SlideShare ist ein Scribd-Unternehmen logo

Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen

CMR WORLD TECH
CMR WORLD TECH

Protecting Corporete Credentials Against Threats

Daten & Analysen
1 von 8
Downloaden Sie, um offline zu lesen
IBM Software Thought Leadership White Paper September 2014 Protecting corporate credentials against today’s threats How proactively blocking credentials exposure can help close the door to cybercriminals
2 Protecting corporate credentials against today’s threats Contents 2 Introduction 3 4 6 7 Targeting end users The new threat landscape Preventing corporate credentials theft Conclusion 7 For more information 7 About IBM Security solutions Introduction Corporate credentials. They’re the keys to your enterprise and more than likely you’ve taken many steps to protect them. However, what many CISOs and security managers are finding is that traditional approaches to preventing credentials theft— from implementing stringent identity management policies to deploying anti-malware software—are no longer sufficient as the threat landscape changes. Sophisticated and highly directed spear phishing emails are tricking employees to input their credentials on very convincing, yet fraudulent websites. And increasingly complex password policies are driving the user behaviors that companies are trying to prevent—the reuse of corporate credentials on unapproved third party sites. Cybercriminals know this and now regularly target third party sites as they work to obtain employee log-in credentials and gain access to intellectual property and sensitive corporate data. It has become evident by the number of high-profile credentials thefts that a new approach is needed to protect corporate credentials. In this whitepaper, you’ll learn: ●● Why credentials are the first steps in modern attacks and the techniques criminals use to steal user credentials. ●● Why education and awareness programs can’t keep your employees from falling victim to sophisticated phishing, spear phishing, and watering hole attacks. ●● Why third party attacks are just as dangerous as targeted attacks to your enterprise. ●● What steps you can take to prevent credentials threats in this new landscape. ●● And how IBM® Security Trusteer Apex™ Advanced Malware Protection software can help.
3IBM Software Targeting end users For cybercriminals, corporate credentials represent the path of least resistance as they work to gain access to corporate networks and data. So it’s no surprise that stealing employee usernames and passwords has become a primary focus for attackers. In fact, investigations of current breaches reveal that lost or stolen corporate credentials play a significant role in allowing advanced threat success, with an estimated 76 percent of network breaches due to lost or stolen credentials.1 And Forrester reports that two out of three of the top data breach types last year involved corporate credentials.2 This includes both authentication credentials, such as usernames and passwords, along with personally identifiable information (names, addresses, phone numbers, social security numbers, etc.) that is often used in security challenge questions. Today’s cybercriminals commonly steal usernames and passwords through one of the following methods: Malware Attackers use various techniques to compromise user machines with malware—from drive-by downloads to watering hole attacks to infected USB drives and more. Key-logging features that capture user keystrokes during login and send the information to the attacker are found in almost every malware family today. Customer Data & Intellectual Property Employees / Contractors / Partners Cyber Criminals Difficult Easy Easy Employe e Protection Enterpri se Protection Firewall Intrusion Prevention System Anti-Virus Gateway Encryption Criminals attack the weakest link
4 Protecting corporate credentials against today’s threats While the perception is that these attacks cast a wide net, the reality is that they are often part of advanced persistent threats targeted at specific companies or industries. Investigations of recent credentials thefts have uncovered that in each case—whether the user was sent a weaponized attachment with an exploit or visited a compromised site—the event was part of a planned and directed attack on the enterprise. Phishing and spear phishing In recent years, the FBI has issued warnings about the rise of spear phishing attacks as part of larger advanced persistent threats. Here, the goal is to trick users to revealing their credentials versus tricking the systems into downloading malware. These emails lure employees to fraudulent websites that closely resemble a website they trust. Once employees enter their login and password information onto the phishing site, the credentials are automatically sent to the attacker. It only takes one employee to fall for a spear phishing email for attackers to gain access to the corporate network. Once in, attackers can easily increase their success using a trusted employee account to obtain additional credentials and wider access to applications and data. Consider one attack in which spear phishing emails were sent to a company’s employees directing them to a fake login page. While most of the employees deleted the email, at least one employee logged into the exploit site. Security personnel detected the attack and asked employees to reset their passwords. However, knowing this, the attackers then launched a new spear phishing attack, asking users to reset their passwords on a fake password reset site. This ultimately enabled the attackers to access not only a number of corporate accounts, but also the organization’s social media account. The attackers published their own content on the site, promoting their cause and damaging the organization’s reputation and brand in the process. Third party breaches As password complexity increases, employees are more likely to reuse their usernames and passwords on e-commerce, subscription and social media sites, despite corporate policy. Because of this, cybercriminals have turned their focus to obtain user information from popular websites, knowing there is a high likelihood that those same credentials could be used for logging in to other systems as well. The headlines are full of high-profile breaches on leading websites, some in which hundreds of millions of user accounts were compromised. Significant new vulnerabilities, like the Heartbleed bug, highlight the risk that companies face from password reuse. As news of Heartbleed broke, the big question for companies was: If a third party site is compromised, will we be part of the story? The new threat landscape Traditionally, companies protect corporate credentials in three ways: 1. Stringent identity and access management policies and solutions that guide password creation and use 2. Extensive employee education and awareness programs regarding the risks and user responsibilities 3. Anti-malware and threat detection technologies
5IBM Software While each is critical in maintaining a strong security posture, they are no longer sufficient for preventing credentials theft in today’s landscape. In fact, in many highly publicized breaches, each company affected had implemented the traditional technologies and programs, and still lost corporate credentials during an attack. The reason: human behavior. Attackers know it’s just a matter of time before an employee d one of the following: ●● Mistakenly clicks on a link in an email and enters credential in what appears to be a trusted website. ●● Reuses his or her corporate credentials on third party sites, because it’s easier to remember one password instead of six passwords or more. ●● Unknowingly falls victim to a drive-by download, watering hole attack or infected USB drive. As a result, one of the biggest challenges companies face in protecting corporate credentials is in enforcing existing policie and preventing criminals from exploiting user behavior. Increased password complexity increases likelihood of password reuse It’s common for corporate security policies today to require employees to create eight-or-more-character passwords that include uppercase and lowercase letters as well as digits and symbols. However, the more complex the password, the harder it is for employees to remember, and this has created an unintended consequence. As password strength has increased, so has the likelihood that employees will reuse their passwords, or a derivative of the same password, across both corporate and non-corporate applications. One study shows that up to 51 percent of users reuse their credentials across sites, placing their companies at risk.3 Even with education to help users create “secure but memorable passwords,” reuse remains high. Employee education can’t prevent human error To help enforce password policies, IT