Cybersecurity 101 - A Masterclass in Securing MSPs and IT Pros Secure Your Future: Getting Cyber Ready for 2024

•Als PPTX, PDF herunterladen•

0 gefällt mir•6 views

In this masterclass, Tyler will: Unravel the intricacies of what hacking will look like in 2024 Shed light on the latest techniques and strategies employed by cybercriminals Equip you with the knowledge and tools needed to up your defense game and elevate your clients' security to new heights

Technologie

MSP Security Masterclass
Webinar 3 of 3
Tyler Wrightson
Leet Cyber Security

First Week Recap
• Hackers Target MSPs
• Risk is Bidirectional
1. Admin policy & Training to avoid password reuse
2. MFA Everything (of value)
3. Minimum Necessary & Least Privilege
4. Complacency

Last Week Recap
• Strength in Small Business
• Foundations
– Business Risk
– Vuln != Risk
– Context Matters

Last Week Recap – Top Five Controls
1. MFA
1. Email & VPN
2. Legacy Protocols
3. “Other” login locations
2. VPN ACLs
1. Minimum Necessary & Least Privilege
2. Isolate what matters
3. Internal Network ACLs

Last Week Recap – Top Five Controls
4. Privileges & Passwords
1. Local Admins Group
2. Credential Reuse (and Pass-The-Hash)
3. Privileged Users
4. LAPS & PAWs
5. MDR
– Specifically Managed
– Not NSM

Getting Cyber Ready for 2024
What will hacking look like in 2024 and what can MSPs do about it

“No ones going to touch us,
no one knows us”

1. Next Gen Social Engineering
• “Synthetic Media” (image, video, audio and text)
– AI Image generation
– Deepfakes
– Voice Cloning
– Text

Voice Clone – What do we say?
• Anything that works in a phishing email
• Get me some gift cards
• Funds transfer, credit card payment, bank info
• We’re almost done with your loan application, just one more thing
• I have a new cell phone number, then “Hey did you get my
voicemail”
• Text your MFA code to a test
• Leave Keys, access tokens, computers, phone, tablet
• Someone will be there soon to grab X…
• Leave where you are
• Go somewhere specific
• ANYTHING

Text Cloning
• Scrape your blog
– Draft an email
• Scrape social media
– How do you talk to relatives
– How do you talk to Spouse
• Chatbot / SMS automation
– Voice recordings
– Romance scams
• Perfect English, no more typos
• Perfect industry lingo and references

What Can MSPs Do About it…
• Awareness & Education
• Educate your clients
– AI, Voicecloning, Deepfakes
• Continue your education
– Understand your adversary

Weitere ähnliche Inhalte

Ähnlich wie Cybersecurity 101 - A Masterclass in Securing MSPs and IT Pros Secure Your Future: Getting Cyber Ready for 2024

How to protect your clients and your law firm from money transfer scams

Gabor Szathmari

Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...

SurfWatch Labs

Unveiling the dark web. The importance of your cybersecurity posture

Lourdes Paloma Gimenez

Communication Compliance is part of the Insider Risk solution set in Microsoft 365. Its purpose is to monitor communication methods used both within and outside of the Microsoft 365 cloud to help identify insider non-compliant and risky communication. In the modern workplace today, communication methods are vast and varied and all can be a potential channel for non-compliance. The Communication Compliance tool has been purpose-built to help identify potential areas of non-compliance across these communication methods and remediation actions that can be taken depending on the severity of the activity.

Communication Compliance in Microsoft 365

Joanne Klein

Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...

Knowledge Group

Rothke stimulating your career as an information security professional

Ben Rothke

Using SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk

SurfWatch Labs

Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...

