ISM3004 Study Guide Exam 3
What is meant by the term, Digital Workplace?
The digital workplace program is a business strategy to boost employee engagement and ability through a more consumerized work environment.
Cost of CryptoWall to organizations who are compromised by it
The downtime caused by data not being accessible
What is employee engagement?
The emotional commitment an employee has to the organization and its goals.
What does the French phrase La Fin du monde have to do with AI?
The end of the world. What impact will AI have on us as individuals, orgs, society at large. Some people think it will be the end of the world.
Multi-factor authentication
The idea that there's something that you know
Key length impact on security and performance
The longer the key, the more secure
Who are "script kiddies"? What characterizes their methods and motivation?
The more immature but dangerous people in the internet Methods- exploit well known vulnerabilities using publicly available tools Motivation • Enhanced reputation • thrills
Organizations spend most of their IT Security dollars protecting _____________
The network borders of their organization
What is the real cost of Cryptowall to organizations who are compromised by it?
The real cost is not the ransom, it is the downtime caused by data not being accessible and IT overtime hours to fix things, and sometimes whole departments sitting on their hands.
Malvertising
The use of online advertising to spread malware
What to Trojans rely on?
The user to make a mistake of trusting the malware to operate
How do Trojans fool a user into executing them
They exploit human vulnerabilities
What is Gartner's opinion of AI's likely impact over the next 5 years?
Thru 2022, few jobs are fully replaceable, but most occupations will have at least some activities augmented by AI.
Why do IP thieves typically steal it?
To SELL it.
Risk assessment - what is the purpose?
To know how much to spend to protect assets.
Why do businesses put sensors on things?
To take care of our things. To keep track of our things like GPS, something getting too hot.
One use case of VR
Training and Simulation: military exercise training, practice without being in the real world
Where are the head-mounted displays on the hype cycle
Trough of Disillusionment
Where are Head-mounted displays on hype cycle?
Trough of disillusionment. 5-10 yrs. for performing tasks hands free.
Steps of Virtual Assistant workflow
UI (request) Processing of natural language Handling (decision tree, context) Feedback (speaks back) Exception Handling (refer to human agent)
How common is engagement among US workers? Worldwide?
US 33% Globally 15% UK 8% France - 3%
The FBI noted that these groups who have previously targeted what types of US sites?
US financial sectors
One business related use for smart garments
UV sensors for employees who work outdoors to help protect against UV exposure
Risky Behavior - two types o What are they?
Uninformed people • Don't know they are doing something dangerous potentially harmful Negligence • Know that behavior is risky but just don't care • End result is the same- harm to the person/organization
Human vulnterabilities
Uninformed risky behavior Social Engineering
Prive key
Unlocks encrypted data and only recipients can have it
Fastest and cheapest information security
User education training
Reading: How to Stop Gullible Employees: What's the fastest and cheapest bang for your buck when it comes to information security?
User education training to counteract those threats.
User passwords are yet another technological vulnerability. What is the root cause of our problems with user passwords?
Users don't like to change their passwords Users like passwords that are easy to remember
How is a VPA different from a VEA?
VEAs are owned and controlled by the organization; VPAs are owned and controlled by the employee.
Which of the technologies below could make meetings better by taking notes for us and assigning to-do items to attendees, among other helpful tasks?
VPA
What is the alleged benefit to workers of RPA Systems?
VPA - Virtual Personal Assistant can free us up from routine tasks. Smart Workplaces - smart conferences rooms. BYOD and BYOA can use our favorite tools to complete tasks.
What is VEA
Virtual Employee Assistant -A VEA is owned by the company, controlled by the company, but used by the employee. It's company's software.
VEA
Virtual Employee Assistant: Owned by company and used by employee
What is VPA?
Virtual Personal Assistant. Conversational UI Perform Tasks -Research -Interface with productivity apps Something YOU own. Outside of an org.
VPA
Virtual Personal Assistant: Free us up from routine tasks, employee owned
VR vs AR
Virtual Reality separates us from actual reality and surrounds us with virtual 3D environment Augmented Reality shows actual world and virtually superimposes enhancing the real world
What is VR
Virtual Reality. Takes us away from reality. it surrounds us with a simulated virtual computer generated 3D environment. Isolates us from physical reality. Presents us with only the digital world.
Viruses
Virus hides itself in host file Host file executed on new computer
What endpoint changes in recent years affect telecommunications?
Voice-only Telephone. Limited Video. Video conferences. Content Centric. Web conferences. Video first: High quality video conferences. ENDPOINT changes: -Mobile First -Better networks. -HD Video.
Three types of Security testing
Vulnerability scan Penetration Testing Disaster Recovery testing
The Legos Metaphor
We all use the same legos, but differ in the ability to create things with those legos
What is Principle of Least Privilege?
We have a business technology with the purpose of doing work. Give me the access that I need to do my job, nothing more. User given no more privilege than necessary to perform the job.
Risk posed by fraudulent mobile apps:
We use these devices for high stakes activities; high level of popularity of mobile banking apps has led to unauthorized banking apps written by cybercriminals, predonminately an Android problem.
How does a website visitor's computer also become compromised?
We visit compromised sites, click on a link and let the malware in; CAN HAPPEN AT LEGITIMATE WEBSITE. Cyber criminals compromise website, loads malware on there, and thousands become victims before it's detected.
Why are default password a potential security problem?
Weak. Easily guessable. Doesn't change network identifier.
Three Vulnerabilities in Websites
Web servers Web browsers Plug-ins
Compromised Websites - What vulnerabilities are exploited?
Web servers, browsers & plug-ins
Shoulder Surfing
What is it? • Looking over shoulder • Confidential data • Mobile devices How do attackers use it? • Get data
Dumpster Diving
What kinds of information might an attacker get from an organization's dumpster? • "gold mine information" • pre attack research • paper information • phone lists • printouts What kinds of things in those "gold mines" actually contain the desired information? • Passwords • Media- CD-Rs DVDs tapes etc.
Equipment Disposal
What's the risk involved in getting rid of an obsolete copy machine? • Hard drives inside of the machine that store copies of everything you copy or print out Roughly how large was Affinity Healthcare's fine for a breach that came from improper equipment disposal? • $1.2 million
How do viruses and host files relate?
When you become infected with a computer virus, it starts executing in your computer's memory/processor and then its going to go looking through your hard drive for files it can infect, once it finds a program, it inserts a piece of itself in there. the program will run normally as allows but now has the virus integrated in its DNA. Hopes that you will share this file. Program with a colleague. when you execute it, they will get the virus! And the virus starts its whole process over again. REALLY BAD WITH SHARED FILES SYSTEMS IN COMPANIES.