and security organizations have long delivered education awareness programs that teach employees about the risk of password reuse and how to safeguard their corporate credentials. However, most companies have no way of enforcing these policies, or even knowing whether employees follow them. As noted earlier, industry statistics indicate that up to half of all employees don’t observe these directives. Even when employees are diligent about following policies, cybercriminals know that one well-crafted spear phishing email, using information gained from social engineering tactics, can sometimes convince even a seasoned security expert. Anti-malware software provides a false sense of security Companies also use anti-malware software to help detect and prevent malware-based threats, but this approach doesn’t prevent credentials theft for two basic reasons. First, cybercriminals are continually creating new malware, and, occasionally, these new variants avoid detection. In fact, in one publicized attack, a spear phishing email deployed advanced malware on an employee’s system that circumvented the company’s anti-malware software. The criminals gained access to the user’s machine, captured his credentials, and accessed corporate systems and applications as a result. Second, cybercriminals don’t always use malware to steal an employee’s credentials. They only need to trick users to enter their username and password on a phishing site, and the result is the same. oes s s
6 Protecting corporate credentials against today’s threats Preventing corporate credentials theft Today, effectively preventing the theft of corporate credentials from advanced threats requires the following three essential capabilities: ●● Preventing malware from compromising the user system, and, in cases where malware avoids detection, helping prevent malware from communicating out to expose corporate credentials. This preempts malware communication from sending stolen keystrokes to a cybercriminal. ●● Validating that corporate credentials are used only to log in to approved corporate applications—whether those applications are hosted internally, or delivered by a SaaS vendor or business partner, or through the cloud. ●● Automatically preventing corporate credentials from being sent to unauthorized sites. This can help prevent users from submitting their credentials on phishing sites, as well as help stop the reuse of corporate credentials on unapproved third party sites, such as social networks. By focusing on both the usage and transmission of the credentials themselves, companies can realize greater success in enforcing security policies and preventing credentials theft. How IBM Security Trusteer Apex Advanced Malware Protection can help IBM Security Trusteer Apex Advanced Malware Protection software offers a new threat prevention approach that provides unparalleled protection against spear phishing, credentials theft and advanced information-stealing malware. By monitoring how and when corporate credentials are used, and automatically preventing exposure, Trusteer Apex software helps companies protect their corporate credentials as the threat landscape evolves. Unlike other approaches designed only to block malware, Trusteer Apex software helps prevent advanced malware and advanced persistent threats from compromising user endpoints and includes special protections that help prevent corporate credentials theft and exposure. These protections include: ●● Helping block malware communications. Trusteer Apex software helps blocks malware and malicious communications from malware to help prevent corporate credentials exposure. Even if malware has infected an employee’s machine, the user’s credentials can’t be exfiltrated. ●● Helping prevent corporate password exposure on phishing sites. Trusteer Apex software helps protect employee credentials from phishing attacks by validating that employees are submitting their credentials only to authorized login URLs. When users attempt to submit their enterprise credentials to an unauthorized URL, Trusteer Apex software will require the user to provide different credentials. ●● Helping prevent re-use of corporate credentials on non- corporate sites. Trusteer Apex software also helps prevent corporate employees from re-using their corporate credentials to access public sites, such as ecommerce and social media sites. The software monitors when corporate credentials are used and can require users to change their credentials before logging in to a non-approved website. As a result, organizations can easily support access to both corporate and approved third party SaaS and cloud applications, while preventing exposure on unauthorized sites. Delivered as a lightweight software agent and deployed through the IBM cloud, Trusteer Apex software transparently runs on both managed and unmanaged endpoints (including consultants and partner endpoints) to help protect corporate credentials without impacting performance or access.
7IBM Software Conclusion Recent attacks have demonstrated that traditional identity management policies, user education programs and threat detection technologies don’t fully protect corporate credentials against evolving threats. As a result, while companies may be in compliance with regulatory and industry requirements, they still may be vulnerable. Advanced malware that circumvents anti-malware software, sophisticated phishing attacks using social engineering tactics, and vulnerabilities in third party networks have all been linked to cases of credentials theft. Without the ability to automatically prevent phishing and the reuse of corporate credentials on non-corporate sites, companies are at risk. Trusteer Apex software offers a new approach to protecting corporate credentials that focuses on prevention— helping companies block transmission before employee credentials are compromised. For more information To learn more about protecting corporate credentials and IBM Security Trusteer Apex software, please contact your IBM representative or IBM Business Partner, or visit the following website: ibm.com/security About IBM Security solutions IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force® research and development, provides security intelligence to help organizations holistically protect their people, infrastructures, data and applications, offering solutions for identity and access management, database security, application development, risk management, endpoint management, network security and more. These solutions enable organizations to effectively manage risk and implement integrated security for mobile, cloud, social media and other enterprise business architectures. IBM operates one of the world’s broadest security research, development and delivery organizations, monitors 13 billion security events per day in more than 130 countries, and holds more than 3,000 security patents. ­ IBM Security Trusteer Apex software specifically protects employee credentials—a prime target for cybercriminals. Legitimate corporate site Credentials theft via phishing Corporate credential reuse WWW Unauthorized legitimate site Phishing site Authorized site Submit: Allow Enter password Detect submission Validate destination
© Copyright IBM Corporation 2014 IBM Corporation Software Group Route 100 Somers, NY 10589 Produced in the United States of America September 2014 IBM, the IBM logo, ibm.com, and Trusteer Apex are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. The performance data discussed herein is presented as derived under specific operating conditions. Actual results may vary. It is the user’s responsibility to evaluate and verify the operation of any other products or programs with IBM products and programs. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that systems and products are immune from the malicious or illegal conduct of any party. ­ ­ 1 Verizon. “2013 Verizon Data Breach Investigations Report.” Retrieved from:http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations- report-2013_en_xg.pdf 2 Eve Maler, Andras Cser with Stephanie Balaouras, and Jennie Duong, “Market Overview: Employee And Customer Authentication Solutions In 2013, Part 1 of 2”, Forrester, December 30, 2013. As presented at: http://buildingtrust.trusteer.com/Unseen-Challenges-Forrester-Webinar_ March2014_Recording 3 Anupam Das (University of Illinois at Urbana-Champaign), Joseph Bonneau (Princeton University), Matthew Caesar (University of Illinois at Urbana-Champaign), Nikita Borisov (University of Illinois at Urbana-Champaign), and XiaoFeng Wang (Indiana University at Bloomington), “The Tangled Web of Password Reuse”; NDSS ’14, 23-26 February 2014, San Diego, CA, USA. Retrieved from: http://www.jbonneau.com/doc/DBCBW14-NDSS-tangled_web.pdf ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ Please Recycle WGW03071-USEN-00

