Awareness program

Prabhuram Ramamurthy BE CISA

prabhuram@ramartech.co.in
www.ramartech.co.in

14/07/2023 1
 Agenda
1. What needs to be secured?
2. Identification of Threats
3. GDPR
4. Attack Vectors
5. CyberAttack Methods
6. Spear Phishing
Awareness program 7.How to Identify Phishing Emails
8. Network Attacks
9. HTTP Vs HTTPS
10.Typo Squatting
11.Your Digital Twin
12. Authentication
13. Steps to Safety

2
 What needs to be secured


IT Infrastructure, including hardware, networking, and
software components

Sensitive data storage, transmission, and protection

Physical security practices

Your cybersecurity policies and procedures

Compliance standards

3
 Identification of Threats

Digital Surfaces:

applications

code

ports

servers

websites

unauthorized system access points

poor coding

weak passwords

default operating system settings

exposed APIs
Physical Surfaces:

Servers

EndPoint Devices

Desktops

IoTs

4
 General Data Protection Regulation
Users must give consent to any
company or organization that wishes to
collect and use personal data

GDPR Rights
1. Right to be forgotten.
2. Right of access.
3. Right to object.
4. Right to rectification.
5. Right of portability.
 Attack Vectors
Attack Vector Issue
APIs can supercharge business growth, but they also put your company at risk
APIs
if they are not properly secured.
Distributed denial of A DDoS attack floods a targeted server or network with traffic in an attempt to
service (DDoS) disrupt and overwhelm a service rendering inoperable. 
If your protocols are weak or missing, information passes back and forth
Encryption
unprotected, which makes theft easy. 
A disgruntled employee is a security nightmare. That worker could share some
Insiders or part of your network with outsiders. That person could also hand over
passwords or other forms of access for independent snooping.
This is a nasty type of software designed to cause errors, slow your computer
Malware down, or spread viruses. Spyware is a type of malware, but with the added
insidious purpose of collecting personal information. 
Weak passwords (such as 123456!) or stolen sets allow a creative hacker to
Passwords gain easy access. Once they’re in, they may go undetected for a long time and
do a lot of damage.
A seemingly simple request for email confirmation or password data could
Phishing give a hacker the ability to move right into your network. Many phishing
attempts are so well done that people give up valuable info immediately. 
Hackers move into your network, lock it down, and ask for money to release it.
Ransomware
In 2019, more than 205,000 organizations faced a demand just like this. 

6
Cyberattack Methods

7
Cyberattack Methods...

8
 Spear Phishing


Spear phishing attack

Malicious attachments

Embedded malicious links

Waterholing attack

BYOD as infection
carriers: USB

14/07/2023 9
How to identify Phishing emails

10
 Network Attacks

14/07/2023 11
HTTP and HTTPS

12
 TypoSquatting

14/07/2023 13
 Your Digital Twin

14/07/2023 14
 Authentication

14/07/2023 15
 Are Machines Taking over?

14/07/2023 16
 Steps to Safety
1.Don’t click on suspicious links in emails that appear to be from a known
person or colleague.
2.Change your password on regular basis and do not use passwords that
contain your personal information like birthday. Choose a password with a
combination of letters with upper and lower cases, numbers, and special
characters.
3.Avoid using the same password for all online accounts (email, banking,
social etc.)
4.Make sure firewall or antivirus is updated and run a system scan on regular
intervals.
5.Never share your personal information across social networking sites.
6.Avoid emailing work information or sensitive files from your work email to
your personal email.

17
 Steps to Safety...
7.Keep Operating Systems (OS) updated with all recommended software updates.
Don’t neglect these updates, as these updates fix vulnerabilities in the OS.
8.Check your smartphone's access permissions and requests when installing new
apps.
9.Never plug in outside electronic device (USB, mobile charger etc) to office systems
if you don't know its origins.
10.It is advised to encrypt all your PC’s, laptops, mobile devices, USBs and so on to
avoid any malware to exploit vulnerabilities.
11.Backup important files and data to secure cloud platforms as they are more
encrypted than your PC. This helps your recover vital date even if your system
crashes or subjected to attack.
12.Read the fine print prior sharing your own data to websites or online shopping.
13.Use multi-step authentication procedures for your computers and networks.

18
 Risks and Mitigation

Thanks
Prabhuram Ramamurthy BE CISA

prabhuram@ramartech.co.in
www.ramartech.co.in

14/07/2023 19