Download - Scot Secure 2016
![Page 1: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/1.jpg)
#scotsecure
Welcome to
![Page 2: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/2.jpg)
#scotsecure
Mark Stephen
BBC Scotland
![Page 3: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/3.jpg)
www.mobile-scotland.com
2nd Annual Mobile Scotland
26th May Edinburgh
![Page 4: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/4.jpg)
www.scot-cloud.com
3rd Annual Scot-Cloud
21st June Edinburgh
![Page 5: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/5.jpg)
#scotsecure
DI Eamonn Keane
Police Scotland
![Page 6: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/6.jpg)
Investigating Cybercrime in the UK
Be the Hunter!!
Cybercrime / DI Eamonn Keane
Specialist Crime Division
![Page 7: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/7.jpg)
Agenda
Scottish , UK & Global Perspective!
The current threat landscape!
Incident Planning & Response!.
Prevention.
“cotla d’s future.Signposting.
![Page 8: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/8.jpg)
Key questions that all CEOs and CISOs should
be asking this week?
• "Are we vulnerable to SQL injection, ransomware or DDoS
ased atta ks?• "What assurance activity have we done to confirm that
e are ot ul era le?• "If we were compromised, would an attacker be able to
gai a ess to u e r pted se siti e data?• "What assurance activity have we done to confirm this
position?"
• What is our o pa posture o se urit ?
![Page 9: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/9.jpg)
![Page 10: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/10.jpg)
Cybercrime Cost
![Page 11: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/11.jpg)
![Page 12: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/12.jpg)
Cyber Regional Organised Crime Units
![Page 13: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/13.jpg)
Cybercrime!
![Page 14: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/14.jpg)
Stalking
Bullying
Cyber FraudSOCG
Sexual Offenders
Indecent images of children
Cyber dependent crimes e.g.
hacking, malware,
DDoS
An
ti-social b
ehavio
ur
Cyber T
errorism
is impacting on the police response across the full crime spectrum.
![Page 15: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/15.jpg)
SOC
CYBER ATTACKS
VOLUME CYBERCRIME
• International highly skilled cyber-criminals, often working together
• Responsible for 262,000 UK infections and losses > £500m
• Distributed Denial of Service (DDoS) – BBC, HSBC)• Ransomware (Police Scotland, SPA)• Data Theft and extortion (TalkTalk, Ashley Madison)
• 2.5 million cybercrimes in the UK annually• Economic Crime• Extortion• Offences against children (CSE)
![Page 16: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/16.jpg)
![Page 17: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/17.jpg)
Your Title Here
1980’s Policing
![Page 18: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/18.jpg)
I ca do ore da age o y laptop in my pyjamas, before my first cup of
Earl Grey, than you can do in a year in
the field.Q - Skyfall
![Page 19: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/19.jpg)
![Page 20: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/20.jpg)
Cyber Attacks are on the rise
![Page 21: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/21.jpg)
![Page 22: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/22.jpg)
![Page 23: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/23.jpg)
Ransomware - Glasgow Hairdressers
![Page 24: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/24.jpg)
![Page 25: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/25.jpg)
ORGANISED CRIME
![Page 26: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/26.jpg)
![Page 27: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/27.jpg)
Five key cyber crime threats
• Malware targeting businesses & individual users for fraud.
APT s, ‘AT“, • Network intrusion ('hacking') DDoS, XSS. Spear-phishing.
• Enablers of cyber dependent crime (e.g. money laundering /
digital currencies / anonymisation).
• C er ri e 'as a ser i e• Targeted disruption of access to UK networked systems and
services (e.g. DDOS / Ransomware)
![Page 28: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/28.jpg)
Old bugs come home to roost… SHELLSHOCK – HEARTBLEED – DRIDEX –CRYPTOWALL - POODLE… LOCKY
![Page 29: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/29.jpg)
![Page 30: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/30.jpg)
Virtual Currencies
![Page 31: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/31.jpg)
http://www.mcafee.com/uk/resources/white-papers/wp-cybercrime-exposed.pdf
Cybercrime-as-a-Service
![Page 32: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/32.jpg)
Cyber Resilience is thorough Preparation
Overarching Cyber Security Strategy!
Pre-planned Exercise.
Incident Management & Response Plan.
Communications Strategy.
Investigative Strategy.
Incident Manager & Team
Gold, Silver, Bronze.
Mitigation & Recovery Strategy.
Logistics - Contingency
![Page 33: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/33.jpg)
![Page 34: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/34.jpg)
Security Incident Event Management & Security Operations Centre
![Page 35: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/35.jpg)
The layered approach!
![Page 36: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/36.jpg)
Reconnaissance.
![Page 37: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/37.jpg)
The threats are evolving, so must your security tools.
![Page 38: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/38.jpg)
Reporting of Cyber Incidents • Incident evaluation and early reporting.
• Police Scotland 101 – Incident No. & Action Fraud.
• Business continuity and impact our prime consideration.
• ICT response and mitigation. Scene preservation?
• Where possible preserve original copies of emails, attachments,
device images and logs.
• Is there a mandatory obligation to report?
• Report to Cert UK / GovCert UK .
• Report to Scottish Government if appropriate.
• Identify point of contact for law enforcement to facilitate enquiries
and evidence gathering.
