remo presentatie v1
Post on 18-Jul-2015
62 Views
Preview:
TRANSCRIPT
Whats up for today?Some chitchat about your baby…
The dark side of the internet
• Phishing• Social engineering• Hacking (vulnerabilities & misconfigurations)• Injection (iFRAME)• DDOS• DNS hijacking• Cookie hijacking/stealing• MITM (Man In The Middle)• Xss and SQL injection• 3rd Parties
Serious cases
• 13 October 2014 1 million dutch e-mail accounts compromised.
• 5600 Dutch websites hacked (SQL injection)• Target hack, costs 40 million $, Home depot
60 Miljon $ ( total costs in revenue and security measures)
• In two years 2 Billion account credentials breached ( including CC and person credentials)
Data Breaches Leads to Drop in Sales
• Target Earnings Slide 46% After Data Breach
• One third of consumers will shop elsewhere if their retailer of choice is breached, according to new research
• Downtime and massive costs after data breach or malware infection.
What can/must we do?• Audit/Pentest• Source code check• Scanning pro software *• WAF * (Web Application Firewall)• Encrypt your database, encrypt credentials, if hacked it wont be worth decrypting due to time • Dedicated Hosting• HTTPS, Perfect Forward Secrecy, HSTS (HTTP Strict Transport Security) • MASKING *• Malware Analyses, day round *• DDOS protection *• Secure DNS * (ask hosting company)• Blacklisting checks *• Monitor your security• Security is a must, create budget! (its not IF, but WHEN you will get hacked)• Backupfallbackupfallback crisis scenario’s and documentation• Backoffice security, don’t let your twelve year old kid download movies on your work laptop• Educate the thing between chair and keyboard! Know your software platform(s) (sorry if its you)• Communicate with your customer about your cyber initiatives, but be very clear in how!
* Do it yourself, approx. 400 euro a year.
What can/must we do?• Audit/Pentest• Source code check• Scanning pro software *• WAF * (Web Application Firewall)• Encrypt your database, encrypt credentials, if hacked it wont be worth decrypting due to time • Dedicated Hosting• HTTPS, Perfect Forward Secrecy, HSTS (HTTP Strict Transport Security) • MASKING *• Malware Analyses, day round *• DDOS protection *• Secure DNS * (ask hosting company)• Blacklisting checks *• Monitor your security• Security is a must, create budget! (its not IF, but WHEN you will get hacked)• Backupfallbackupfallback crisis scenario’s and documentation• Backoffice security, don’t let your twelve year old kid download movies on your work laptop• Educate the thing between chair and keyboard! Know your software platform(s) (sorry if its you)• Communicate with your customer about your cyber initiatives, but be very clear in how!
* Do it yourself, approx. 400 euro a year.
Treat (not thread) your baby like a babyCreate the safe environment you want your baby to growup in.
For you, your family, your customer and your future. Happy Selling!
CONTACTRemo Hardeman
Omerta Information Securityremo@omerta.nl
VisitsBoompjes 577e verdieping
3011 XB Rotterdam
SOCIAL MEDIAfacebook.com/
omertanetherlands
TWITTERhttps://twitter.com/
@omerta_infosec
CONTACTRemo Hardeman
Omerta Information Securityremo@omerta.nl
VisitsBoompjes 577e verdieping
3011 XB Rotterdam
SOCIAL MEDIAfacebook.com/
omertanetherlands
TWITTERhttps://twitter.com/
@omerta_infosec
top related