sholove cyber security 101 28 june 2015

Sholove International LLC. “Extend Your Reach!”

Youth Renewal www.sholove.comResume Services www.sholove.netCloud & Mobile Services www.sholove.org

Your Logo

http://www.sholove.com/

http://www.sholove.net/

http://www.sholove.org/

About Us

Offerings

Technology Partners

Platform

Offering Features

5

4

3

2

1

June 2015

2www.sholove.com / www.sholove.net / www.sholove.org




Our purpose at Sholove is to leverage our business

platform to provide leadership and direction to young

adults who have lost parents. Having lost my parents as a

teen, I realize the challenge of discovering one’s identity

and moving forward in the face of this great loss.

June 2015

3 www.sholove.com / www.sholove.net / www.sholove.org




Since founding Sholove International in April 2011, it has

been my goal to share my experiences, good and bad,

with struggling teens and offer support through Youth

Renewal Initiatives by providing technology training and

employment assistance.

It is our purpose to reinvigorate the lives of these young

adults through Sholove.

James Love

Founder & President

Sholove International, LLC.

About UsPlatform

June 2015





“Layered” Cyber Security

Between 2013 and 2017,

Smartphone

Sales are projected to grow by 71%

Mobile Device Protection

Data traffic in 2016

expected to be

delivered over Wi-Fi is 78%

Wi-Fi Protection

Adoption of BYOD

projected to reach

65% by 2016

3

Enterprise Mobile Protection

SHOLOVE Cyber Security

Three Questions

We Must Ask Ourselves:

1. Do you own one or more mobile

devices?

2. Do you connect these devices to

public or private WiFi networks?

3. Do you leave your device on at night

while charging?

2

1

www.sholove.com / www.sholove.net / www.sholove.orgJune 2015

5




Layered Cyber Security

• The ability to combine multiple security controls to protect

infrastructure and data.

– The term “Layered Defense” was first established by the Armed Forces as a

strategy to resist rapid penetration

• The information assurance use of the term "defense in depth"

assumes more than merely technical security tools deployment - it

also implies:

– Policy and operations planning

– User training

– Physical access security measures and

– Direct information assurance personnel involvement in dealing with attempts to

gain unauthorized access to information resources.

What Is Layered Security

Otherwise Known As “Layered Defense”

June 2015





U.S. Nuclear Regulatory Commission (NRC)

Unknown hackers, including foreign hackers, used phishing, targeted e-mails, and

malware in a portable document format (pdf) file in the attacks on the NRC computers.

Fannie Mae

Fannie Mae Website, Aug 2013–early 2014.

A former Fannie Mae information technology contractor used his credentials to hack a

government website operated by Fannie Mae and disable features on the website.

Internal Revenue Service (IRS)

• IRS, April 2014. An April 2014 Government Accountability Office (GAO) report found

the IRS had “not always effectively implemented access and other controls to protect

the confidentiality, integrity, and availability of its financial systems and information.”

– The GAO concluded that financial and taxpayer information remained vulnerable to

unauthorized access or threat.

– The IRS failed to install and update security patches, monitor database controls, and restrict

mainframe access.

Why Is Layered Security Important Examples Of Events Over The Past 24 Months


7




DOD Systems, October 2012–January 2013

Connected to the hacker group Anonymous infiltrated multiple Army systems by exploiting a flaw in

Adobe’s ColdFusion software, which had not been updated with the latest security patches. The

targets included:

• The Army Network Enterprise Technology Command Center where hackers gained access to the personal

information of over 1,000 individuals.

• The Army Materiel Command in which they accessed non-public data including competitive acquisition bids.

• The Army Corps of Engineers server from which the hackers stole non-public information on natural resource

management and the personal information of thousands of individuals from the Corps in Vicksburg,

Mississippi.

• The Plans and Analysis Integration Office in which the hackers accessed defense program budgeting data, among

other materials.

• The Fort Monmouth Army Corps Engineer Research and Development Center where the hackers obtained

classified Army Corps documents, including plans for the demolition and disposal of military facilities. The center

was attacked again two months later by the same hackers who used the same vulnerabilities to access massive

amounts of personal, command, control, and intelligence data.

• The Army War College’s Strategic Studies Institute in which the hackers accessed unspecified data multiple times

over several months.

• The Missile Defense Agency from which the hackers stole the personal information of over 4,000 individuals.