• Submit attack details to CISP platform if appropriate share.cisp.org.uk
(can assist with mitigation and fix)
![Page 39: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/39.jpg)
![Page 40: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/40.jpg)
Cyber Essentials & Cyber Essential Plus
Cyber Essentials concentrates on five key controls.These are:
1. Boundary firewalls and internet gateways2. Secure configuration3. Access control4. Malware protection5. Patch management
![Page 41: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/41.jpg)
![Page 42: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/42.jpg)
Our priorities
Education & Awareness Partnerships
Develop Capacity & Capability
Detect & Prosecute Offenders
![Page 43: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/43.jpg)
![Page 44: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/44.jpg)
![Page 45: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/45.jpg)
The Future
IndustryAcademia &
Law Enforcement
National Cyber
Centre -GCHQ
?£1.9 billion UK Government
investment in Cyber by 2020
Scottish Cyber Centre
![Page 47: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/47.jpg)
#scotsecure
Sam Alderman-Miller
Darktrace
![Page 48: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/48.jpg)
Applying probabilistic mathematics and machine learning to cyber threat discovery
Sam Alderman-Miller
Account Manager
![Page 49: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/49.jpg)
![Page 50: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/50.jpg)
![Page 51: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/51.jpg)
![Page 52: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/52.jpg)
![Page 53: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/53.jpg)
![Page 54: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/54.jpg)
Enterprise Immune System Approach
Self-learningDevelops mathematical models of normal behavior
Understands behaviourFor every individual user, device and the enterprise as a whole
AdaptiveConstantly calculates probabilities based on evolving evidence
Real-timeDetects threats as they happen
![Page 55: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/55.jpg)
Conclusion• Sophisticated Threat Detection
• Threat is inside and always will be
• Traditional approaches are insufficient
• Threats are constantly evolving
• Using Machine Learning for ‘Immune System’ Defence
• Does not need to know what ‘bad’ looks like in advance
• Learns normal and abnormal behaviours in real time
• Detects threats that bypass traditional security controls
• Provides complete visibility into your network
![Page 56: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/56.jpg)
Thank You
![Page 57: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/57.jpg)
#scotsecure
Colin Keltie
Standard Life
![Page 58: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/58.jpg)
#scotsecure
Questions &
Discussion
![Page 59: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/59.jpg)
#scotsecure
Breakout Details on
Back of Badge
![Page 60: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/60.jpg)
©2015 Check Point Software Technologies Ltd. 60©2015 Check Point Software Technologies Ltd.
Moving from detection to prevention in the real world
Aatish PattniHead of Threat Prevention, Northern Europe
CHECK POINT
![Page 61: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/61.jpg)
©2015 Check Point Software Technologies Ltd. 61©2015 Check Point Software Technologies Ltd.
Available Skills
END USERS
STAKEHOLDERS
YOUR NETWORK
YOUR SECURITY POSTURE
3rd
Parties Vendors
![Page 62: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/62.jpg)
©2015 Check Point Software Technologies Ltd. 62
COST OVER TIME:C
ost o
f Bre
ach
Direct loss: $162,000,000Estimated indirect loss: >$1
Billion
The financial impact GROWS dramatically with TIME
![Page 63: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/63.jpg)
©2015 Check Point Software Technologies Ltd. 63
Businesses Are Not Immune
![Page 64: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/64.jpg)
©2015 Check Point Software Technologies Ltd. 64
NEXT GENERATION MALWARE
HIDDEN
POLYMORPHIC
SOPHISTICATEDAND PROGRAMMABLE
USES MULTIPLE ENTRY POINTS
![Page 65: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/65.jpg)
©2015 Check Point Software Technologies Ltd. 65
NEXT GENERATION ACTORS
ADOPT CLOUD
LEVERAGE COMMUNITIES
USE AGILE PROGRAMMING
OUTSOURCE
![Page 66: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/66.jpg)
©2015 Check Point Software Technologies Ltd. 66
THE REST OF 2016
THEFT
DISRUPTION
SUPPLY CHAIN ATTACKS
INDUSTRIAL ESPIONAGE
NATION-STATE
NEW THREAT ACTORS
RANSOMWARE
BOTS
PHISING
LISTENERS
![Page 67: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/67.jpg)
©2015 Check Point Software Technologies Ltd. 68
WE KNOW…Some Infections Will Inevitably Happen
2,122CONFIRMED
DATA BREACHES
79,790SECURITY INCIDENTS
How Can We Efficiently Respond?
Source: Verizon: 2015 Data Breach
Investigations Report
![Page 68: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/68.jpg)
©2015 Check Point Software Technologies Ltd. 69
How do we
PREVENT unknown
malware entering
the network?
![Page 69: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/69.jpg)
©2015 Check Point Software Technologies Ltd. 70
SECUREDGATEWAY OR END POINT
MINIMISE END USER DISRUPTION
![Page 70: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/70.jpg)
©2015 Check Point Software Technologies Ltd. 71
DAILY UPDATES FROM 150,000+ CUSTOMERS
10,000,000Bad-ReputationEvents
700,000
MalwareConnections Events
30,000
MalwareFiles Events
![Page 71: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/71.jpg)
©2015 Check Point Software Technologies Ltd. 72
How do we
RESPOND with the
people we have?
![Page 72: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/72.jpg)
©2015 Check Point Software Technologies Ltd. 73
DO YOU UNDERSTAND THE ATTACK?
