THE MEMBERS GROUP afeguard Iowa Partnership – Cybersecurity Webinar Series
THE MEMBERS GROUP
Safeguard Iowa Partnership – Cybersecurity Webinar Series
THE MEMBERS GROUP
Social Engineering and It’s Effects
THE MEMBERS GROUP
What is Social Engineering?Define: psychological manipulation of people
into performing actions or divulging confidential information.
THE MEMBERS GROUP
Types of Attacks
• Phishing - email• SMishing - texting• Pharming – website • Whaling – targeting of executives• Vishing - phone• Tailgating/Piggybacking
THE MEMBERS GROUP
UPS Email Example
***Do not reply to this e-mail. UPS will not receive your reply. Important Delivery Information
Delivery Status: Could not deliver package due to invalid information.Fix Errors: HEREPlease click the above link to correct the errors and we will attempt to re-deliver your packageDriver Release Location: COULD NOT DELIVER Shipment Detail Number of Packages 1UPS Service: 1 DAY OVERNIGHT - URGENTWeight: 2.8 LBS
THE MEMBERS GROUP
Smishing Example
[email protected]/VISA. (Card Blocked) Alert. For more information please call 1-
877-269-XXXX.
THE MEMBERS GROUP
In October 2013, RSA identified more than 62,000 phishing attacks, which raised the bar in terms of number of attacks carried out within a single month. The median takedown time for
attacks is 12 hours -- worth roughly $300 each hour. During October 2013 alone, phishing attacks netted $233 million. **
** http://searchsecurity.techtarget.com/feature/Social-engineering-attacks-Is-security-focused-on-the-wrong-problem
Cost of Social Engineering
THE MEMBERS GROUP
What happens after…
THE MEMBERS GROUP
Effects of Cyber Crime• Cybercrime has surpassed illegal drug trafficking
as a criminal moneymaker.*• Every 3 seconds an identity is stolen.**• Without security, your unprotected PC can become
infected within four minutes of connecting to the internet.***
*Cybercrime More Profitable Than Drugs", NineMSN,
**Identity Theft Statistics, Identity Protection Online
***"Eliminating Mobile Security Blindfolds", Tech News World
THE MEMBERS GROUP
Target, Neiman Marcus, Michaels, and more…
• Eastern European hackers developed software • BlackPOS malware
– Memory parsing software
• How did they get in the network?• 6 other breaches, software downloaded 60x globally
THE MEMBERS GROUP
Prevention Practices
THE MEMBERS GROUP
Organizational Tips
• Never disclose password• Limit who talks about IT structure• Question people• Be sure to be aware of guests/non-employee
access• If something does not feel right – STOP• Education and training
THE MEMBERS GROUP
Industry Measures• Increased Communications• EMV• Mobile• Tokenization
THE MEMBERS GROUP
Fragmented ImplementationAite Survey
– Merchants• 75% of small to mid-sized merchants were not aware of EMV/Chip
cards– Of those that were aware 52% were planning on upgrading by 2015
• 67% of large merchants are planning to upgrade by 2015
– Issuers• 64% of large issuers plan to be completed by Oct 2015• 14% of large issuers in the middle of reissuance by Oct 2015• 58% of issuers planning on chip and signature CVM• 25% of issuers planning on chip and PIN CVM
THE MEMBERS GROUP
Fraudsters Take Advantage
THE MEMBERS GROUP
Education
THE MEMBERS GROUP
Questions?
THE MEMBERS GROUP
Safeguard Iowa Partnership Cybersecurity Webinar Series:
October 23: Passwords Under Attack & Two Factor Authorization
October 30: Iowa Fusion Center Cyber Crime Component & How the DCI Proceeds in Criminal Investigations
THE MEMBERS GROUP
Become our newest Partner TODAY!
www.safeguardiowa.org