LATEST THREATS ON DIGITAL SECURITY (WORMS, ATTACKS, VIRUSES, FLAWS)

Santosh Satam, CEO SecurBay

Supported by In association with Presented by

Hotel Digital Security Seminar SEPT 19, 2014

Presented by

In association with

Supported by

Agenda

By X Events Hospitality (www.x-events.in) Hotel Digital Security Seminar & Webinar, Sept 19, 2014

2

Current Landscape

Hospitality Industry - Attack Vectors

How to Secure Yourself

Q&A

Presented by

In association with

Supported by

Current Landscape

By X Events Hospitality (www.x-events.in)

3

Hotel Digital Security Seminar & Webinar, Sept 19, 2014

Presented by

In association with

Supported by

Digital Universe is Growing

By X Events Hospitality (www.x-events.in)

4

Hotel Digital Security Seminar & Webinar, Sept 19, 2014

180 EB

2006 2008

2011

200 EB 1800 EB 44 ZB

2014

1 Exabyte=1 Billion GB

1 Zettabyte = 1 Trillion GB

Source IDC 2014

Digital Universe is huge and growing exponentially

Presented by

In association with

Supported by

Growth Drivers

By X Events Hospitality (www.x-events.in)

5

Hotel Digital Security Seminar & Webinar, Sept 19, 2014

Source:

http://thenextweb.com/apple/2012/01/25/there-are-now-more-

iphones-sold-than-babies-born-in-the-world-every-day/

371 K

Babies born per day

378 K

iPhones sold per day

Presented by

In association with

Supported by

Next Big Thing - IoT

By X Events Hospitality (www.x-events.in)

6

Hotel Digital Security Seminar & Webinar, Sept 19, 2014 Source IDC 2014

IoT consists of adding

computerization, software,

and intelligence to things as

varied as cars, toys, airplanes,

dishwashers, turbines, and

dog collars.

Presented by

In association with

Supported by

Is our information safe ?

By X Events Hospitality (www.x-events.in)

7

Hotel Digital Security Seminar & Webinar, Sept 19, 2014 Source IDC 2014

of the data that needs to be

protected is not protected

52%

DIGITAL

UNIVERSE

Data needing Protection:

• Corporate Data

• Medical Records

• User Account

Information

• Personal Identifiable

Information

Presented by

In association with

Supported by

The Numbers Don’t Lie

By X Events Hospitality (www.x-events.in)

8

Hotel Digital Security Seminar & Webinar, Sept 19, 2014

Source: http://online.wsj.com/news/articles/SB10001424052702303933404577504790964060610

76% of the US Companies had

a cyber security incident

reported in the last year

Presented by

In association with

Supported by

Attack Vectors for Hospitality Industry

Attack Vectors

By X Events Hospitality (www.x-events.in)

9

Hotel Digital Security Seminar & Webinar, Sept 19, 2014

Presented by

In association with

Supported by

Data Breach hit 14 Hotels

By X Events Hospitality (www.x-events.in)

10

Hotel Digital Security Seminar & Webinar, Sept 19, 2014

Source: http://www.cnbc.com/id/101396464#.

In 13 of the 14 cases, the malware

was in the credit and debit card

readers at the hotels' restaurants

and gift shops.

Presented by

In association with

Supported by

Keylogger Malware

By X Events Hospitality (www.x-events.in)

11

Hotel Digital Security Seminar & Webinar, Sept 19, 2014

Source: http://krebsonsecurity.com/2014/07/beware-keyloggers-at-hotel-business-centers/

The U.S. Secret Service is

advising the hospitality

industry to inspect computers

made available to guests in

hotel business centers,

warning that crooks have been

compromising hotel business

center PCs with keystroke-

logging malware in a bid to

steal personal and financial

data from guest.

Presented by

In association with

Supported by

Repeated Computer Hacks

By X Events Hospitality (www.x-events.in)

12

Hotel Digital Security Seminar & Webinar, Sept 19, 2014

Source: http://edition.cnn.com/2012/06/26/travel/wyndham-hacking/index.html

Wyndham Hotels' lax security

policies allowed Russian

hackers to access more than

500,000 customer accounts on

three separate occasions

between 2008 and 2010.

Hackers used the data to rack

up more than $10.6 million in

fraudulent credit card

transactions, according to the

suit filed in the U.S. District

Court of Arizona.

Presented by

In association with

Supported by

Attacks on Website

By X Events Hospitality (www.x-events.in)

13

Hotel Digital Security Seminar & Webinar, Sept 19, 2014

S Can you spot

Security Risk on

this compromised

Website ?

