2016 conect_v1.1

THE WEAKEST LINK
A PEAK INTO MODERN DAY CYBER CRIME
COGNOSEC
WHO WE ARE
• IT Security Advisor & Provider
• Penetration Test and Application Security Specialist
• Implementation of holistic security solutions
• PCI DSS Services (QSA, ASV, PA DSS and P2PE)
• Extensive Experience in the e-Commerce, Payment, Gaming and Education Industry
• Originated in Vienna, now we have offices around the world.
COGNOSEC WORLDWIDE
Stockholm,
Sweden
7
13
Global
Locations
Vienna,
Austria
London,
UK
Dubai,
UAE
Global
Technology
Partners
Nairobi,
Kenya
Lagos,
Nigeria
4
Global Industry
Certifications
Johannesburg, South
Africa
South Africa – Dynamic Recovery Services (DRS) Trading As Cognosec
Kenya - Professional Technologies Limited (Protec) Trading As Cognosec
STATISTICS
THE RISING THREAT OF CYBER CRIME
Source: 2014 Verizon Data Breach Report
STATISTICS
THE HIGH COST OF DATA BREACHES
Source: 2014 Cost of Data Breach Study: Global Analysis
2014 WAS CALLED “THE YEAR OF THE HACK” BUT…
2015 WAS WORSE!
• Ashley Madison :: 32 million accounts stolen
• Anthem :: 78 million accounts stolen
• Fiat Chrysler :: car remotely hacked, 1,4 million cars recalled
• IRS :: 334.000 accounts compromised
• US Office Of Personnel Management :: 18 million accounts stolen
• Premera Blue Cross :: 11 million accounts stolen
• LastPass :: Systems compromised, no exact data exists
• UCLA Health :: 4,5 million accounts stolen
MUCH WORSE!
• Carphone Warehouse :: 2,4 million accounts stolen
• Vtech :: personal information of 6,4 million children exposed
• Stagefright Android Vulnerability :: 1 billion devices affected
• DYLD exploit :: OSX Zero day
• T-Mobile (through Experian):: 15 million accounts stolen
• Juniper Network Netscreen firewalls:: 2 backdoors in firewalls
• Gemalto :: systems compromised, sim crypto keys in 85 countries at risk
• Kaspersky Labs :: systems compromised
MUCH MUCH WORSE!
• Hacking Team :: systems compromised, data leaked, FBI Portal accessed
• CIA Director John Brennan :: email account compromised, data leaked
• TalkTalk :: 157.000 accounts compromised
• Vodaphone :: only 2000 accounts compromised
• Samsung :: Looppay compromised
• Hilton Worldwide :: Systems compromised
• Xcode Ghost :: fake Apple apps
AND IT IS ONLY GOING TO GET WORSE
THE GROWNING CYBERATTACK SURFACE
AND IT IS ONLY GOING TO GET WORSE
NEW DEVICE TYPES
THE SECURITY CHAIN
PEOPLE, PROCESSES AND TECHNOLOGY
ALTERNATIVE ATTACK VECTORS
TECHNOLOGY
• Malware
• QR Codes
• Key logging Devices
• Infecting Service Providers
• Arduino-Based Attack (False USB
Sticks)
• Wireless Network/AP Spoofing (Evil
AP)
• And Many More
ALTERNATIVE ATTACK VECTORS
PEOPLE
• Social Engineering
• QR Codes
• Spear Phishing
• Keylogging Devices
• Telephone Spoofing
• “Bad” USB
• SMS Spoofing
• Evil AP
• Watering Holes
• And Many More
• Malware
ALTERNATIVE ATTACK VECTORS
PROCESSES
• Hacked Apple iCloud
• Password reset process
• Keycard replacement
• And Many More
NEXT-GENERATION CYBERDEFENSE AXIOMS
SERVICE OVERVIEW
Assurance Services
Security Services
GRC Services
PCI Services
•Penetration Testing
•Application Security
Testing
•Social Engineering
•IS Audits
•Data Leakage & Loss
Prevention
•Security Monitoring
•Application Security
•Incident Response
•Network Security
•Compliance Gap
Assessment
•Risk Assessment
•GRC Solutions
•Information Security
Management (incl. ISMS)
•PCI ASV Security Scan
•PCI QSA On-Site
Assessment
•PCI Gap Assessment
•Remediation
•Security Awareness
Programme
WE WANT YOUR FEEDBACK!
Please complete your session evaluation within the MRC mobile app or return a paper evaluation on your way out.
**Insert session title here**
Speakers:
Name, Company
THANKS FOR LISTENING
Key Takeaways
1) Takeaway 1
2) Takeaway 2
3) Takeaway 3
4) Takeaway 4
SINCERELY,
YOUR CYBER GUARDIANS