Cyber Security Vital For All - mergedfutures.com Securit… · NFIB50A Computer Virus/ Malware/Spyware 166 NFIB51A Denial of Service Attack 4 NFIB51B Denial of Service Attack Extortion

Cyber Security – Vital For All

www.northantspfcc.org.uk

A bit about me…

Heather Cowley

Digital Delivery & Cyber Engagement Manager

Office of the Northamptonshire Police, Fire &

Crime Commissioner

Member of Digital Northampton #TechWomeNN

Twitter @HthrCowley


Aim and Agenda

Provide an overview of Cyber Security and why it is important

for everyone to understand and play a role.

• What is Cyber Security?

• Common Cyber Threats and where they come from

• Facts, figures and statistics

• Common Cyber Misconceptions

• Practise Scenarios

• Tools, Resources and further information


What is Cyber Security?

Cyber Security protects our most sensitive information.


What is Cyber Security?

• Data Encryption, Data access control technologies and policies

Data Security

• Firewalls, Appliance hardening, Intrusion Detection Systems (IDS), Security incident and Event management (SIEM)

Network Security

• Policies and Access/Admin control

Application Security

Cyber Security is broken down in to three areas:

Cyber crime is any crime that involves a computer. Often broken down in

to cyber-enabled (crime that involves the use of technology) or cyber-

dependent (relies on a computer to commit).


Common Cyber Threats• Viruses/Malware – malicious software installs itself on

your device including mobile devices

• Trojans – infected under false pretences

• Ransomware – encrypts the end user system

• Denial of Service (DOS) – demand overload on system

• Phishing – tricks the user in to disclosing confidential

information or clicking malware link

• Man in the Middle (MitM) – communications are intercepted

by an attacker

• Advanced Persistent Threat (APT) – penetrates and lurks

undetected inside a network


Where do the threats come from?

Cyber threats come from a variety of places, people and contexts:

IndividualsOrganised Criminal Groups

Scammers

Nation State TerroristsIndustrial

Spies

Unhappy Insiders

Business Competitors

Cyber criminals are opportunistic, prey on weakness and are after

something you have.


Facts and figures

94% of malware is delivered via email

34% of data breaches involve internal actors

Hackers attack every 39 seconds which equates to

2,244 times a day worldwide

65% of attackers use spear-phishing as the primary infection

vector

48% of malicious email attachments are office

files (Word, Excel etc)


The last 6 months….


They adapt….


Northamptonshire Statistics

Counting code Type of Cybercrime Reported Occurrences

NFIB50A Computer Virus/ Malware/Spyware 166

NFIB51A Denial of Service Attack 4

NFIB51B Denial of Service Attack Extortion 1

NFIB52A Hacking - Server 5

NFIB52B Hacking - Personal 49

NFIB52C Hacking - Social Media and Email 154

NFIC52D Computer Hacking - PBX/Dial through 1

NFIB52E Hacking (Extortion) 38

NFIB3E Computer Software Service Fraud 198

NFIB1A/NFIB1H/NFIB3A/NFIB3B/NFIB5D/NFIB90

“419” Advance Fee Fraud/Advance Fee Fraud/Online Shopping and Auctions/Consumer Phone Fraud/Mandate Fraud/Other Fraud

120

Over the last 12 months, there have been 961 reported occurrences of

cybercrime within Northamptonshire.


Common Cyber Misconceptions

For Individuals….

• Cyber Security is a technology issue

• My data is not valuable

• Cyber-attacks come from the internet

• New software and devices are

secure when I buy them

• I have anti-virus

• I just need a strong password

• I will know if my computer is infected

For Business….

• I have a supplier that deals with

that

• I have insurance

• Digital and physical security are

separate

• My IT department does that

• Its too expensive


You can protect yourself by...

Install an Antivirus or Internet Security Suite

Use Strong Passwords/Passphrases

or MFA

Update your Operating Systems, software and

mobile apps

Manage your Social Media Settings

Talk with your kids, use tools to protect them and

keep a watch on their activities

Check major security breaches

Conduct a Penetration Test

Train Your Employees


WARNING!!

Do not attempt to look up, use or copy any of the links,

email addresses or phone numbers in the following Cyber

Threat scenarios.

These are malicious and may cause harm to your device!


Cyber Threat Scenario 1

Look at the information in the picture and answer the questions below:

• What type of Cyber attack could this be?

• What action should you take?

• Could you mitigate against this?




Cyber Threat Scenario 1• What type of Cyber attack could this be?

This is a phishing scam, that could lead to Customer Service Software Fraud, if the

link in the email was clicked.


1. Don’t panic

2. Check the sender address – do you recognise it?

3. Ignore any logos or icons in the email and read the body of the message – are

there spelling mistakes or bad grammar?

4. Hover over any links to see the address that it would take you to – DO NOT

CLICK


1. You can report the email to Microsoft, the easiest way to do this is to use the

‘Report It’ add on to Outlook.

2. You can ignore the email and delete it



Look at the information within the picture and

answer the questions below:









This is a smishing scam, a form of phishing through SMS text messages.


1. Don’t panic

2. Check the sender phone number – do you recognise it?

3. Read the message – do you have an O2 contract?

4. DO NOT CLICK on any links or phone the number it has been sent from!


1. You can report the text message to the company it purports to come from.

2. You can ignore the text message and delete it



Look at the information in the picture and

answer the questions below:









Cyber Threat Scenario 3• What type of Cyber attack could this be?

This is a phishing scam. The link could provide a gateway to a variety of threats,

such as viruses/malware by ‘drive by download’ or stolen credentials/identity theft.


1. Don’t panic

2. Check the sender address – do you recognise it?

3. Ignore any logos or icons in the email and read the body of the message – are

there spelling mistakes or bad grammar?

4. Hover over any links to see the address that it would take you to – DO NOT

CLICK


1. You can report the email to HMRC.

2. You can ignore the email and delete it



Which of these websites is the real one?

A

B



A B


Ensure the following:

1. Type in the website address and use a trusted source

2. Be wary of clicking on any advertisement links from websites.

3. Look up the domain age at https://whois.domaintools.com

4. Watch for poor grammar and spelling

5. Look for reliable contact information

6. Have a quick search online for reviews of the website


https://whois.domaintools.com/


Tools, resources and further information

• Action Fraud – https://www.actionfraud.police.uk/

• National Cyber Security Centre – https://www.ncsc.gov.uk/

• Cyber Aware – https://www.ncsc.gov.uk/cyberaware/home

• Get safe online – https://www.getsafeonline.org/

• No More Ransom – https://www.nomoreransom.org/en/index.html

• Northamptonshire Cyber Protect Officers Twitter – @NorthantsCyber

• Have I been pwned? - https://haveibeenpwned.com/

• Information is beautiful - https://informationisbeautiful.net/

https://www.actionfraud.police.uk/

https://www.ncsc.gov.uk/

https://www.ncsc.gov.uk/cyberaware/home

https://www.getsafeonline.org/

https://www.nomoreransom.org/en/index.html

https://www.haveibeenpwned.com/

https://informationisbeautiful.net/


Cyber Security Forum

Meet monthly to drive engagement between police and business on

cyber matter within the county

• Share best practise and guidance

• Raise awareness of the cyber threat landscape

• Informal support network

Email: [email protected]

mailto:[email protected]


A Request……

Take one piece of information from this

session and tell someone about it


Questions?

Documents

Cyber Security Vital For All - mergedfutures.com Securit… · NFIB50A Computer Virus/ Malware/Spyware 166 NFIB51A Denial of Service Attack 4 NFIB51B Denial of Service Attack Extortion