What is Ransomware?
When you execute the malware, it immediately installs on your machine and encrypts all your files with a password; sends message demanding money and giving instructions and passwords - great reason to have data backups.
What is a gig economy?
With remote work with all these technologies, a lot of people are saying, you know what I don't want to go work for The Man, I want to work for myself. I want to be a freelancer.
Why is mobile a cornerstone of the Digital Workplace
Work is no longer a place that you go and endpoints become diverse
Explain why mobile is a cornerstone of the Digital Workplace.
Work: no longer a place to go. 14% decreased in deskbound workers from 2016-2019. One in three workers will soon be mobile workers. Endpoint Diversity: -Average knowledge worker used 3 devices for work purposes in 2016 -They will employ 5 devices for work purposes by 2020!
Are insiders a serious threat?
Yes, because 70% of incidents involve insiders.
What is a Process Hacker?
You are able to look at a work situation and come up with a novel way to bring together different tools to improve work, to make things better, faster, and easier for people to use.
Why is digital dexterity important for an individual employee? ...for an organization?
You will thrive, be in high-demand, be happier at work. By 2020, the greatest source of competitive advantage for 30% of organizations will come from the workforce's ability to creatively exploit digital technologies. Disruption. Tumult and treasure.
What are Drive-by Downloads?
Your machine can be infected simply by visiting a page, you don't have to click on anything; no interaction, just open and BAM.
Gig Economy
a new technology enabled model for organizing work and enables people to work for themselves. Makes freelancers more relevant.
Zombie
a program that secretly takes over another computer for the purpose of launching attacks on other computers
Organizations spend most of their IT security dollars protecting _________________________.
castle walls. These are corporate sites.
Organizations spend most of their IT security dollars protecting ______. Mobile devices are largely unprotected because they spend much time _______.
castle walls; outside the walls
Gartner says that approximately 40% of enterprise ______________ has been inadvertently leaked onto Facebook through employees' mobile devices
contact information
App Savant (New role for the Dextrous)
first person to find out about new applications, learn how to use it faster than anyone, and come up with great ideas about how they can be used in your organization
DBAN
free program that wipes hard drive so no one can use it
App Wrapping
lets you take an app and add a security layer without damaging the look or the functionality of the app
2014: FBI cybercrime unit warned of potential offensive cyber attacks from ____________
middle east
Moore's Law
number of transistors on chip doubles every 2 years
Be able to explain why mobile is a cornerstone of the Digital Workplace.
o Consumerized work environment o 14% decrease in deskbound o 1/3 workers will soon be mobile workers o 3 devices: 2016 o 5 devices: 2020
What is the source of most malicious hacking?
o Cyber crime o Large groups
Two reasons to secure data
o Data asset o Competitive advantage etc o Privacy regulations o Information systems
Two reasons to secure data
o Data is an assest o Privacy regulations
CyberWarfare- What is it?
o Involves the action of a nationstate or international organization to attack or damage another nation's computers/ networks
Some people think that the attackers are "just kids" showing off their tech skills. True?'
o Its just some geek showing off- just kids yes in the old day nowadays its big drivers
CyberWarfare- What's the threat?
o Key terrain of the battlefield o Cyber terrorism o Greatest national security threat to the united states
Describe the characteristics of modern cybercrime syndicates
o Large groups- professional o Money - Underground economy o Effective - Russian crime ring- 1.2 billion login credential
Hacktivists - what characteristics typify hacktivist groups?
o Loose configurations of individuals o Dedicated to political activism- who seek fame on behalf of their political cause o Wants to be notice to bring about political change
Hacktivists - what characteristics typify hacktivist groups?
o Lose confederation, groups o Dedicated to political activism o Seek publicity and fame
What overall strategies do they use to accomplish their goals?
o Monetary pain o Embarrass victim- damage victim o Seek public support
What strategies do they use to accomplish their goals?
o Monetary pain to victims to force change o Embarrass victim o Seek public support
What are the real drivers behind modern cyber-attacks?
o Money o power
Additional reasons to secure information systems themselves, in addition to their data
o Need security o Private information
In IP theft, one is often facing a "determined human adversary." What characterizes this type of opponent?
o Not deterred by early failures o Repeated attacks o Variety of techniques o Significant resources from sponsors
Mobile and BYOD
o Organizations spend most of their IT security dollars protecting corporate site itself- castle walls. Mobile devices are largely unprotected because they spend much time outside the castle walls- data direct from mobile devices- the cloud
Describe the characteristics of modern cybercrime syndicates
o Organized groups, money (underground economy) o professional
How do Trojans fool a user into executing them?
o Social engineering, hidden threat, no need for vulnerabilities o Links in email, attachments, wed, USB flash
Why do IP thieves typically steal it?
o Steal and sell
What does it mean to be "vulnerable"? (dictionary definition used repeatedly...)
o To be susceptible to attack or harm o To be hopeless- physical, technological human vulnerabilities o Has layers of vulnerability o Data o Intellectual property o Business procedures o Reputation o Corporate survival
What are digital identities and why protect them?
o Use to access information o Money around o Hackers want these
What is a "zero day exploit"?
o Very day vulnerability exposed to the world, known because of the bad guys using it to break into systems- instant
According to PWC's Global State of Information Security Report...
o What is the annual growth rate for security incidents? 66% o Approximately how many attacks reported per day? 120,000 attacks
Mobile Device Management
remotely controls smart phones and tablets, ensuring data security
Gartner thinks that ____________ has the greatest growth potential of any wearable device technology. Where is that technology on the Hype Cycle right now?
smart garments innovation trigger
Where are Smart Garments on the Hype Cycle?
the innovation trigger
What's the goal of encryption?
to make sure data can only be read by authorized parties or at least until the info is no longer useful to an authorized user.
What is Malvertising?
use of online advertising to spread malware. Involves injecting malware laden advertisement into legitimate online advertisement network.
Lost mobile devices
• 5% of smartphones lost each year. • About 60% had sensitive data... and most of those were NOT protected at all!
Social Engineering - What is it?
• A process by which an outside exploits an naive insider • Clever manipulation of the natural human tendency to trust
Flash drives - Ponemon Institute study about lost flash drives
• As a rule of thumb, each data record lost costs a company about $200 • 70% of companies surveyed suffered loss of sensitive/confidential information
Social Engineering - How is it done? What steps does an attacker take to exploit this vulnerability?
• Baby steps • Research your victim, ask for help- plausible requests for the right people mentioning the right names • Act as the CFO- social engineering etc
Why are "default passwords" a potential security problem?
