2016 mdrt annual meeting e handout material title: hacker ... eho.pdfechosec.net countermeasures...

 © 2016 Million Dollar Round Table                                   Million Dollar Round Table   325 West Touhy Ave.   Park Ridge, IL 60068 USA

2016 MDRT Annual Meeting e‐Handout Material   Title:  The Hacker’s Blacklist: Cyber Security for Financial 

Professionals  Speaker:       John Sileo  Presentation Date:  Wednesday, June 15, 2016  Presentation Time:  10:00 ‐ 11:00 a.m.    The Million Dollar Round Table® (MDRT) does not guarantee the accuracy of tax and legal matters and is not liable for errors and omissions. You are urged to check with tax and legal professionals in your state, province or country. MDRT also suggests you consult local insurance and security regulations and your company’s compliance department pertaining to the use of any new sales materials with your clients. The information contained in this handout is unedited; errors, omissions and misspellings may exist. Content may be altered during the delivery of this presentation.    

John Sileo CEO, The Sileo Group

Sileo.com

THE CYBER BLACKLISTTop Threats & Countermeasures for Data Security

sileo.com

Who are you?

john_sileo

Over 37,610,000 anonymous members!

HACKED

BUT

Humans are the Bankers.

Data is Currency…

THE CYBER BLACKLIST king Account Takeover Black Hat Hackers Browser-jacking Card Skimmers Cookie Tracking Credit Fraudsters Cyber Extortion Cyber P

sts Cyber War Dumpster Divers Elder Fraud Our Own Worst Enemy EvilPreneurs Facebook Trawlers Geo-Stalkers Get Rich Quick Scams

niffers Identity Thieves IoT Spies IRS Scams Malware Mobile-jackers Nigerian Scammers Password Crackers Pharmers Phishers Ra fers Social Engineers Spam Spoofing The Mole Travel Espionage War Drivers Wearable Trackers Wi-Fi Sniffers Work from Home Sca

e Snatchers Cloud-jackers Competitive Espionage Eavesdropping App-jacking Account Takeover Black Hat Hackers Browser-jacking Car racking Credit Fraudsters Cyber Extortion Cyber Pickpockets Cyber Terrorists Cyber War Dumpster Divers Elder Fraud Our Own Wor

Facebook Trawlers Geo-Stalkers Get Rich Quick Scams Hacktivists Hotspot Sniffers Identity Thieves IoT Spies IRS Scams Malware M mers Password Crackers Pharmers Phishers Ransomware Shoulder Surfers Social Engineers Spam Spoofing The Mole Travel Esp

Top Threats & Countermeasures for Data Security.

king Account Takeover Black Hat Hackers Browser-jacking Card Skimmers Cookie Tracking Credit Fraudsters Cyber Extortion Cyber P sts Cyber War Dumpster Divers Elder Fraud Our Own Worst Enemy EvilPreneurs Facebook Trawlers Geo-Stalkers Get Rich Quick Scams

niffers Identity Thieves IoT Spies IRS Scams Malware Mobile-jackers Nigerian Scammers Password Crackers Pharmers Phishers Ra fers Social Engineers Spam Spoofing The Mole Travel Espionage War Drivers Wearable Trackers Wi-Fi Sniffers Work from Home Sca

e Snatchers Cloud-jackers Competitive Espionage Eavesdropping App-jacking Account Takeover Black Hat Hackers Browser-jacking Car racking Credit Fraudsters Cyber Extortion Cyber Pickpockets Cyber Terrorists Cyber War Dumpster Divers Elder Fraud Our Own Wor

Facebook Trawlers Geo-Stalkers Get Rich Quick Scams Hacktivists Hotspot Sniffers Identity Thieves IoT Spies IRS Scams Malware M mers Password Crackers Pharmers Phishers Ransomware Shoulder Surfers Social Engineers Spam Spoofing The Mole Travel Esp

Cyber blackmail

The use of illegally obtained data to influence organizations, manipulate people, extract a ransom or otherwise change behavior.

90%Successful Attack Rate

Breach Analysis

Leadership LessonsSecurity must have a Seat of Power in the Boardroom (CISO)

Don’t fail to Leverage Early Mistakes to avoid a sequel

Failure of Culture: CEO emails/phishing/filenames = FIRED

Don’t taunt Unstable Dictators with Unflattering Movies

If 3rd-Party Access, take pro-hacktive and contractual control

Is your reflex to Judge the Breached or learn from them?

“While technical upgrades are important, minimizing human error is even more crucial.”

$12.7 M

Social Engineering

The art (& science) of human manipulation.

@john_sileo

HOGWASH!

John Sileo

Authority

Humor

FEARUrgency

Greed

Reciprocity

HOGWASH! VERIFY.

phishingUse of social engineering to entice you to click a link that installs malware or steals data. 91%

Dell Human Element of Security Study

MICRO Spear-

HYPER-TARGETED!

Anthem Medical Hack: System Admin Phishing

$47M UBIQUITY

Business Email Compromise Imitating someone in a position of !power to gain access, info or money.

1. Facebooks CEO’s travel schedule 2. Phishes CEO’s email credentials 3. LinksIn with CEO’s assistant 4. Imitates CEO in email to assistant 5. Engineers her w/ “China Crisis” 6. Receives $47M wire transfer 7. Retires

CEO-WHALING

Mobile hijackers

Things that are “mobile” have a tendency to “leave”, making control a moving target. 35%

Ponemon Cost of Breach 2013

John Sileo

Knowing ! Doing.