54%
43%
63%
41%
32% 33%
0%
10%
20%
30%
40%
50%
60%
70%
Who Attack
Method
Where When Why Defense
MethodSource: Ponemon: Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations: February 2014
% do t know how to defend
![Page 73: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/73.jpg)
©2015 Check Point Software Technologies Ltd. 74
LOOK INSIDE THE MACHINE
Automatically Analyse Triggers
Create Actionable
InsightsRemediate
Record all End Point Activity
![Page 74: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/74.jpg)
©2015 Check Point Software Technologies Ltd. 75
Summary
Detail
How Did the Malware Get In?
![Page 75: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/75.jpg)
©2015 Check Point Software Technologies Ltd. 76
Investigation Trigger
Identify the process that accessed the
C&C server
Identify Attack Origin
Chrome exploited while browsing
Dropped Malware
Dropper downloads and installs malware
Exploit Code
Dropper process launched by
Chrome
Activate Malware
Scheduled task launches after
boot
Attack traced even across system
boots
![Page 76: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/76.jpg)
©2015 Check Point Software Technologies Ltd. 77
MaliciousActivities
Drill-DownDetail
Severity
Is There an Infection?
UNDERSTAND THE INCIDENT
![Page 77: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/77.jpg)
©2015 Check Point Software Technologies Ltd. 78
FROM UNDERSTANDING TO ACTION
Generate Remediatio
n Script
How Should You Respond? How Can You Clean it?
![Page 78: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/78.jpg)
©2015 Check Point Software Technologies Ltd. 79
Incident Understanding
Visibility
Immediate Content Delivery
Prevention
TO DEAL WITH UNKNOWN THREATS
![Page 79: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/79.jpg)
©2015 Check Point Software Technologies Ltd. 80
Unprecedented protection against targeted attacks & unknown malware
Sandboxing
Evasion-resistant malware
protection
Extraction
Immediate delivery of
cleaned content
Forensics
Automated analysis &
remediation
![Page 80: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/80.jpg)
©2015 Check Point Software Technologies Ltd. 82©2015 Check Point Software Technologies Ltd.
Aatish Pattni | Head of Threat Prevention, Northern Europe
THANK YOU
uk.linkedin.com/in/aatishpattni
@TishPattni
![Page 81: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/81.jpg)
Protecting your business, brand, and customer experience from modern malware
Martin Budd
Security Sales Manager - UKISSA
![Page 82: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/82.jpg)
© F5 Networks, Inc 84
Application evolution vs business challenges
Web based
Mobile Cloud API
Agile code development
Skills shortgae
Advanced threats
Risk now stopping
innovation
![Page 83: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/83.jpg)
© F5 Networks, Inc 85
Why is the risk from malware and fraud increasing ??
![Page 84: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/84.jpg)
© F5 Networks, Inc 86
Browser is the Weakest LinkEnd point risks to “Data In Use”
HTTP/HTTPS
Secured
Data center
WAF
HIPS
Traffic Management
NIPS
DLP
Network firewall
SIEM Leveraging
Browser
application
behavior• Caching content, disk
cookies, history
• Add-ons, Plug-ins
Manipulating user
actions:• Social engineering
• Weak browser
settings
• Malicious data theft
• Inadvertent data loss
Embedding
malware:• Keyloggers
• Framegrabbers
• Data miners
• MITB / MITM
• Phishers / Pharmers
Hmmmm…Customer Browser
![Page 85: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/85.jpg)
© F5 Networks, Inc 87
HaaS
![Page 86: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/86.jpg)
© F5 Networks, Inc 88
Is the Security Perimeter Dead?
application
endpoint
![Page 87: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/87.jpg)
© F5 Networks, Inc 89
The Application Perimeter/Protection
Network Threats Application Threats
of attacks are
focused here
25% of security
investment
90% of attacks are
focused here
75% of security
investment
10%
![Page 88: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/88.jpg)
© F5 Networks, Inc 90
Endpoint Perimeter/Protection
Traditional enterprise perimeter Customer protection
Protection
MDM, AV, Proxy, Sandbox
>90
% Protection
<10
%
![Page 89: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/89.jpg)
© F5 Networks, Inc 91
Old rope for new money!
Malware InfectionCredential Acquisition
Transaction Manipulation
![Page 90: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/90.jpg)
© F5 Networks, Inc 92
Man In The Browser
Credential/Information
Mobile Malware
Transaction/Credential
Form Grabbing & Keyloggers
Credential/Information
Man In The Middle
Transaction
RAT andBack Connect
Transaction
Modern malware using new techniques to achieve age old objectives
A problem for banks and enterprises alike
![Page 91: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/91.jpg)
© F5 Networks, Inc 93
Traditional malware detection
• Focused on enterprise boundary and employees
• Based on signature detection
• Focused identifying cause not effect
• Reactive not pro-active
• Sandboxes etc – patient zero
• Analyzes browser for traces of common malware (i.e., Zeus, Citadel, Carberp, Hesperbot, Dyre, …
`
![Page 92: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/92.jpg)
61%
of breaches are caused by stolen credentials
![Page 93: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/93.jpg)
© F5 Networks, Inc 95
How Phishing Works
Drop Zone
The attacker access
the real web page
The attacker saves a
copy of the web pages
to their own web server
The attacker sends a phishing
request to many victims
The victim visits what they
think is a legitimate site but
is actually the phishing site
The victim provides
confidential data directly
to the hacker
So how can we protect ourselves?