• Built into hardware or software
What can an attacker do with a bug?
• Can be exploited • Run undesired program code • Unauthorized data access • Gain full control • Passwords
Saudi Aramco was hacked-What damage was suffered?
• Everything happen on paper • Company stopped selling oil and started giving it away for free to keep it flowing through Saudi arabia
Beautiful Social Engineering Attack o How did the hacker gain the chemical engineer's confidence?
• Gave him free stuff and paid for his pitcher
What popular platform has been under heavy pressure due to repeated security issues, including numerous zero day exploits?
• Home depot- credit cards stolen
Stolen Veteran's Affairs laptop incident: what data was exposed? What was the impact?
• May 2006 laptop stolen • Exposure- name, SSN, birth date for 26.5 million people • Lawsuit settlement $20 million • Individual impact- ID theft
Beautiful Social Engineering Attack o What did the chemical engineer do that enabled the hacker to find him?
• Merry Christmas,' she says when she returns, placing on the bar an IBM coffee mug, T-shirt, mouse pad and 8-gig flash drive. The next morning at work, the coffee tastes extra rich in the new mug, the mouse moves so smoothly on the new pad, and with a new confidence, you push the thumb drive into your computer. • within seconds, the company's entire email network is compromised, and hackers begin work scraping messages, documents, attachments and images.
Insiders - Serious threat?
• Most use unsophisticated techniques- but is serious threat
Is it reasonable to expect that large software systems would be truly and totally bug-free? Why?
• No, people are fallible, make mistakes
o What's the trend in the ability of companies to deal with attacks over the last 6+ years?
• On the decline, busier attackers • Companies fooling themselves
Lost Laptops
• Percentage of laptops lost over their service life: 7%
What is a "bug"?
• Programming flaw or oversight
Servers - how are many small businesses at risk? How should they counter this risk?
• SMB- not out in the open • Alarm • Access control • Cloud includes servers too- • AICPA SOC 2 • Physical controls • Cloud extends insiders
Beautiful Social Engineering Attack o What method did the hacker use to gain access to the target company's entire email system?
• Social engineering
Saudi Aramco was hacked- How did the hackers get in?
• Someone opened an email link and the hackers were in
What are the three user password vulnerabilities? Why is each a problem?
• Sticky note- has password and username on there • Guessable • Lack of complexity
What are the root causes of problems with user passwords?
• US- we are the problem • Easily remembered • Resistance to change
What does Elon Musk think about AI?
"AI is the biggest risk that we face as a civilization
As a rule of thumb, each data record lost costs a company about $_____?
$200
Lost USB Flash Drives cna be a big problem if they contain confidential or sensitive information! Ponemon Institute says a good rule of thumn is that a company suffers a cost of roughly _____ for every data record lost.
$200
Explain the steps in the virtual assistant workflow:
-UI - your request - User Interface -Processing -Handling -Feedback -Exception Handling
Three reasons to secure data
1. It's the most valuable asset. 2. Privacy Regulations. 3. Systems can be hijacked.
How do cybercriminals make phishing emails look authentic?
1. They start by using a technique called SPOOFING - which is phishing email appearing to be from a legitimate sender, but it is not. You can easily do this by just altering who the email is from. 2. The graphics also look legit, they look legit because they are, they took them directly from the source - from the real site/URL. 3. With authentic graphics, even the links look legit - that's just text, it means nothing - need to find out what the real URL is and you can do that most times by just hovering over the link.
Why is engagement important?
17% more productive and 21% more profitable. Makes a big difference on the bottom line.
As a rule of thumb, each data record lost costs a company about $_____
200
Size of DDoS attacks
2003: 1 gbps 2012: 60 gbps 2014: 400 gbps
In 2014, nearly ___% of the URLs received via email are unsolicited malicious links.
25
In 2014, nearly _____% of the URLs received via email are unsolicited malicious links.
25%
Percentage of URLs received via email that are malicious links
25%
Explain the problem with Direct Data Flow with Gartner research data.
25% of all corporate data traffic can go directly from the mobile device to corporate provider. Huge amount of data flowing around the world without protection.
Stolen Veteran's Affairs laptop incident: what data was exposed? What was the impact?
26.5 million people, name birth, SS# Law suit settlement: $20 mill Individual impact - ID theft
How common is engagement among US workers? Worldwide?
33% - US 15% - Global
Percentage of US and Global engaged workers
33% and 15%
Explain the problem with Mobile Sync with Gartner research data.
40% of enterprise contact information will have leaked into Facebook such as customer information.
___% of smartphones lost each year.
5
Percentage of smartphones lost EACH YEAR?
5%
About _____% of lost smartphones had sensitive data?
60%
Percentage of growth in tech skills for non-IT jobs
60%
According to the latest data, about 5% of smartphones are lost each year. ____ of those phones had sensitive data. Of those that had sensitive data,_________________________
60% most had no protective measures for that data
Gartner analyzed 38 mil job postings over the last 4 years and found that there were a _______% growth in tech skills required for NON-IT jobs. Also, _______% of the CEO's that Gartner surveyed think digital dexterity should be a key requirement when hiring new employees.
60% 80%
About ___% had sensitive data... and most (%) of those were NOT protected at all!
60; 57
According to PWC's 2015 Global State of Information Security report, the number of information security incidents is growing at an annual rate of about _____.
65%
According to the PWC report, what is the annual growth rate for security incidents? ___%
66
According to the PWC report, what is the annual growth rate for security incidents?
66%
Percentage of laptops lost over their service life: ___%
7
Percentage of laptops lost over their service life?
7%
___% of companies surveyed suffered loss of sensitive/confidential information
70
What % of incidents involve insiders?
70%
_____% of companies surveyed suffered loss of sensitive/confidential information from lost flash drives?
70%
Gartner asked CEOs if digital dexterity is important. ____% of those CEOs want digital dexterity to be a key requirement for new hires
80%
Percentage of CEOs that think digital dexterity should be a key requirement
80%
2013: estimates that more than ___ of cyberespionage in US originated from china
90%
Are Robo Bosses unbiased?
A human has bias based on personal opinion. We are human. A computer doesn't have that.
Why can the supervisor job be automated?
A lot of things that a supervisor does is relatively routine.
How can the Gig Economy benefit employers?
A manager can quickly assemble a team of skilled, engaged, digital agile workers to work on a project. Once task is done, you can easily disman the team.
Spearphishing
A phishing scam where an attacker targets you more precisely by using pieces of your own personal information
What is a bug?
