PowerPoint Presentation - West...
Transcript of PowerPoint Presentation - West...
![Page 1: PowerPoint Presentation - West Virginiatechnology.wv.gov/security/PresentationOpportunities/...PowerPoint Presentation Author Cox, Danielle N Created Date 10/26/2015 3:14:34 PM ...](https://reader036.fdocuments.net/reader036/viewer/2022071606/6143b7b06b2ee0265c02390b/html5/thumbnails/1.jpg)
v
v
7th Annual
CYBER SECURITYCONFERENCE
West Virginia Office of Technology,
Information Security Controls & Compliance
![Page 2: PowerPoint Presentation - West Virginiatechnology.wv.gov/security/PresentationOpportunities/...PowerPoint Presentation Author Cox, Danielle N Created Date 10/26/2015 3:14:34 PM ...](https://reader036.fdocuments.net/reader036/viewer/2022071606/6143b7b06b2ee0265c02390b/html5/thumbnails/2.jpg)
v
Who
What
When
Where
How
Why
![Page 3: PowerPoint Presentation - West Virginiatechnology.wv.gov/security/PresentationOpportunities/...PowerPoint Presentation Author Cox, Danielle N Created Date 10/26/2015 3:14:34 PM ...](https://reader036.fdocuments.net/reader036/viewer/2022071606/6143b7b06b2ee0265c02390b/html5/thumbnails/3.jpg)
v
Not the Who
![Page 4: PowerPoint Presentation - West Virginiatechnology.wv.gov/security/PresentationOpportunities/...PowerPoint Presentation Author Cox, Danielle N Created Date 10/26/2015 3:14:34 PM ...](https://reader036.fdocuments.net/reader036/viewer/2022071606/6143b7b06b2ee0265c02390b/html5/thumbnails/4.jpg)
v
Not the What
Threats Malware
Identity Theft
Data Breach
Phishing
![Page 5: PowerPoint Presentation - West Virginiatechnology.wv.gov/security/PresentationOpportunities/...PowerPoint Presentation Author Cox, Danielle N Created Date 10/26/2015 3:14:34 PM ...](https://reader036.fdocuments.net/reader036/viewer/2022071606/6143b7b06b2ee0265c02390b/html5/thumbnails/5.jpg)
v
But the Why
You Your Family
Your FriendsYour Fellow
West Virginias
![Page 6: PowerPoint Presentation - West Virginiatechnology.wv.gov/security/PresentationOpportunities/...PowerPoint Presentation Author Cox, Danielle N Created Date 10/26/2015 3:14:34 PM ...](https://reader036.fdocuments.net/reader036/viewer/2022071606/6143b7b06b2ee0265c02390b/html5/thumbnails/6.jpg)
v
Black Market Rate
![Page 7: PowerPoint Presentation - West Virginiatechnology.wv.gov/security/PresentationOpportunities/...PowerPoint Presentation Author Cox, Danielle N Created Date 10/26/2015 3:14:34 PM ...](https://reader036.fdocuments.net/reader036/viewer/2022071606/6143b7b06b2ee0265c02390b/html5/thumbnails/7.jpg)
v
Black Market Rate
DOB $11
![Page 8: PowerPoint Presentation - West Virginiatechnology.wv.gov/security/PresentationOpportunities/...PowerPoint Presentation Author Cox, Danielle N Created Date 10/26/2015 3:14:34 PM ...](https://reader036.fdocuments.net/reader036/viewer/2022071606/6143b7b06b2ee0265c02390b/html5/thumbnails/8.jpg)
v
Black Market Rate
Credit Card
Number$4-$28
![Page 9: PowerPoint Presentation - West Virginiatechnology.wv.gov/security/PresentationOpportunities/...PowerPoint Presentation Author Cox, Danielle N Created Date 10/26/2015 3:14:34 PM ...](https://reader036.fdocuments.net/reader036/viewer/2022071606/6143b7b06b2ee0265c02390b/html5/thumbnails/9.jpg)
v
Black Market Rate
USFullz
$25
![Page 10: PowerPoint Presentation - West Virginiatechnology.wv.gov/security/PresentationOpportunities/...PowerPoint Presentation Author Cox, Danielle N Created Date 10/26/2015 3:14:34 PM ...](https://reader036.fdocuments.net/reader036/viewer/2022071606/6143b7b06b2ee0265c02390b/html5/thumbnails/10.jpg)
v
Black Market Rate
SSN $1
