SlideShare a Scribd company logo

How big is your shadow?

Download as PPTX, PDF
D
digital_shadows

Launch night presentation from Digital Shadows at London's Innovation Warehouse, August 3rd 2011. Digital Shadows protects organisations from targeted attacks by reducing their exposure to hostile reconnaissance.

TechnologyBusiness
1 of 22
How big is your shadow? 03 August 2011 The Innovation Warehouse, London TM
Agenda Introductions What is a digital shadow? What are the implications? How do you regain control? Q&A
Q: What is a digital shadow? A: The trail left by an entity's interactions with the Internet For an organisation this may include: Technical information e.g. Server names Server locations Software versions Organisation information e.g. Locations Organisation structure Security practices Personal information e.g. Employee movements Friends Interests
A real example of a digital shadow This visualisation was produced by one of the visualisation tools we use Each node represents a data item discoverable from the Internet about an organisation
“Sharing is growing at an exponential rate” Mark Zuckerberg, CEO, Facebook July 2011 ,[object Object],[object Object]
It’s definitely not just Facebook… Source: theconversationprism.com
The evolving Internet is a real force for good We can collaborate and self-organise for the common good Haiti Earthquake Response – Open Streetmap critical in co-ordinating the relief effort Arab Spring use of social media has been a factor to the social revolution in the middle east We can share knowledge and experiences in ways hitherto impossible We are fully in favour of the social web!
Some interesting statistics Sources: Sophos, Max Planck Institute, Facebook Our own research indicates 72% of employees divulge information online that could be used in a targeted attack
Hostile reconnaissance 90% of the time a hacker spends is conducting reconnaissance. (CEH) 200% increase in targeted attacks (Cisco 2011) The risks are evolving with the Internet…
Risk area: hackers tools and techniques 1623 Google Search Terms used to Identify: sensitive documents, accidental leaks, misconfigured software and much much more… Enabled by tools Footprinting security research tools (example PatervaMaltego) APIs – attackers use for data mining the social web Specialist search engines now available for vulnerability scanning
Risk area: social engineering/coercion Hello IT.. Have you tried turning it off and on again? Certainly, I need you to answer a few security questions first. OK Mr Rhenholm, What’s your Telephone Extension Date of Birth? Name of line manager? Thank you Sir, your password is reset. It’s £Wednesday1970 I seem to have forgotten my password! I need to get to my files right now! OK, fire away! Sure, that’s 98-1234 Ahem, well that’s.. 1st April 1970 That would be RenholmSnr. Thank you! Good Bye!
Risk Area: social engineering/coercion Extension on a leaked telephone list LinkedIn provided line manager details Ancestry.co.uk provided a birthdate for Mr Manager of East Croydon ,[object Object]
Also once the password format is known, it’s much easier to brute force for other users,[object Object]
Example: Tibetan human rights group attack Organisation information - Already obtained? Personal information - Already obtained? Technical information - Link would have collected the technical shadow: MS Office, Flash, Adobe Acrobat, browser etc. - Near-guarantees the success of a future attack Source: infowar-monitor.net
We need a solution... Aaah ! Aarrgh ! So what should be done to address these risks?
Five practical steps 1 Continue existing security programmes ✔ Continue existing security programmes Monitor your shadow 2 Set helpful guidelines 3 Clean up your shadow 4 Know your foe 5
Five practical steps 1 Continue existing security programmes ✔ Continue existing security programmes Monitor your shadow 2 Set helpful guidelines 3 Clean up your shadow 4 Know your foe 5
Our specialist services Risk Assessment Monitor your shadow Set helpful guidelines 1 2 3 Clean up your shadow 4 VIP Protect Organisation Monitoring Know your foe 5
A typical engagement
Conclusion Your digital shadow is not benign We can help you regain control This is a job for specialists TM Protecting organisations from hostile reconnaissance and targeted cyber attacks
Digital Shadows Ltd 145 -157 St John Street London EC1V 4PY United Kingdom +44 (0)208 123 7894 enquiries@digitalshadows.com TM Digital Shadows Ltd is registered in England and Wales under No: 7637356. Registered office: 53 Gildredge Road, Eastbourne, East Sussex, BN21 4SF Copyright 2011 Digital Shadows Ltd. ALL RIGHTS RESERVED.
How big is your shadow?

