Next-Generation Networking and Advanced Cyber Security ... · Next-Generation Networking and...

18
www.khipu-networks.com © 2018 Khipu Networks Limited. All Rights Reserved. JISC CYBER SECURITY POSTURE SURVEY 2018 Next-Generation Networking and Advanced Cyber Security GOAL: ZERO VULNERABILITY INFRASTRUCTURE

Transcript of Next-Generation Networking and Advanced Cyber Security ... · Next-Generation Networking and...

Page 1: Next-Generation Networking and Advanced Cyber Security ... · Next-Generation Networking and Advanced Cyber Security GOAL: ZERO VULNERABILITY INFRASTRUCTURE. ... Next-Generation Networking

www.khipu-networks.com

© 2018 Khipu Networks Limited. All Rights Reserved.

JISC CYBER SECURITY POSTURE SURVEY 2018Next-Generation Networking and Advanced Cyber Security

GOAL: ZERO VULNERABILITY INFRASTRUCTURE

Page 2: Next-Generation Networking and Advanced Cyber Security ... · Next-Generation Networking and Advanced Cyber Security GOAL: ZERO VULNERABILITY INFRASTRUCTURE. ... Next-Generation Networking

www.khipu-networks.com

© 2018 Khipu Networks Limited. All Rights Reserved.

Phishing Risk Reporting Services ExampleCyber Attacks - Reduce Your Risk

Page 3: Next-Generation Networking and Advanced Cyber Security ... · Next-Generation Networking and Advanced Cyber Security GOAL: ZERO VULNERABILITY INFRASTRUCTURE. ... Next-Generation Networking

www.khipu-networks.com

© 2018 Khipu Networks Limited. All Rights Reserved.

Do you know what is connected and how secure on your Network?

Endpoints

Do you know where you stand with vulnerabilities on your Network?

Infrastructure

Is your security systems coping with it should be doing?

Perimeter Security

What are your risks to phishing attacks?

Users

Zero Vulnerability Infrastructure

Cloud ServicesPrivate, Public and Site Connectivity

Page 4: Next-Generation Networking and Advanced Cyber Security ... · Next-Generation Networking and Advanced Cyber Security GOAL: ZERO VULNERABILITY INFRASTRUCTURE. ... Next-Generation Networking

www.khipu-networks.com

© 2018 Khipu Networks Limited. All Rights Reserved.

Cyber Security LandscapeNext-Generation Networking and Advanced Cyber Security

Page 5: Next-Generation Networking and Advanced Cyber Security ... · Next-Generation Networking and Advanced Cyber Security GOAL: ZERO VULNERABILITY INFRASTRUCTURE. ... Next-Generation Networking

www.khipu-networks.com

© 2018 Khipu Networks Limited. All Rights Reserved.

• Founded in 2005 & privately owned

• Identified the need for secure network access “BYOD”

• UK/I, SA & international coverage

INTERNATIONAL CYBER SECURITY COMPANY

• Round the clock network & security operation services

• Pro-active support “KARMA” & managed services

• Project, service delivery & account management teams

OUTSTANDING CUSTOMER SATISFACTION

• Customer references across all sectors

• Year on year growth

• Over 500 customers globally

PROVEN BUSINESS

• Quality assured: ISO9001, 27001, 14011 & OHSA 18001

• Highest partner, support & technical accreditations

• Extensive investment in training & development

CERTIFIED TO DELIVER

Who are we?Next-Generation Networking and Cyber Security

Page 6: Next-Generation Networking and Advanced Cyber Security ... · Next-Generation Networking and Advanced Cyber Security GOAL: ZERO VULNERABILITY INFRASTRUCTURE. ... Next-Generation Networking

www.khipu-networks.com

© 2018 Khipu Networks Limited. All Rights Reserved.

Direct Award Procurement

Single Supplier Frameworkwww.jisc.ac.uk/vulnerability-assessment-and-information-service

Jisc Vulnerability Assessment & Information Service

Single Supplier Frameworkwww.jisc.ac.uk/simulated-phishing-and-associated-training

Jisc Simulated Phishing & Associated Awareness

Single Supplier FrameworkPreferred Supplier

Jisc Routing & Switching Framework Lot 9 - Palo Alto Networks

Lot 1: HPE Aruba Networks - WiFi, Wired & SecurityLot 10: Infoblox - DDILot 10: Alcatel-Lucent - WiFi & Wired

Jisc Routing & Switching Framework Lots

Next-Generation Networking and Advanced Cyber Security

Page 7: Next-Generation Networking and Advanced Cyber Security ... · Next-Generation Networking and Advanced Cyber Security GOAL: ZERO VULNERABILITY INFRASTRUCTURE. ... Next-Generation Networking

www.khipu-networks.com

© 2018 Khipu Networks Limited. All Rights Reserved.

