My presentation at IT Weekend Lviv 2017. Overview of modern cyber threat agents and their modus operandi. Practical recommendations on how to be a less likely cyber threat.
22. Someone could steal your stuff
Hacking
Social engineering
Doxing
Insider threat
Sensitive data loss ✈
Physical theft/robbery
Unattended access to equipment
23. –Amy Hacker
“If I can touch your computer,
it’s no longer your computer.”
24. Someone could change your stuff
Transfer money
Reset passwords
Register services
Corrupt data
Seed illegal content
Spread propaganda
46. Don’t click… it
Don't click shit.
Formally train your staff not to click shit.
Demand all your business peers formally train their
staff not to click shit.
Teach your spouse, your kids, your parents, your
friends not to click shit.
https://github.com/sapran/dontclickshit
47. Password size matters
Use passphrase instead of password.
MiX ChAr ReGister & 4dd 50m3 d1g1t5
Make it long. Long means 20+ chars.
Remember not more than 2 passphrases:
use a good password manager.
Turn on 2FA: twofactorauth.org
48. Update software
Update your stuff.
Update it right after the patch is available.
Turn on autoupdate wherever it’s possible.
Zero-days are rare, >99% of people get hacked
using known vulnerabilities.
49. Build less insecure software
No, you can’t do it yourself. Hire a security pro.
Security is not an option you can offer your clients.
It should be thought through from the very
beginning, not added up in the end.
Build it in, not bolt it on!
50. Build more secure software
Go to OWASP.org: there is literally no better info
source on Application Security. And it’s free!
Train your staff to build less vulnerable software.
Use frameworks with good security record
whenever possible.
And never, NEVER implement your own crypto!
51. Hack yourself first
Let your staff do it and hire an ethical hacker.
Start a Bug Bounty Program when ready.
Phish your own staff to see if they're ready to
withstand modern attacks.
Don’t blame them if they fail. Let them tell everyone
how it happened.
52. Remember
Once it becomes harder to hack the crap out of
you, they will skip to the next target.
Once it becomes harder to hack the crap out of all
of us, they will change their tactics.
Keep up with the game and know how not to
become a cyber victim.
The game will change. Be the one who changes it.