A programming flaw or oversight that can be exploited.
Why is engagement no the same as satisfaction?
A satisfied employee will show up but won't go the extra mile on their own
Phishing
A scam by which an email user is duped into revealing personal or confidential information which the scammer can use illicitly.
What is phishing and what its goal?
A scam by which an email user is duped into revealing personal or confidential information which the scammer can use illicitly.
Gartner believes that __________________ will be pervasive within the next 5 years because it improves usability and gives us access to vast amounts of data.
AI
What does Elon Musk think about AI?
AI is the biggest risk that we face as a civilization. AI will threaten ALL jobs.
Everyday AI
AI that will be subtle and we won't event realize it
This technology displays an image of the real world in front of you... with some virtual digital data superimposed on top of it.
AR
Digital Dexterity
Ability and desire of workforce to use tech for better outcomes
What is a New Media Mogul?
Able to use all different kinds of media to persuade and educate people your message.
What is ACL?
Access Control Lists
What is Shoulder Surfing?
Acquiring sensitive information just by looking over somebody's shoulder.
Bot
Allows cyber attacker to send commands to the bot that will execute commands from your computer
Reading: Beautiful Social Engineering Attack. What method did the hacker use to gain access to the target company's entire email system?
An 8GB flash drive.
You read this week about the biggest hack in history, which affected the Saudi Aramco oil company. Attackers manager to wipe and destroy 35,000 computers is just hours, leaving the huge oil company with better than 1970s technology to run their business. How did the hackers break into the company computer systems?
An IT employee clicked a bad link in a scam email
Reading: Biggest hack in history. How did hackers get in ?
An employee opened a bad email.
What is a Robo Boss?
Applying the task of supervision to the RPA's.
Four reasons why supervisor job can be automated
Approves time Schedule employees Resume Screening Performance Evaluations
What is AI?
Artificial Intelligence is a set of related technologies that seems to emulate human thinking and action. -Learn from experience. -Arrive at its own conclusion. -Appear to understand complex content. -Participate in natural language dialogues with people. -Enhance human cognitive performance -Replace people in executing routine tasks.
Implication #1 of Moore's law.
At a fixed price point, computers get much more powerful.
What is AR?
Augmented Reality. Real time addition of virtual world superimposed on the physical world. Enhances they physical environment by overlaying virtual data information on top of it.
How can VA's make meetings better?
BEFORE: -Making arrangements. -Decide if you should have a meeting. -Who should you invite -When you should have a meeting. DURING: -Take notes. -Create Tasks. AFTER: -Creates a transcript -Sends follow-up notes to people -reminder before deadlines.
Three elements of Disaster Recovery
Back up data Create a recovery site Have an acceptable recovery time
Malware
Bad software that is written by a cyber attacker It can disable software, disrupt operations and steal data
What is malware?
Bad software; disables computer systems, disrupts operations, stealing data - intended to do something harmful to you or your organization. Malware is software; must be executed to have an impact.
Explain the Legos metaphor.
Basically, we are all using the same tools. We've all got the same legos. The real question is who is better at building amazing things with those legos. The employee who can really build well with legos are going thrive. They will be in high-demand.
Tips for avoiding phishing scams:
Be careful of urgent email requests. Be very suspicious of requests for personal info. Check with the company - don't use phone number they give you in the email. Don't use links in an email. Just type those characters in the browser instead.
Three Tips for avoiding phishing scams
Be suspicious Call to check legitimacy Don't click on links, copy and paste in browser
How did Moore's Law help make the IoT possible?
Because for a fixed amount of computing power, computers become much cheaper over time.
Why do smart garments have the most potential of any wearable tech?
Because it can track activity, collect data, and can promote fitness and health
How can Virtual Assistants improve before, during and after a meeting
Before: Scheduling, who to invite, is a meeting necessary or not? During: Takes notes, recommend content After: Recognize and create tasks for individuals, send transcripts of meeting, sends reminders
What is a Virus?
Behaves like a biological virus - hides itself inside a host file, could be any sort of file.
Erik Brynjolfsson
Believes AI is a boost of mental power and it will be a boost to humanity like physical power was
What impact does Erik Brynjolfsson think AI will have on society?
Book: The Second Machine Age. They are allowing us to blow past previous limitations taking us into new territory. We are running WITH machines, combining our strengths with the machine's strengths to achieve otherwise impossible heights. "A vast and unprecedented boost to mental power should be a great boost to humanity, just as the earlier boost to physical power (train) clearly was."
Robo-Boss
Bringing together AI and applied to the task of supervision instead of center workers
What is CEO Fraud? How does it work?
Business email compromise. Sophisticated swindle and increasingly common one targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.
Digital Workplace
Business strategy to boost employee engagement and agility through a more consumerized work environment
Digital Workplace
Business strategy to boost employee engagement through consumerized work environment
Reading: Beautiful Social Engineering Attack. How did the hacker gain the chemical engineer's confidence?
By talking to him.
What can a public key do and who should have it?
Can ONLY encrypt. Can give to anybody.
What is Penetration Testing?
Can be done externally or internally. Authorized a group of people to pretend they are hackers and attempt to break into your network by whatever means they see necessary. Test all barriers.
Public key
Can only encrypt data and anyone can have it
Three reasons why do businesses put sensors on things?
Cheap data collection Image recognition Near field communications
Smart Contract
Code within a transaction that takes actions based on conditions
How does Smart Contract work?
Codes within a transaction. Takes actions based on conditions. Runs as long as it has money.
CyberWarfare- Who's vulnerable to these attacks? (WW2 B-17 raid...)
Companies and governments And any small business organizations
What is a Zombie?
Computer that a remote attacker has accessed and set up to forward transmissions - including spam and viruses - to other computers on the internet.
Types of systems targeted by malware:
Computers - Windows, Mac, Linux, mobile devices.
What risk must be considered when disposing of obsolete equipment?
Computers and copy machines at risk due to their hard drives.
What is the level Actively Disengaged?
Consistently negative. Vocal Create toxic environment.
What are containers.
Create a container within the mobile device, all the corporate data is on the inside of the container, protected from external attack and also secures the employee's personal data.
How does CERT define the term Insider?
Current or former employee, contractor, or other partner that has or had authorized access and intentionally misused that access against the organization.
What is the impact of a DoS - Denial of Service - attack?
Customers will get frustrated and shop somewhere else. Server will crash. Cannot handle the volume.
What is the source of most malicious hacking?
Cyber crime syndicates.
What is the source of most malicious hacking?
Cyber-crime syndicates
Disaster Recovery DR - What are the elements of a disaster recovery plan?
