A denial of service attack to umts networks using sim less devices
Cyber Security Vital For All - mergedfutures.com Securit… · NFIB50A Computer Virus/...
Transcript of Cyber Security Vital For All - mergedfutures.com Securit… · NFIB50A Computer Virus/...
Cyber Security – Vital For All
www.northantspfcc.org.uk
A bit about me…
Heather Cowley
Digital Delivery & Cyber Engagement Manager
Office of the Northamptonshire Police, Fire &
Crime Commissioner
Member of Digital Northampton #TechWomeNN
Twitter @HthrCowley
www.northantspfcc.org.uk
Aim and Agenda
Provide an overview of Cyber Security and why it is important
for everyone to understand and play a role.
• What is Cyber Security?
• Common Cyber Threats and where they come from
• Facts, figures and statistics
• Common Cyber Misconceptions
• Practise Scenarios
• Tools, Resources and further information
www.northantspfcc.org.uk
What is Cyber Security?
Cyber Security protects our most sensitive information.
www.northantspfcc.org.uk
What is Cyber Security?
• Data Encryption, Data access control technologies and policies
Data Security
• Firewalls, Appliance hardening, Intrusion Detection Systems (IDS), Security incident and Event management (SIEM)
Network Security
• Policies and Access/Admin control
Application Security
Cyber Security is broken down in to three areas:
Cyber crime is any crime that involves a computer. Often broken down in
to cyber-enabled (crime that involves the use of technology) or cyber-
dependent (relies on a computer to commit).
www.northantspfcc.org.uk
Common Cyber Threats• Viruses/Malware – malicious software installs itself on
your device including mobile devices
• Trojans – infected under false pretences
• Ransomware – encrypts the end user system
• Denial of Service (DOS) – demand overload on system
• Phishing – tricks the user in to disclosing confidential
information or clicking malware link
• Man in the Middle (MitM) – communications are intercepted
by an attacker
• Advanced Persistent Threat (APT) – penetrates and lurks
undetected inside a network
www.northantspfcc.org.uk
Where do the threats come from?
Cyber threats come from a variety of places, people and contexts:
IndividualsOrganised Criminal Groups
Scammers
Nation State TerroristsIndustrial
Spies
Unhappy Insiders
Business Competitors
Cyber criminals are opportunistic, prey on weakness and are after
something you have.
www.northantspfcc.org.uk
Facts and figures
94% of malware is delivered via email
34% of data breaches involve internal actors
Hackers attack every 39 seconds which equates to
2,244 times a day worldwide
65% of attackers use spear-phishing as the primary infection
vector
48% of malicious email attachments are office
files (Word, Excel etc)
www.northantspfcc.org.uk
The last 6 months….
www.northantspfcc.org.uk
They adapt….
www.northantspfcc.org.uk
Northamptonshire Statistics
Counting code Type of Cybercrime Reported Occurrences
NFIB50A Computer Virus/ Malware/Spyware 166
NFIB51A Denial of Service Attack 4
NFIB51B Denial of Service Attack Extortion 1
NFIB52A Hacking - Server 5
NFIB52B Hacking - Personal 49
NFIB52C Hacking - Social Media and Email 154
NFIC52D Computer Hacking - PBX/Dial through 1
NFIB52E Hacking (Extortion) 38
NFIB3E Computer Software Service Fraud 198
NFIB1A/NFIB1H/NFIB3A/NFIB3B/NFIB5D/NFIB90
“419” Advance Fee Fraud/Advance Fee Fraud/Online Shopping and Auctions/Consumer Phone Fraud/Mandate Fraud/Other Fraud
120
Over the last 12 months, there have been 961 reported occurrences of
cybercrime within Northamptonshire.
www.northantspfcc.org.uk
Common Cyber Misconceptions
For Individuals….
• Cyber Security is a technology issue
• My data is not valuable
• Cyber-attacks come from the internet
• New software and devices are
secure when I buy them
• I have anti-virus
• I just need a strong password
• I will know if my computer is infected
For Business….
• I have a supplier that deals with
that
• I have insurance
• Digital and physical security are
separate
• My IT department does that
• Its too expensive
www.northantspfcc.org.uk
You can protect yourself by...
Install an Antivirus or Internet Security Suite
Use Strong Passwords/Passphrases
or MFA
Update your Operating Systems, software and
mobile apps
Manage your Social Media Settings
Talk with your kids, use tools to protect them and
keep a watch on their activities
Check major security breaches
Conduct a Penetration Test
Train Your Employees
www.northantspfcc.org.uk
WARNING!!
