graham cluley - cso perspectives roadshow 2016
TRANSCRIPT
PowerPoint Presentation
#
CSO Perspectives, Australia, March 2016
(60 Minutes)
The rise of malware
From back bedrooms to boardrooms, Graham Cluley describes how viruses and trojan horses turned from a schoolboy prank into a threat which could steal secrets from governments, disrupt nuclear facilities in Iran, and even help secret agents assassinate their opponents.
Graham Cluley draws on his 25 year history in the anti-virus industry to explain who the malware authors are, how the nature of the attacks are changing, and the steps that organisations need to take to prevent themselves from becoming the next victim.
Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 8:15 PM1
#
CSO Perspectives, Australia, March 2016
(60 Minutes)
The rise of malwareFrom back bedrooms to boardrooms, Graham Cluley describes how viruses and trojan horses turned from a schoolboy prank into a threat which could steal secrets from governments, disrupt nuclear facilities in Iran, and even help secret agents assassinate their opponents.Graham Cluley draws on his 25 year history in the anti-virus industry to explain who the malware authors are, how the nature of the attacks are changing, and the steps that organisations need to take to prevent themselves from becoming the next victim.
Elk Cloner x Casino x What old malware looks like xWhat it looks like today x The scale of the problemTypes of malwareHow you get infectedExample of a targeted attackWho writes it?
Attack on GeorgiaMossad attackCould you be next?Protection stepsKeep yourself clued-up
Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 7:02 PM2
You can trust me.
#
You can trust me. Of course you trust me. Look at me. The good people at CSO have put me on a stage. And you trust CSO dont you?
You trust them, they trust me, so you trust me. Right? You can also trust me because sometimes I wear glasses. Therefore Im probably an expert. And I have an English accent. Utterly trustworthy.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM3
You can trust me.
#
Seriously, you can trust me. I like dogs.Heres my dog, Archie.
Ive pixellated out his dog tag so you cant find out my phone number, but Ive just told you my eBay password Damn.
Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM4
You can trust me.
#
I also love cats. This is Marble.
Unfortunately he isnt around anymore. Unfortunate business involving a vehicle and Isaac Newtons third law of motion.
It wasnt my fault. Trust me.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 8:23 PM5
You cant trust the CIA.
#
Do you know why you cant trust the CIA?Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM6
#
In the 1960s, the CIA ran a top secret project to spy on Soviet embassies with cats. The project codenamedAcoustic Kitty involved a battery and small microphone being implanted into a cat, and an antenna put into its tail.
More recently, a security researcher revealed that he had enlisted the help of his wifes grandmothers Siamese cat (named Coco) in an attempt to sniff out poorly-protected WiFi in his neighbourhood.
Some cats cant be trusted.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM7
#
security researcher revealed that he had enlisted the help of his wifes grandmothers Siamese cat (named Coco) in an attempt to sniff out poorly-protected WiFi in his neighbourhood. Gene Bransfield, a security researcher with Tenacity, claimed in his talk entitled How to Weaponize your Pets, that some 15% of internet traffic is cat-related.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 8:26 PM8
#
Security researcher revealed that he had enlisted the help of his wifes grandmothers Siamese cat (named Coco) in an attempt to sniff out poorly-protected WiFi in his neighbourhood. Gene Bransfield, a security researcher with Tenacity, claimed in his talk entitled How to Weaponize your Pets, that some 15% of internet traffic is cat-related.
So you cant necessarily trust all cats, or cat owners. Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 8:26 PM9
You cant trust the internet.
#
So, you can trust me. But can you trust the internet? I dont think so.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 7:01 PM10
#
23 April 2013
Panic on Wall Street, Dow Jones plummetted Why? Well, all it took were 12 words. (72 characters)Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM11
#
Just
Associated Presss Twitter account. Hacked by Syrian Electronic Army claiming terrorist activity at White House and Obama injured.
The Dow Jones industrial average plunged more than 140 points in seconds after the report.
Why? Because Associated Press was trusted. Nearly 2 million followers.
Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM12
#
People still trust SMTP email today, even though internet emails arent encrypted (leaving them open to interception) and details like the from: address can be forged.
Thats how phishing and email scams work.
Trust me, thats not a good thing.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM13
#
And you have to be careful what websites you trust online with your personal data.
Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM14
#
Casino virusGlobal Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM15
Malware
#
Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM16
This is Rich Skrenta.
