THINK BEFORE YOU CLICK! Cyber Security is everybodys

THINK BEFORE YOU CLICK! Cyber Security is everybodys

THINK BEFORE YOU CLICK! Cyber Security is everybodys responsibility Don Winaker Network Security Manager [email protected] We know what those thieves are after. But Johns Hopkins isnt a store or a bank. What would people want to steal from us? 84.2% of all incoming email messages are

dropped due to SPAM, viruses, phishing, etc. Per Day: 4,000,068 Per Hour: 166,669 Per Second: 46 Unauthorized attempts to access our internal networks blocked Per Day: 75,545,460 Per Hour:

3,147,727 Per Second: 874 Inbound network connections blocked due to malware* Per Day: 88,405 Per Hour: 3,684 Per Second: 1 Outbound network

connections blocked due to malware* Per Day: 882,310 Per Hour: 36,763 Per Second: 10 Johns Hopkins has technology in place that deflects many attacks Technology can provide prevention and detection Technical Tools

Cant Can reason or exercise judgment only detect broad trends Must quickly sort through more than 2 billion daily events Have to be configured, monitored, and maintained by people!

Technology is great and has made our lives and jobs easier, but What is Johns Hopkins Network Security doing today ? Extensive Deployment of Cisco Firewalls Automated Blacklisting Nessus Vulnerability scanning Sourcefire Intrusion Detection and Prevention systems installed JWatch Intel Security incident and Event Management

LanCope network traffic flow monitoring Is this enough ? Technology cant do it all Humans Can make connections between different pieces of information that dont seem related but indicate a trend Can recognize when seemingly normal behavior just doesnt look or sound quite right

Can adapt quickly to new information and emerging attacks and threats Provide a principal preventive control People are the first and most important line of cyber defense If you know where to look and have the right level of access, vast amounts of information are available with just one click

People hold the keys to the kingdom What are the most common types of attack? Social Engineering Phishing Malware SOCIAL ENGINEERING Type of confidence trick or con job Uses

psychological manipulation to trick people to bypass normal security procedures Often One relies on natural helpfulness of people step in a more complex fraud scheme From 2009-2011, 48% of large businesses suffered attacks costing between $25,000-$100,000 per incident

How do cyber criminals try to get information from us? PHISHING SPEAR PHISHING Often sent in an email Targeted phishing attack

Pretends to be from an official source Attacker has specific target in mind Directs users to enter credentials into a fake web

site Uses details about the target to sound more legitimate May present a problem and try to elicit sympathy and get a helpful response

Warn or threaten of consequences for failure to act How do cyber criminals try to get our login credentials? How can you tell if its phishing? Asks you to reply to an email or go to a web site and enter in personally identifiable information Asks

you to click a link to install software (malware) Directs you to a URL that is not a Johns Hopkins address (but might look like one) or starts with an IP address Creates a sense of urgency by warning or threatening that something bad will happen if you dont comply Is badly written, including misspelled words or poor

grammar Be skeptical when you read email Phishing email examples MALicious SoftWARE Gets installed on your system and performs unwanted tasks Designed to disrupt, damage, steal information, take control, create bots Many different types: Virus and worm (infectious) Rootkit, Trojan Horse, Backdoor (RAT remote access tool)

Keylogger, Spyware (steal information) Ransomeware (extortion) Dialer, Adware (generate funds) Hybrids and variations If you never fall for a phishing attack then you are safe, right? You could usually avoid malware if you were careful with your email 90% of malware comes from web

browsing today only 6% comes from email The biggest threat to corporate networks is employees clicking on infected web pages But not anymore A 'drive-by-download' attack is a malware delivery technique that is

triggered just because you visited a website. You dont need to click or accept any software, and the malicious code can download in the background to your device. Drive-by download attack One of the top 600 most popular web sites on the Internet Law of Large Numbers Used the RedKit exploit kit to look for vulnerable

versions of Adobe Reader, Acrobat, Java Vulnerable computers were infected with malware: Citadel (spyware) targets financial account details ZeroAccess (adware) generates fake pay-per-view revenues for botnet controllers or their clients This version of Citadel was at the time only recognized by 3 out of the 46 antivirus programs on virustotal.com Anatomy of the NBC.com Infection McAfee Labs catalogs 100,000 new malware

samples every day 69 new pieces of malware a minute! Number of unsafe websites detected by Google Google blocks 10,000 per day, and 42,000 new malware sites are detected each week But Im safe since I only visit legitimate web sites! Top 10 Infected Web Site Types 80% are legitimate sites