Empfohlen

Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...MZERMA Amine
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET Journal
 
beyond_the_firewall_0103
beyond_the_firewall_0103beyond_the_firewall_0103
beyond_the_firewall_0103Jack McCullough
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsIRJET Journal
 
Cyber security.docx
Cyber security.docxCyber security.docx
Cyber security.docxsaivarun91
 
Sip 140208055023-phpapp02
Sip 140208055023-phpapp02Sip 140208055023-phpapp02
Sip 140208055023-phpapp02mark scott
 
Balancing Cloud-Based Email Benefits With Security
Balancing Cloud-Based Email Benefits With SecurityBalancing Cloud-Based Email Benefits With Security
Balancing Cloud-Based Email Benefits With SecuritySymantec
 
Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...IJECEIAES
 

Empfohlen

Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...MZERMA Amine
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET Journal
 
beyond_the_firewall_0103
beyond_the_firewall_0103beyond_the_firewall_0103
beyond_the_firewall_0103Jack McCullough
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsIRJET Journal
 
Cyber security.docx
Cyber security.docxCyber security.docx
Cyber security.docxsaivarun91
 
Sip 140208055023-phpapp02
Sip 140208055023-phpapp02Sip 140208055023-phpapp02
Sip 140208055023-phpapp02mark scott
 
Balancing Cloud-Based Email Benefits With Security
Balancing Cloud-Based Email Benefits With SecurityBalancing Cloud-Based Email Benefits With Security
Balancing Cloud-Based Email Benefits With SecuritySymantec
 
Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...IJECEIAES
 
Email Security Threats: IT Manager's Eyes Only
Email Security Threats: IT Manager's Eyes Only Email Security Threats: IT Manager's Eyes Only
Email Security Threats: IT Manager's Eyes Only Topsec Technology
 
Fire eye spearphishing
Fire eye spearphishingFire eye spearphishing
Fire eye spearphishingZeno Idzerda
 
Spear Phishing 101
Spear Phishing 101Spear Phishing 101
Spear Phishing 101Sendio
 
Security threats and attacks in cyber security
Security threats and attacks in cyber securitySecurity threats and attacks in cyber security
Security threats and attacks in cyber securityShri ramswaroop college of engineering and management
 
Understanding the Impact of Cyber Security in Health Care
Understanding the Impact of Cyber Security in Health CareUnderstanding the Impact of Cyber Security in Health Care
Understanding the Impact of Cyber Security in Health CareBlue Cross Blue Shield of Michigan
 
Cyber security tips in Banking in Nepal
Cyber security tips in Banking in NepalCyber security tips in Banking in Nepal
Cyber security tips in Banking in NepalResham Acharya
 
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsAnalyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsCybersecurity Education and Research Centre
 
Rapport X force 2014
Rapport X force 2014Rapport X force 2014
Rapport X force 2014Patrick Bouillaud
 
Spear Phishing
Spear PhishingSpear Phishing
Spear Phishing- Mark - Fullbright
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
How To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and TrainingHow To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and TrainingLondon School of Cyber Security
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber securityCarol Meng-Shih Wang
 
CERT STRATEGY TO DEAL WITH PHISHING ATTACKS
CERT STRATEGY TO DEAL WITH PHISHING ATTACKSCERT STRATEGY TO DEAL WITH PHISHING ATTACKS
CERT STRATEGY TO DEAL WITH PHISHING ATTACKScsandit
 
What is a Malware - Kloudlearn
What is a Malware - KloudlearnWhat is a Malware - Kloudlearn
What is a Malware - KloudlearnKloudLearn
 
What is Phishing - Kloudlearn
What is Phishing - KloudlearnWhat is Phishing - Kloudlearn
What is Phishing - KloudlearnKloudLearn
 
Spear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaSpear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaRaghunath G
 
A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comBusiness.com
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
IRJET- Honeywords: A New Approach for Enhancing Security
IRJET- Honeywords: A New Approach for Enhancing SecurityIRJET- Honeywords: A New Approach for Enhancing Security
IRJET- Honeywords: A New Approach for Enhancing SecurityIRJET Journal
 
IME
IMEIME
IMEΚοσμίδης Φιλιππος Λιβαδεια
 
Vichy Güneş Kremi
Vichy Güneş KremiVichy Güneş Kremi
Vichy Güneş Kremivichy-urunleri
 
Conf. 1°G-22
Conf. 1°G-22Conf. 1°G-22
Conf. 1°G-22Moisés Avelino López
 

Weitere ähnliche Inhalte

Was ist angesagt?