Real-life statisticsCyber Attacks - Reduce Your Risk

60%

21%

85%

66%

25%

Increase in phishing attacks

Emails get through spam filters

Have suffered a phishing attack

Have suffered a spear-phishing attack

Have been successfully phished Q4 2017 Q3 2018 24

0%

in

cre

ase300,000

150,000

0

New phishing websites

The number one vehicle for ransomware attacks & malware

Phishing attacks

The most effective way to deliver malware

Email attachments

The 3rd most effective way to deliver malware

Email web-links OPENED

30%

Page 8: Next-Generation Networking and Advanced Cyber Security ... · Next-Generation Networking and Advanced Cyber Security GOAL: ZERO VULNERABILITY INFRASTRUCTURE. ... Next-Generation Networking

www.khipu-networks.com

© 2018 Khipu Networks Limited. All Rights Reserved.

Endpoints

PC’s, Laptops,

Mobile & BYOD

Applications

Email, CRM, office, SaaS

& specific apps

Infrastructure

Network, security &

systems

User

Staff, Visitors &

Contractors

Typical EnvironmentCyber Attacks - Reduce Your Risk

Financial Loss

Confidential Data leakage (personal & business) Crippled IT systems & operations

Damage to reputation - blacklisting, bad press

Fines from ICO

COMPLETE DISRUPTION TO YOUR ORGANISATION

Accountability, stress & frustration

Page 9: Next-Generation Networking and Advanced Cyber Security ... · Next-Generation Networking and Advanced Cyber Security GOAL: ZERO VULNERABILITY INFRASTRUCTURE. ... Next-Generation Networking

www.khipu-networks.com

© 2018 Khipu Networks Limited. All Rights Reserved.

CYBER RISK: phishing

Goal To understand your risk to phishing attacks to implement

sufficient staff training and cyber security enhancements

Findings and Best Practice Report

• On-going assessments & training plans to measure improvement

Advanced Endpoint Protection

• Protecting the endpoint from downloading mal/ransomware

• For key mission critical services & high-value hosts/users

Credential Theft Protection

• Protecting the user from sharing confidential information via

phishing websites

Best Practise Email Configuration

• Email configuration: SPF, DKIM and DMARC

OutcomeFindings and best practice recommendations including risk

assessment and training plans, with a strategic alignment

between the customer and KHIPU:

Endpoints

PC’s, Mobile, IoT,

Operations & BYOD

User

Staff, Visitors &

Contractors

FocusSimulated phishing attacks to assess how users react to

phishing emails / websites and provide user awareness training

services on cyber security

Next-Generation Networking and Advanced Cyber Security

Page 10: Next-Generation Networking and Advanced Cyber Security ... · Next-Generation Networking and Advanced Cyber Security GOAL: ZERO VULNERABILITY INFRASTRUCTURE. ... Next-Generation Networking

www.khipu-networks.com

© 2018 Khipu Networks Limited. All Rights Reserved.

In the pressCyber Attacks - Reduce Your Risk

SPEAR PHISHING ATTACK

Page 11: Next-Generation Networking and Advanced Cyber Security ... · Next-Generation Networking and Advanced Cyber Security GOAL: ZERO VULNERABILITY INFRASTRUCTURE. ... Next-Generation Networking

www.khipu-networks.com

© 2018 Khipu Networks Limited. All Rights Reserved.

Sophisticated Real-life Phishing

Attacks

Cyber Attacks - Reduce Your Risk

Page 12: Next-Generation Networking and Advanced Cyber Security ... · Next-Generation Networking and Advanced Cyber Security GOAL: ZERO VULNERABILITY INFRASTRUCTURE. ... Next-Generation Networking

www.khipu-networks.com

© 2018 Khipu Networks Limited. All Rights Reserved.

Phishing Vulnerability Risk AssessmentCyber Attacks - Reduce Your Risk

USERS• Do they open phishing emails, how many?• Do they share confidential information via a website, how many?

IDENTIFY YOUR VULNERABILITIES TO PHISHING ATTACKS - “RISK FACTOR”

INFRASTRUCTURE• Are email systems, spam, firewalls identifying & blocking phishing attacks?• Are they capable of or been configured properly to protect your organisation?

PROCESSES• How does the organisation (users, IT helpdesk teams etc) react?• Are your processes including awareness inductions effective?

DEVICES• What operating systems and web browsers (incl. plug-ins) are being used?• Are they sanctioned by your organisation, are they up to date, are they vulnerable?

LAYER OF DEFENCE

FIRST

LAST

USERS

Page 13: Next-Generation Networking and Advanced Cyber Security ... · Next-Generation Networking and Advanced Cyber Security GOAL: ZERO VULNERABILITY INFRASTRUCTURE. ... Next-Generation Networking

www.khipu-networks.com

© 2018 Khipu Networks Limited. All Rights Reserved.

