1 / 13

Cyber Security—What you should know before it’s too late!

Cyber Security—What you should know before it’s too late!. T Jay Humphries and Trevor O’Donnal. What is Cyber Security?. Understanding the threats associated with using the Internet.

niran
Download Presentation

Cyber Security—What you should know before it’s too late!

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Cyber Security—What you should know before it’s too late! T Jay Humphries and Trevor O’Donnal

  2. What is Cyber Security? • Understanding the threats associated with using the Internet. • The two greatest risks to the University and to individuals are from Email Phishing and poorly protected Web applications. • Learning how to keep safe and protected.

  3. Target Data Breach Cost for Banks Tops $200M The theft of more than 100 million customer records

  4. Organized Crime After Target data theft, hackers’ next target is you To call Target’s data breach the tip of the icebergdoesn’t begin to capture the magnitude of the threat companies and individuals face today from cyber criminals. A more fitting metaphor is that we are in the midst of the largest, but largely unnoticed, world-wide epidemic, infecting computers and communications systems, and spreading at a dangerous pace. Stuart Madnick is the John Norris Maguire professor of information technology at the Sloan School of Management and professor of engineering systems at MIT School of Engineering.

  5. Cyber Crime • “Criminal gangs now find that transnational and cyber crime are far more rewarding and profitable than other, riskier forms of making money,” says Interpol • “Experts have warned that the cost of cyber crime is larger than the combined costs of cocaine, marijuana and heroin trafficking. In Europe, the cost of cybercrime has apparently reached €750 billion euros ($964 billion) a year,” says Interpol

  6. Too close to home! University of Utah's $3.3M data breach Computerworld - University of Utah officials this week acknowledged that a metal box of backup tapes containing billing records of some 2.2 million patients was stolen…

  7. Identity theft • Number of US 2011 victims: 279,000. • Number of US 2013 victims: 11,571,900. • Average financial loss per incident: $4,930 • Total financial loss attributed to identity theft in 2013: $21 billion • 85% of theft incidents involved the fraudulent use of existing accounts, rather than the use of somebody's name to open a new account. Source: U.S. Department of Justice, Javelin Strategy & Research

  8. Credentials

  9. Phishing threat • “Spear phishing is a much more precise method. They’ll take your name, look you up on Facebook, and do research to find out where you live. They’ll used LinkedIn to see what your job is, who your friends are,” explains Jonathan Maurer, information security officer at Rochester Institute of Technology. • “They’ll try to craft a communication that looks so legitimate that you’ll actually fall for it and you’ll click on a link or download an attachment, and before you know it, your computer is compromised.”

  10. Resources • Email, network use, disk space, Web pages, etc,. • Higher education is particularly vulnerable because—in contrast to hacking targets like banks—college and university computer networks have historically been as open and inviting as their campuses, says Fred Cate, director of the Indiana University Center

  11. We can protect our selves • Stronger passwords – 15 char passphrases are the best. • Use many levels of passwords – Keep a password vault. Msecure, Keepass2, etc,. • Multifactor authentication - sensitive parts of an institution’s network should require “multifactor authentication.” A user might have to enter a password, answer a separate question, and verify fingerprints or pass a retinal scan. Users also could be required to have a “token,” such as a USB key or card with a magnetic strip, says Fred Cate, director of the Indiana University Center for Applied Cybersecurity Research.

  12. Keeping Safe • If in doubt, don’t click it. There is no free lunch! • Keep antivirus and other applications up-to- date with the latest versions. Secunia PSI. • Monitor your statements. Use monitoring services. • Be informed! Cryptolocker. • Sans ISC StormCast.

  13. Protect your Web applications OIT Security Services • Server vulnerability assessments. • Penetration testing. • Security consulting. • OIT Security Services offers Web Application Scanning. Security@byu.edu. First actual case of bug being found

More Related