Do not attempt to look up, use or copy any of the links,
email addresses or phone numbers in the following Cyber
Threat scenarios.
These are malicious and may cause harm to your device!
www.northantspfcc.org.uk
Cyber Threat Scenario 1
Look at the information in the picture and answer the questions below:
• What type of Cyber attack could this be?
• What action should you take?
• Could you mitigate against this?
www.northantspfcc.org.uk
Cyber Threat Scenario 1
www.northantspfcc.org.uk
Cyber Threat Scenario 1• What type of Cyber attack could this be?
This is a phishing scam, that could lead to Customer Service Software Fraud, if the
link in the email was clicked.
• What action should you take?
1. Don’t panic
2. Check the sender address – do you recognise it?
3. Ignore any logos or icons in the email and read the body of the message – are
there spelling mistakes or bad grammar?
4. Hover over any links to see the address that it would take you to – DO NOT
CLICK
• Could you mitigate against this?
1. You can report the email to Microsoft, the easiest way to do this is to use the
‘Report It’ add on to Outlook.
2. You can ignore the email and delete it
www.northantspfcc.org.uk
Cyber Threat Scenario 2
Look at the information within the picture and
answer the questions below:
• What type of Cyber attack could this be?
• What action should you take?
• Could you mitigate against this?
www.northantspfcc.org.uk
Cyber Threat Scenario 2
www.northantspfcc.org.uk
Cyber Threat Scenario 2
• What type of Cyber attack could this be?
This is a smishing scam, a form of phishing through SMS text messages.
• What action should you take?
1. Don’t panic
2. Check the sender phone number – do you recognise it?
3. Read the message – do you have an O2 contract?
4. DO NOT CLICK on any links or phone the number it has been sent from!
• Could you mitigate against this?
1. You can report the text message to the company it purports to come from.
2. You can ignore the text message and delete it
www.northantspfcc.org.uk
Cyber Threat Scenario 3
Look at the information in the picture and
answer the questions below:
• What type of Cyber attack could this be?
• What action should you take?
• Could you mitigate against this?
www.northantspfcc.org.uk
Cyber Threat Scenario 3
www.northantspfcc.org.uk
Cyber Threat Scenario 3
www.northantspfcc.org.uk
Cyber Threat Scenario 3• What type of Cyber attack could this be?
This is a phishing scam. The link could provide a gateway to a variety of threats,
such as viruses/malware by ‘drive by download’ or stolen credentials/identity theft.
• What action should you take?
1. Don’t panic
2. Check the sender address – do you recognise it?
3. Ignore any logos or icons in the email and read the body of the message – are
there spelling mistakes or bad grammar?
4. Hover over any links to see the address that it would take you to – DO NOT
CLICK
• Could you mitigate against this?
1. You can report the email to HMRC.
2. You can ignore the email and delete it
www.northantspfcc.org.uk
Cyber Threat Scenario 4
Which of these websites is the real one?
A
B
www.northantspfcc.org.uk
Cyber Threat Scenario 4
A B
www.northantspfcc.org.uk
Ensure the following:
1. Type in the website address and use a trusted source
2. Be wary of clicking on any advertisement links from websites.
3. Look up the domain age at https://whois.domaintools.com
4. Watch for poor grammar and spelling
5. Look for reliable contact information
6. Have a quick search online for reviews of the website
Cyber Threat Scenario 4
www.northantspfcc.org.uk
Tools, resources and further information
• Action Fraud – https://www.actionfraud.police.uk/
• National Cyber Security Centre – https://www.ncsc.gov.uk/
• Cyber Aware – https://www.ncsc.gov.uk/cyberaware/home
• Get safe online – https://www.getsafeonline.org/
• No More Ransom – https://www.nomoreransom.org/en/index.html
• Northamptonshire Cyber Protect Officers Twitter – @NorthantsCyber
• Have I been pwned? - https://haveibeenpwned.com/
• Information is beautiful - https://informationisbeautiful.net/
www.northantspfcc.org.uk
Cyber Security Forum
Meet monthly to drive engagement between police and business on
cyber matter within the county
• Share best practise and guidance
• Raise awareness of the cyber threat landscape
• Informal support network
Email: [email protected]
www.northantspfcc.org.uk
A Request……
Take one piece of information from this
session and tell someone about it
www.northantspfcc.org.uk
Questions?