We're All Human
Types of Threats
Cyber Business
The Keys to the Castle
Don't Get Hooked
Just the Fact
100
This is the percentage of data breaches that a study from IBM attributes to human error
What is 95%?
Due to alert fatigue, actual fatigue, dispersed workforce
100
Technology used to send emails that appear to come from a trusted user
What is email spoofing?
100
This is the business model where criminals with little or no technical expertise access an increasingly sophisticated marketplace to stage an attack with ease.
What is Cybercrime-as-a-Service (CaaS)?
Includes RaaC; Randsomeware-as-a-Service
Buying/selling credentials, renting infrastructure "space", selling exploit kits
100
Four things all passwords should include.
What are Upper case, lower case, number, special characters?
Password phrases are much more difficult to compromise; ex. "I graduated in 2001"=!Gi2001 OR !Gradi2001
100
A text message like this one is designed to get PII (Personally identifiable information) from the recipient
What is a smishing scam?
100
These industries were the top 3 targets of cyber security events in 2022
What are health care, financial services and retail
However, the majority of these breaches involved a 3rd party, supply chain vendor breach.
200
What are 3 things you do not share online?
What are your...
1. Password
3. Address
3. Phone number
4. Birthdate
5. Social Security Number
200
This manipulation technique exploits human error to gain private information, access to restricted systems, or valuable data.
What is social engineering?
Lean on current events (Ukraine, COVID, disaster relief), time-of-year (holiday shopping and shipping), virtual education platforms
200
These modern convenience items make daily life easier for the user but also for cyber criminals, due to the fact that their default settings are frequently left unchanged.
What are the Internet of Things (IoT)?
Manufactures focus on functionality and affordability rather than security.
200
A password attack that tries every possible combination of letters and numbers
What is Brute Force?
200
In the email pictured here, this piece of information indicates that this email is suspicious.
What is the sender email address, obtained by hovering over what appears to be a legitimate sender.
200
The demands in this type of cyber incident increased 144% in 2021
What is ransomware?
300
The activity you are currently engaged in is one of the best ways to minimize the element of human error in cyber crime.
What is Security Awareness Training?
More technology does not replace vigilant employees
300
This major wireless communications provider disclosed that a hacker had accessed a trove of personal data for 37 million of the company's customers. A bad actor apparently had access to customer data from November 25, 2022, until the company discovered the intrusion on January 5, 2023. The stolen data includes a customer's name, billing address, email, phone number, date of birth, account number and information such as the number of lines on the account and plan features.
Who is T-Mobile?
300
This popular family of productivity software has seen an dramatic increase in malware attacks due to it's popularity and misconception that developer provides adequate anti-viral/anti-malware security.
What is Microsoft 365?
300
This is the process of requiring a second form of identification to log into a system, after providing a valid password. Often this is a physical attribute (fingerprint or face id) or one-time passcode sent via separate application or text.
What is Multi-factor or 2-Factor authentication?
300
A claim that there is a "problem" with your account, or a request to "verify your identity", update personal information such as password, credit card, social security or bank account numbers like the one shown here
What are examples of a phishing email?
300
This percentage of a company's data is usually recovered after a ransomware attack
What is 65%?
Blackmail techniques are also being leveraged - threat of releasing sensitive data
400
The policy of limiting employee access to files, based on job function, is call this. The main concept is "never trust, always verify".
What is Selective Access or Zero-Trust policy?
400
The increase in the remote workforce caused a spike in cyber threats due in part to a lack of this policy in many companies
What is a BYOD policy?
This can and should address "shadow" IT solutions that individuals use on devices connected to the network.
400
This type of threat appears to be from a trusted source such as a supervisor, can take the form of fraudulent wire transfer directions, bogus invoices, attorney impersonation, bank account misdirection, or socially engineer emails such the one shown here
Business Email Compromise?
400
Scammers use this tactic of registering a common misspelling of another organization's domain to steal a user's personal information.
What is Typo Squatting?
400
This type of phishing campaign targets C-suite executives
What is "whaling"?
400
This cost an average of $4.35M in 2022, including loss of productivity, reputational harm, erosion of client trust, not to mention monetary demands and remediation costs.
What is a data breach?
Up to $5.1 M when the majority of the workforce is remote.
500
This type of phishing attack targets specific individuals by exploiting information gathered through research on such platforms as social media accounts and company websites?
What is spear phishing?
Answers to security questions and passwords can also be obtained.
500
According to the August 2022 Threat Trends & Intelligence Report from Fortra's Phish Labs, attacks on these type platforms increased 102% YOY from 2021 to 2022.
What is a social media?
500
Misinformation generated by this infantile (9 month old) technology can be used by cybercriminals to manipulate individuals or organizations for malicious purposes.
What is ChatGPT?
Can be used to write malware code, produce false content, develop fraudulent services, disclose private data
500
This is the term given to the process of fixing code that proves to be a vulnerability in software.
Many developers release these fixes on an on-going basis, and the service of Remote Monitoring and Maintenance that DCNC provides helps keep your systems up to date.
What is patch management?
Threat actors predicted to focus on the following surfaces for the upcoming year
-remote desktop apps
-misconfigured web-based services
-legacy operating systems
-unpatched applications
-outdated browsers
500
This is what you should do if you receive an email notification like the one pictured below.
500
According to the Cybersecurity and Infrastructure Security Agency, this is the number of cybersecurity attacks reported to the Pentagon every day
What is over 300,000?