![Page 11: PowerPoint Presentation - West Virginiatechnology.wv.gov/security/PresentationOpportunities/...PowerPoint Presentation Author Cox, Danielle N Created Date 10/26/2015 3:14:34 PM ...](https://reader036.fdocuments.net/reader036/viewer/2022071606/6143b7b06b2ee0265c02390b/html5/thumbnails/11.jpg)
v
Black Market Rate
Partial EHR
$50
![Page 12: PowerPoint Presentation - West Virginiatechnology.wv.gov/security/PresentationOpportunities/...PowerPoint Presentation Author Cox, Danielle N Created Date 10/26/2015 3:14:34 PM ...](https://reader036.fdocuments.net/reader036/viewer/2022071606/6143b7b06b2ee0265c02390b/html5/thumbnails/12.jpg)
v
Identity Theft
Recovery Time
Days -Months
![Page 13: PowerPoint Presentation - West Virginiatechnology.wv.gov/security/PresentationOpportunities/...PowerPoint Presentation Author Cox, Danielle N Created Date 10/26/2015 3:14:34 PM ...](https://reader036.fdocuments.net/reader036/viewer/2022071606/6143b7b06b2ee0265c02390b/html5/thumbnails/13.jpg)
v
The Takeaway
You are a target
•24/7/365
Your actions matter
“It’s not personal, Sonny. It’s strictly business.”
WRONG – it’s most DEFINITELY personal
![Page 14: PowerPoint Presentation - West Virginiatechnology.wv.gov/security/PresentationOpportunities/...PowerPoint Presentation Author Cox, Danielle N Created Date 10/26/2015 3:14:34 PM ...](https://reader036.fdocuments.net/reader036/viewer/2022071606/6143b7b06b2ee0265c02390b/html5/thumbnails/14.jpg)
v
![Page 15: PowerPoint Presentation - West Virginiatechnology.wv.gov/security/PresentationOpportunities/...PowerPoint Presentation Author Cox, Danielle N Created Date 10/26/2015 3:14:34 PM ...](https://reader036.fdocuments.net/reader036/viewer/2022071606/6143b7b06b2ee0265c02390b/html5/thumbnails/15.jpg)
Love LanguageLanguage of the
Internet
![Page 16: PowerPoint Presentation - West Virginiatechnology.wv.gov/security/PresentationOpportunities/...PowerPoint Presentation Author Cox, Danielle N Created Date 10/26/2015 3:14:34 PM ...](https://reader036.fdocuments.net/reader036/viewer/2022071606/6143b7b06b2ee0265c02390b/html5/thumbnails/16.jpg)
Internet-born words
Buzzworthy Selfie IoT BYOD
Twerk Phone Smartphone Tablet
Phablet Hashtag Memes Spam
![Page 17: PowerPoint Presentation - West Virginiatechnology.wv.gov/security/PresentationOpportunities/...PowerPoint Presentation Author Cox, Danielle N Created Date 10/26/2015 3:14:34 PM ...](https://reader036.fdocuments.net/reader036/viewer/2022071606/6143b7b06b2ee0265c02390b/html5/thumbnails/17.jpg)
Internet-born words
Phishing
![Page 18: PowerPoint Presentation - West Virginiatechnology.wv.gov/security/PresentationOpportunities/...PowerPoint Presentation Author Cox, Danielle N Created Date 10/26/2015 3:14:34 PM ...](https://reader036.fdocuments.net/reader036/viewer/2022071606/6143b7b06b2ee0265c02390b/html5/thumbnails/18.jpg)
IT Security Challenge
1 minute & 20 seconds
Source: Verizon Breach Report 2015
![Page 19: PowerPoint Presentation - West Virginiatechnology.wv.gov/security/PresentationOpportunities/...PowerPoint Presentation Author Cox, Danielle N Created Date 10/26/2015 3:14:34 PM ...](https://reader036.fdocuments.net/reader036/viewer/2022071606/6143b7b06b2ee0265c02390b/html5/thumbnails/19.jpg)
Phishing by the numbers
23% Open 11% Click
Source: Verizon Breach Report 2015
![Page 20: PowerPoint Presentation - West Virginiatechnology.wv.gov/security/PresentationOpportunities/...PowerPoint Presentation Author Cox, Danielle N Created Date 10/26/2015 3:14:34 PM ...](https://reader036.fdocuments.net/reader036/viewer/2022071606/6143b7b06b2ee0265c02390b/html5/thumbnails/20.jpg)
