Cyber Myths vs reality :- Way Forward Practical Approach

nasirsyed 27 views 41 slides Aug 18, 2024
Slide 1
Slide 1 of 41
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21
Slide 22
22
Slide 23
23
Slide 24
24
Slide 25
25
Slide 26
26
Slide 27
27
Slide 28
28
Slide 29
29
Slide 30
30
Slide 31
31
Slide 32
32
Slide 33
33
Slide 34
34
Slide 35
35
Slide 36
36
Slide 37
37
Slide 38
38
Slide 39
39
Slide 40
40
Slide 41
41

About This Presentation

Cyber Security Myth or Reality

Size: 23.39 MB
Language: en
Added: Aug 18, 2024
Slides: 41 pages

Slide Content

Cyber Security Myths Vs Reality Dr. Syed Nasir Mehmood Shah [email protected]

Computer Security “Protection afforded to an automated information system in order to attain the applicable objectives of preserving the confidentiality, integrity and availability of information system resources ( includes hardware, software, firmware, information/data , and telecommunications ).” (NIST Computer Security Handbook) 3

Cyber Security ?? P ractice of protecting critical systems and sensitive information from digital attacks. https://www.ibm.com/topics/cybersecurity

Goals of Information Security 5

Security Model Adapted from Stallings and Brown

Pakistan Scenarios NADRA Pakistan Election Commission of Pakistan Telco Industries of Pakistan Safe City Project Electronics Industry IT industry National Health System

Dangerous cybersecurity myths https://cybersecurityventures.com/cybercrime-infographic/

Cybercriminals are outsiders . Risks are well-known My industry is safe Attack vectors are contained

15 Myths & Realities

1) Myth:  Our passwords are strong Reality:  Strong passwords are only the start. You need two-factor authentication and data monitoring https://www.stealthlabs.com/blog/infographic-top-15-cybersecurity-myths-vs-reality/

2) Myth:  Cybercriminals don’t target small businesses. Reality:  Small businesses lack advanced security solutions, making them a softer target for cybercriminals

3) Myth:  We are unlikely to experience a cyberattack Reality:  Any business with sensitive information is highly likely to witness a cyberattack at some stage

4) Myth:  Anti-virus/anti-malware software is enough Reality:  Software won’t be able to detect/prevent all types of cyber attacks

5) Myth:  Cyber threats  are only external Reality:  Insider threats are equally dangerous and need equal attention as external threats

6) Myth:  IT department is responsible for cybersecurity Reality:  It is the responsibility of every employee to keep the organization cyber safe

7) Myth:  Password protected Wi-Fi networks are secure Reality:  All public Wi-Fi networks can be compromised, even with a password

8) Myth:  You’ll know immediately if your system is compromised Reality:  It can take months or even years to realize that your system has been compromised

9) Myths:    BYOD (Bring your own device) is secure and safe Reality:  All personal devices, including smartphones, laptops, and wearables, can put a company’s network at risk

10) Myth:  We have achieved complete cybersecurity Reality:  You must continuously adopt new cybersecurity strategies as new threats emerge

11) Myth:  Sophisticated security tools keep your business secure Reality:  Security tools should be appropriately configured, monitored, and integrated with overall security operations

12) Myth:  Regular penetration tests are enough Reality:  Penetrations tests work only when the discovered vulnerabilities are rectified in time

13) Myth:  Compliance equates to a robust security strategy Reality:  Merely complying with regulations does not mean you have a robust security strategy

14) Myth:  A third-party security provider will take care of security Reality:  Despite partnering with a security provider, you have a legal and ethical responsibility to secure critical assets

15) Myth:  We have never experienced a breach, so our security is strong Reality:  New, sophisticated cyberattacks evolve daily, so be prepared always

Som e Case Studies

PEGASUS

“Developed by Israeli Cyber Arms Company firm , NSO Group” PEGASUS Pegasus is designed to infiltrate devices running Android, Blackberry, iOS and Symbian operating systems and turn them into surveillance devices . Pegasus can theoretically harvest any data from the device and transmit it back to the attacker. Not dependent on single entry point for destruction. Infection entry point include clicking links, the Photos app, the Apple Music app, and iMessage. Some of the exploits Pegasus uses are zero-click — that is, they can run without any interaction from the victim.

PEGASUS run arbitrary code extract contacts call logs, messages , photos, web browsing history, settings, gather information from apps including but not limited to iMessage , Gmail, Viber, Facebook, WhatsApp, Telegram, and Skype . Once installed, Pegasus is able to Myth Buster IOS / Blackberry is more secure. It is safe to keep sensitive data on my phone, because I’ve locked it.

Demo

Myth Buster Open Source software is more secure. Open Clinic The open source platform is used by a number of clinics and hospitals to manage lab and pharmacy workflows, manage administrative, clinical, and financial needs, and a range of in-patient and out-patient tasks. A hacker can access patient protected health information Open-source health records management software No version of Open Clinic available that does not suffer from the identified vulnerabilities

Solar Wind

Solar Wind

Nobelium: Hackers who Compromised Solar Wind Supply chain attack was used to insert malicious code the Orion system The third-party software, in this case the SolarWinds Orion Platform , creates a backdoor through which hackers can access and impersonate users and accounts of victim organizations. The malware could also access system files and blend in with legitimate SolarWinds activity without detection, even by antivirus software. Myth Buster Latest Patch/update would always increase the existing level of security. SolarWinds was a perfect target for this kind of supply chain attack b ecause their Orion software is used by many multinational companies and government agencies , all the hackers had to do was install the malicious code into a new batch of software distributed by SolarWinds as an update or patch.

Zero trust security strategy

 A  Zero Trust Strategy  assumes compromise and sets up controls to validate every user, device and connection into the business for authenticity and purpose.

https://safety4sea.com/infographic-ten-steps-to-cyber-security/

Thanks
Tags
Categories
Technology
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 27
  • Slides 41
  • Age 470 days
Related Slideshows
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx 11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx 10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
44 views
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx 13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx 11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
Know for Certain 21
Know for Certain
DaveSinNM
19 views
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx 17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views
View More in This Category