![Page 94: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/94.jpg)
© F5 Networks, Inc 96
Web injection
So how can we protect ourselves?
![Page 95: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/95.jpg)
© F5 Networks, Inc 97
Credential /Form Grabbing
The victim is infected
with malware
The victim makes a secure
connection to a web site
This triggers to
malware to run
The victim enters data
into the web form
This content can be
stolen by the malware
The victim submits
the web form
The information is encrypted
and sent to the web server
The information is also sent
to the drop zone in clear text
Password
revealer
icon
So how can we protect ourselves?
![Page 96: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/96.jpg)
© F5 Networks, Inc 98
• Uniquely analyzes user interaction with the browser
• Detects automatic transaction
• Ensure integrity of transaction data
• Trigger alerts upon detecting non-human behavior
Automatic Transaction Detection – MITM
MY BANK.COM
• Gather client details related to
the transaction
• Run a series of checks to
identify suspicious activity
• Assign risk score to transaction
• Send alert based on score
My Bank.com
![Page 97: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/97.jpg)
© F5 Networks, Inc 99
What do businesses need?
Clientless solution, enabling 100%
coverage
Protect Online User
Desktop, tablets & mobile devices
On All Devices
No software or user involvement required
Full Transparency
Targeted malware, MITB, zero-days, MITM, phishing
automated transactions…
Prevent Malware
attacks and Fraud Alerts and customizable rules
In Real Time
![Page 98: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/98.jpg)
© F5 Networks, Inc 100
F5’s Comprehensive Approach
Malware DetectionAdvanced Phishing
Detection
Application Layer Encryption
Automatic Transaction Detection
![Page 99: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/99.jpg)
© F5 Networks, Inc 101
AP
PLI
CA
TIO
N A
CC
ES
S
Enterprise Mobility Gateway
Access Federation
Remote Access
App AccessManagement
Secure Web Gateway
Application Protection Capabilities
Protecting your applications regardless of where they live
Securing access from any user on any device
Strongest set of application security controls that reduce risk
AP
PLI
CA
TIO
N P
RO
TE
CT
ION
IP Intelligence
Web Fraud Protection
Hybrid WAF
SSL Inspection
DDoS Protection
DNS Security
Network Firewall
![Page 100: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/100.jpg)
© F5 Networks, Inc 102
Application evolution vs business challenges
Web based
Mobile Cloud API
Enable Agile code
development
Reduce skills required
Increase protection
against Advanced
threats
Enable innovation
![Page 101: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/101.jpg)
![Page 102: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/102.jpg)
Gardening Leave
Will it help to weed out the bad guys?
![Page 103: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/103.jpg)
Background
Matt LittleCTO, ZoneFox
![Page 104: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/104.jpg)
Who are ZoneFox?
• Cyber Security focussed on directly
monitoring and protecting your data
• Customers in Software Gaming, Asset
Management, Hi-Tech Manufacturing
and Online Gambling…........
![Page 105: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/105.jpg)
Our Customers
![Page 106: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/106.jpg)
Leavers and the Problem with Gardening Leave
![Page 107: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/107.jpg)
Did I mention
that I am leaving
next week?
I e just ee offered job with
our biggest
competitor
I reall annoyed that I
did t get that promotion
Your top-performing team…..
![Page 108: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/108.jpg)
Sssshhhhh – Don’t tell anybody but I have this embarrassing problem
• Vormetric Insider Threat Report –
• Only 11% of respondents felt that their organization was not vulnerable to insider attacks
• Globally, 89% of respondents felt that their organization was now more at risk from an insider attack
• 34% felt very or extremely vulnerable.
![Page 109: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/109.jpg)
What and where are people stealing data
• Top theft locations• Databases (49%)• File Servers (39%)
• Top Data stolen• Customer Lists• Contracts• Sensitive commercial data• R&D
![Page 110: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/110.jpg)
Leavers – this is hypothetical, right?
• Leavers are insiders and therefore you have an insider threat challenge
• Mostly existing security is “Outward-looking”
• Has it worked?
![Page 111: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/111.jpg)
The Cost of a Breach
• Cost of a breach comes from two things:- Time taken to discover it- Cost of investigating and remediating
• Verizon Data Breach Report 2015 – “growing ‘detection deficit’ between attackers and defenders.”
• This ‘detection deficit’ means that a typical breach will take ~200 days to discover
• If you discovered that, how much effort would have to be spent investigating?
![Page 112: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/112.jpg)
But Breaches are a US thing…......
90%large organisations breached (up from 81%)
74%smaller organisations (up from 60%)
![Page 113: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/113.jpg)
Cost of a breach
£1.46 - £3.14Mlarge organisation (was £600k – £1.15M)
£75 - £311k smaller organisation (was £65k - £115k)
![Page 114: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/114.jpg)
Staff related security breaches
(source PWC/BIS’ 2015 Information Security Breaches Survey)
75% large organisations
31% smaller organisations
![Page 115: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/115.jpg)
But I have a load of defences….....
External Protection
Who?
When?
Why did ’t I know at
the time?
?
? ?My Organisation
![Page 116: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/116.jpg)
Why Gardening Leave (and what is it?)
