June 5, 2020

Cyber Security in the New Normal

- Eng.r William Regalla Jr.

Outline

- Basic of Cybersecurity
- Adapting to New normal
- Trainings and Cerifications

Basics of Cybersecurity

- Practice of protecting system, networks, and programs from digital attacks

- Importance: protection identity theft, extortion attempts, to the loss of important data
- Continuous Process
- Practice: Everyone! connects to the internet
- The most importing today is DATA!
- Information security
o Confidentiality – privacy or secrecy of an information
o Integrity – accuracy and trustworthiness of the information
o Availability – information is accessible (24/7)
- Personal Data
o Financial Records
o Medical records
o Education record
o Employment records
- Organizational Data
o Traditional data
 Personal – application, payroll, offer letter, MOA
 Intellectual – patents, trademarks, product plans, trade secrets (highly
confidential)
 Financial – Income statemenr, balance sheets, cash flows
o Internet of Things and Big Data
 IoT – large network of physical objects, such as sensors
 Big data – data from the IoT

Swiss Cheese Model for Cybersecurity (holes are vulnerability)

- Layers of Protection
1. Technology
2. Process
 Security process: password policy;
 3. People
 Most vulnerable; continuous training

NIST Cybersecurity Framework

 Identity
o What are the assets we need to protect and stores?
 Protect
o Safeguarding?
 Detect
o We know who attacks or intrudes?
 Respond
o What techniques from attacks?
o Track and prevent from spreading
 Recover
o Availability

Who is Attacking our Network?

 Threat
o Potential danger to an asset such as data or the network
 Vulnerability and Attack Surface
o Weakness in a system or it its design that could be explained by a threat
o Attack surface – different points where an attacker could get into a system and could get
to the data (e.g. operating system without security patches)
 Exploit
o Mechanism used to leverage a vulnerability to compromise an asset
o Remote – works ovet the network
o Local – insiders
 Risk
o Results in an undesirable consequence

Types of Attackers

- Amateurs
- Script kiddies with little or no skills
- Using existing tools or instructions found online
- Hackers
 Black hats – financial gain
 White hats – vulnerability checks
  Grey hat – log in the system but do not cause issues; usually reports it.
- Organized Hackers
 Hacktivist
 Voice out political points; leaked articles
 State-sponsored hackers
 Meddling with other countries

Types of Attacks

 Social Engineering (Phising)

 Denial of Service (DoS)
 Malwares
o Virus
o Worm
o Ransomware
 Brute-force attacks
 Network sniffing

Adapting to the New Normal

COVID-19 Scams

Potential risk

- Collaboration tools: Zoom Teams, WebEx

- Cloud-based Solution:
- Remote-Access VPN

Cybersecurity Best Practices

 Protect your data

 Avoid Pop-ups, unknown emails and links
 Using strong password protection and authentication: One-time password
 Connect to secure Wi-Fi
 Enable firewall protection
 Install security updates
 Backup your files

Cybersecurity and trainings

- Becoming a Defender
 Cisco Certified CyberOps Associate
 CompTIA (CSA+)
 (ISC)2 (CISSP)
 Global Information Assurance Cert (GIAC)