Data protected with good backup systems. Business Continuance. Ensure business can continue operations even if main data center goes up in flames. DR site - have a backup Disaster Recovery site for when main site goes down, acceptable recovery time.
Disaster Recovery (DR) - What are the elements of a disaster recovery plan?
Data, business continuance, DR site, acceptable recovery time
Explain how they use the two methods below to achieve their goals:
Denial of Service • Overwhelm servers with so many requests for service, deny service for users • Amazon servers crash Information Exposure • Expose sensitive data
Distributed Denial of Service - DDoS - how does this differ from a normal DoS attack?
Denial of service but the attack comes from every direction simultaneously; it's distributed.
What is a Vulnerability Scan?
Device within the company that will scan every computer on corporate network testing for broad range of vulnerabilities. If it detects any, it will then report them back to IT staff so that they can be repaired. Repeat until fixed. Goal is informative - how are we doing? Reaffirm success in building secure environment.
_______________ is a business strategy that achieves its goals through the use of a more consumerized work environment.
Digital Workplace
What is a Bitcoin?
Digital currency. Decentralized Secure and confidential
According to Gartner Research, by 2020, _______ will be the greatest source of competitive advantage for 30% of organizations.
Digital dexterity
________________ is the ability and desire of the workforce to use existing and emerging technology for better business outcomes.
Digital dexterity
What is key-based cryptograhy?
Digital key, which is much like a physical key, used to encrypt data/make cipher text which is unreadable without appropriate digital key. these keys can be lost or stolen, Key Management System.
Bitcoin
Digital, decentralized currency that is secure and confidential
Two examples of mobile/BYOD technical risk are listed below. For each one, be able to explain the problem, using a piece of Gartner research data to support your argument.
Direct data flow • The cloud • Data direct from mobile devices Mobile sync • Corporate contact info to Facebook • Loss of control over corporate contact info
2 examples of mobile/BYOD technical risks are:
Direct data flow. Mobile Sync.
Blockchain
Distributed ledger system that enables trusted transactions in untrusted environments
What is Blockchain?
Distributed ledger system. Enables trusted transactions in UNTRUSTED environment.
Why do Blockchain systems have distributed ledgers?
Distributed ledgers enables trusted transactions in an untrusted environment.
Why might employees like the Gig Economy?
Don't have to work for The Man anymore. Freelance Work for yourself, only on projects you care about. Enjoy a fantastic work life balance that you control.
Gold Mine of Information
Dumpster Diving
____________ is a "gold mine of information" that is incredibly useful during pre-attack research. The attacker can get documents like lists of phone numbers or account names, printed emails, or maybe even passwords.
Dumpster diving
The article suggests that CEO fraud works because __________ is inherently insecure.
How can orgs address the ever-increasing security threats to their mobile devices?
EMM: Enterprise Mobility Management Containers App Wrapping
What are the root causes of problems with user passwords?
Easily remembered. Resistant to change.
Example of AI affecting Office Suit software
Editing in Microsoft Word
How is email used to distribute malware?
Email is ubiquitous - its everywhere, everyone uses it, and everyone uses it a LOT, multiple distribution methodologies. Send malware as an attachment or a link to a website, excellent high speed distribution tool, large threat.
Employee Engagement
Emotional commitment an employee has to the organization and its goals
How is Public Key Encryption used?
Encrypt credit card information in online purchases and ensures email authenticity
Two steps to protect mobile devices
Encryption Mobile Device Management
Why is encryption used with Blockchain distributed ledgers?
Encryption locks them down, so they cannot be changed. They are welded together digitally.
Based on this week's lecture content, what term would you use to describe an employee who is involved and enthusiastic about her work, who has a real emotional connection to the company and its mission, and chooses to voluntarily commit her time and energy to advance the organization's objectives?
Engaged
Three Levels of Engagement
Engaged (involed and enthusiastic in work) Not engaged (do bare minimum required) Actively disengaged (toxic to work environment)
What is Engagement Profit Chain?
Engaged employees equals better service, productivity, quality equals equals increased sales, higher profits, and shareholder benefits.
Enryption
Ensures a message is only readable to intended recipient until it is no longer useful to an unauthorized reader
What is EMM?
Enterprise Mobility Management. Mobile App security. Mobile threat defense. User education.
EMM
Enterprise mobility management - manage apps installed so they're protected, no malicious apps
How do viruses propagate?
Even if it doesn't have any obvious negative payload, it can still be a problem - it could introduce instability into your computer system, it's not designed to be there and can cause problems, inserts a copy of the program, infects other files
What is a zero day exploit?
Everyday vulnerability becomes known to the world, because bad guys are using it to break into other people's systems. A hole in the software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it.
Conversational Interface
Evolution of VPA that uses natural language and is context aware
Ransomware
Execute malware immediately, encrypts everything with a password, all files can disappear
Some people think that the attackers are just kids showing off their tech skills. True?
FALSE
Gartner on AI in 5 years
Few jobs will be replaceable, but majority will have some activities augmented by AI
What is Gartner's advice to business leaders regarding wearables?
Few wearable devices have solutions that will improve enterprise efficiency and lower net costs. IT leaders must differentiate among many types of wearables to determine the right opportunites for investment. We should evaluate wearable devices for specific targeted roles. They are not broadly generally, they will not broadly improve society or costs, but if we're wise, we can find ways to invest now to learn so we're ready when technology becomes mature.
Explain one example of a Smart Garment.
Fitness and Health - detecting your heartrate, breathing, motion data, temperature, ultraviolet lights, radiation. Safety officers of industrial companies should look at the ways that smart garments could protect workers on shop floors - biometric data for stress, etc.
Why does Gartner believe that AI will be so pervasive within the next 5 years?
Five years ago, we struggled to find 10 AI-based business applications. In five years, we will struggle to find 10 that are not.
Implication #2 of Moore's Law.
For a fixed amount of power, computers will become much cheaper.
What is DBAN? How does it help with information security?
Free program that will repeatedly write patterns of 1s and 0s all over the hard drive so that it wipes out all traces of data. So, if someone gets ahold of it, they have no access to your data. DBAN - equipment disposal.
What's a typical methodology for stealing IP?
Gain Access: Step by Step, Social Engineering, brute force passwords, dump all passwords. Unauthorized file access. Intercept email. STAY HIDDEN. "Break into a company's IT assets, dump all the passwords, and over time, steal gigabytes of confidential information."
What's a typical methodology?
Gain access • Step by step • Social engineering • Brute force passwords • Dump all passwords Unauthorized file access Intercept email Stay hidden
A company's dumpster can be a "_________________________" to cybercriminals.