• “an employee's suspension from work …typically to prevent them from …accessing confidential information.”
• Use it to protect from ‘poaching’ of customers, etc
![Page 117: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/117.jpg)
Does it protect your data?
![Page 118: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/118.jpg)
The Financial Costs of Insider Data Theft
£30,000Research from the legal firm EMW indicated that small businesses typically incur this cost for legal work in a insider theft (2012 research)
? The value of the data stolen
The number of High Court cases relating to the theft of confidential information by insiders (employees) increased by 250% between 2010 and 2012.
![Page 119: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/119.jpg)
A real-life example from ZoneFox
![Page 120: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/120.jpg)
![Page 121: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/121.jpg)
What did they try to steal
• 182,000 Files:• Results of confidential product testing• CAD designs for prototypes and new products• Bills of Materials for new designs• Printed Circuit board designs• Contracts and agreements with research and
manufacturing partners.• The value?
£10 million
![Page 122: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/122.jpg)
What went wrong?
• Technical controls and HR Processes broke down
• Lack of visibility of the endpoint• Leaving processes (including gardening
leave) were too late• Stolen data was collected in advance of
submitting resignation.
![Page 123: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/123.jpg)
What are the alternatives?
External Protection
My Organisation
![Page 124: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/124.jpg)
Incident Response for a leaver
• Global company• Unusual behaviour – times, locations, volumes, etc• Theft followed by taking laptop home• Senior Legal.• Incident response ~4 hours
How long would it take you?
![Page 125: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/125.jpg)
Key takeaways
- Compromise is highly likely
- People steal data before they resign
- Protect your inside too - the threat is as likely (if not more likely) to come from inside your organisation.
- Focus on reducing cost by detecting threats sooner and responding quickly
![Page 126: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/126.jpg)
#scotsecure
Welcome Back
![Page 127: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/127.jpg)
#scotsecure
Per Johansson
European Parliament
![Page 128: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/128.jpg)
The New European Framework for Data Protection
- state of play?
Per Johansson
Edinburgh, 21 April 2016
![Page 129: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/129.jpg)
Who am I?
– Swedish lawyer
– Industry consultant
– European Data Protection Supervisor (EDPS)
– European Parliament - Scotland
![Page 130: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/130.jpg)
The European Parliament in the Member States
The European Parliament operates an ‘Information Office’ in the national capitals of all 28 EU Member States.
Since 1999, it has also operated a smaller 'branch' office in the larger Member States, opening offices in Barcelona, Edinburgh, Marseilles, Milan, Munich & Wrocław (2011).
![Page 131: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/131.jpg)
The European Parliament Office in Scotland aims to increase awareness of the
Parliament and the impact of its activities in Scotland, as well as highlighting the work
of the six Scottish Members of the European Parliament (MEPs).
![Page 132: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/132.jpg)
General remarks
Reasons for reform
• Technological change
• Legal certainty
• Harmonisation in the internal market
• Need for change in the area of police and judicial cooperation
• Global dimension
→ Regulation for general principles Directive for law enforcement
![Page 133: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/133.jpg)
The EU DP reform:
Enhances harmonisation of data protection Reinforces position and rights of data subject Strengthens responsibility of data controller Strengthens supervision and enforcement
General remarks
![Page 134: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/134.jpg)
• The “Ordinary” legislative procedure– Commission proposals – January 2012
– Joint legislative responsibility between European Parliament andCouncil of Ministers
– “Readings”
– Negotiations between three institutions
= Changes all the way
The legislative procedure
![Page 135: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/135.jpg)
Where are we now?
• Council (final) agreement October 2015
• Plenary vote EP 14 April 2016 = LAW
• Entry into force 20 days after publication in the EU Official Journal
• Regulation – MS law 2 years after entry into force.• Directive – 2 year period of implementation dead-line
for MS
• Directive only applicable to those measures where the UK has opted in.
![Page 136: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/136.jpg)
Scope
Territorial scope:
- An establishment of a controller or processor within EU, regardless of where the processing takes place
- ‘Offering of goods and services to’ or ‘monitoring behaviour of’ data subjects in the EU
![Page 137: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/137.jpg)
Data controllers/processors
Security of processing (32) Implementation of appropriate tech and org measures
such as...