Do you trust him?
#
Rich Skrenta, Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM17
18
Apple IIe computer - a precursor to the Mac18
19
Elk Cloner19
20
Elk Cloner20
21
Not to say that all old DOS viruses were visual. Jerusalem, aka 1813 virus. Infects EXE and COM files
21
22
People changed their clocks, only to find that there was also a Sunday the 14th virus
22
#
Virus exchange BBSes and websitesGlobal Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 11:06 PM23
#
Chen Ing Hau
Author of Chernobyl, aka CIH. 1998Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 11:09 PM24
#
David L Smith
Melissa virus, 1999Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 11:08 PM25
#
Onel de Guzman, author of the Love Bug
May 4 2000Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 11:05 PM26
#
Independence DayGlobal Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM27
#
Independence DayGlobal Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM28
Suicide virus by Phalcon/SKISM. Crucifixtion virus If youre happy and you know it, clap your hands
29
30
Phantom. Written by Russian virus writer Dark Prince. Using the Advanced Polymorphic Engine (APE).
30
31
Walker virus. which happens to be a sprite ripped out of the game "Bad Street Brawlers," to walk across the screen at regular intervals, interrupting any work being done on the PC.
31
32
Biplane virus
32
Phalcon SKISM (Smart Kids into Sick Methods). TALK NOW ABOUT THE CHANGE
33
Banksy
34
Banksy
35
Banksy
36
Banksy
37
This is what malware looks like today. Theres nothing to see. Windows 10.
38
#
TalkTalk CEO Dido Harding on BBC News, trying to explain how it suffered data breaches three times in less than a year.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM39
Who is writing the malware?
#
Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM40
#
Three main types of enemy
The kidsThe criminalsThe governments
Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM41
42
Kids andactivists
The kids
42
#
Ryan Cleary (aka Viral from LulzSec) / Chen Ing Hau (CIH / Chernobyl) / Sven Jaschan (author of Sasser worm and Netsky virus)
Michael Buen (author of the Love Bug) / David L Smith (Melissa) | Simon Vallor (Welshauthor of Gokar, Redesi and Admirer mass-mailing viruses)
Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM43
44
Anonymous
44
#
Hackers are not geniuses
Technologically impaired hackers dont know how to use the thermostat
Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM45
#
This guy is more worried about having his face seen, than leaving any fingerprints
He also doesnt seem to be smart enough to realise its easier to type sitting down.
Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM46
#
Three main types of enemy
The kidsThe criminalsThe governments
Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM47
48
Organisedcriminals
The kids
48
49Money-making malware
Remote access
#
Steal information, spy on you, exploit your computers resourcesGlobal Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 8:31 PM50
Ransomware,scareware
#
Ransomware and scareware threatsGlobal Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 8:31 PM51
Ransomware
52
Ransomware
53
Ransomware
54
55
Compromised computers around the world55
#
Three main types of enemy
The kidsThe criminalsThe governments
Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM56
57Denial-of-service attacks
Extorted more than $4 million from British companies after threatening to attack their websites, making them inaccessible to the outside world. Online casinos and betting websites were targeted by the group, who used compromised zombie computers to launch the denial-of-service attacks.
Ivan Maksakov, Alexander Petrov, and Denis Stepanov were each sentenced to 8 years in prison in 200657
58
Three main types of enemy
The kidsThe criminalsThe governments
58
59
Government
Govt hacking
59
60
To spy on communications
60
61
To fight crime
61
62
To fight terror
62
63
Intellectualproperty
Stealing intellectual property and secrets from companies for commercial gain.
63
64
James Bond-style espionage. SPYING is now a big deal
64
#
Georgian government's CERT (Computer Emergency Response Team) claims it has linked an internet attack to Russia's security services, and even turned the tables on a hacker it believes was involved by secretly taking over his computer and taking video footage of him.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM65
#
Georgian news websites hacked to exploit vulns, malware that hijacked infected computers and searched for sensitive docs. Also took screenshots, spread via networks and eavesdrop on conversations via infected PCs' webcams. At least 390 PCs infected. 70% of compromised PCs were based in Georgia, with other victims found in the USA, Canada, Ukraine, France, China, Germany and Russia. Computers hit in Georgia were predominantly based in government agencies, banks and critical infrastructure the report claims.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM66
#
Georgia's CERT deliberately infected one of its own PCs with the malware, and planted a ZIP file named "Georgian-Nato Agreement" on its drive, hoping it would prove irresistible for the hacker.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM67
#
Sure enough the hacker stole the archive file and ran malware that Georgia CERT had planted inside, meaning that now investigators had control over the hacker's own computer.This made it relative child's play to capture images of the suspect at work in front of his PC.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM68
Curiously, a domain used by the attackers was registered to an address in Moscow belonging to the Russian Ministry of Internal Affairs, department of logistics - which just happens to be based close to the Russian Secret Service (FSB).