Why Is Layered Security Important Examples Of Events Over The Past 24 Months


8




Defense Industries - Su Bin, a 49-year-old Chinese national, was indicted for

hacking defense companies such as Boeing.

Between 2009 and 2013, Bin reportedly worked with two other hackers in an

attempt to steal manufacturing plans for defense programs, such as the F-35

and F-22 fighter jets.

Healthcare.gov

August 2014 - An unknown hacker breached the HHS server and placed

malicious software on it in July 2014. The breach was discovered in August

2014.

Damage…. An original underestimate of information has resulted in a minimum

(recent) estimate of more than 32 million people affected!

Why Is Layered Security ImportantExamples Continued:


9




Cyber Attacks on U.S. Companies in 2014

• The spate of recent data breaches at big-name companies such as

JPMorgan Chase, Home Depot, and Target raises questions about the

effectiveness of the private sector’s information security

• According to FBI Director James Comey, “There are two kinds of big

companies in the United States --- those who’ve been hacked…and those

who don’t know they’ve been hacked.”

• Average cost of cyber-crime for U.S. retail stores more than doubled from

2013 to an annual average of $8.6M per company in 2014.

• Annual average cost per company of successful cyber-attacks increased to

– $20.8M in financial services

– $14.5M in the technology sector

– $12.7M in communications industries.

Why Is Layered Security ImportantCyber Hacking – Public and Private


10




• This includes only cyber-attacks that have been made known to the public.

• Most companies encounter multiple cyber-attacks every day, many

unknown to the public and many unknown to the companies themselves.

• January 2014

– Target (retail). In January 2014, Target announced an additional 70 million

individuals’ contact information was taken during the December 2013 breach, in

which 40 million customer’s credit and debit card information was stolen.

– Yahoo! Mail The e-mail service for 273 million users was reportedly hacked in

January, although the specific number of accounts affected was not released.

• April 2014

– AT&T (communications). For two weeks AT&T was hacked from the inside by

personnel who accessed user information, including social security

information.

Why Is Layered Security ImportantCyber Hacking – Public and Private


11




• May 2014

– eBay (retail). Cyber-attacks in late Feb and early March led to the

compromise of eBay employee log-ins, allowing access to the contact

and log-in information for 233 million eBay customers.

• eBay issued a statement asking all users to change their passwords.

– Five Chinese Nationals were indicted for computer hacking and

economic espionage of U.S. companies between 2006 and 2014.

• Targeted companies included: Westinghouse Electric (energy & utilities),

U.S. subsidiaries of SolarWorld AG (industrial), United States Steel

(industrial), Allegheny Technologies (technology), United Steel Workers

Union (services), Alcoa (industrial)

– Unnamed public works (energy and utilities). According to DHS, an

unnamed public utility’s control systems were accessed by hackers

through a brute-force attack on employee’s log-in passwords.

Why is Layered Security ImportantCyber Hacking – Public and Private


12




• June 2014– Feedly (communications). 15 million users were temporarily affected by three

distributed denial-of-service attacks.

– P.F. Chang’s China Bistro (restaurant). Between Sep 2013 and Jun 2014, credit and debit

card information from 33 restaurants was compromised and reportedly sold online.

• August 2014

– U.S. Investigations Services (services), a subcontractor for federal employee

background checks, suffered a data breach in Aug, which led to the theft of

employee personnel information. Although no specific origin of attack was

reported, the company believes the attack was state-sponsored.

• September 2014

– Home Depot (retail). Cyber criminals reportedly used malware to compromise

the credit card information for 56 million shoppers in 2,000 U.S. & Canadian

outlets.

– Google (communications). Reportedly, 5 million Gmail usernames and

passwords were compromised; ~100,000 released on a Russian forum site.

Why is Layered Security ImportantCyber Hacking – Public and Private

www.sholove.com / www.sholove.net / www.sholove.org

June 2015

13




• September 2014 continued– Apple iCloud (technology). Hackers reportedly used passwords hacked with brute-force

tactics and third-party applications to access Apple user’s online data storage, leading to

the subsequent posting of celebrities’ private photos online.

• It is uncertain whether users or Apple were at fault for the attack.

– Goodwill Industries International (retail). Between Feb 2013 and Aug 2014,

information for roughly 868,000 credit and debit cards was reportedly stolen

from 330 Goodwill stores.

• Malware infected the chain store through infected third-party vendors.

• October 2014

– J.P. Morgan Chase (financial). An attack in June was not noticed until August.