Recommended

Social Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessSocial Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessCBIZ, Inc.
 
Security Awareness Training Summary
Security Awareness Training SummarySecurity Awareness Training Summary
Security Awareness Training SummarySNP Technologies, Inc.
 
Whitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityWhitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityGopiRajan4
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 ChallengesLeandro Bennaton
 
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...Netpluz Asia Pte Ltd
 
Security Firm Program - Corporate College
Security Firm Program - Corporate CollegeSecurity Firm Program - Corporate College
Security Firm Program - Corporate CollegeWorkSmart Integrated Marketing
 
10 things you should know about cybersecurity
10 things you should know about cybersecurity10 things you should know about cybersecurity
10 things you should know about cybersecurityUnited Technology Group (UTG)
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 

Recommended

Social Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessSocial Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessCBIZ, Inc.
 
Security Awareness Training Summary
Security Awareness Training SummarySecurity Awareness Training Summary
Security Awareness Training SummarySNP Technologies, Inc.
 
Whitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityWhitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityGopiRajan4
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 ChallengesLeandro Bennaton
 
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...Netpluz Asia Pte Ltd
 
Security Firm Program - Corporate College
Security Firm Program - Corporate CollegeSecurity Firm Program - Corporate College
Security Firm Program - Corporate CollegeWorkSmart Integrated Marketing
 
10 things you should know about cybersecurity
10 things you should know about cybersecurity10 things you should know about cybersecurity
10 things you should know about cybersecurityUnited Technology Group (UTG)
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskRob Ragan
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityDiegoMtzS
 
Cybersecurity in Low-Risk Organizations: Understanding Your Risk and Making P...
Cybersecurity in Low-Risk Organizations: Understanding Your Risk and Making P...Cybersecurity in Low-Risk Organizations: Understanding Your Risk and Making P...
Cybersecurity in Low-Risk Organizations: Understanding Your Risk and Making P...TechSoup
 
[ON-DEMAND WEBINAR] Shifting the Business Infrastructure: Cybersecurity in a ...
[ON-DEMAND WEBINAR] Shifting the Business Infrastructure: Cybersecurity in a ...[ON-DEMAND WEBINAR] Shifting the Business Infrastructure: Cybersecurity in a ...
[ON-DEMAND WEBINAR] Shifting the Business Infrastructure: Cybersecurity in a ...Rea & Associates
 
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thCYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thUnited Technology Group (UTG)
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public SectorScott Geye
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber securityCarol Meng-Shih Wang
 
Social Media Security Risk Slide Share Version
Social Media Security Risk Slide Share VersionSocial Media Security Risk Slide Share Version
Social Media Security Risk Slide Share Versionfamudal
 
Social engineering tales
Social engineering tales Social engineering tales
Social engineering tales Ahmed Musaad
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 Bolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,
 
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICES
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICESRansomware Response Guide IBM INCIDENT RESPONSE SERVICES
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICESKatherine Duffy
 
Paul Henry’s 2011 Malware Trends
Paul Henry’s 2011 Malware TrendsPaul Henry’s 2011 Malware Trends
Paul Henry’s 2011 Malware TrendsLumension
 
NATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsNATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsBenjamin Rohé
 
Importance of cyber security in education sector
Importance of cyber security in education sectorImportance of cyber security in education sector
Importance of cyber security in education sectorSeqrite
 
At Your Expense
At Your ExpenseAt Your Expense
At Your ExpenseDan Oblak
 
Social engineering for security attacks
Social engineering for security attacksSocial engineering for security attacks
Social engineering for security attacksmasoud khademi
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
3 Hkcert Trend
3 Hkcert Trend3 Hkcert Trend
3 Hkcert TrendSC Leung
 
NormShieldBrochure
NormShieldBrochureNormShieldBrochure
NormShieldBrochureCandan BOLUKBAS
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with aiBurhan Ahmed
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aBright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aMark Henshaw
 
Edith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyEdith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyHamisi Kibonde
 

More Related Content

What's hot

BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskRob Ragan
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityDiegoMtzS
 
