next-generation networking and advanced cyber security ... · next-generation networking and...
TRANSCRIPT
www.khipu-networks.com
© 2018 Khipu Networks Limited. All Rights Reserved.
JISC CYBER SECURITY POSTURE SURVEY 2018Next-Generation Networking and Advanced Cyber Security
GOAL: ZERO VULNERABILITY INFRASTRUCTURE
www.khipu-networks.com
© 2018 Khipu Networks Limited. All Rights Reserved.
Phishing Risk Reporting Services ExampleCyber Attacks - Reduce Your Risk
www.khipu-networks.com
© 2018 Khipu Networks Limited. All Rights Reserved.
Do you know what is connected and how secure on your Network?
Endpoints
Do you know where you stand with vulnerabilities on your Network?
Infrastructure
Is your security systems coping with it should be doing?
Perimeter Security
What are your risks to phishing attacks?
Users
Zero Vulnerability Infrastructure
Cloud ServicesPrivate, Public and Site Connectivity
www.khipu-networks.com
© 2018 Khipu Networks Limited. All Rights Reserved.
Cyber Security LandscapeNext-Generation Networking and Advanced Cyber Security
www.khipu-networks.com
© 2018 Khipu Networks Limited. All Rights Reserved.
• Founded in 2005 & privately owned
• Identified the need for secure network access “BYOD”
• UK/I, SA & international coverage
INTERNATIONAL CYBER SECURITY COMPANY
• Round the clock network & security operation services
• Pro-active support “KARMA” & managed services
• Project, service delivery & account management teams
OUTSTANDING CUSTOMER SATISFACTION
• Customer references across all sectors
• Year on year growth
• Over 500 customers globally
PROVEN BUSINESS
• Quality assured: ISO9001, 27001, 14011 & OHSA 18001
• Highest partner, support & technical accreditations
• Extensive investment in training & development
CERTIFIED TO DELIVER
Who are we?Next-Generation Networking and Cyber Security
www.khipu-networks.com
© 2018 Khipu Networks Limited. All Rights Reserved.
Direct Award Procurement
Single Supplier Frameworkwww.jisc.ac.uk/vulnerability-assessment-and-information-service
Jisc Vulnerability Assessment & Information Service
Single Supplier Frameworkwww.jisc.ac.uk/simulated-phishing-and-associated-training
Jisc Simulated Phishing & Associated Awareness
Single Supplier FrameworkPreferred Supplier
Jisc Routing & Switching Framework Lot 9 - Palo Alto Networks
Lot 1: HPE Aruba Networks - WiFi, Wired & SecurityLot 10: Infoblox - DDILot 10: Alcatel-Lucent - WiFi & Wired
Jisc Routing & Switching Framework Lots
Next-Generation Networking and Advanced Cyber Security
www.khipu-networks.com
© 2018 Khipu Networks Limited. All Rights Reserved.
Real-life statisticsCyber Attacks - Reduce Your Risk
60%
21%
85%
66%
25%
Increase in phishing attacks
Emails get through spam filters
Have suffered a phishing attack
Have suffered a spear-phishing attack
Have been successfully phished Q4 2017 Q3 2018 24
0%
in
cre
ase300,000
150,000
0
New phishing websites
The number one vehicle for ransomware attacks & malware
Phishing attacks
The most effective way to deliver malware
Email attachments
The 3rd most effective way to deliver malware
Email web-links OPENED
30%
www.khipu-networks.com
© 2018 Khipu Networks Limited. All Rights Reserved.
Endpoints
PC’s, Laptops,
Mobile & BYOD
Applications
Email, CRM, office, SaaS
& specific apps
Infrastructure
Network, security &
systems
User
Staff, Visitors &
Contractors
Typical EnvironmentCyber Attacks - Reduce Your Risk
Financial Loss
Confidential Data leakage (personal & business) Crippled IT systems & operations
Damage to reputation - blacklisting, bad press
Fines from ICO
COMPLETE DISRUPTION TO YOUR ORGANISATION
Accountability, stress & frustration
www.khipu-networks.com
© 2018 Khipu Networks Limited. All Rights Reserved.
CYBER RISK: phishing
Goal To understand your risk to phishing attacks to implement
sufficient staff training and cyber security enhancements
Findings and Best Practice Report
• On-going assessments & training plans to measure improvement
Advanced Endpoint Protection
• Protecting the endpoint from downloading mal/ransomware
• For key mission critical services & high-value hosts/users
Credential Theft Protection
• Protecting the user from sharing confidential information via
phishing websites
Best Practise Email Configuration
• Email configuration: SPF, DKIM and DMARC
OutcomeFindings and best practice recommendations including risk
assessment and training plans, with a strategic alignment
between the customer and KHIPU:
Endpoints
PC’s, Mobile, IoT,
Operations & BYOD
User
Staff, Visitors &
Contractors
FocusSimulated phishing attacks to assess how users react to
phishing emails / websites and provide user awareness training
services on cyber security
Next-Generation Networking and Advanced Cyber Security
www.khipu-networks.com
© 2018 Khipu Networks Limited. All Rights Reserved.