Email Security Threats: IT Manager's Eyes Only
Email Security Threats: IT Manager's Eyes Only Email Security Threats: IT Manager's Eyes Only
Email Security Threats: IT Manager's Eyes Only Topsec Technology
 
Fire eye spearphishing
Fire eye spearphishingFire eye spearphishing
Fire eye spearphishingZeno Idzerda
 
Spear Phishing 101
Spear Phishing 101Spear Phishing 101
Spear Phishing 101Sendio
 
Cyber security tips in Banking in Nepal
Cyber security tips in Banking in NepalCyber security tips in Banking in Nepal
Cyber security tips in Banking in NepalResham Acharya
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber securityCarol Meng-Shih Wang
 
CERT STRATEGY TO DEAL WITH PHISHING ATTACKS
CERT STRATEGY TO DEAL WITH PHISHING ATTACKSCERT STRATEGY TO DEAL WITH PHISHING ATTACKS
CERT STRATEGY TO DEAL WITH PHISHING ATTACKScsandit
 
What is a Malware - Kloudlearn
What is a Malware - KloudlearnWhat is a Malware - Kloudlearn
What is a Malware - KloudlearnKloudLearn
 
What is Phishing - Kloudlearn
What is Phishing - KloudlearnWhat is Phishing - Kloudlearn
What is Phishing - KloudlearnKloudLearn
 
Spear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaSpear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaRaghunath G
 
A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comBusiness.com
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
IRJET- Honeywords: A New Approach for Enhancing Security
IRJET- Honeywords: A New Approach for Enhancing SecurityIRJET- Honeywords: A New Approach for Enhancing Security
IRJET- Honeywords: A New Approach for Enhancing SecurityIRJET Journal
 

Was ist angesagt? (19)

Email Security Threats: IT Manager's Eyes Only
Email Security Threats: IT Manager's Eyes Only Email Security Threats: IT Manager's Eyes Only
Email Security Threats: IT Manager's Eyes Only
 
Fire eye spearphishing
Fire eye spearphishingFire eye spearphishing
Fire eye spearphishing
 
Spear Phishing 101
Spear Phishing 101Spear Phishing 101
Spear Phishing 101
 
Security threats and attacks in cyber security
Security threats and attacks in cyber securitySecurity threats and attacks in cyber security
Security threats and attacks in cyber security
 
Understanding the Impact of Cyber Security in Health Care
Understanding the Impact of Cyber Security in Health CareUnderstanding the Impact of Cyber Security in Health Care
Understanding the Impact of Cyber Security in Health Care
 
Cyber security tips in Banking in Nepal
Cyber security tips in Banking in NepalCyber security tips in Banking in Nepal
Cyber security tips in Banking in Nepal
 
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsAnalyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
 
Rapport X force 2014
Rapport X force 2014Rapport X force 2014
Rapport X force 2014
 
Spear Phishing
Spear PhishingSpear Phishing
Spear Phishing
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
 
How To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and TrainingHow To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and Training
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber security
 
CERT STRATEGY TO DEAL WITH PHISHING ATTACKS
CERT STRATEGY TO DEAL WITH PHISHING ATTACKSCERT STRATEGY TO DEAL WITH PHISHING ATTACKS
CERT STRATEGY TO DEAL WITH PHISHING ATTACKS
 
What is a Malware - Kloudlearn
What is a Malware - KloudlearnWhat is a Malware - Kloudlearn
What is a Malware - Kloudlearn
 
What is Phishing - Kloudlearn
What is Phishing - KloudlearnWhat is Phishing - Kloudlearn
What is Phishing - Kloudlearn
 
Spear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaSpear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishna
 
A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.com
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
IRJET- Honeywords: A New Approach for Enhancing Security
IRJET- Honeywords: A New Approach for Enhancing SecurityIRJET- Honeywords: A New Approach for Enhancing Security
IRJET- Honeywords: A New Approach for Enhancing Security
 

Andere mochten auch

Dppc policia civil sp
Dppc policia civil spDppc policia civil sp
Dppc policia civil spDiogoHilario
 
Tabla dinamica
Tabla dinamicaTabla dinamica
Tabla dinamicaEstefitha
 
contaminación ambiental
contaminación ambiental contaminación ambiental
contaminación ambiental daniela tapia
 
estrategia de aprendizaje COMPRENSION DE TEXTOS
estrategia de aprendizaje COMPRENSION DE TEXTOSestrategia de aprendizaje COMPRENSION DE TEXTOS
estrategia de aprendizaje COMPRENSION DE TEXTOSJavier Sanchez
 
Significado y contexto
Significado y contextoSignificado y contexto
Significado y contextoDahyana Ríos
 
Replenishment Automator Webinar
Replenishment Automator WebinarReplenishment Automator Webinar
Replenishment Automator WebinarWhatConts
 

Andere mochten auch (16)

IME
IMEIME
IME
 
Vichy Güneş Kremi
Vichy Güneş KremiVichy Güneş Kremi
Vichy Güneş Kremi
 
Conf. 1°G-22
Conf. 1°G-22Conf. 1°G-22
Conf. 1°G-22
 
Beautiful Girls
Beautiful GirlsBeautiful Girls
Beautiful Girls
 
Dppc policia civil sp
Dppc policia civil spDppc policia civil sp
Dppc policia civil sp
 
Tabla dinamica
Tabla dinamicaTabla dinamica
Tabla dinamica
 
Ankastre eşya alanlar
Ankastre eşya alanlarAnkastre eşya alanlar
Ankastre eşya alanlar
 
Research a2
Research a2Research a2
Research a2
 
contaminación ambiental
contaminación ambiental contaminación ambiental
contaminación ambiental
 
reseau
reseaureseau
reseau
 
Happy anniversarystages
Happy anniversarystagesHappy anniversarystages
Happy anniversarystages
 
Riesgos Ocupacionales
Riesgos Ocupacionales Riesgos Ocupacionales
Riesgos Ocupacionales
 
Resolução 9 ano
Resolução 9 anoResolução 9 ano
Resolução 9 ano
 
estrategia de aprendizaje COMPRENSION DE TEXTOS
estrategia de aprendizaje COMPRENSION DE TEXTOSestrategia de aprendizaje COMPRENSION DE TEXTOS
estrategia de aprendizaje COMPRENSION DE TEXTOS
 
Significado y contexto
Significado y contextoSignificado y contexto
Significado y contexto
 
Replenishment Automator Webinar
Replenishment Automator WebinarReplenishment Automator Webinar
Replenishment Automator Webinar
 

Ähnlich wie Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen

Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enoughEMC
 
Article1DISCUSSION_1Information security within an organi
Article1DISCUSSION_1Information security within an organiArticle1DISCUSSION_1Information security within an organi
Article1DISCUSSION_1Information security within an organimallisonshavon
 