The highly successful formula of social engineering
Culture Norms
Inherit Trust
Pwned
![Page 21: PowerPoint Presentation - West Virginiatechnology.wv.gov/security/PresentationOpportunities/...PowerPoint Presentation Author Cox, Danielle N Created Date 10/26/2015 3:14:34 PM ...](https://reader036.fdocuments.net/reader036/viewer/2022071606/6143b7b06b2ee0265c02390b/html5/thumbnails/21.jpg)
The bad guys are crafty
Relevant
Shock Value
Anthem
Payroll
ALS Ice Bucket Challenge
Hollywood
![Page 22: PowerPoint Presentation - West Virginiatechnology.wv.gov/security/PresentationOpportunities/...PowerPoint Presentation Author Cox, Danielle N Created Date 10/26/2015 3:14:34 PM ...](https://reader036.fdocuments.net/reader036/viewer/2022071606/6143b7b06b2ee0265c02390b/html5/thumbnails/22.jpg)
Types of Phishing
General Phishing
Spear Phishing
• Government sector a top target
![Page 23: PowerPoint Presentation - West Virginiatechnology.wv.gov/security/PresentationOpportunities/...PowerPoint Presentation Author Cox, Danielle N Created Date 10/26/2015 3:14:34 PM ...](https://reader036.fdocuments.net/reader036/viewer/2022071606/6143b7b06b2ee0265c02390b/html5/thumbnails/23.jpg)
So what? What’s the worst that can happen?
Steal Account Info
Steal Sensitive Info
Identity Theft
Access Webcam
Destroy your data
(encryption)
![Page 24: PowerPoint Presentation - West Virginiatechnology.wv.gov/security/PresentationOpportunities/...PowerPoint Presentation Author Cox, Danielle N Created Date 10/26/2015 3:14:34 PM ...](https://reader036.fdocuments.net/reader036/viewer/2022071606/6143b7b06b2ee0265c02390b/html5/thumbnails/24.jpg)
Phishing Questions & Indicators
Is it relevant? Is it expected?Is it addressed
properly?
Grammar & Spelling
Link Mismatch
![Page 25: PowerPoint Presentation - West Virginiatechnology.wv.gov/security/PresentationOpportunities/...PowerPoint Presentation Author Cox, Danielle N Created Date 10/26/2015 3:14:34 PM ...](https://reader036.fdocuments.net/reader036/viewer/2022071606/6143b7b06b2ee0265c02390b/html5/thumbnails/25.jpg)
FILE MESSAGE
From: “Target.com” <[email protected]>To: “User, Specific A.” <[email protected]>Subject: Important message from Target to our guests
Subject: Important message from Target to our guests
Dear Target Guest,
As you may have heard or read, Target learned in mid-December that criminals forced their way into our systems and took guest information, including debit and credit card data. I am truly sorry this incident occurred and sincerely regret any inconvenience it may cause you. Because we value you as a guest and your trust is important to us, Target is offering one year of free credit monitoring to all Target guests who shopped in U.S. stores, through Experian’s® ProtectMyID® product which includes identity theft insurance where available. To receive your unique activation code for this service, please go to creditmonitoring.target.com and register before April 23, 2014. Here are some tips that will help protect you:
• Never share information with anyone over the phone, email or text, even if they claim to be someone you know or do business with. Instead, ask for a call-back number.
• Delete texts immediately from numbers or names you don’t recognize.
• Be wary of emails that ask for money or send you to suspicious websites. Don’t click links within emails you don’t recognize.
Thank you for your patience and loyalty to Target. You can find additional information and FAQs about this incident at our Target.com website. If you have further questions, you may call us at 866-852-8680.