Pseudonymisation and encryption
Systems functionality, restoration and regular testing
Assessment of the security level Risks
![Page 138: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/138.jpg)
Data controllers/processors
Designation of data protection officers (37 onwards)
Where:- Public authority or body- Core activity = regular and systematic monitoring of data subjects- large scale of special categories of data
Tasks: - Inform and advise- Monitor the implementation
- Contact point
![Page 139: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/139.jpg)
Data controllers/processors
Notification of data breaches (33)
Controller notification to the supervisory authority within 72 hours
Processor shall notify controller
Data protection Impact assessment (35)
New tech, high risk to rights and freedoms to natural persons
![Page 140: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/140.jpg)
Data controllers/processors
Strengthen responsibilities of the controller
→ Accountability (24 onwards):
- “measures to ensure and demonstrate compliance with the Regulation”
- Where proportionate “implementation of appropriate data protection policies”
![Page 141: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/141.jpg)
Data controllers/processors
Information and communication
- Concise, transparent, intelligible, easily accessible, clear and plain language (12)
- Procedures and mechanisms (12)
- Content of the information (13, 14)
![Page 142: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/142.jpg)
Data controllers/processors
Data protection by design and by default (25)
Documentation – Records in writing (electronic form)(30)
Processors – Records of processing activities (30)
![Page 143: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/143.jpg)
Supervision and Enforcement
– One stop shop – ‘main establishment’ (4(16), 56)
– Consistency mechanism (63 onwards)• Cooperation between authorities and COM
– European Data Protection Board (68)
– Sanctions (83)
• Up to € 20M or 4% of annual worldwide turnover
![Page 144: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/144.jpg)
Data subjects
Definition of consent (7)
- Controller burden of proof - demonstrate
- Distinguishable – in plain language
- Withdrawal
![Page 145: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/145.jpg)
Data subjects
“Right to be forgotten” (17)
– Erasure without undue delay
– Reasonable steps to inform other controllers
» Available tech and cost of implementation
![Page 146: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/146.jpg)
Data subjects
Profiling (22)Only if:- Performance of a contract + safeguards- Union or Member State law- Explicit Consent of the data subject +
safeguards
And : not based solely on special categories of data
![Page 147: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/147.jpg)
Thank you for your attention
EDPS website on DP reform:http://www.edps.europa.eu/EDPSWEB/edps/cache/off/
Consultation/Reform_package
![Page 148: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/148.jpg)
#scotsecure
Wendy Goucher
Goucher Consulting
![Page 149: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/149.jpg)
© Goucher Consulting Ltd, 2016
You get what you Give
Cyber Security Communication reconsidered
Wendy GoucherInformation Security Specialist
![Page 150: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/150.jpg)
© Goucher Consulting Ltd, 2016
Staff are your
“Human Firewall”
152
![Page 151: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/151.jpg)
© Goucher Consulting Ltd, 2016 153
Fighting ‘Cyber’
![Page 152: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/152.jpg)
© Goucher Consulting Ltd, 2016
• Clear, operationally effective policies, procedures and controls.
• Good communication of the policies, procedures and controls.
• A darn good reason why they should follow them.
154
Secure operations come from:
![Page 153: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/153.jpg)
© Goucher Consulting Ltd, 2016 155
Wendy’s Wheels
Driver Induction Training
Policies, Procedures & Controls
![Page 154: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/154.jpg)
© Goucher Consulting Ltd, 2016 156
![Page 155: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/155.jpg)
© Goucher Consulting Ltd, 2016 157
Motivation
![Page 156: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/156.jpg)
© Goucher Consulting Ltd, 2016 158
Your staff care
![Page 157: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/157.jpg)
© Goucher Consulting Ltd, 2016
159
People care about their own security.They won’t automatically care about yours if you don’t seem to.Think about the security message
you are really sending.
![Page 158: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/158.jpg)
© Goucher Consulting Ltd, 2016
Thank you
Wendy Goucher
![Page 159: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/159.jpg)
#scotsecure
Scott Barnett
Royal Bank of Scotland
![Page 160: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/160.jpg)
Scott Barnett
Cyber & Fraud
Intelligence Leadhow threat intelligence can
prevent data breaches and
other cyber attacks – and how
you can get and apply some of
this stuff
Cyber Crystal Balls
![Page 161: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/161.jpg)
what isthreat
intelligence?
163
![Page 162: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/162.jpg)
164
a tool for decision making
information+ analysis+ inferences=
Planning –Intelligence
Requirements
Collection – of information
and monitoring for triggers
Analysis –turning
information into
intelligence
Dissemination – delivering to
the right people at the
right time
Feedback – re-evaluating
requirements, taking stock
what is intelligence?Our mission: to provide forewarning of security threats to RBS
to minimise harm to our customers, staff, and business
![Page 163: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/163.jpg)
Exposure
VulnerabilityCapability
Intent
what is a threat?
har ful age ts’ intentions+tools, tactics and procedures (TTPs)
INHERENT THREAT
how exposed your
business is to these actions
+any vulnerability
that makes harmful
outcomes more likely
RESIDUAL THREAT
har ful outco es resulti g fro a e tity’s actio s i pursuit of its goalsSource: CBEST framework
165
![Page 164: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/164.jpg)
• Provide a forecast of the a k s
strategic threat landscape
Forecast
• Join the dots between strategic and operational
threats
Link
• Co te tualise ig ti ket e e ts i
terms of what they mean for RBS – so
hat?
Context
• Identify new and emerging threats
and attack techniques
Identify
• Collect external information and
fuse it with internal sources
Collect
• Proportionate, timely, actionable
intelligence
Deliver
what can threat intelligence do for you?
166
![Page 165: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/165.jpg)
kill chains and attacker mindsets
167
![Page 166: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/166.jpg)
168
![Page 167: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/167.jpg)
construct threat
delivery
infection
manipulation
impact
botnet / tool
target
vulnerabilities
bandwidth
loss of service
DDoS
169
![Page 168: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/168.jpg)
170
2006
![Page 169: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/169.jpg)
171
![Page 170: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/170.jpg)
172
![Page 171: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/171.jpg)
173
![Page 172: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/172.jpg)
174
2010
![Page 173: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/173.jpg)
175
![Page 174: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/174.jpg)
176
![Page 175: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/175.jpg)
177
2016
![Page 176: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/176.jpg)
178
![Page 177: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/177.jpg)
179
![Page 178: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/178.jpg)
180
![Page 179: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/179.jpg)
181
![Page 180: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/180.jpg)
182
![Page 181: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/181.jpg)
183
how can threat intelligence
help?
