The Hacker Playbook: How to Think Like a Cybercriminal

to Reduce Risk

Paula Januszkiewicz CQURE: CEO, Penetration Tester / Security Expert

CQURE Academy: Trainer

MVP: Enterprise Security, MCT

Contact: paula@cqure.us | http://cqure.us

New York, Dubai, Warsaw

@paulacqure

@CQUREAcademy

Awareness

• I know

Behaviour (Competence)

• I do

Culture

• We know and do

The workflow below shows the logic behind the security awareness:

Have a look at the following analogy:

I know the traffic rules….

Awareness

I know the traffic rules….

Does it guarantee that I am a good driver?

Behavior

CultureDid you know that one of the main reasons for information loss are…

“IT-users don't mean to be the primary entry point for hackers; But they are; Hence the need to be

educated on Cyber-Security-Risks and raise our vigilance against threats that no technology can

prevent.”

- Group Chief Information Officer (CQURE Customer)

You received a voice mail : VOICE548-457-6638.wav (27 KB)

Caller-Id: 548-457-6638

Message-Id: S5VAAC

Email-Id: paula.j@gmail.com

Download and extract the attachment to listen the message.

We have uploaded fax report on dropbox, please use the following link to download your file:

https://www.dropbox.com/meta_dl/eyJzdWJfcGF0aCI6ICIiLCAidGVzdF9saW5rIjogZmFsc2UsICJzZXJ2ZXIiOiAiZGwuZHJvcGJveHVzZXJjb250ZW50LmNvbSIsICJpdGVtX2lkIjogbnVsbCwgImlzX2RpciI6IGZhbHNlLCAidGtleSI6ICJueGxzcWh0MDF5ZnloOHMifQ/AAPQJWOgwKVSIAJCmizztc3dqjAIfdlgyD87Cw0mgJOIxw?dl=1

Sent by Microsoft Exchange Server

Answer on the next page…

Answer on the next page…

YES

Reason 1:

For security practitioners security is

a “reality” based on the mathematical

probability of risks

For the end user security is a “feeling”

Success lies in influencing the “feeling” of

security

Reason 2:

Control efficiency

Risk

severity/

Attacker

Smartness/

Attack

Efficiency

Technology & Processes

Awareness & Competence

Automatic security controls – AV, Updates

Technology + Human – Firewall configuration,

Choosing a secure Wifi

Human – Recognizing a zero day attack,

Phishing mails, Not posting business

information in social media

The very smart attacker

1

2

3

4

People exaggerate risks that are spectacular or uncommon

Reason 3:

Aircrafts have become more advanced, but

does it mean that pilot training requirements

have reduced?

Medical technology has become more

advanced, but will you choose a hospital for it’s

machines or the doctors?

Because people tend to take shortcuts

Because we prefer habits over good practices

Because hard problems are easy to ignore

Because acting is easier than planning

Retina Enterprise

Vulnerability Management

Alex DaCosta

Product Manager

RETINA VULNERABILITY MANAGEMENT

POWERBROKER PRIVILEGED ACCOUNT MANAGEMENT

27

PRIVILEGE MANAGEMENT

ACTIVE DIRECTORY BRIDGING

PRIVLEGED PASSWORD

MANAGEMENT

AUDITING & PROTECTION

ENTERPRISE VULNERABILITY MANAGEMENT

BEYONDSAAS CLOUD-BASED

SCANNING

NETWORK SECURITY SCANNER

WEB SECURITY SCANNER

BEYONDINSIGHT CLARITY THREAT ANALYTICS

BEYONDINSIGHT IT RISK MANAGEMENT PLATFORM

EXTENSIVE

REPORTING

CENTRAL DATA

WAREHOUSE

ASSET

DISCOVERY

ASSET

PROFILING

ASSET SMART

GROUPS

USER

MANAGEMENT

WORKFLOW &

NOTIFICATION

THIRD-PARTY

INTEGRATION

Demo

Quick Poll

Thank you for attending

today’s webinar.