Gregg Steinhafel
Chairman, President and CEO
![Page 26: PowerPoint Presentation - West Virginiatechnology.wv.gov/security/PresentationOpportunities/...PowerPoint Presentation Author Cox, Danielle N Created Date 10/26/2015 3:14:34 PM ...](https://reader036.fdocuments.net/reader036/viewer/2022071606/6143b7b06b2ee0265c02390b/html5/thumbnails/26.jpg)
FILE MESSAGE
From: “Betty B. Blue” <[email protected]>To: Subject: Mailbox Support Centre
Subject: Mailbox Support Centre
Please kindly read message from HelpDesk.
________________
The HelpDesk
Attachment: Mailbox Support.pdf
![Page 27: PowerPoint Presentation - West Virginiatechnology.wv.gov/security/PresentationOpportunities/...PowerPoint Presentation Author Cox, Danielle N Created Date 10/26/2015 3:14:34 PM ...](https://reader036.fdocuments.net/reader036/viewer/2022071606/6143b7b06b2ee0265c02390b/html5/thumbnails/27.jpg)
FILE MESSAGE
From: “Facebook” mailto:update+4nkus0nsjdue@fb_updates.comTo: “User, Specific A.” <[email protected]>Subject: You were mentioned
Subject: You were mentioned
Amanda Turner Crum mentioned you in a comment.
Amanda wrote: “I can’t believe you did this!”
Comment on the provided link by hitting the button below:
www.facebook.fbupdates.com
This message was sent to [email protected]. If you don’t want to receive these emails from Facebook in the future, please click: unsubscribe.
Facebook, Inc. Attention: Department 315 PO Box 10005 Palo Alto CA 24303
See Comment
![Page 28: PowerPoint Presentation - West Virginiatechnology.wv.gov/security/PresentationOpportunities/...PowerPoint Presentation Author Cox, Danielle N Created Date 10/26/2015 3:14:34 PM ...](https://reader036.fdocuments.net/reader036/viewer/2022071606/6143b7b06b2ee0265c02390b/html5/thumbnails/28.jpg)
FILE MESSAGE
From: “Josh Spence”
To: “User, Specific A.” <[email protected]>
Subject: Join my network on LinkedIN
Subject: Join my network on LinkedIN
Josh Spence has indicated you are a Co-Worker at State of WV:
I’d like to add you to my professional network on LinkedIn.
-Josh Spence
Better together You can do more when you connect. Find out more.
Accept View invitation from Josh Spence
![Page 29: PowerPoint Presentation - West Virginiatechnology.wv.gov/security/PresentationOpportunities/...PowerPoint Presentation Author Cox, Danielle N Created Date 10/26/2015 3:14:34 PM ...](https://reader036.fdocuments.net/reader036/viewer/2022071606/6143b7b06b2ee0265c02390b/html5/thumbnails/29.jpg)
FILE MESSAGE
From: “Edward Doyle” <[email protected]>
To:
Subject: Revision to Your Amazon Account
Subject: Revision to Your Amazon Account
Hello,
The password for your Amazon.com Account was recently changed.
If you made this change, you don’t need to do anything more.
If you didn’t change your password, your account might have been hijacked. To get back into your account, you’ll need to reset your password. Reset password
Important: You will be asked to provide specific information about your account, this is to prove you are the legitimate account holder.
Sincerely,The Amazon.com Account team
This email can’t receive replies. For more information, visit the Amazon.com Accounts Help Center.
If isn’t your Amazon.com account, click here to disconnent your email address from this account.
http://psb.gr/wp-content/upgrade/index.php
© 2014 Amazon.com
![Page 30: PowerPoint Presentation - West Virginiatechnology.wv.gov/security/PresentationOpportunities/...PowerPoint Presentation Author Cox, Danielle N Created Date 10/26/2015 3:14:34 PM ...](https://reader036.fdocuments.net/reader036/viewer/2022071606/6143b7b06b2ee0265c02390b/html5/thumbnails/30.jpg)
The Takeaways
Spot phishing indicators
Report suspected phishing attempts
Avoid the shortcut
![Page 31: PowerPoint Presentation - West Virginiatechnology.wv.gov/security/PresentationOpportunities/...PowerPoint Presentation Author Cox, Danielle N Created Date 10/26/2015 3:14:34 PM ...](https://reader036.fdocuments.net/reader036/viewer/2022071606/6143b7b06b2ee0265c02390b/html5/thumbnails/31.jpg)
v
BREAK