![Page 182: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/182.jpg)
construct threat
delivery
infection
manipulation
impact
botnet / tool
target
vulnerabilities
bandwidth
loss of service
DDoS
184
![Page 183: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/183.jpg)
construct threat
delivery
infection
manipulation
impact
early warning
attack scripts
rulesets
other techniques
recovery advice
botnet / tool
target
vulnerabilities
bandwidth
loss of service
![Page 184: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/184.jpg)
construct threat
delivery
infection
manipulation
impact
early warning
threat indicators
Technical mitigants
situational awareness
shared experience
![Page 185: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/185.jpg)
187
![Page 186: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/186.jpg)
188
![Page 187: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/187.jpg)
189
![Page 188: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/188.jpg)
190
![Page 189: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/189.jpg)
191
![Page 190: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/190.jpg)
192
![Page 192: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/192.jpg)
#scotsecure
Questions &
Discussion
![Page 193: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/193.jpg)
www.mobile-scotland.com
2nd Annual Mobile Scotland
26th May Edinburgh
![Page 194: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/194.jpg)
www.scot-cloud.com
3rd Annual Scot-Cloud
21st June Edinburgh
![Page 195: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/195.jpg)
Drinks &
Networking Upstairs
Hosted By
![Page 196: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/196.jpg)
SCOT-SECURE 2016MICHAEL JACK & KYLE BOWES
![Page 197: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/197.jpg)
$ WHOAMI
MIKEY & KYLE
▸ 2nd BSc Ethical Hacking @ Abertay University, Dundee
▸ Work for Scottish Business Resilience Centre (SBRC)
▸ OSINT, Footprinting, Outreach
▸ Mikey: Cryptography, Defence, Counter-terrorism
▸ Kyle: OSINT, Footprinting, Counter-terrorism
![Page 198: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/198.jpg)
THE ORDER, UNLESS WE GET SIDETRACKED
WHAT’S ALL THIS THEN?
1. Staying Updated
2. Data Protection, Encryption & Backups
3. Passwords
4. Phishing Emails & Malicious Websites
5. Social Media
![Page 199: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/199.jpg)
SECURITY IS A PROCESS, NOT A PRODUCT.
Bruce Schneier, April 2000
THREAT MODEL 101
![Page 200: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/200.jpg)
HACKERS ARE LAZY
Johnny Appleseed
THREAT MODEL 101
![Page 201: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/201.jpg)
"I DON'T NEED TO RUN FASTER THAN THE BEAR: I ONLY NEED TO RUN FASTER THAN YOU."
Johnny Appleseed
THREAT MODEL 101
![Page 202: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/202.jpg)
UPDATE NOWA CRITICAL PAIN IN THE ASS
![Page 203: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/203.jpg)
DON’T BE AN EASY TARGET
UPDATES MATTER
▸ Will protect you against a lot of threats
▸ low effort > high reward
▸ Windows 10, 8.1, 8, 7 get security updates
▸ Windows XP doesn’t get any updates
▸ OS X 10.11 (El Capitan), 10.10 (Yosemite), 10.9
(Mavericks) get security updates
![Page 204: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/204.jpg)
WINDOWS 7: WINDOWS UPDATE - TURN IT ON!
![Page 205: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/205.jpg)
WINDOWS 7: WINDOWS UPDATE - ENABLE AUTOMATIC UPDATES
![Page 206: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/206.jpg)
OS X 10.11 (EL CAPITAN) - SYSTEM PREFERENCES > APP STORE
![Page 207: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/207.jpg)
BACKUP THE DATA!BACKUPS ALL THE WAY DOWN
![Page 208: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/208.jpg)
BACKUP THE BACKUPS
BACKUPS WILL SAVE YOUR BUSINESS
▸ Will save you time & money
▸ Onsite & Offsite backup
▸ Daily, Weekly, Monthly
▸ Easy to restore in event of a disaster
![Page 209: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/209.jpg)
STORAGE IS CHEAP
![Page 210: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/210.jpg)
WINDOWS 7: BACKUP & RESTORE - SET UP BACKUP
![Page 211: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/211.jpg)
OS X 10.11 (EL CAPITAN) - TIME MACHINE
![Page 212: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/212.jpg)
ENCRYPTION
![Page 213: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/213.jpg)
![Page 214: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/214.jpg)
https://youtu.be/XfFjde0UPbY
![Page 215: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/215.jpg)
SOMETHING YOU KNOW, A PASSWORD FOR EXAMPLE
![Page 216: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/216.jpg)
SOMETHING YOU KNOW, A PASSWORD FOR EXAMPLE
![Page 217: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/217.jpg)
PASSWORD-PROTECT-DOCUMENTS-WORKBOOKS-AND-PRESENTATIONS
WHAT TO ENCRYPT
▸ Encrypt everything, if you can, Full Disk Encryption
▸ Windows: BitLocker/ Drive Encryption
▸ Mac: FileVault
▸ Customer personal and payment information
▸ Microsoft Office Button > Prepare > Encrypt Document
▸ Smart Phones & Tablets
▸ iOS > Settings > Touch ID & Passcode > Erase Data
▸ Android > Settings > Security > Encryption > Encrypt
![Page 218: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/218.jpg)
PASSWORDSSIZE MATTERS!