Gold Mine of Information
How does Everyday AI affect Office Suite software
Google calendar: autoscheduling
Gig Economy positives
Great word-life balance and managers can quickly build short-term teams to complete projects
Two steps to protect USB flash drives
Hardware encryption Ban them!
Vulnerability DDoS attacks exploits
Heavy reliance of servers with fixed capacities
What is the "vulnerability" being exploited in a Denial of Service (DoS) attack?
Heavy reliance on servers
What is the vulnerability being exploited in a Denial of Service -DoS - attack?
Heavy reliance on servers: - E-Commerce - revenue - Communications - email - Enterprise applications - efficiency Capacity - Servers have maximum capacity Exceeding maximums equal problems! Businesses today rely heavily on servers, both for generating revenue and for reducing costs. Servers have a fixed capacity. They are not infinitely powerful. As long as you dont exceed the performance capacity of the server or cluster of servers, everything's done in a timely manner. but, when you exceed those maximums, the server will go slower, productivity will drop, and/or if the server runs out of memory, it might crash.
Mr. Olson suggested that software bugs are inevitable. What two reasons from the list below did he use to support that statement? We need better project management these programs are huge : 40 million lines of program code or more we need better programming languages too many programmers didn't go to UF humans make mistakes
Humans make mistakes These programs are huge : 40 million lines of program code or more
Endpoint Protection
Idea that we would call antivirus software (looks more holistically at everything that is necessary to protect)
What's the FBI's advice to those organizations?
If you had no backup, it was best to pay the ransom to get your files back.
Key length - impact on security and system performance.
Impact on security and system performance. keys are basically numbers, a sequence of bits that is used to lock or unlock the data. The longer the key is in terms of bit, the more secure things are going to be - also means it will be slower. More bits means more possible keys.
Principle of Least Privilege
Implements access controls that require least amount of privilege to do their job
Affinity Healthcare was fined over $1 million for a security breach that came about because of ___________________
Improper disposal of an obsolete copy machine
As one example, why was one healthcare company over $1 million?
Improper photocopy equipment disposal.
Reading: Biggest Hack in History. What damage was suffered?
In a matter of hours, 35,000 computers were partially wiped or totally destroyed. Without a way to pay them, gasoline tank trucks seeking refills had to be turned away. Saudi Aramco's ability to supply 10% of the world's oil was suddenly at risk. Employees had to use typewriters since they could not use the computer to prevent the virus from spreading further.
Typical Lindt sales executive have their office
In their car
Where does the typical Lindt sales executive have their office?
In their car
Drive-By Downloads
Infects your machine as soon as you open a web page
Where are Smart Garments on the hype cycle?
Innovative Trigger. 10+ years
Insider threats - Who are they? How does CERT define the term "insider"?
Insider • Current or former employee contractor or other partner • Has or had authorized access • Intentionally misused that access
Access Controls
Insists high-quality passwords
What is IP?
Intellectual Property. That refers to the creations of the mind, such as inventions; literary and artistic works; designs; and symbols, names and images used in commerce - World Intellectual Property Org. Trade Secrets! The competitive advantage.
What is IP?
Intellectual property • Refers to creations of the mind, such as inventions, literary and artistic works, designs, and symbols, names and images, used in commerce • secrets
What is level of Engaged?
Involved and enthusiastic about their work and workplace. Real emotional connections Commit their time, talent, and energy. Advance the organization's objective.
What is the term Digital Dexterity?
Is the ability and desire of the workforce to use existing and emerging technology for better business outcomes.
What is multi-factor Authentication?
Is the idea that there is something that you know - password - and something that you have. Greater level of confidence that the person logging in is who they say they are. Example: Google - you have to know your password AND enter a verification code texted to your mobile device.
Why is it important that blockchain have a distributed ledger?
It adds trust to an untrusted environment
Two reasons why will AI be pervasive within the next 5 years
It will make software easy to use based on tontext of what should you be looking at Access to vast amount of data
What is meant by the term Everyday AI?
It's invisible, integrated. Subtle. What: -AI helping in normal course of work -Not perceived as AI- just a feature. Where: -SaaS 75% by 2020 will include useful AI services -VPAs
How is email used to distribute malware?
It's ubiquitous and its everywhere
One example of AI-induced tumult
Journalism: AI can extract meat out of press release, write an article, and publish it without a human
Be able to explain one example of AI-induced tumult from the lecture.
Journalism: automate article writing, narrative science, 90% news articles to be written by algorithm
What is a Smart Contract?
Just program code that is baked into that transaction, making it conditional.
What are physical vulnerabilities?
Laptops, desktops, etc. You want to have a good inventory: know what they are, who has them, where they are, and encrypt their hard drives so lost data is not out in the open.
Botnet
Large army of computers infected with malware
What is Botnet of Zombies?
Large army of computers that have become infected by malware and become Zombies or BOts - Malware Victims.
Describe the characteristics of modern cybercrime syndicates.
Large groups. Very Professional. Lots of money. Effective.
Gartner's advice about wearables
Leaders have to be very selective and find opportunities today
Explain one AI Tumult
Legal eDiscovery. Law firms used to hire thousands of people to do eDiscovery. That is now being done largely by machine algorithms. Not entry level. Quantitative legal prediction. AI algorithms can predict if you are going to Win your case or not. or use an appeal. It uses big data to outperform some of the most experienced lawyers.
What is app wrapping?
Lets you take an app and add a security layer, wrapping security around it without damaging the look, feel, or functionality of the app.
Five steps to risk assessment
List of IT assets Assign values Identify threats Assign costs to replace Determine acceptable downtime
What are digital identities and why protect them?
Log-in credentials such as usernames and passwords. To protect your identity.
digital identities
Logging credentials - ruining credit
Hacktivists
Loose confederation of individuals who seek political change through information security attacks on target organizations
Hacktivists - what characteristics typify hacktivist groups?
Loose confederations of individuals dedicated to political activism, who seek publicly/fame on behalf of their political cause.
What can Robo Bosses do?
Machine Learning and can process routine tasks: Approve Time Schedule employees Resume Screening Performance evaluation
What steps can be taken to protect mobile devices?
Make sure your mobile device is encrypted. By using a Mobile Device Management.
What are access controls?
Making sure the right people get the right access to things.
Ransomware
Malware that encrypts data files on computer with a password in which you are unable to open files. It displays a message asking for money in exchange for data.
Keylogger
Malware will monitor every key stroke you type and collect and use them Username and password for bank account
What is the level Not Engaged?