Watering hole attack
#
Other anti-Tibet malware attacks have targeted Java vulnerabilities. Heres a watering hole attackGlobal Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 10:52 PM70
Mahmoudal-Mabhouh
#
Targeted attacks can be physicalMahmoud al-Mabhouh, a senior Hamas official, was murdered by a professional assassination team of 11 people.
able to track al-Mabhouh's movements and plans because they had planted a spyware Trojan horse on his computer. Let them monitor his email communications and other online activities.
Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM71
Mahmoudal-Mabhouh
#
Targeted attacks can be physicalMahmoud al-Mabhouh, a senior Hamas official, was murdered by a professional assassination team of 11 people.
able to track al-Mabhouh's movements and plans because they had planted a spyware Trojan horse on his computer. Let them monitor his email communications and other online activities.
Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM72
#
The 2013 Target hack. Up to 110 million customer affected.
Hackers had access to every cash register in every one of Targets 1800 US stores.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM73
#
The 2013 Target hack. Up to 110 million customer affected.
Hackers had access to every cash register in every one of Targets 1800 US stores.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM74
#
Hackers broke in via aircon/refrigeration company who had been given network credentials.
Monitoring temperatiures etc overnight, need remote access to do maintenance, patches etc.
Malware was installed on cash registersGlobal Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM75
#
CEO Gregg Steinhafel lost his job.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM76
Targeted attack
#
2010. Chinese hackers tried to derail $40 billion hostile takeover of worlds largest Potash producer (Potash Corp of Saskatchewan) by Australian mining giant BHP.
Spoofed emails, carrying spyware, were sent to the companys law firms.
Over several months, SEVEN different law firms were hit, as well as Canadas Finance Ministry and Treasury Board
The deal fell through anyway, but the stolen data could have been worth TENS OF MILLIONS and give the party who possessed it an UNFAIR ADVANTAGE.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 10:53 PM77
Targeted attack
#
2013. Toronto Law Firm representing people seeking refugee status.
The firm, concerned about NSA revelations, checked its network
Found it had been compromised. But this wasnt a political state-sponsored hack
This was about business. Its information was for sale on Silk RoadGlobal Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 10:55 PM78
Targeted attack
#
2013. Toronto Law Firm representing people seeking refugee status.
The firm, concerned about NSA revelations, checked its network
Found it had been compromised. But this wasnt a political state-sponsored hack
This was about business. Its information was for sale on Silk RoadGlobal Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 10:56 PM79
State-sponsored attacks
#
Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 11:10 PM80
State-sponsored attacks
#
Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 11:13 PM81
How are firms targeted?
82
83
84
85
86
87
88
89
90
91
Not just big companies at risk
#
Youre not too small to be targeted. You could be a stepping stone to the attackers true target.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM92
#
Youre not too small to be targeted. You could be a stepping stone to the attackers true target.
Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM93
#
Youre not too small to be targeted. You could be a stepping stone to the attackers true target.
Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM94
Could your company be next?
#
HyattHiltonMandarin OrientalBooking.com xHotel Hippo xTalkTalkAshley MadisonThomson - http://www.bbc.co.uk/news/uk-england-cornwall-34027172 x
Vtech xWetherspoons x
Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM95
#
Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM96
Defense in depth
#
Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM97
Stronger user authentication
#
Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM98
Encrypt, encrypt, encrypt(And use a VPN)
#
Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM99
Policies andregulations
#
Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 10:24 PM100
Policies andregulationsA scarf can protect you,
But it can choke you too
#
Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 10:25 PM101
102
Theyre putting their trust in cloud companies102
Your companys crown jewels
#
Identify your most important property. What if it was leaked or stolen would cause your company the most harm?Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM103
104
Hack yourself, before someone hacks you
Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM104
Nothing is 100% trustworthy
Its about managing risk, not eliminating it105
Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 10:24 PM105
Email: [email protected]: https://www.grahamcluley.comTwitter: @gcluley
Thank you