Cybersecurity in Low-Risk Organizations: Understanding Your Risk and Making P...
Cybersecurity in Low-Risk Organizations: Understanding Your Risk and Making P...Cybersecurity in Low-Risk Organizations: Understanding Your Risk and Making P...
Cybersecurity in Low-Risk Organizations: Understanding Your Risk and Making P...TechSoup
 
[ON-DEMAND WEBINAR] Shifting the Business Infrastructure: Cybersecurity in a ...
[ON-DEMAND WEBINAR] Shifting the Business Infrastructure: Cybersecurity in a ...[ON-DEMAND WEBINAR] Shifting the Business Infrastructure: Cybersecurity in a ...
[ON-DEMAND WEBINAR] Shifting the Business Infrastructure: Cybersecurity in a ...Rea & Associates
 
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thCYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thUnited Technology Group (UTG)
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public SectorScott Geye
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber securityCarol Meng-Shih Wang
 
Social Media Security Risk Slide Share Version
Social Media Security Risk Slide Share VersionSocial Media Security Risk Slide Share Version
Social Media Security Risk Slide Share Versionfamudal
 
Social engineering tales
Social engineering tales Social engineering tales
Social engineering tales Ahmed Musaad
 
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICES
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICESRansomware Response Guide IBM INCIDENT RESPONSE SERVICES
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICESKatherine Duffy
 
Paul Henry’s 2011 Malware Trends
Paul Henry’s 2011 Malware TrendsPaul Henry’s 2011 Malware Trends
Paul Henry’s 2011 Malware TrendsLumension
 
NATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsNATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsBenjamin Rohé
 
Importance of cyber security in education sector
Importance of cyber security in education sectorImportance of cyber security in education sector
Importance of cyber security in education sectorSeqrite
 
At Your Expense
At Your ExpenseAt Your Expense
At Your ExpenseDan Oblak
 
Social engineering for security attacks
Social engineering for security attacksSocial engineering for security attacks
Social engineering for security attacksmasoud khademi
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
3 Hkcert Trend
3 Hkcert Trend3 Hkcert Trend
3 Hkcert TrendSC Leung
 

What's hot (19)

BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Cybersecurity in Low-Risk Organizations: Understanding Your Risk and Making P...
Cybersecurity in Low-Risk Organizations: Understanding Your Risk and Making P...Cybersecurity in Low-Risk Organizations: Understanding Your Risk and Making P...
Cybersecurity in Low-Risk Organizations: Understanding Your Risk and Making P...
 
[ON-DEMAND WEBINAR] Shifting the Business Infrastructure: Cybersecurity in a ...
[ON-DEMAND WEBINAR] Shifting the Business Infrastructure: Cybersecurity in a ...[ON-DEMAND WEBINAR] Shifting the Business Infrastructure: Cybersecurity in a ...
[ON-DEMAND WEBINAR] Shifting the Business Infrastructure: Cybersecurity in a ...
 
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thCYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber security
 
Social Media Security Risk Slide Share Version
Social Media Security Risk Slide Share VersionSocial Media Security Risk Slide Share Version
Social Media Security Risk Slide Share Version
 
Social engineering tales
Social engineering tales Social engineering tales
Social engineering tales
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016
 
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICES
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICESRansomware Response Guide IBM INCIDENT RESPONSE SERVICES
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICES
 
Paul Henry’s 2011 Malware Trends
Paul Henry’s 2011 Malware TrendsPaul Henry’s 2011 Malware Trends
Paul Henry’s 2011 Malware Trends
 
NATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsNATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-Ups
 
Importance of cyber security in education sector
Importance of cyber security in education sectorImportance of cyber security in education sector
Importance of cyber security in education sector
 
At Your Expense
At Your ExpenseAt Your Expense
At Your Expense
 
Social engineering for security attacks
Social engineering for security attacksSocial engineering for security attacks
Social engineering for security attacks
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
3 Hkcert Trend
3 Hkcert Trend3 Hkcert Trend
3 Hkcert Trend
 
NormShieldBrochure
NormShieldBrochureNormShieldBrochure
NormShieldBrochure
 

Similar to How big is your shadow?

Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with aiBurhan Ahmed
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aBright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aMark Henshaw
 
Edith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyEdith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyHamisi Kibonde
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Rishi Singh
 
Cyber Security: Most Important Aspect of a Successful Business
Cyber Security: Most Important Aspect of a Successful BusinessCyber Security: Most Important Aspect of a Successful Business
Cyber Security: Most Important Aspect of a Successful BusinessFibonalabs
 
A handbook of the threat intelligence tools your company needs
A handbook of the threat intelligence tools your company needsA handbook of the threat intelligence tools your company needs
A handbook of the threat intelligence tools your company needsSecuraa
 
Ethical hacking for information security
Ethical hacking for information securityEthical hacking for information security
Ethical hacking for information securityJayanth Vinay
 
Information Security And The Healthcare
Information Security And The HealthcareInformation Security And The Healthcare
Information Security And The HealthcareTracy Berry
 
E security and payment 2013-1
E security and payment 2013-1E security and payment 2013-1
E security and payment 2013-1Abdelfatah hegazy
 
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdfRakeshPatel583282
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of securityMatthew Pascucci
 
Cyber Security Analytics – The Weapon to Fight Cyber Crime
Cyber Security Analytics – The Weapon to Fight Cyber Crime Cyber Security Analytics – The Weapon to Fight Cyber Crime
Cyber Security Analytics – The Weapon to Fight Cyber Crime Happiest Minds Technologies
 
Why do women love chasing down bad guys?
Why do women love chasing down bad guys? Why do women love chasing down bad guys?
Why do women love chasing down bad guys? SITA
 
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsEthical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsRwik Kumar Dutta
 
PCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red HatPCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red HatPCM
 
DSS @ Digital ERA 2014 - Security in the digital world
DSS @ Digital ERA 2014 - Security in the digital worldDSS @ Digital ERA 2014 - Security in the digital world
DSS @ Digital ERA 2014 - Security in the digital worldAndris Soroka
 
Cyber Malware Programs And The Internet
Cyber Malware Programs And The InternetCyber Malware Programs And The Internet
Cyber Malware Programs And The InternetHeidi Maestas
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 

Similar to How big is your shadow? (20)

Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with ai
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aBright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 a
 
Edith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyEdith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the Society
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
 
Cyber Security: Most Important Aspect of a Successful Business
Cyber Security: Most Important Aspect of a Successful BusinessCyber Security: Most Important Aspect of a Successful Business
Cyber Security: Most Important Aspect of a Successful Business
 
Cyber security
Cyber securityCyber security
Cyber security
 
A handbook of the threat intelligence tools your company needs
A handbook of the threat intelligence tools your company needsA handbook of the threat intelligence tools your company needs
A handbook of the threat intelligence tools your company needs
 
Ethical hacking for information security
Ethical hacking for information securityEthical hacking for information security
Ethical hacking for information security
 
Information Security And The Healthcare
Information Security And The HealthcareInformation Security And The Healthcare
Information Security And The Healthcare
 
E security and payment 2013-1
E security and payment 2013-1E security and payment 2013-1
E security and payment 2013-1
 
Showreel ICSA Technology Conference
Showreel ICSA Technology ConferenceShowreel ICSA Technology Conference
Showreel ICSA Technology Conference
 
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
 
Cyber Security Analytics – The Weapon to Fight Cyber Crime
Cyber Security Analytics – The Weapon to Fight Cyber Crime Cyber Security Analytics – The Weapon to Fight Cyber Crime
Cyber Security Analytics – The Weapon to Fight Cyber Crime
 
Why do women love chasing down bad guys?
Why do women love chasing down bad guys? Why do women love chasing down bad guys?
Why do women love chasing down bad guys?
 
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsEthical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its Prospects
 
PCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red HatPCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red Hat
 
DSS @ Digital ERA 2014 - Security in the digital world
DSS @ Digital ERA 2014 - Security in the digital worldDSS @ Digital ERA 2014 - Security in the digital world
DSS @ Digital ERA 2014 - Security in the digital world
 
Cyber Malware Programs And The Internet
Cyber Malware Programs And The InternetCyber Malware Programs And The Internet
Cyber Malware Programs And The Internet
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 

Recently uploaded

Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 

Recently uploaded (20)

Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 

How big is your shadow?

