1 2 Some Methods Phishing Database & Password Exploits Social Engineering & Networking Weak Controls Default Accounts & Passwords Dated Software & Patch Exploits Advanced Persistent Threat & Zero-Day 3 Some Methods Phishing Database & Password Exploits Social Engineering & Networking Weak Controls Default Accounts & Passwords Dated Software & Patch Exploits Advanced Persistent Threat & Zero-Day 5 Puckett & Faraj Rep. Marine accused Website of 24 civilian deaths hacked by in Haditha, Iraq Anonymous 2005 Feb 2012 Hacked Gmail 6 Hacked Website 7 Default Accounts & Passwords … and the list goes on … https://spiessblog.wordpress.com/2016/04/26/first-blog-post/ 8 Some Methods Phishing Database & Password Exploits Social Engineering & Networking Weak Controls Default Accounts & Passwords Dated Software & Patch Exploits Advanced Persistent Threat & Zero-Day 9 Dated Software & Patch Exploits Number of CVEs exploited in 2015 by the CVE publication date 10 Some Methods Phishing Database & Password Exploits Social Engineering & Networking Weak Controls Default Accounts & Passwords Dated Software & Patch Exploits Advanced Persistent Threat & Zero-Day 11 Adv. Persistent Threats & Zero-Day Adv. Persistent Threat Zero-Day Exploit • Multiple attack vectors continuously over time • Not just one attack one time • Include several complex phases • Software vulnerability, unknown • Exploited by hackers, before developers are aware • Once known, “zero days” to patch, fix, and protect Any exploit plus continuous access All exploits were once zero-day exploits May 2013 Zero-day attack against US Dept. of Labor website via Internet Explorer 8 vulnerability April 2014 Heartbleed, a zero-day vulnerability in the Transport Layer Security protocol, was published 12 Top Best Practices 1. User training & awareness 2. Segregate data & privileges 3. Password management 4. Update patches and software 5. Security hardware & software 6. Removable media policy 7. Data destruction policy 8. Periodic pen testing 9. Encrypt data 10.Monitoring 13 Password Management Create strong passwords • Min. 12 characters • Phrase Change often Remove defaults Х Don’t keep “password” files or folders Х Don’t share passwords Х Don’t reuse passwords • Hardware & software Remove old employee accounts 14 Encryption • Whole disk Encryption – BIOS password – A phrase works well • Encrypt thumb drives • Encrypt data in transit to cloud • Encrypt Backups 15 What is the #1 source of data compromise ? 16 What is the #1 source? 17 Comments & Questions Steven Konecny | CFE, CIRA, CEH, CRISC [email protected] (916) 563-7790 (213) 482-0669 Let’s Take Flight 18
© Copyright 2026 Paperzz