Account Takeover: The Best Practices for Full Protection
Account Takeover: The Best Practices for Full ProtectionAccount Takeover: The Best Practices for Full Protection
Account Takeover: The Best Practices for Full ProtectionKalin Hitrov
 
Safeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit TheftSafeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit TheftAppsian
 
Best Cyber Security Courses In Bangladesh.docx
Best Cyber Security Courses In Bangladesh.docxBest Cyber Security Courses In Bangladesh.docx
Best Cyber Security Courses In Bangladesh.docxArindamGhosal6
 
7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences Magazine7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences MagazineThe Lifesciences Magazine
 
How to Keep Your Company Safe from Phishing.pptx
How to Keep Your Company Safe from Phishing.pptxHow to Keep Your Company Safe from Phishing.pptx
How to Keep Your Company Safe from Phishing.pptxAiCyberWatch
 
8Cyber security courses in Bangladesh.docx
8Cyber security courses in Bangladesh.docx8Cyber security courses in Bangladesh.docx
8Cyber security courses in Bangladesh.docxArindamGhosal6
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBsGFI Software
 
5 Reasons Why Your Business Should Consider Strong Authentication!
5 Reasons Why Your Business Should Consider Strong Authentication!5 Reasons Why Your Business Should Consider Strong Authentication!
5 Reasons Why Your Business Should Consider Strong Authentication!Caroline Johnson
 
Cybersecurity a short business guide
Cybersecurity a short business guideCybersecurity a short business guide
Cybersecurity a short business guidelarry1401
 
Human Error in Cyber Security Breaches | Cyberroot Risk Advisory
Human Error in Cyber Security Breaches | Cyberroot Risk AdvisoryHuman Error in Cyber Security Breaches | Cyberroot Risk Advisory
Human Error in Cyber Security Breaches | Cyberroot Risk AdvisoryCR Group
 
Cyber Security for Financial Planners
Cyber Security for Financial PlannersCyber Security for Financial Planners
Cyber Security for Financial PlannersMichael O'Phelan
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scamsronpoul
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scamsronpoul
 

Ähnlich wie Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen (20)

Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enough
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber Attacks
 
Article1DISCUSSION_1Information security within an organi
Article1DISCUSSION_1Information security within an organiArticle1DISCUSSION_1Information security within an organi
Article1DISCUSSION_1Information security within an organi
 
Account Takeover: The Best Practices for Full Protection
Account Takeover: The Best Practices for Full ProtectionAccount Takeover: The Best Practices for Full Protection
Account Takeover: The Best Practices for Full Protection
 
Safeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit TheftSafeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit Theft
 
Best Cyber Security Courses In Bangladesh.docx
Best Cyber Security Courses In Bangladesh.docxBest Cyber Security Courses In Bangladesh.docx
Best Cyber Security Courses In Bangladesh.docx
 
PHISHING PROTECTION
PHISHING PROTECTION PHISHING PROTECTION
PHISHING PROTECTION
 
7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences Magazine7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences Magazine
 
How to Keep Your Company Safe from Phishing.pptx
How to Keep Your Company Safe from Phishing.pptxHow to Keep Your Company Safe from Phishing.pptx
How to Keep Your Company Safe from Phishing.pptx
 
8Cyber security courses in Bangladesh.docx
8Cyber security courses in Bangladesh.docx8Cyber security courses in Bangladesh.docx
8Cyber security courses in Bangladesh.docx
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
 
5 Reasons Why Your Business Should Consider Strong Authentication!
5 Reasons Why Your Business Should Consider Strong Authentication!5 Reasons Why Your Business Should Consider Strong Authentication!
5 Reasons Why Your Business Should Consider Strong Authentication!
 
Cyber Security Threats For Small Business- Detox Technologies.pdf
Cyber Security Threats For Small Business- Detox Technologies.pdfCyber Security Threats For Small Business- Detox Technologies.pdf
Cyber Security Threats For Small Business- Detox Technologies.pdf
 
How I Will Phish You
How I Will Phish You How I Will Phish You
How I Will Phish You
 
Cybersecurity a short business guide
Cybersecurity a short business guideCybersecurity a short business guide
Cybersecurity a short business guide
 
Human Error in Cyber Security Breaches | Cyberroot Risk Advisory
Human Error in Cyber Security Breaches | Cyberroot Risk AdvisoryHuman Error in Cyber Security Breaches | Cyberroot Risk Advisory
Human Error in Cyber Security Breaches | Cyberroot Risk Advisory
 
Cyber Security for Financial Planners
Cyber Security for Financial PlannersCyber Security for Financial Planners
Cyber Security for Financial Planners
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scams
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scams
 

Mehr von CMR WORLD TECH

Cyber Security for Everyone Course - Final Project Presentation
Cyber Security for Everyone Course - Final Project PresentationCyber Security for Everyone Course - Final Project Presentation
Cyber Security for Everyone Course - Final Project PresentationCMR WORLD TECH
 
Cpq basics bycesaribeiro
Cpq basics bycesaribeiroCpq basics bycesaribeiro
Cpq basics bycesaribeiroCMR WORLD TECH
 
Questoes processautomation
Questoes processautomationQuestoes processautomation
Questoes processautomationCMR WORLD TECH
 
Aws migration-whitepaper-en
Aws migration-whitepaper-enAws migration-whitepaper-en
Aws migration-whitepaper-enCMR WORLD TECH
 
Delivery readness for pick season and higth volume
Delivery readness for pick season and higth volumeDelivery readness for pick season and higth volume
Delivery readness for pick season and higth volumeCMR WORLD TECH
 
Why digital-will-become-the-primary-channel-for-b2 b-engagement
Why digital-will-become-the-primary-channel-for-b2 b-engagementWhy digital-will-become-the-primary-channel-for-b2 b-engagement
Why digital-will-become-the-primary-channel-for-b2 b-engagementCMR WORLD TECH
 
Transcript Micrsosft Java Azure
Transcript Micrsosft Java Azure Transcript Micrsosft Java Azure
Transcript Micrsosft Java Azure CMR WORLD TECH
 