John Sileo

hotspot sniffers

“Free” Wi-Fi Hotspots are commonly “tapped” or “spoofed” by hackers.

John Sileo

Make Secure Choices the Default.

sileo.com

Nudge Your Culture

123456 12345678 1234 qwerty 12345 dragon baseball football letmein monkey abc123 mustang michael shad 111 2000 jordan superman harley 1234567 hunter trustno1 ranger buster thomas tigger robert soccer b

killer hockey george charlie andrew michelle love sunshine jessica pepper daniel access 123456789 654321 starwars silver william dallas yankees 123123 ashley 666666 hello amanda orange biteme freedom comput

nicole ginger heather hammer summer corvette taylor austin 1111 merlin matthew 121212 golfer cheese helsea patrick richard diamond yellow bigdog secret asdfgh sparky cowboy camaro anthony matrix falco guitar jackson purple scooter phoenix aaaaaa morgan tigers porsche mickey maverick cookie nascar peanu

ey samantha panties steelers joseph snoopy boomer whatever iceman smokey gateway dakota cowboys eag zxcvbn please andrea ferrari knight melissa compaq coffee booboo bitch johnny bulldog welcome james

wizard scooby charles junior internet mike brandy tennis banana monster spider lakers miller rabbit brandon steven fender john yamaha diablo chris boston tiger marine chicago rangers gandalf winter

raiders badboy spanky bigdaddy johnson chester london midnight blue fishing 000000 hannah slayer 1111111 thx1138 asdf marlboro panther zxcvbnm arsenal oliver qazwsx mother victoria 7777777 jasper angel david golden butthead viking jack iwantu shannon murphy angels prince cameron girls madison wilson carlos

startrek captain maddog jasmine butter booger angela golf lauren rocket tiffany theman dennis liverpoo green jackie muffin turtle sophie danielle redskins toyota jason sierra winston debbie giants packers

sper bubba 112233 sandra lovers mountain united cooper driver tucker helpme pookie lucky maxwell 8 gators 5150 222222 jaguar monica fred happy hotdog tits gemini lover xxxxxxxx 777777 canada nathan

888888 nicholas rosebud metallic doctor trouble success stupid tomcat warrior peaches apples fish qwer phins rainbow gunner 987654 freddy alexis braves 2112 1212 cocacola xavier dolphin testing bond007 mem

7777 samson alex apollo fire tester walter beavis voyager peter bonnie rush2112 beer apple scorpio ney scott red123 power gordon travis beaver star flyers 232323 zzzzzz steve rebecca scorpion do

ee blazer bill runner birdie 555555 parker topgun asdfasdf heaven viper animal 2222 bigboy 4444 a

Password Crackersof corporate data breach involves this well-known & often-ignored threat.76%

Dell Human Side of IT Security

Th3 hi11$ @r3 @1iv3

Cryptolocker ransomwareMalware (via phishing) that holds data hostage until you pay the ransom.

Social (Media) engineers

#1 source for social engineering reconnaissance.

A highly-public glossary of private information.

A platform that rewards oversharing with dopamine.

ECHOSEC.NET

Countermeasures Prioritize, adapt and implement sileo.comsileo.com

1. An untrained, unengaged, Socially Engineered employee.

4. Inadequate Data Encryption at rest and in transit.

2. A Phishing Attack that installs malware or steals logins.

3. Bad Password Habits and lack of Two-Step Logins.

5. Mobile Devices w/o passcodes, tracking & App vetting.

6. Unpatched Systems with improper security configurations.

7. Superfluous Data Collection, retention and improper disposal.

hacking the humanssileo.comsileo.com

1. Tap into who they are to gain ownership (Fireflies).

4. Shift to memorable, sticky training (The Hills are Alive).

2. Start by making security a selfish reflex (Hogwash).

3. Understand that feeling is believing (Purse).

5. Build a secure culture by nudging “best” habits (2-Factor).

6. Raise the bar on social (media) trust (Troop Locations).

7. Leverage resilience as the greatest source of security…

A leader’s guide to:

Resilience is Security

___ Opt out of junk mail (Sileo.com/1)

___ Freeze your credit (Sileo.com/2)

___ Enable financial account alerts

___ Convenience-based shredding

___ Lockable filing & offsite storage

___ Social engineering detection

___ Turn on smartphone passcode

___ Enable remote tracking & wiping

___ Replace wi-fi hotspots w/ tethering

___ H!11$ @r3 a1!v3 quality passwords

___ Enable 2-step logins/authentication

___ 60 minutes in social media settings

___ Automated OS patches

___ Application updating

___ Ubiquitous anti-virus

___ BitLocker encryption

___ FileVault encryption

___ 3rd-party spam filter

___ Default deny firewall

___ Personal VPN

___ Dedicated browser

___ WPA2+ Wi-Fi security

___ Password Software

Enterprise Level___ User-Level Access

___ External penetration test

___ Enterprise VPN software

___ Mobile Device Mngmnt

___ Acceptable use policies

___ Data Loss Prevention

___ Application white-listing

___ MAC Specific Wi-Fi

___ SSID Masked Wi-Fi

___ Cyber liability insurance

© Copyright 2015. The Sileo Group and John Sileo. All rights reserved.

Sileo’s PrioritizAbleCOUNTERMEASURES

PRIORITIZE | ADAPT | ACTCYBER RISK AUDIT

303.777.3221 Sileo.com