![Page 219: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/219.jpg)
STATISTICAL ANALYSIS (LINKEDIN 160K & ROCK YOU 14M)
![Page 220: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/220.jpg)
STATISTICAL ANALYSIS (LINKEDIN 160K & ROCK YOU 14M)
![Page 221: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/221.jpg)
�
THE WORST PASSWORDS
• qwerty
• 696969
• mustang
• letmein
• baseball
• michael
• football
• 123456
• password
• 12345678
• 1234
• master
• 12345
• dragon
![Page 222: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/222.jpg)
TRIES ALL COMBINATIONS FROM A GIVEN KEYSPACE. IT IS THE EASIEST OF ALL THE ATTACKS.
hashcat.netwikidoku.phpid=brute_force_attack
BRUTE FORCE
![Page 223: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/223.jpg)
MASK ATTACK
JULIA1984
‣ (26 + 26 +10) = 629 = 1315 = 13 Quadrillion @ 100M/s
http://hashcat.net/wiki/doku.php?id=mask_attack
![Page 224: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/224.jpg)
MASK ATTACK
JULIA1984
‣ (26 + 26 +10) = 629 = 1315 = 13 Quadrillion @ 100M/s
‣ The above password matches a simple but common
pattern. A name and year appended to it.
‣ We can also configure the attack to try the upper-case
letters only on the first position.
http://hashcat.net/wiki/doku.php?id=mask_attack
![Page 225: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/225.jpg)
MASK ATTACK
JULIA1984
‣ (26 + 26 +10) = 629 = 1315 = 13 Quadrillion @ 100M/s
‣ The above password matches a simple but common
pattern. A name and year appended to it.
‣ We can also configure the attack to try the upper-case
letters only on the first position.
‣ Down to 370 Billion combinations @ 100M/s
http://hashcat.net/wiki/doku.php?id=mask_attack
![Page 226: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/226.jpg)
HTTPS://THEINTERCEPT.COM/2015/03/26/PASSPHRASES-CAN-MEMORIZE-ATTACKERS-CANT-GUESS/
PASSPHRASES
▸ Never give them away!
▸ Your trick isn't clever
▸ Space bar is your friend
▸ Length > complexity
▸ Tell a story
![Page 227: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/227.jpg)
REDUCE THE NUMBER OF PASSWORDS YOU NEED TO KNOW
PASSWORD MANAGERS
▸ Last Pass (all platforms) (cloud based)
▸ 1Password (all platforms, best on Apple) (Dropbox sync)
▸ Demo!
![Page 228: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/228.jpg)
REDUCE THE NUMBER OF PASSWORDS YOU NEED TO KNOW
PASSWORD MANAGERS
▸ Last Pass (all platforms) (cloud based)
▸ 1Password (all platforms, best on Apple) (Dropbox sync)
▸ Demo!
▸ Auto fill, in the browser Chrome, Firefox, Safari
▸ Generate unique long passwords for each site
![Page 229: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/229.jpg)
IF YOU DO ANYTHING, PLEASE DO THIS!
TWO FACTOR AUTHENTICATION (2FA)
▸ twofactorauth.org
▸ Google Authenticator
▸ Authy
▸ YubiKeys
![Page 230: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/230.jpg)
PHISHING EMAILSDON’T CLICK THAT LINK
![Page 231: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/231.jpg)
OS X Mail
Legit, Gmail
Spam, Gmail
![Page 232: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/232.jpg)
MALICIOUS WEBSITESWATERING HOLE
![Page 233: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/233.jpg)
THIS IS NOT THE WEBSITE YOU ARE LOOKING FOR
![Page 234: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/234.jpg)
SCOT-SECURE
REAL OR FAKE▸ Padlock
▸ URL
▸ How did you get there?
▸ Apply common sense
▸ Browser extensions
▸ HTTPS Everywhere
▸ uBlock Origin
Safari
Chrome
Chrome
Firefox
![Page 235: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/235.jpg)
https://youtu.be/XfFjde0UPbY
![Page 236: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/236.jpg)
SOCIAL MEDIA
FACEBOOK, TWITTER, LINKEDIN & INSTAGRAM
![Page 237: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/237.jpg)
![Page 238: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/238.jpg)
�����
![Page 239: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/239.jpg)
PASS THESE ON
THINK ABOUT THESE THINGS, PLEASE?
▸ Update, backup and encrypt your devices
▸ Encrypt the most critical sensitive information
▸ If you can encrypt it all, Full Disk Encryption
▸ Long passwords, don't worry about complexity
▸ Get a password manager (LastPass & 1Password)
▸ Use Google Chrome, if you can
▸ Think about how you got to the site, did you expect the email?
![Page 240: Scot Secure 2016](https://reader034.vdocument.in/reader034/viewer/2022042611/58836d761a28ab536b8b68dd/html5/thumbnails/240.jpg)
LAST CHANCE
THE LINKS
▸ Chrome security usability: youtu.be/XfFjde0UPbY
▸ Very strong passwords: theintercept.com/2015/03/26/
passphrases-can-memorize-attackers-cant-guess/
▸ Which sites use Two Factor Auth: twofactorauth.org