Might be satisfied or even happy at work. Do the bare minimum required. Have not bought into the organization's mission, values, vision, or goals.
Three endpoint changes that telecommunications affected in recent years
Mobile-first mentality Better networks and collaboration HD video is cheaper
Two Modes of Bimodal IT
Mode 1: traditional Mode 2: experimental and innovative
What is Bimodal IT and its two modes?
Mode 1: traditional, keeps the lights on. Runs those systems that gives you the exact amount of money every two weeks. Rock solid, reliable. Changes at a glacial pace. Mode 2: experimental, innovative. Takes risks and learns from it. Tweaks, changes, and grows. OK to make small errors. Where the digital dexterity employee is.
What strategies do hacktivists use to accomplish their goals?
Monetary pain to victims to force them to change behavior. Embarrass the target and damage their reputation. Seek to gain public support against the target.
What are the real drivers behind modern cyber-attacks.
Money and power.
What is intrusion detection system?
Monitor all the network traffic coming in and out of the internet connection, looking for sequences of packets that are indicative of certain types of information technology security attacks. When it detects those, it'll then notify the system managers so then they can take appropriate action. For example: going to the router on the internet and blocking a host that is attacking them. not taking action, but notifies.
Intrusion Detection
Monitors all network traffic coming in and out of your network connection
Keylogger
Monitors everything key stroke that is made on your computer once it runs on your machine
Three reasons why is engagement important
More productive and profitable Provides better service and quality Misery can follow you home
Castle Metaphor in information security
Multi-layer Defences and policies
Defense in depth - how does the castle metaphor apply to information security?
Multi-layer defenses; castles have lots of ground around the castle itself. So, they could see invaders approaching from a distance. Then there was a moat that had to be crossed, then outer and inner walls. Invaders had to get past all these defenses. Information security should have multiple layers of defense and each should warn you of their attack.
Were the lost smartphone protected?
NO
Is it reasonable to expect that large software systems would be truly and totally bug-free? Why?
NO. There are millions of lines of codes that could contain bugs.
What is a Conversational Interface?
Natural Interface Context Aware Evolution of VPA: Informal and bidirectional platforms
Pick the "New Role for the Dextrous
New Media Mogul All sorts of media to persuade and educate people with your message.
Are algorithms neutral?
No, algorithms reflect human prejudices and biases that lead to machine learning and making mistakes
Do Trojans rely on software vulnerabilities to compromise a system?
No. They exploit a weakness in the human character, not the computer software. Exploit human vulnerabilities, responsible for hundreds of millions of hacks every year.
In IP theft, one is often facing a determined human adversary. What characterizes this type of opponent?
Not deterred by early failure. Repeated attacks. Variety of techniques. Significant resources from sponsors.
What is Moore' Law?
Number of transistors on a chip that doubles every two years, at the same price.
How does Everyday AI affect Office Suite software?
Office 365: -Word: Editing. with copy-editing to avoid the grammar police. -Outlook - prioritize your mail so important stuff comes first. -Google calendar - autoscheduling.
What is a keylogger?
Once it's on your computer, the malware will monitor every keystroke you type and send back to the cybercriminals.
zero day exploit
One day exploit id discovered bad guys are using it before a cure is instills
Stolen Veteran's Affairs laptop incident: What data was exposed, what was the impact?
One laptop stolen! Exposure: name, SSN, birth date for 26.5 million people. Lawsuit settlement: 20 Mil Individual impact: ID theft
Frequency of DDos
Only 6% were NOT attacked. 11% attacked 11-50 times a month. 11% attacked more than 50 times a month.
What can a private key do and who should have it?
Only know to recipients. Decrypts messages.
Drive-by Downloads - What vulnerabilities are exploited?
Operating system, web browser and plug-ins
These days most malicious hacking attacks are the result of ____________________.
Organized groups of professional cybercriminals
Mobile devices are largely unprotected because they spend much time ________________________.
Outside the castle walls.
How does DoS - Denial of Service - attack work
Overwhelm the target server with service requests. Deny service to regular customers. -Attack consumes all normally available server capacity. -Nothing left for regular customers. -Regular customers frustrated, go elsewhere. The straw that broke the camel's back. You want to overwhelm the victim - send the target more legitimate service requests than it is able to handle, denies service to regular customers. Adding that one more request so that the server CAN'T respond or crashes.
Asymmetric or Public Key Encryption
Pair of keys, each with a different function.
Endpoint protection
Patching, anti malware, firewall
What are endpoint protection - anti-virus software?
Patching: Eliminate Software vulnerabilities with patches. Anti-malware: detect viruses, trojans, to stop the from infecting your machines. Firewall: To stop undesired incoming network traffic. Idea that we would call antivirus software, looks more holisticaly at everything that is neccessary to protect, endpoint could be laptop, desktop, or mobile device. Software that patches the operating system and applications so that you eliminate software vulnerabilities on client devices.
How is spearphishing different from phishing?
Phishing is just a broadcast attack whereas with spearphishing, you are much like a sniper. You research your target and then go after it with extreme dedication and effort. Narrow effect. Target - research target. Find out about the victim. The victim's company, all the information we can so we can make a super custom, exactly crafted email that is tailored to knock down the big game. Apparently valid source Personalized: Nicknames, habits, preferences, recent purchases, recent promotions or job changes.
What kinds of things actually contain the desired information from dumpster diving?
Phone Lists, Print outs, and media
What are the broad categories of IT vulnerability?
Physical Technological Human
What are the broad categories of IT vulnerability?
Physical, Technological, Human
Reading: Beautiful Social Engineering Attack. What did the chemical engineer do that enabled the hacker to find him?
Posted information on social media.
What kinds of information might be in a company's 'dumpster'?
Pre-attack research
What is spoofing?
Pretending to be someone your are not.
What is Social Engineering?
Process where outsiders exploit naive insiders; tricking.
What kind of tasks can an RPA system perform?
Processes routine tasks. Works with existing applications.
Moore's Law Results in extremely cheap:
Processors Memory Sensors Connections
How is the public key encryption used?
Protect web transactions, SSL, Secure - HTTP Data encrypt between client and server, passwords, confidential data, medical, financial.
examples of proximity-aware systems
Proximity badge, Disney badges, RFID badges, Sections of a store
Why do blockchains have distributed ledgers?
Publicly readable transactions are recorded and safe
One Proximity Aware System and benefits
RFID chip in our badge, every rooms that you walk in and out of, they knew precisely when you were in and out of which rooms and what times Allows for productivity, safety, quality assurance, and compliance/fraud detection
Proximity-Aware System example:
RFID in a badge. Chip in a badge, everywhere you go, they know that, your information.