Presented by

In association with

Supported by

Social Engineering Attacks

By X Events Hospitality (www.x-events.in)

14

Hotel Digital Security Seminar & Webinar, Sept 19, 2014

Operator to Guest:

Excuse me sir, I am

calling from Front

Desk, Can I have your

credit card number

please ?

What you will do ?

Presented by

In association with

Supported by

How safe I am ?

By X Events Hospitality (www.x-events.in)

15

Hotel Digital Security Seminar & Webinar, Sept 19, 2014

No business is

immune from threats.

Threats can come in

any shape and size

Need Threat

Intelligence

Presented by

In association with

Supported by

Most Common Attacks

By X Events Hospitality (www.x-events.in)

16

Hotel Digital Security Seminar & Webinar, Sept 19, 2014

Source: Verizon DBIR 2014 Data Breach Report

"The universe of threats

may seem limitless, but

92% of the 100,000

incidents we've analyzed

from the last 10 years

can be described by just

nine basic patterns.“

-Verizon DBIR 2014

Presented by

In association with

Supported by

Is it applicable to me?

By X Events Hospitality (www.x-events.in)

17

Hotel Digital Security Seminar & Webinar, Sept 19, 2014

Source : DBIR 2014 Data Breach Report

Presented by

In association with

Supported by

Cyber Risks in India

By X Events Hospitality (www.x-events.in)

18

Hotel Digital Security Seminar & Webinar, Sept 19, 2014

Source: https://gigaom.com/2013/06/25/new-google-report-shows-malware-by-country-highest-rates-in-india-

central-europe/

The highest rate of

malware, however, doesn’t

belong to obvious suspects

like Russia or Ukraine (8%

each), but instead India

(15%) and many Latin

American countries like

Mexico (12%) and Chile

(11%).

Presented by

In association with

Supported by

Cyber Risks in India

By X Events Hospitality (www.x-events.in)

19

Hotel Digital Security Seminar & Webinar, Sept 19, 2014

Source: http://zeenews.india.com/news/nation/9174-indian-websites-hacked-till-may-it-minister_947431.html

9,174 Indian websites were hacked

by various hacker groups from

different parts of the world till May

2014.

62,189 security incidents were

reported during the same period

to the Indian CERT-In

Presented by

In association with

Supported by

How to Secure Yourself ?

By X Events Hospitality (www.x-events.in)

20

Hotel Digital Security Seminar & Webinar, Sept 19, 2014

Presented by

In association with

Supported by

Need Systemic Approach

By X Events Hospitality (www.x-events.in)

21

Hotel Digital Security Seminar & Webinar, Sept 19, 2014

Ad-hoc Approach Systemic Approach

Presented by

In association with

Supported by

What can I do about it?

By X Events Hospitality (www.x-events.in)

22

Hotel Digital Security Seminar & Webinar, Sept 19, 2014

EXECUTE ASSESS MONITOR

Find out your current

Security Posture by

doing Gap

Assessment

Vulnerability

Assessment

and Penetration

Testing

Implement the

Roadmap

Monitor and Improve

DEFINE

Define a Roadmap

with Short, Medium

and Long tem Action

Plan

Presented by

In association with

Supported by

People, Process & Technology

By X Events Hospitality (www.x-events.in)

23

Hotel Digital Security Seminar & Webinar, Sept 19, 2014

- UTM. Firewalls

- IDS/IPS

- Data Center Security

- Physical Security

- DLP

-IRM

- SIM/SIEM

-Managed Security

Services

-Encryption

- Malware Protection

- Threat Intelligence

- Training

- Awareness

- HR Policies

- Background

Checks

-Roles /

responsibilities

- Social Engineering

- Social Networking

-Acceptable Use

- Risk Management

- Asset Management

- Data Classification

-Info Rights Mgt

- Access Management

- Change Management

- Patch Management

- Configuration Mgmt

- Incident Response

- Incident Management

Technology People Process

Presented by

In association with

Supported by

Q & A

By X Events Hospitality (www.x-events.in)

24

Hotel Digital Security Seminar & Webinar, Sept 19, 2014

Presented by

In association with

Supported by

By X Events Hospitality (www.x-events.in) Hotel Digital Security Seminar & Webinar, Sept 19, 2014

25

Stay Safe!

@satamsantosh

santosh@securbay.com

/securbay

www.SecurBay.com