

Knowing and making purposeful decisons30

31

Ransomware

Who has heard of ransomware, crypolocker etc?32

50% of Hospitals have had Ransomware

Polls are suggesting 50% of hospitals have been hit. Open DNS33

Ransomware as a Service, or RaaS,where affiliates can join in order to distribute the ransomware, while the Cerber developers earn a commission fromeach ransom payment.

http://www.bleepingcomputer.com/news/security/the-cerber-ransomware-not-only-encrypts-your-data-but-also-speaks-to-you/

Swiss Ransomware Awareness Dayhttps://www.melani.admin.ch/melani/en/home/dokumentation/newsletter/ransomwareday.html34

http://www.itnews.com.au/news/the-3-billion-it-security-problem-420126?eid=1&edate=20160527&utm_source=20160527_AM&utm_medium=newsletter&utm_campaign=daily_newsletter35

Massive growth is pretty much all ransomware related

Who is being targeted

36

37

Antivirus doesnt work like it used to

Antivirs 38

Typical Scenario

39

Very Busy Manages Finances/HR

40

41

42

43

Over 20 seconds you will see ransomware at work44

Time to Enact The Ransomware Plan

45

No Worries MateWe Will Just Restore the Backup

46

Backup Encrypted

47

48

You left the backup plugged in, we will have to pay the ransom mate

49

Hello SirI will help you get the bitcoins you need.

The CryptoWall gang is well known for its excellent customer service, such as giving victims deadline extensions to gather the ransom, providing information on how to obtain bitcoins (the preferred method of payment), and promptly decrypting the files upon payment.

Other malware families, such as TeslaCrypt, Reveton, and CTB-Locker, have less reliable reputations. Which can really be trusted? Paying to find out is not the best strategy.

http://www.crn.com.au/news/cyber-criminals-offer-live-chat-support-for-victims-42071350

51

Files Decrypted

1. You become a bigger targetAs they saying goes: Do not feed the trolls -- otherwise, they'll keep making provocative statements to get a reaction. Ransomware is a little like that; paying ransom simply encourages the attackers. Criminals talk; they will tell others who paid the ransom and who didnt. Once a victim is identified for paying up, there's nothing stopping others from jockeying for a piece of the ransom pie.Another danger looms: The same attackers can come back. Since you paid once, why not again?2. You can't trust criminalsRelying on a criminals to keep their word is a risky endeavor. It seems like a simple exchange -- money for a decryption key -- but there's no way to tell the ransomware gang can be trusted to hold up their half of the bargain. Many victims have paid the ransom and failed to regain access to files.[ ALSO ON CSO:Ransomware isn't a serious threat says threat intelligence firm]This cuts both ways: Why pay up if you don't expect to get your data back? Reputation matters, even in the criminal world.The CryptoWall gang is well known for its excellent customer service, such as giving victims deadline extensions to gather the ransom, providing information on how to obtain bitcoins (the preferred method of payment), and promptly decrypting the files upon payment. Other malware families, such as TeslaCrypt, Reveton, and CTB-Locker, have less reliable reputations. Which can really be trusted? Paying to find out is not the best strategy.3. Your next ransom will be higher4. You encourage the criminals

52

Phew, That was close.

53

Preventing and Preparing for a ransomware attack

54

First take some preparatory stepsRansomware DR Plan

Build a strong security stack

Improve IT Planning and Audit Process

Separating different networks from one anotherNot using the admin accounts on PCsInstalling better anti-virus, anti-malware, email filtering, etc.Educate users

Penetration Testingas intrusion detectionadvanced threat protection

Can you prevent it? no.55

The most impor