Simulated Phishing ServicesCyber Attacks - Reduce Your Risk

EMAILS• Customised to meet customer requirements &

scenarios • Link to phishing website

• Download an attachment (PDF, .doc, .xl etc)

WEBSITE• Customised web pages incl. domain, intranet, website• Capture different types of information to test users• Drive-by attack (BEEF)

OPTIONS• SMS (smishing) attack: Personal or business details• USB malware attack• Ransomware simulation

• Vishing (social engineering)*

DEDICATED SERVICE DELIVERY TEAMProject management

Cyber security specialistsAccount managers

Page 14: Next-Generation Networking and Advanced Cyber Security ... · Next-Generation Networking and Advanced Cyber Security GOAL: ZERO VULNERABILITY INFRASTRUCTURE. ... Next-Generation Networking

www.khipu-networks.com

© 2018 Khipu Networks Limited. All Rights Reserved.

Awareness Training ServicesCyber Attacks - Reduce Your Risk

EMAILS• The simulation; why, the risks, what to do (customisable)• Link to education awareness landing page

WEBSITE & CONTENT• Customisable education page to raise awareness• What is phishing, what to do, top tips, video, quizzes (recorded)• Facts, statistics, glossaries, Infographics, how to protect

• Video awareness library (incl. customised video)

TRAINING “CYBER SECURITY 101”• Classroom-based:

Work & home life phishing & CS awareness• Onsite (no limitation to attendees), offsite or virtual*

• Cyber security best practise workshops (onsite)

DEDICATED SERVICE DELIVERY TEAMProject management

Cyber security specialistsAccount managers

Page 15: Next-Generation Networking and Advanced Cyber Security ... · Next-Generation Networking and Advanced Cyber Security GOAL: ZERO VULNERABILITY INFRASTRUCTURE. ... Next-Generation Networking

www.khipu-networks.com

© 2018 Khipu Networks Limited. All Rights Reserved.

Awareness Training ServicesCyber Attacks - Reduce Your Risk

DEDICATED SERVICE DELIVERY TEAMProject management

Cyber security specialistsAccount managers

EMAILS• The simulation; why, the risks, what to do etc (customisable)• Link to education awareness landing page

WEBSITE & CONTENT• Customisable education page to raise awareness• What is phishing, what to do, top tips, video, quizzes (recorded)• Facts, statistics, glossaries, Infographics, how to protect

• Video awareness library (incl. customised video)

TRAINING “CYBER SECURITY 101”• Classroom-based:

Work & home life phishing & CS awareness• Onsite (no limitation to attendees), offsite or virtual*

• Cyber security best practise workshops (onsite)

Page 16: Next-Generation Networking and Advanced Cyber Security ... · Next-Generation Networking and Advanced Cyber Security GOAL: ZERO VULNERABILITY INFRASTRUCTURE. ... Next-Generation Networking

www.khipu-networks.com

© 2018 Khipu Networks Limited. All Rights Reserved.

Reporting ServicesCyber Attacks - Reduce Your Risk

PHISHING CAMPAIGN ASSESSMENT• Opened emails, clicked links & compromised users• Observations on infrastructure if email / website accessible• Device OS, browser & plug-in inventory w/ vulnerability &

security flaw assessment

AWARENESS CAMPAIGN ASSESSMENT• Education awareness training landing page activity• Who watched the video• Who carried out the quizzes; results & times

CAMPAIGN RESULT ANALYSIS• Comparison of the phishing & awareness campaign results• Observations on user awareness improvements w/ ROI• Statistics; enabling the customer to accurately track success

• Per user statistics report w/ repeat offender statistics

BEST PRACTISE RECOMMENDATIONS• Detailing the “risk factor” of attacks to the organisation

• Users, Processes, Infrastructure & Devices• Improvement plans for (targeted) phishing & awareness campaigns

• Infrastructure: Optimal configs / replacement solutions

Page 17: Next-Generation Networking and Advanced Cyber Security ... · Next-Generation Networking and Advanced Cyber Security GOAL: ZERO VULNERABILITY INFRASTRUCTURE. ... Next-Generation Networking

www.khipu-networks.com

© 2018 Khipu Networks Limited. All Rights Reserved.

KHIPU are competent trainers, who kept the audience attentive and interested. The content was pitched

at a relevant level and had more than enough ‘food for thought’. The feedback that I had from the

attendees was very positive and all felt the course worthwhile. As an employer, I also feel that this

education will really help reduce the risk of an employee inadvertently compromising our network and

they can no longer say that no-one told us. Very highly recommended.

Chris Adcock

Chief Finance Officer - Duchy of Lancaster

ANY QUESTIONS?

Page 18: Next-Generation Networking and Advanced Cyber Security ... · Next-Generation Networking and Advanced Cyber Security GOAL: ZERO VULNERABILITY INFRASTRUCTURE. ... Next-Generation Networking

www.khipu-networks.com

© 2018 Khipu Networks Limited. All Rights Reserved.

THANKS FOR WATCHING

[email protected] @KhipuNetworks Khipu Networks

www.khipu-networks.com