Decrease the Chances of a Data Breach

netsecurityco

dPpw26p

Fix the “sPumkins” and Drastically

Decrease the Chances of a Data Breach

Inno Eroraha, CISSP-ISSAP, ISSMP, CISA, CISM, CHFI

Founder & Chief Strategist

NetSecurity Corporation

November 3, 2016

Fix the “sPumkins” and Drastically

Decrease the Chances of a Data Breach


Agenda

2

What are sPumkins and why do we have

them?

Why Attackers are Successful – “Top-N”

reasons

Decreasing Chances of Data Breaches

through Protection/Prevention and

Detecting

Fix the “sPumkins” and Drastically

Decrease the Chances of a Data Breach


My Life and Schedules

3

DC to Boston to Houston to DC

DC to Chicago to Vegas to DC

DC to AFB to Chicago to Vegas to

??? To DC

Fix the “sPumkins” and Drastically

Decrease the Chances of a Data Breach


MOST WANTED

4

Hands-On Cyber Security

Professionals

Incident Responders

Malware Analysts

Threat Hunters

Fix the “sPumkins” and Drastically

Decrease the Chances of a Data Breach


Data Breach – No Experience Necessary

5

Social Engineering

WiFi

Email

Phone call

Piggy-back?

sPumkins

Fix the “sPumkins” and Drastically

Decrease the Chances of a Data Breach


sPumkins vs. “Low Hanging Fruits”

6

Fix the “sPumkins” and Drastically

Decrease the Chances of a Data Breach


7

sPumkins – Top N Reasons for

Successful Breaches

False Sense of Security

Regulatory Compliance

Regular Pen-Test or Vulnerability Scans

Security products

Existing investments, etc.

Security awareness issues

No asset inventory – (un)authorized devices,

systems, and software

Vendor/3 rd -party management issues

Fix the “sPumkins” and Drastically

Decrease the Chances of a Data Breach


8

sPumkins – Top N Reasons for

Successful Breaches (Contd.)

Inadequate Pen-Test scoping

Finding physical attack vectors

Social Engineering

Physical Assessment

Desk Assessment

Not going after high-valued assets

No Breach planning or assessment

Fix the “sPumkins” and Drastically

Decrease the Chances of a Data Breach


sPumkins – Top N Reasons for

9

Successful Breaches (Contd.)

Vendor default, very weak, or no creds

Patch Management / Outdated OS/apps

No monitoring/hunting

Ignoring “tell-tale” signs from Vulnerability

Scanners

Ignoring “tell-tale” alerts from IDS, Firewall,

AV, etc.

No threat monitoring

Fix the “sPumkins” and Drastically

Decrease the Chances of a Data Breach


10


QUESTIONS & ANSWERS

Fix the “sPumkins” and Drastically

Decrease the Chances of a Data Breach

More magazines by this user
Similar magazines