Buisiness UK Trading Marketing Finance
Buisiness UK Trading Marketing Finance Buisiness UK Trading Marketing Finance
Buisiness UK Trading Marketing Finance CMR WORLD TECH
 
Hyperledger arch wg_paper_1_consensus
Hyperledger arch wg_paper_1_consensusHyperledger arch wg_paper_1_consensus
Hyperledger arch wg_paper_1_consensusCMR WORLD TECH
 
Apexand visualforcearchitecture
Apexand visualforcearchitectureApexand visualforcearchitecture
Apexand visualforcearchitectureCMR WORLD TECH
 
Trailblazers guide-to-apps
Trailblazers guide-to-appsTrailblazers guide-to-apps
Trailblazers guide-to-appsCMR WORLD TECH
 
Berkeley program on_data_science___analytics_1
Berkeley program on_data_science___analytics_1Berkeley program on_data_science___analytics_1
Berkeley program on_data_science___analytics_1CMR WORLD TECH
 
Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_
Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_
Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_CMR WORLD TECH
 
Salesforce voice-and-tone
Salesforce voice-and-toneSalesforce voice-and-tone
Salesforce voice-and-toneCMR WORLD TECH
 

Mehr von CMR WORLD TECH (20)

Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber Security for Everyone Course - Final Project Presentation
Cyber Security for Everyone Course - Final Project PresentationCyber Security for Everyone Course - Final Project Presentation
Cyber Security for Everyone Course - Final Project Presentation
 
CPQ Básico
CPQ BásicoCPQ Básico
CPQ Básico
 
Cpq basics bycesaribeiro
Cpq basics bycesaribeiroCpq basics bycesaribeiro
Cpq basics bycesaribeiro
 
Apexbasic
ApexbasicApexbasic
Apexbasic
 
Questoes processautomation
Questoes processautomationQuestoes processautomation
Questoes processautomation
 
Process automationppt
Process automationpptProcess automationppt
Process automationppt
 
Transcript mva.cesar
Transcript mva.cesarTranscript mva.cesar
Transcript mva.cesar
 
Aws migration-whitepaper-en
Aws migration-whitepaper-enAws migration-whitepaper-en
Aws migration-whitepaper-en
 
Delivery readness for pick season and higth volume
Delivery readness for pick season and higth volumeDelivery readness for pick season and higth volume
Delivery readness for pick season and higth volume
 
Why digital-will-become-the-primary-channel-for-b2 b-engagement
Why digital-will-become-the-primary-channel-for-b2 b-engagementWhy digital-will-become-the-primary-channel-for-b2 b-engagement
Why digital-will-become-the-primary-channel-for-b2 b-engagement
 
Transcript Micrsosft Java Azure
Transcript Micrsosft Java Azure Transcript Micrsosft Java Azure
Transcript Micrsosft Java Azure
 
Buisiness UK Trading Marketing Finance
Buisiness UK Trading Marketing Finance Buisiness UK Trading Marketing Finance
Buisiness UK Trading Marketing Finance
 
Hyperledger arch wg_paper_1_consensus
Hyperledger arch wg_paper_1_consensusHyperledger arch wg_paper_1_consensus
Hyperledger arch wg_paper_1_consensus
 
Master lob-e-book
Master lob-e-bookMaster lob-e-book
Master lob-e-book
 
Apexand visualforcearchitecture
Apexand visualforcearchitectureApexand visualforcearchitecture
Apexand visualforcearchitecture
 
Trailblazers guide-to-apps
Trailblazers guide-to-appsTrailblazers guide-to-apps
Trailblazers guide-to-apps
 
Berkeley program on_data_science___analytics_1
Berkeley program on_data_science___analytics_1Berkeley program on_data_science___analytics_1
Berkeley program on_data_science___analytics_1
 
Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_
Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_
Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_
 
Salesforce voice-and-tone
Salesforce voice-and-toneSalesforce voice-and-tone
Salesforce voice-and-tone
 

Kürzlich hochgeladen

Mature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxMature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxolyaivanovalion
 
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...amitlee9823
 
Halmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxHalmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxolyaivanovalion
 
April 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's AnalysisApril 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's Analysismanisha194592
 
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Delhi Call girls
 
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...SUHANI PANDEY
 
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort ServiceBDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort ServiceDelhi Call girls
 
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...amitlee9823
 
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...amitlee9823
 
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAl Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAroojKhan71
 
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...amitlee9823
 
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night StandCall Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Standamitlee9823
 
FESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfFESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfMarinCaroMartnezBerg
 
Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusTimothy Spann
 
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangaloreamitlee9823
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Researchmichael115558
 

Kürzlich hochgeladen (20)

Mature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxMature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptx
 
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts ServiceCall Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
 
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
 
Halmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxHalmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFx
 
April 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's AnalysisApril 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's Analysis
 
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
 
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
 
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort ServiceBDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
 
Predicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science ProjectPredicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science Project
 
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
 
Sampling (random) method and Non random.ppt
Sampling (random) method and Non random.pptSampling (random) method and Non random.ppt
Sampling (random) method and Non random.ppt
 
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
 
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAl Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
 
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
 
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night StandCall Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
 
FESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfFESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdf
 
Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and Milvus
 
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Research
 

Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen

  • 1. IBM Software Thought Leadership White Paper September 2014 Protecting corporate credentials against today’s threats How proactively blocking credentials exposure can help close the door to cybercriminals
  • 2. 2 Protecting corporate credentials against today’s threats Contents 2 Introduction 3 4 6 7 Targeting end users The new threat landscape Preventing corporate credentials theft Conclusion 7 For more information 7 About IBM Security solutions Introduction Corporate credentials. They’re the keys to your enterprise and more than likely you’ve taken many steps to protect them. However, what many CISOs and security managers are finding is that traditional approaches to preventing credentials theft— from implementing stringent identity management policies to deploying anti-malware software—are no longer sufficient as the threat landscape changes. Sophisticated and highly directed spear phishing emails are tricking employees to input their credentials on very convincing, yet fraudulent websites. And increasingly complex password policies are driving the user behaviors that companies are trying to prevent—the reuse of corporate credentials on unapproved third party sites. Cybercriminals know this and now regularly target third party sites as they work to obtain employee log-in credentials and gain access to intellectual property and sensitive corporate data. It has become evident by the number of high-profile credentials thefts that a new approach is needed to protect corporate credentials. In this whitepaper, you’ll learn: ●● Why credentials are the first steps in modern attacks and the techniques criminals use to steal user credentials. ●● Why education and awareness programs can’t keep your employees from falling victim to sophisticated phishing, spear phishing, and watering hole attacks. ●● Why third party attacks are just as dangerous as targeted attacks to your enterprise. ●● What steps you can take to prevent credentials threats in this new landscape. ●● And how IBM® Security Trusteer Apex™ Advanced Malware Protection software can help.
  • 3. 3IBM Software Targeting end users For cybercriminals, corporate credentials represent the path of least resistance as they work to gain access to corporate networks and data. So it’s no surprise that stealing employee usernames and passwords has become a primary focus for attackers. In fact, investigations of current breaches reveal that lost or stolen corporate credentials play a significant role in allowing advanced threat success, with an estimated 76 percent of network breaches due to lost or stolen credentials.1 And Forrester reports that two out of three of the top data breach types last year involved corporate credentials.2 This includes both authentication credentials, such as usernames and passwords, along with personally identifiable information (names, addresses, phone numbers, social security numbers, etc.) that is often used in security challenge questions. Today’s cybercriminals commonly steal usernames and passwords through one of the following methods: Malware Attackers use various techniques to compromise user machines with malware—from drive-by downloads to watering hole attacks to infected USB drives and more. Key-logging features that capture user keystrokes during login and send the information to the attacker are found in almost every malware family today. Customer Data & Intellectual Property Employees / Contractors / Partners Cyber Criminals Difficult Easy Easy Employe e Protection Enterpri se Protection Firewall Intrusion Prevention System Anti-Virus Gateway Encryption Criminals attack the weakest link
  • 4. 4 Protecting corporate credentials against today’s threats While the perception is that these attacks cast a wide net, the reality is that they are often part of advanced persistent threats targeted at specific companies or industries. Investigations of recent credentials thefts have uncovered that in each case—whether the user was sent a weaponized attachment with an exploit or visited a compromised site—the event was part of a planned and directed attack on the enterprise. Phishing and spear phishing In recent years, the FBI has issued warnings about the rise of spear phishing attacks as part of larger advanced persistent threats. Here, the goal is to trick users to revealing their credentials versus tricking the systems into downloading malware. These emails lure employees to fraudulent websites that closely resemble a website they trust. Once employees enter their login and password information onto the phishing site, the credentials are automatically sent to the attacker. It only takes one employee to fall for a spear phishing email for attackers to gain access to the corporate network. Once in, attackers can easily increase their success using a trusted employee account to obtain additional credentials and wider access to applications and data. Consider one attack in which spear phishing emails were sent to a company’s employees directing them to a fake login page. While most of the employees deleted the email, at least one employee logged into the exploit site. Security personnel detected the attack and asked employees to reset their passwords. However, knowing this, the attackers then launched a new spear phishing attack, asking users to reset their passwords on a fake password reset site. This ultimately enabled the attackers to access not only a number of corporate accounts, but also the organization’s social media account. The attackers published their own content on the site, promoting their cause and damaging the organization’s reputation and brand in the process. Third party breaches As password complexity increases, employees are more likely to reuse their usernames and passwords on e-commerce, subscription and social media sites, despite corporate policy. Because of this, cybercriminals have turned their focus to obtain user information from popular websites, knowing there is a high likelihood that those same credentials could be used for logging in to other systems as well. The headlines are full of high-profile breaches on leading websites, some in which hundreds of millions of user accounts were compromised. Significant new vulnerabilities, like the Heartbleed bug, highlight the risk that companies face from password reuse. As news of Heartbleed broke, the big question for companies was: If a third party site is compromised, will we be part of the story? The new threat landscape Traditionally, companies protect corporate credentials in three ways: 1. Stringent identity and access management policies and solutions that guide password creation and use 2. Extensive employee education and awareness programs regarding the risks and user responsibilities 3. Anti-malware and threat detection technologies
  • 5. 5IBM Software While each is critical in maintaining a strong security posture, they are no longer sufficient for preventing credentials theft in today’s landscape. In fact, in many highly publicized breaches, each company affected had implemented the traditional technologies and programs, and still lost corporate credentials during an attack. The reason: human behavior. Attackers know it’s just a matter of time before an employee d one of the following: ●● Mistakenly clicks on a link in an email and enters credential in what appears to be a trusted website. ●● Reuses his or her corporate credentials on third party sites, because it’s easier to remember one password instead of six passwords or more. ●● Unknowingly falls victim to a drive-by download, watering hole attack or infected USB drive. As a result, one of the biggest challenges companies face in protecting corporate credentials is in enforcing existing policie and preventing criminals from exploiting user behavior. Increased password complexity increases likelihood of password reuse It’s common for corporate security policies today to require employees to create eight-or-more-character passwords that include uppercase and lowercase letters as well as digits and symbols. However, the more complex the password, the harder it is for employees to remember, and this has created an unintended consequence. As password strength has increased, so has the likelihood that employees will reuse their passwords, or a derivative of the same password, across both corporate and non-corporate applications. One study shows that up to 51 percent of users reuse their credentials across sites, placing their companies at risk.3 Even with education to help users create “secure but memorable passwords,” reuse remains high. Employee education can’t prevent human error To help enforce password policies, IT and security