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Blogs 19.8% Web hosting 15.6% Business and economy 10%

Shopping 7.7% Education and reference 6.9% Technology, computer, Internet 6.9% Entertainment and music 3.8% Automotive 3.8% Health and medicine 2.7% Porn 2.4% Mainstream Websites More Likely to Harbor Malware 2013 Cisco Annual Security Report Keep application and operating system patches up-to-date Dont click on unknown links or attachments Dont trust sites that ask for your cell phone

number or require you to create a login account Keep anti-virus/anti-spyware up to date Malware Bottom Line The internet is overwhelmingly a power for good It provides cheap and easy access every moment of every day to vast amounts of information and entertainment, and it is transforming the nature of government and commerce. However

You hold the keys to the kingdom THINK BEFORE YOU CLICK! Cyber Security is everybodys responsibility Questions? Don Winaker Network Security Manager [email protected]

Recently Viewed Presentations

  • Geologic History

    Geologic History

    GEOLOGIC HISTORY What the Earth's surface features tell us about its past. my webpage
  • Bryant PA et al. Sick and tired: does sleep have a vital role ...

    Bryant PA et al. Sick and tired: does sleep have a vital role ...

    Impact of sleep deprivation on cellular and humoral immunity in humans may not be consistent. ... then increase in slow-wave sleep duration with concomitant decrease in REM sleep. ... Bryant PA et al. Sick and tired: does sleep have a...
  • How to Market SBS to help grow your

    How to Market SBS to help grow your

    This learning track helps with moving forward and tracking progress. (32 weeks) A Business Plan For Yourself - Use this learning track to start heading down the right track - action oriented and focused on the vision for your business...
  • Deb Vasquez UESCs Utility Energy Services Contracts National

    Deb Vasquez UESCs Utility Energy Services Contracts National

    Utilities can utilize FEMP resources when partnering with Tribes. Utilities are not blocked (by the PUC) to provide rebates, incentives, UESC to their tribal customers. As mentioned before, UESCs are contracts between an agency, which could be a tribe, and...
  • Anatomy of an Atom - DNA is to

    Anatomy of an Atom - DNA is to

    Anatomy of an Atom - DNA is to you as a proton is to an atom On the following slides, we will describe the experiments which have helped scientists to have this basic view. Perhaps your basic view of the...
  • Part 12 Children and Young People (Scotland) Act

    Part 12 Children and Young People (Scotland) Act

    Ward, Harriet, Rebecca Brown, and Georgina Hyde-Dryden. "Assessing Parental Capacity To Change When Children Are On The Edge Of Care: An Overview Of Current Research Evidence". ... Dr Alisa Stewart, Dr Gillian Macintyre and Sharon McGregor. Overview . Published 17th...
  • Lead Self PATIENT FIRST MANAGEMENT SYSTEM January 2018

    Lead Self PATIENT FIRST MANAGEMENT SYSTEM January 2018

    Even if our thoughts or assumptions are right (or is fact), we have the power to choose. For example, if we were in a meeting and thought that someone was undermining our idea, we felt disrespected, offended, or anger. One...
  • Edmond rostand - Ms. Christina Baumeister

    Edmond rostand - Ms. Christina Baumeister

    Edmond rostand. 1868-1918. French poet and dramatist. Romantic writer. His work contrasted with naturalistic theater popular at the time. Found great success with the play we will read, Cyrano de Bergerac Ran for 300 consecutive nights