The contact information for 76 million households and 7 million small

businesses was compromised.

• The hackers may have originated in Russia and may have ties to the

Russian government.

Why is Layered Security ImportantCyber Attacks – Public and Private


14




• As cyber-attacks on retail, technology, industrial companies, and

personal security increase, so does the importance of cybersecurity.

• Companies and their customers need to secure their data from

– Brute-force attacks on networks

– Malware compromising credit card information

– Disgruntled employees sabotaging their companies’ networks from the

inside

• To improve the private sector’s ability to defend itself, we need to:

– Create a safe legal environment for sharing information.

– Work with International partners.

– Encourage cyber protective “Layers.”

Why is Layered Security ImportantSecuring Information

www.sholove.com / www.sholove.net / www.sholove.org

June 2015

15




• The recent increases in the rate and the severity of cyber-attacks on

U.S. companies indicate a clear threat to businesses and

customers.

• As businesses and consumers come to terms with the increasing

threat of hackers, instituting the right policies is critical to harnessing

the power of the private sector.

• In a cyber-environment with ever-changing risks and threats, the

government needs to do more to support the private sector in

establishing sound cybersecurity while not creating regulations that

hinder businesses more than help them.

Why is Layered Security ImportantConclusion


16




• “Most companies don’t fully understand or address their security

risks,” per the 2014 U.S. State of Cybercrime Survey.

– A mere 38 percent of the companies polled are capable of prioritizing security

spending based on the risk it presents to businesses and customers.

– “Most US organizations’ cybersecurity capabilities do not rival the persistence

and technological skills of their cyber adversaries.”

• Online computer hackers have infiltrated and exposed the personal

information of 110 million Americans – nearly half of the US adult

population - over the last year alone, according to an alarming

new report.

• The study, by researchers at the Ponemon Institute which measures

data collection and information security in the public and private

sectors – determined the number of hacked accounts belonging to

those individuals was ~432 million.

Cyber Criminals… “Winning!”The Layer That Matters Most


17




• Many of the people victimized may have inadvertently made

available to hackers their names, debit or credit card

information, email addresses, phone numbers, birthdates,

passwords, security questions, and possibly their physical

home addresses, according to CNN Money.

• Snapchat admitted five million user accounts were hacked

– 33 million Adobe users' credentials also taken along with

more than three million stolen debit and credit card details

Cyber Criminals… “Winning!”The Layer That Matters Most

Half of All U.S. Adults Hacked in the Last 12 Months


18




Sholove

Layered Security

A ”Shift” in focus must occur with

our increase of adoption of Wi-Fi

Networks.

Our protection of these networks

must include:

• Social Media Applications –

FB, Twitter, Linked In

• Production Based

Applications – Office 365,

Google Apps, SF

• Collaboration Applications –

WebEx, Skype, Google Talk

• File Sharing Applications –

Box, DropBox, SkyDrive

• Streaming Media

Applications – Youtube,

Vimeo, Google Video

Layered ProtectionWi-Fi

• With the increase in both

personal adoption and

connectivity points, it has

become the most compelling

reason to focus on device

protection both personal and

business!

• Whether traveling across

town, to and from work or

across country...our ability to

have every device covered

with a ”Layer” of protection will

decrease our chance of having

our data compromised.

• All traffic should have rules to

route internet traffic through a

secured VPN or we allow

personal hackers to consider

you as an ”Easy Hack!”

Layered Protection Mobile

Corporate owned devices present

a tough enough challenge in the

Marketplace, now consider a

change in strategy...The

increasing growth of BYOD. BYOD more than ever drives an

additional need for ”Layered” control

of the company data shared onto

someone’s personal device. The

challenge includes the ability to:

• Control the amount of protected

info to be shared with an employee

• Increase security and compliance

• Reduce costs related to sharing

company information

• Increase productivity while

maintaining employee satisfaction

• Provide ”Clean Wipe” tools to

protect company info when devices

are lost or stolen

Layered Protection Enterprise

321

June 2015





Phone: 844.880.LOVE (5683)

877.572.8971

480.553.9709

Email: [email protected]

Youth Renewal Programs

Employment Services

Cloud & Mobile Cloud Technology

Sholove International LLC.How We Can Be Reach


20

mailto:[email protected]




THANK YOU!

877.572.8971 Youth Renewal / Resumes

866.357.8417 Cloud & Mobile Services


21