  • 1. How big is your shadow? 03 August 2011 The Innovation Warehouse, London TM
  • 2. Agenda Introductions What is a digital shadow? What are the implications? How do you regain control? Q&A
  • 3. Q: What is a digital shadow? A: The trail left by an entity's interactions with the Internet For an organisation this may include: Technical information e.g. Server names Server locations Software versions Organisation information e.g. Locations Organisation structure Security practices Personal information e.g. Employee movements Friends Interests
  • 4. A real example of a digital shadow This visualisation was produced by one of the visualisation tools we use Each node represents a data item discoverable from the Internet about an organisation
  • 5.
  • 6. It’s definitely not just Facebook… Source: theconversationprism.com
  • 7. The evolving Internet is a real force for good We can collaborate and self-organise for the common good Haiti Earthquake Response – Open Streetmap critical in co-ordinating the relief effort Arab Spring use of social media has been a factor to the social revolution in the middle east We can share knowledge and experiences in ways hitherto impossible We are fully in favour of the social web!
  • 8. Some interesting statistics Sources: Sophos, Max Planck Institute, Facebook Our own research indicates 72% of employees divulge information online that could be used in a targeted attack
  • 9. Hostile reconnaissance 90% of the time a hacker spends is conducting reconnaissance. (CEH) 200% increase in targeted attacks (Cisco 2011) The risks are evolving with the Internet…
  • 10. Risk area: hackers tools and techniques 1623 Google Search Terms used to Identify: sensitive documents, accidental leaks, misconfigured software and much much more… Enabled by tools Footprinting security research tools (example PatervaMaltego) APIs – attackers use for data mining the social web Specialist search engines now available for vulnerability scanning
  • 11. Risk area: social engineering/coercion Hello IT.. Have you tried turning it off and on again? Certainly, I need you to answer a few security questions first. OK Mr Rhenholm, What’s your Telephone Extension Date of Birth? Name of line manager? Thank you Sir, your password is reset. It’s £Wednesday1970 I seem to have forgotten my password! I need to get to my files right now! OK, fire away! Sure, that’s 98-1234 Ahem, well that’s.. 1st April 1970 That would be RenholmSnr. Thank you! Good Bye!
  • 12.
  • 13.
  • 14. Example: Tibetan human rights group attack Organisation information - Already obtained? Personal information - Already obtained? Technical information - Link would have collected the technical shadow: MS Office, Flash, Adobe Acrobat, browser etc. - Near-guarantees the success of a future attack Source: infowar-monitor.net
  • 15. We need a solution... Aaah ! Aarrgh ! So what should be done to address these risks?
  • 16. Five practical steps 1 Continue existing security programmes ✔ Continue existing security programmes Monitor your shadow 2 Set helpful guidelines 3 Clean up your shadow 4 Know your foe 5
  • 17. Five practical steps 1 Continue existing security programmes ✔ Continue existing security programmes Monitor your shadow 2 Set helpful guidelines 3 Clean up your shadow 4 Know your foe 5
  • 18. Our specialist services Risk Assessment Monitor your shadow Set helpful guidelines 1 2 3 Clean up your shadow 4 VIP Protect Organisation Monitoring Know your foe 5
  • 20. Conclusion Your digital shadow is not benign We can help you regain control This is a job for specialists TM Protecting organisations from hostile reconnaissance and targeted cyber attacks
  • 21. Digital Shadows Ltd 145 -157 St John Street London EC1V 4PY United Kingdom +44 (0)208 123 7894 enquiries@digitalshadows.com TM Digital Shadows Ltd is registered in England and Wales under No: 7637356. Registered office: 53 Gildredge Road, Eastbourne, East Sussex, BN21 4SF Copyright 2011 Digital Shadows Ltd. ALL RIGHTS RESERVED.

Editor's Notes

  1. [Don TapscottWikiNomics quotes; The Wisdom of Crowds, Surowiecki; The Long tail]
  2. Majority of security compromises are due to people not computers. As technical protection improves, we are seeing a shift to attacks masquerading as legitimate communications.Social engineering is critical, and relies on a good knowledge of the target, and tailoring the attack to suit.
  3. "not for distribution" confidentialinurl:adminintitle:login
  4. April 2011: A targeted cyber attack succeeded in breaching the security firm RSA to the cost of $66m in this quarter alone.Identified Adobe Flash vulnerabilityLocated email addresses and personal details of two HR workers and sent an attachment labeled “2011 Recruitment Plan”