the hacker playbook: how to think like a cybercriminal to reduce risk
TRANSCRIPT
The Hacker Playbook: How to Think Like a Cybercriminal
to Reduce Risk
Paula Januszkiewicz CQURE: CEO, Penetration Tester / Security Expert
CQURE Academy: Trainer
MVP: Enterprise Security, MCT
Contact: [email protected] | http://cqure.us
New York, Dubai, Warsaw
@paulacqure
@CQUREAcademy
Awareness
• I know
Behaviour (Competence)
• I do
Culture
• We know and do
The workflow below shows the logic behind the security awareness:
Have a look at the following analogy:
I know the traffic rules….
Awareness
I know the traffic rules….
Does it guarantee that I am a good driver?
Behavior
CultureDid you know that one of the main reasons for information loss are…
“IT-users don't mean to be the primary entry point for hackers; But they are; Hence the need to be
educated on Cyber-Security-Risks and raise our vigilance against threats that no technology can
prevent.”
- Group Chief Information Officer (CQURE Customer)
You received a voice mail : VOICE548-457-6638.wav (27 KB)
Caller-Id: 548-457-6638
Message-Id: S5VAAC
Email-Id: [email protected]
Download and extract the attachment to listen the message.
We have uploaded fax report on dropbox, please use the following link to download your file:
https://www.dropbox.com/meta_dl/eyJzdWJfcGF0aCI6ICIiLCAidGVzdF9saW5rIjogZmFsc2UsICJzZXJ2ZXIiOiAiZGwuZHJvcGJveHVzZXJjb250ZW50LmNvbSIsICJpdGVtX2lkIjogbnVsbCwgImlzX2RpciI6IGZhbHNlLCAidGtleSI6ICJueGxzcWh0MDF5ZnloOHMifQ/AAPQJWOgwKVSIAJCmizztc3dqjAIfdlgyD87Cw0mgJOIxw?dl=1
Sent by Microsoft Exchange Server
Answer on the next page…
Answer on the next page…
YES
Reason 1:
For security practitioners security is
a “reality” based on the mathematical
probability of risks
For the end user security is a “feeling”
Success lies in influencing the “feeling” of
security
Reason 2:
Control efficiency
Risk
severity/
Attacker
Smartness/
Attack
Efficiency
Technology & Processes
Awareness & Competence
Automatic security controls – AV, Updates
Technology + Human – Firewall configuration,
Choosing a secure Wifi
Human – Recognizing a zero day attack,
Phishing mails, Not posting business
information in social media
The very smart attacker
1
2
3
4
People exaggerate risks that are spectacular or uncommon
Reason 3:
Aircrafts have become more advanced, but
does it mean that pilot training requirements
have reduced?
Medical technology has become more
advanced, but will you choose a hospital for it’s
machines or the doctors?
Because people tend to take shortcuts
Because we prefer habits over good practices
Because hard problems are easy to ignore
Because acting is easier than planning
Retina Enterprise
Vulnerability Management
Alex DaCosta
Product Manager
RETINA VULNERABILITY MANAGEMENT
POWERBROKER PRIVILEGED ACCOUNT MANAGEMENT
27
PRIVILEGE MANAGEMENT
ACTIVE DIRECTORY BRIDGING
PRIVLEGED PASSWORD
MANAGEMENT
AUDITING & PROTECTION
ENTERPRISE VULNERABILITY MANAGEMENT
BEYONDSAAS CLOUD-BASED
SCANNING
NETWORK SECURITY SCANNER
WEB SECURITY SCANNER
BEYONDINSIGHT CLARITY THREAT ANALYTICS
BEYONDINSIGHT IT RISK MANAGEMENT PLATFORM
EXTENSIVE
REPORTING
CENTRAL DATA
WAREHOUSE
ASSET
DISCOVERY
ASSET
PROFILING
ASSET SMART
GROUPS
USER
MANAGEMENT
WORKFLOW &
NOTIFICATION
THIRD-PARTY
INTEGRATION
Demo
Quick Poll
Thank you for attending
today’s webinar.