organizations have long delivered education awareness programs that teach employees about the risk of password reuse and how to safeguard their corporate credentials. However, most companies have no way of enforcing these policies, or even knowing whether employees follow them. As noted earlier, industry statistics indicate that up to half of all employees don’t observe these directives. Even when employees are diligent about following policies, cybercriminals know that one well-crafted spear phishing email, using information gained from social engineering tactics, can sometimes convince even a seasoned security expert. Anti-malware software provides a false sense of security Companies also use anti-malware software to help detect and prevent malware-based threats, but this approach doesn’t prevent credentials theft for two basic reasons. First, cybercriminals are continually creating new malware, and, occasionally, these new variants avoid detection. In fact, in one publicized attack, a spear phishing email deployed advanced malware on an employee’s system that circumvented the company’s anti-malware software. The criminals gained access to the user’s machine, captured his credentials, and accessed corporate systems and applications as a result. Second, cybercriminals don’t always use malware to steal an employee’s credentials. They only need to trick users to enter their username and password on a phishing site, and the result is the same. oes s s
  • 6. 6 Protecting corporate credentials against today’s threats Preventing corporate credentials theft Today, effectively preventing the theft of corporate credentials from advanced threats requires the following three essential capabilities: ●● Preventing malware from compromising the user system, and, in cases where malware avoids detection, helping prevent malware from communicating out to expose corporate credentials. This preempts malware communication from sending stolen keystrokes to a cybercriminal. ●● Validating that corporate credentials are used only to log in to approved corporate applications—whether those applications are hosted internally, or delivered by a SaaS vendor or business partner, or through the cloud. ●● Automatically preventing corporate credentials from being sent to unauthorized sites. This can help prevent users from submitting their credentials on phishing sites, as well as help stop the reuse of corporate credentials on unapproved third party sites, such as social networks. By focusing on both the usage and transmission of the credentials themselves, companies can realize greater success in enforcing security policies and preventing credentials theft. How IBM Security Trusteer Apex Advanced Malware Protection can help IBM Security Trusteer Apex Advanced Malware Protection software offers a new threat prevention approach that provides unparalleled protection against spear phishing, credentials theft and advanced information-stealing malware. By monitoring how and when corporate credentials are used, and automatically preventing exposure, Trusteer Apex software helps companies protect their corporate credentials as the threat landscape evolves. Unlike other approaches designed only to block malware, Trusteer Apex software helps prevent advanced malware and advanced persistent threats from compromising user endpoints and includes special protections that help prevent corporate credentials theft and exposure. These protections include: ●● Helping block malware communications. Trusteer Apex software helps blocks malware and malicious communications from malware to help prevent corporate credentials exposure. Even if malware has infected an employee’s machine, the user’s credentials can’t be exfiltrated. ●● Helping prevent corporate password exposure on phishing sites. Trusteer Apex software helps protect employee credentials from phishing attacks by validating that employees are submitting their credentials only to authorized login URLs. When users attempt to submit their enterprise credentials to an unauthorized URL, Trusteer Apex software will require the user to provide different credentials. ●● Helping prevent re-use of corporate credentials on non- corporate sites. Trusteer Apex software also helps prevent corporate employees from re-using their corporate credentials to access public sites, such as ecommerce and social media sites. The software monitors when corporate credentials are used and can require users to change their credentials before logging in to a non-approved website. As a result, organizations can easily support access to both corporate and approved third party SaaS and cloud applications, while preventing exposure on unauthorized sites. Delivered as a lightweight software agent and deployed through the IBM cloud, Trusteer Apex software transparently runs on both managed and unmanaged endpoints (including consultants and partner endpoints) to help protect corporate credentials without impacting performance or access.
  • 7. 7IBM Software Conclusion Recent attacks have demonstrated that traditional identity management policies, user education programs and threat detection technologies don’t fully protect corporate credentials against evolving threats. As a result, while companies may be in compliance with regulatory and industry requirements, they still may be vulnerable. Advanced malware that circumvents anti-malware software, sophisticated phishing attacks using social engineering tactics, and vulnerabilities in third party networks have all been linked to cases of credentials theft. Without the ability to automatically prevent phishing and the reuse of corporate credentials on non-corporate sites, companies are at risk. Trusteer Apex software offers a new approach to protecting corporate credentials that focuses on prevention— helping companies block transmission before employee credentials are compromised. For more information To learn more about protecting corporate credentials and IBM Security Trusteer Apex software, please contact your IBM representative or IBM Business Partner, or visit the following website: ibm.com/security About IBM Security solutions IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force® research and development, provides security intelligence to help organizations holistically protect their people, infrastructures, data and applications, offering solutions for identity and access management, database security, application development, risk management, endpoint management, network security and more. These solutions enable organizations to effectively manage risk and implement integrated security for mobile, cloud, social media and other enterprise business architectures. IBM operates one of the world’s broadest security research, development and delivery organizations, monitors 13 billion security events per day in more than 130 countries, and holds more than 3,000 security patents. ­ IBM Security Trusteer Apex software specifically protects employee credentials—a prime target for cybercriminals. Legitimate corporate site Credentials theft via phishing Corporate credential reuse WWW Unauthorized legitimate site Phishing site Authorized site Submit: Allow Enter password Detect submission Validate destination
  • 8. © Copyright IBM Corporation 2014 IBM Corporation Software Group Route 100 Somers, NY 10589 Produced in the United States of America September 2014 IBM, the IBM logo, ibm.com, and Trusteer Apex are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. The performance data discussed herein is presented as derived under specific operating conditions. Actual results may vary. It is the user’s responsibility to evaluate and verify the operation of any other products or programs with IBM products and programs. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that systems and products are immune from the malicious or illegal conduct of any party. ­ ­ 1 Verizon. “2013 Verizon Data Breach Investigations Report.” Retrieved from:http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations- report-2013_en_xg.pdf 2 Eve Maler, Andras Cser with Stephanie Balaouras, and Jennie Duong, “Market Overview: Employee And Customer Authentication Solutions In 2013, Part 1 of 2”, Forrester, December 30, 2013. As presented at: http://buildingtrust.trusteer.com/Unseen-Challenges-Forrester-Webinar_ March2014_Recording 3 Anupam Das (University of Illinois at Urbana-Champaign), Joseph Bonneau (Princeton University), Matthew Caesar (University of Illinois at Urbana-Champaign), Nikita Borisov (University of Illinois at Urbana-Champaign), and XiaoFeng Wang (Indiana University at Bloomington), “The Tangled Web of Password Reuse”; NDSS ’14, 23-26 February 2014, San Diego, CA, USA. Retrieved from: http://www.jbonneau.com/doc/DBCBW14-NDSS-tangled_web.pdf ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ Please Recycle WGW03071-USEN-00