Oct 2016

Cyber Security

Risks, Costs, and Solutions

Andreas Wagner, Arcadeus OPS

Content

✤ Why hack a system?

✤ Who are the victims?

✤ What are the costs of hacking?

✤ What are the solutions to protect your system?

✤ What can Arcadeus OPS do for you?

The Attackers and their methods

✤ Black Hat Hackers know the value of your data is high and therefore worth the effort

✤ Hackers steal data as revenge or to make an issue

✤ Hackers are highly skilled, using complex attack vectors

✤ Can hack from any location using a laptop and a mobile phone

Two main groups of attacks

Types of attacks

The Victims and their assets

✤ any organisation with data and an IT presence

✤ websites can be hacked to gain financial rewards

✤ internal networks are open to attack from simple wifi points

✤ 2015: 3.3 million attacks per day, USD 100-200 billion lost; 38 attacks a second.

✤ most organisations have weak IT defences

Some hacks that made the news (1)

✤ Yahoo 2014 - 2016: 500+ million accounts hacked

✤ Sony pictures 2014

✤ Stuxnet worm, 2010 - 2012

✤ Mt. Gox bitcoin hack, 500 mil USD. Bitfinex hack in HK, 65 mil USD.

✤ Dropbox 2016, 68 million user accounts hacked

Some hacks that made the news (2)

✤ LinkedIn May 2016, 117 million emails stolen

✤ 2016 Tesla car hacks, disabling brakes, and object recognition.

✤ Sept. 2016: 665 Gbps DDoS attack using IoT devices on Brian Krebs’ web site. Biggest DDoS in history of cybercrime

✤ Sept. 14-16, 2016: Massive PDoS attack on PH government offices, law enforcement, ISP’s schools and uni’s. Permanent damage to hardware.

The Costs

✤ financial losses can be HUGE

✤ customer loss of confidence; will go elsewhere!

✤ competition gets YOUR data and YOUR customers

✤ loss of private data with high legal costs/compensation

✤ public loss of confidence; tainted corporate image

Solutions and Defenders

✤ Revise IT Policies, such as passwords, access points, firewalls

✤ Red Team vs Blue Team - Red attackers and Blue defenders can build more secure systems

✤ Vulnerability Analysis to find out application weaknesses

✤ Penetration Tests to find out how easy a system is to attack

✤ Network Management by Defence in Depth

At a glance, the test methods

The Attack Life Cycle

Multilevel defense

Arcadeus OPS skills

✤ Port and Network System Scans

✤ Vulnerability Scan and Recommendations

✤ Penetration Testing and Solutions

✤ System Administration

✤ Complete Packages suited to your organisation

Arcadeus OPS qualifications

✤ Arcadeus OPS complies with the highest industry standards:

✤ CEHv9 - Certified Ethical Hacker Version 9

✤ OSCP - Offensive Security Certified Professional

We often hear…

✤ Our IT department takes care of everything…

✤ We are a small company, we are not a target

✤ There’s nothing on our servers that could be of interest to hackers

✤ We have outsourced all our IT needs

✤ We never had any issues before

Cyber security =/= IT management

Viewing cyber security as simply an Information Technology (IT) issue is parallel to considering safe operation of a vessel as simply a main engine issue.

Addressing cyber security should start with the senior management level of a company rather than being delegated to the Vessel Security Officer or the head of the IT department

www.arcadeusops.com

Hong Kong - Philippines - United Kingdom