Simone Mulattieri – Pre-Sales Manager

Dal GDPR ai ransomware: la protezione del dato non è mai stata così cruciale.

FUTURO? NO GRAZIE…

WANNACRY

WANNACRY

LA RICERCA

Darkhotel - part 2

MsnMM Campaigns

Satellite Turla

Wild Neutron

Blue Termite

Spring Dragon

2011

2010

2013

Stuxnet

Duqu

2012

Gauss

Flame

miniFlame

NetTraveler

Miniduke

RedOctober

Icefog

Winnti

Kimsuky

TeamSpy

2014

Epic Turla

CosmicDuke

Regin

Careto / The Mask

Energetic Bear / Crouching Yeti

Darkhotel

2015

Desert Falcons

Hellsing

Sofacy

Carbanak

Equation

Naikon

Animal Farm

Duqu 2.0

ProjectSauron

Saguaro

StrongPity

Ghoul

Fruity Armor

ScarCruft

2016

Poseidon

Lazarus

Lurk

GCMan

Danti

Adwind

Dropping Elephant

Metel

In teoria… lineare:

Recon & Testing Penetration Propagation Execution Incident

ATTACCO:

TEORIA VS REALTA’

7

ATTACCO:

TEORIA VS REALTA’

Recon & Testing Incident

Propagation 1 – E-mail

Penetration 2 – Watering hole Propagation 2 – Network

Penetration 1 – Attached exploit Execution – Local

Execution – Remote

In realtà… molto più complesso e non lineare:

HIPS e Personal Firewall

System watcher

Automatic Exploit Prevention

Cloud-based protection

Heuristic scanning

PROTEZIONE MULTI-LIVELLO La miglior sicurezza possibile– Kaspersky Lab’s

Protezione leader di settore contro minacce conosciute, sconosciute e avanzate

Signature-based protection

Potente protezione multi-livello da tutte le forme di cyberminacce

CONOSCIUTE

SCONOSCIUTE

AVANZATE

KASPERSKY ENDPOINT SECURITY

Kaspersky Security Network (KSN) Componenti

di protezione

Componenti

di controllo

Encryption

VULNERABILITÀ: IL FATTORE UMANO

Immagine http://www.jklossner.com/

SOCIAL MEDIA, EFFETTI SUL MONDO

VIRTUALE/REALE

Fonte usatoday.com

Password debole

PASSWORD IN DIRETTA TV – TV5Monde

Fonte euronews.com

Divulgazione di dati

EQUILIBRIO TRA SICUREZZA ED

EFFICIENZA

Immagine http://www.jklossner.com/

L’APPROCCIO CORRETTO

Metodo classico

Bassa efficacia

Non misurabile

• Misurabile, efficace e continuativo

• 93% probabilità di applicare le conoscenze durante il

lavoro di ogni giorno

• 90% diminuzione degli errori

Metodo interattivo

Istruzione erogata tramite presentazioni periodiche,

infografiche, esercitazioni in stile compito in classe e

correzioni manuali

L’APPROCCIO CORRETTO

Conoscenza

Comportamenti Motivazione

• L’approccio che proponiamo è persuasivo e

misurabile.

• Si basa su 3 livelli - Conoscenza, comportamento,

motivazione

TEMATICHE DI SICUREZZA

Anti-Phishing Phil

Learn how to spot phishing attacks

by identifying fraudulent URLs

Anti-Phishing Phyllis

Learn how to recognize phishing

emails by identifying red flags

Data Protection and

Destruction

Use portable storage safety and

properly discard sensitive data

Email Security

Learn to identify phishing emails,

dangerous attachments, and other

email scams

Mobile Device Security

Use important physical and technical

safeguards to protect your devices

and your data

PII

Protect confidential information about

yourself, your employer and your

customers

Passwords

Learn how to create and manage

strong passwords

Physical Security

Learn how to protect people and

property

Protected Health

Information (PHI)

Learn why and how you should safe-

guard Protected Health Information

Safe Social Networks

Learn how to use social networks

safely and responsibly

Safer Web Browsing

Stay safe on the Internet by avoiding

risky behavior and common traps

Security Beyond the

Office

Avoid common security mistakes

while working at home or on the road

Security Essentials

Recognize security issues commonly

encountered in daily job

Social Engineering

Recognize and avoid social

engineering scams

URL Training

Learn how to spot fraudulent URLs

Mobile App Security

Learn how to judge the safety of

mobile apps

PCI DSS

Recognize warning signs and

improve security of credit card data

Security Essentials –

Executives

Recognize and avoid threats met by

senior managers at work and at home

Protecting Against

Ransomware

Learn to recognize and prevent

ransomware attacks

USB Device Safety

Protect yourself, data, and systems

when using USB devices

GRAZIE