In the pressCyber Attacks - Reduce Your Risk
SPEAR PHISHING ATTACK
www.khipu-networks.com
© 2018 Khipu Networks Limited. All Rights Reserved.
Sophisticated Real-life Phishing
Attacks
Cyber Attacks - Reduce Your Risk
www.khipu-networks.com
© 2018 Khipu Networks Limited. All Rights Reserved.
Phishing Vulnerability Risk AssessmentCyber Attacks - Reduce Your Risk
USERS• Do they open phishing emails, how many?• Do they share confidential information via a website, how many?
IDENTIFY YOUR VULNERABILITIES TO PHISHING ATTACKS - “RISK FACTOR”
INFRASTRUCTURE• Are email systems, spam, firewalls identifying & blocking phishing attacks?• Are they capable of or been configured properly to protect your organisation?
PROCESSES• How does the organisation (users, IT helpdesk teams etc) react?• Are your processes including awareness inductions effective?
DEVICES• What operating systems and web browsers (incl. plug-ins) are being used?• Are they sanctioned by your organisation, are they up to date, are they vulnerable?
LAYER OF DEFENCE
FIRST
LAST
USERS
www.khipu-networks.com
© 2018 Khipu Networks Limited. All Rights Reserved.
Simulated Phishing ServicesCyber Attacks - Reduce Your Risk
EMAILS• Customised to meet customer requirements &
scenarios • Link to phishing website
• Download an attachment (PDF, .doc, .xl etc)
WEBSITE• Customised web pages incl. domain, intranet, website• Capture different types of information to test users• Drive-by attack (BEEF)
OPTIONS• SMS (smishing) attack: Personal or business details• USB malware attack• Ransomware simulation
• Vishing (social engineering)*
DEDICATED SERVICE DELIVERY TEAMProject management
Cyber security specialistsAccount managers
www.khipu-networks.com
© 2018 Khipu Networks Limited. All Rights Reserved.
Awareness Training ServicesCyber Attacks - Reduce Your Risk
EMAILS• The simulation; why, the risks, what to do (customisable)• Link to education awareness landing page
WEBSITE & CONTENT• Customisable education page to raise awareness• What is phishing, what to do, top tips, video, quizzes (recorded)• Facts, statistics, glossaries, Infographics, how to protect
• Video awareness library (incl. customised video)
TRAINING “CYBER SECURITY 101”• Classroom-based:
Work & home life phishing & CS awareness• Onsite (no limitation to attendees), offsite or virtual*
• Cyber security best practise workshops (onsite)
DEDICATED SERVICE DELIVERY TEAMProject management
Cyber security specialistsAccount managers
www.khipu-networks.com
© 2018 Khipu Networks Limited. All Rights Reserved.
Awareness Training ServicesCyber Attacks - Reduce Your Risk
DEDICATED SERVICE DELIVERY TEAMProject management
Cyber security specialistsAccount managers
EMAILS• The simulation; why, the risks, what to do etc (customisable)• Link to education awareness landing page
WEBSITE & CONTENT• Customisable education page to raise awareness• What is phishing, what to do, top tips, video, quizzes (recorded)• Facts, statistics, glossaries, Infographics, how to protect
• Video awareness library (incl. customised video)
TRAINING “CYBER SECURITY 101”• Classroom-based:
Work & home life phishing & CS awareness• Onsite (no limitation to attendees), offsite or virtual*
• Cyber security best practise workshops (onsite)
www.khipu-networks.com
© 2018 Khipu Networks Limited. All Rights Reserved.
Reporting ServicesCyber Attacks - Reduce Your Risk
PHISHING CAMPAIGN ASSESSMENT• Opened emails, clicked links & compromised users• Observations on infrastructure if email / website accessible• Device OS, browser & plug-in inventory w/ vulnerability &
security flaw assessment
AWARENESS CAMPAIGN ASSESSMENT• Education awareness training landing page activity• Who watched the video• Who carried out the quizzes; results & times
CAMPAIGN RESULT ANALYSIS• Comparison of the phishing & awareness campaign results• Observations on user awareness improvements w/ ROI• Statistics; enabling the customer to accurately track success
• Per user statistics report w/ repeat offender statistics
BEST PRACTISE RECOMMENDATIONS• Detailing the “risk factor” of attacks to the organisation
• Users, Processes, Infrastructure & Devices• Improvement plans for (targeted) phishing & awareness campaigns
• Infrastructure: Optimal configs / replacement solutions
www.khipu-networks.com
© 2018 Khipu Networks Limited. All Rights Reserved.
KHIPU are competent trainers, who kept the audience attentive and interested. The content was pitched
at a relevant level and had more than enough ‘food for thought’. The feedback that I had from the
attendees was very positive and all felt the course worthwhile. As an employer, I also feel that this
education will really help reduce the risk of an employee inadvertently compromising our network and
they can no longer say that no-one told us. Very highly recommended.
Chris Adcock
Chief Finance Officer - Duchy of Lancaster
ANY QUESTIONS?
www.khipu-networks.com
© 2018 Khipu Networks Limited. All Rights Reserved.
THANKS FOR WATCHING
[email protected] @KhipuNetworks Khipu Networks
www.khipu-networks.com