Professional Documents
Culture Documents
prabhuram@ramartech.co.in
www.ramartech.co.in
14/07/2023 1
Agenda
1. What needs to be secured?
2. Identification of Threats
3. GDPR
4. Attack Vectors
5. CyberAttack Methods
6. Spear Phishing
Awareness program 7.How to Identify Phishing Emails
8. Network Attacks
9. HTTP Vs HTTPS
10.Typo Squatting
11.Your Digital Twin
12. Authentication
13. Steps to Safety
2
What needs to be secured
IT Infrastructure, including hardware, networking, and
software components
Sensitive data storage, transmission, and protection
Physical security practices
Your cybersecurity policies and procedures
Compliance standards
3
Identification of Threats
Digital Surfaces:
applications
code
ports
servers
websites
unauthorized system access points
poor coding
weak passwords
default operating system settings
exposed APIs
Physical Surfaces:
Servers
EndPoint Devices
Desktops
IoTs
4
General Data Protection Regulation
Users must give consent to any
company or organization that wishes to
collect and use personal data
GDPR Rights
1. Right to be forgotten.
2. Right of access.
3. Right to object.
4. Right to rectification.
5. Right of portability.
Attack Vectors
Attack Vector Issue
APIs can supercharge business growth, but they also put your company at risk
APIs
if they are not properly secured.
Distributed denial of A DDoS attack floods a targeted server or network with traffic in an attempt to
service (DDoS) disrupt and overwhelm a service rendering inoperable.
If your protocols are weak or missing, information passes back and forth
Encryption
unprotected, which makes theft easy.
A disgruntled employee is a security nightmare. That worker could share some
Insiders or part of your network with outsiders. That person could also hand over
passwords or other forms of access for independent snooping.
This is a nasty type of software designed to cause errors, slow your computer
Malware down, or spread viruses. Spyware is a type of malware, but with the added
insidious purpose of collecting personal information.
Weak passwords (such as 123456!) or stolen sets allow a creative hacker to
Passwords gain easy access. Once they’re in, they may go undetected for a long time and
do a lot of damage.
A seemingly simple request for email confirmation or password data could
Phishing give a hacker the ability to move right into your network. Many phishing
attempts are so well done that people give up valuable info immediately.
Hackers move into your network, lock it down, and ask for money to release it.
Ransomware
In 2019, more than 205,000 organizations faced a demand just like this.
6
Cyberattack Methods
7
Cyberattack Methods...
8
Spear Phishing
Spear phishing attack
Malicious attachments
Embedded malicious links
Waterholing attack
BYOD as infection
carriers: USB
14/07/2023 9
How to identify Phishing emails
10
Network Attacks
14/07/2023 11
HTTP and HTTPS
12
TypoSquatting
14/07/2023 13
Your Digital Twin
14/07/2023 14
Authentication
14/07/2023 15
Are Machines Taking over?
14/07/2023 16
Steps to Safety
1.Don’t click on suspicious links in emails that appear to be from a known
person or colleague.
2.Change your password on regular basis and do not use passwords that
contain your personal information like birthday. Choose a password with a
combination of letters with upper and lower cases, numbers, and special
characters.
3.Avoid using the same password for all online accounts (email, banking,
social etc.)
4.Make sure firewall or antivirus is updated and run a system scan on regular
intervals.
5.Never share your personal information across social networking sites.
6.Avoid emailing work information or sensitive files from your work email to
your personal email.
17
Steps to Safety...
7.Keep Operating Systems (OS) updated with all recommended software updates.
Don’t neglect these updates, as these updates fix vulnerabilities in the OS.
8.Check your smartphone's access permissions and requests when installing new
apps.
9.Never plug in outside electronic device (USB, mobile charger etc) to office systems
if you don't know its origins.
10.It is advised to encrypt all your PC’s, laptops, mobile devices, USBs and so on to
avoid any malware to exploit vulnerabilities.
11.Backup important files and data to secure cloud platforms as they are more
encrypted than your PC. This helps your recover vital date even if your system
crashes or subjected to attack.
12.Read the fine print prior sharing your own data to websites or online shopping.
13.Use multi-step authentication procedures for your computers and networks.
18
Risks and Mitigation
Thanks
Prabhuram Ramamurthy BE CISA
prabhuram@ramartech.co.in
www.ramartech.co.in
14/07/2023 19