Cryptowall is an example of what type of malware payload?
Ransonware.
Three things about Lindt's Digital Workplace strategy
Real time device where everything is available as and when they need it. Shows people all displays and product catalog. Allows for more flexibility since data uploading software occurs in tablet
Four steps to Organizational Transformation
Recognize opportunity Design the solution Deliver the Solution Execute
How does digital dexterity enable an employee to participate in organizational transformation?
Recognize opportunity Design the solution Deliver the solution execute Digital dexterity lets your participate.
What is a bot?
Remote control payload. Allows cybercriminals to do anything they want remotely. You can still operate your computer, but without your knowledge, they can send a control command to your machine whenever they want.
Bot
Remote control: can do anything remotely, in the background
What steps can be taken to protect USB flash drives?
Requiring the use of encrypted USB flash drives - actually having encryption hard drives built into them. Some companies banned this sort of storage - disable computer USB ports.
Risk posed by fraudulent mobile apps
Risk is giving away important banking information
Select all of the following statements that are true about RPA. Robot employees handle routine tasks Humans interact with RPA systems using natural language interfaces. Existing applications must be redesigned from the ground up to take advantage of RPA. The work with your organization's existing applications Humans do not directly interact with RPA systems. RPA systems only communicate with other computer software using APIs. RPA is a future technology, not likely to be deployed in production use for about 5-10 years.
Robot employees handle routine tasks Humans interact with RPA systems using natural language interfaces. The work with your organization's existing applications
How does RPA - Robotic Process Automation work?
Robot machines. Behaves as if it were an employee. It will eliminate routine tasks, leaving humans free to address non-routine tasks. Machine Learning. Natural Language Interface.
What is RPA
Robotic Process Automation - software robot employees.
RPA
Robotic Process Automation: Software running on a computer that behaves like an employee and gets better with experience and runs on existing apps
What can an attacker do with a bug?
Run undesired programs. Unauthorized data access. Gain full control.
How would the cyber-criminal use the information from the dumpster dive?
SELL IT
How do viruses propogate
Searches all files until it finds one to infect. It creates copies of itself inside of the file
How do worms propagate?
Searching for vulnerabilities in the operating networks or software installed on a network, once it identifies another vulnerable machine, it will exploit its vulnerabiliites and install itself on that machine and being its own execution, second machine joins the attack, can generate a lot of traffic on your network, carry a payload, typically negative.
Viruses
Self replicating malware that hides itself inside a host file
Artificial Intelligence
Set of related technologies that seem to emulate human thinking an action
One attack we studied this week sounded like something from a James Bond Movie. An attractive female hacker approached a male chemical engineer after work at a bar; she quickly earned his confidence by posing as an IBM employee. At the end of the story, the entire corporate email system has been compromised and the hackers were able to steal all sorts of proprietary data found in messages and attachments. Aside from being a fascinating story it can teach us some things about improving our own security posture. What method did the hacker eventually use to compromise the company's email system?
She tricked him into putting an infected USB flash drive into his office computer.
While typing your PIN number into the banking app on your smartphone, you notice some creepy guy trying to peek at what you're doing. What term is used for this method of stealing passwords, PINS and other confidential data?
Shoulder surfing
Many companies now practice something that Gartner calls Bimodal IT. Select all of the statements below that are characteristic of Mode 1 IT operations. experimental slow to change rock-solid reliability traditional innovative
Slow to change rock solid reliability traditional
Gartner thinks that ________________________ have the greatest growth potential of any wearable device technology.
Smart Garments.
This type of attack attempts to exploit naive people, tricking them into providing information that the attacker will use to gain access to their network and systems.
Social engineering
How do Trojans fool a user into executing them?
Social engineering - the key - you are tricked to invite that malware into your computer.
Human vulnerabilities - how to address them?
Social engineering - the reason it succeeds is because people are naive. Education and Awareness Training. An ounce of PREVENTION is work a POUND of cure. Uniformed risky behavior. Good HR practices - hiring - background checks, good exit procedure - when someone leaves.
Reading: How to Stop Guilible Employees: The most prevalent, successful threats rely on what vulnerability?
Social engineering, one way or another. That could be a phishing email, a rogue link, or an offer of a free download that pops up on a trusted website. In rare instances, it's a physical phone call asking for credentials to be reset or for the person to install needed diagnostics software to remove malware.
What vulnerabilities are exploited with compromised websites?
Software; incredibly complex and therefore there are bugs - vulnerable browsers and plug ins. This presents the opportunity for cyber criminals to take advantage of the fact that we are out there on the internet.
Spoofing
Something that appears to be authentic but it isn't actually.
What are worms? And do they rely on host files?
Standalone malware - doesn't insert itself like a virus. It's just the worm's job to propagate itself via your network; once a worm is on one computer on a network ,it starts looking for other computers on the network it could infect.
Worms
Standalone malware - no useful program Self-propagating via network
Worms
Standalone malware that inserts itself and hides in another program
IP Thieves
Steal industrial secrets and sells them for profits
Why do IP thieves typically steal it?
Steal to sell, corporate espionage
How do attackers use shoulder surfing?
Stealing confidential data. Stealing mobile devices.
What steps are involved in risk assessment?
Step 1: List IT assets and assign them a value - trying to identify if something is critical for ongoing business success. Step 2: Identify threats - How could an attacker potentially get at assets? Step 3: If assets are destroyed - what would it cost to replace, assign cost to replace. Step 4: how long is it OK to be down? Determine acceptable downtime.
What are the three user password vulnerabilities?
Sticky Notes: writing the passwords down. Guessable: people who know you. Lack on complexity: too simple.
What are the three user password vulnerabilities
Sticky note, guessable, lack of complexity
Firewall
Stop incoming network requests
Firewall
Stop undesired incoming network traffic
What is a Firewall?
Stop undesired incoming network traffic.
What does it mean for something to be vulnerable?
Susceptible to attack or harm.
How is social engineering done?
Take baby steps. Research your victim. Ask for help: plausible requests to the right people mentioning the right names.
CEO Fraud
Targets business working with foreign suppliers and businesses that regularly perform wire transfers
Three Broad areas of change, trends demanding digital dexterity.
Technology is changing. Working is changing. IT is changing.
What does "La fin du monde" have to do with AI?
The End of the World is what some people believe AI will come to
Digital Dexterity
The ability and desire of the workforce to use existing and emerging technology for better business outcomes
Elon Musk on AI
The biggest threat we face as a civilization