Graeme Wood

Using Technology and People to Improve your Threat Resistance and Cyber Security

Stephen Cobb

ConnXus myCBC Webinar Series: Cybersecurity Risks to Your Business

ConnXus

Cyber security

Ashok Mankodi

protecting your digital personal life

Nathan Lesser

SOD-Presentation-Des-Moines-10.19.21-v2.pptx

TamaOlan1

Original air date: Aug. 29, 2017 Rebroadcast and recording info at http://www.mhmcpa.com Cybercriminals don’t discriminate when it comes to valuable data. Not-for-profit organizations are just as vulnerable to technology-related risks as for-profit organizations. Robust cybersecurity and information technology controls can help not-for-profits keep sensitive information secure, and as data breaches become more common, information technology controls are increasingly vital to your operations. In our webinar, we'll discuss some of the most common technology risks for not-for-profits and what management can do to mitigate those risks.

Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...

MHM (Mayer Hoffman McCann P.C.)

TACOM 2014: Back To Basics

Joel Cardella

The Cost and Loss of Not using Single Sign-On with Two-Factor Authentication

PortalGuard dba PistolStar, Inc.

Michigan Bankers Association Best 2014 enterprise risk management ppt

Brian T. O'Hara CISA, CISM, CRISC, CCSP, CISSP

Quantifying Cyber Risk, Insurance and The Value of Personal Data

Steven Schwartz

4MANUAL OVERVIEW 5SECTION 1:Introduction: Welcome to CyberLeet 51.1 Introduction 51.2 Your Role at CyberLeet 61.3 Purpose of This Manual 7SECTION 2:CORE TENETS OF CYBERSECURITY 72.1 Confidentiality 72.2 Integrity 82.3 Availability 9SECTION 3:CYBERSECURITY POLICIES 93.1 Password Policies 93.2 Acceptable Use Policies 103.3 User Training Policies 103.4 Basic User Policies 11SECTION 4:THREAT MITIGATION SCENARIOS 114.1 Theft 114.2 Malware 124.3 Your Choice 13SECTION 5: REFERENCES MANUAL OVERVIEW You are the training manager at CyberLeet Technologies, a midsized firm that provides cybersecurity services to other businesses. CyberLeet’s core customer base is sole proprietorships and other mom-and-pop shops that are too small to have their own IT departments and budgets. Generally speaking, your clients have a reasonably high risk tolerance, and put a premium on the functionality of their IT systems over stringent security measures. However, you also have clients that must protect highly sensitive information in order to continue operating successfully. For example, CyberLeet supports a few small public-accounting firms that need to maintain important tax-related information, as well as several day-care businesses that must keep children’s health records private while allowing necessary access for certain caregivers. In the past year, CyberLeet has experienced rapid growth, which means you can no longer personally provide one-on-one training to every new information security analyst as they are hired. Therefore, you have decided to create a training manual that will explain to the current and future cohorts of new hires the essential principles and practices that they must understand in order to be successful in their role as information security analysts at CyberLeet. Manual Layout There are four sections in the manual, which cover all the components of a new employee training manual. As the training manager, you must complete each section using information you learned in this course. Refer to the background information on CyberLeet and apply the appropriate information that best matches based on the size of the company, the value of cybersecurity, and its core tenets. Apply best practices of cybersecurity principles for addressing the common threat scenarios of a sole proprietary business. The main sections of the manual you are responsible for completing are the following: · Introduction · Core tenets of cybersecurity · Developing cybersecurity policies · Threat mitigation scenarios In Section One, describe the organization. Provide a short history of the company, define the way it operates, and describe its place within the industry and the community it serves. Follow the prompts to complete each section. All prompts should be deleted prior to submitting this section. SECTION 1: Introduction: Welcome to CyberLeet1.1 Introduction Prompt: Explain the value of CyberLeet Technologiesas a provider of cybersecurity services to its .

4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx

alinainglis

Phishing Whaling and Hacking Case Studies.pptx

Stephen Jesukanth Martin

Ähnlich wie Cybersecurity 101 - A Masterclass in Securing MSPs and IT Pros Secure Your Future: Getting Cyber Ready for 2024 (20)

How to protect your clients and your law firm from money transfer scams

Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...

Unveiling the dark web. The importance of your cybersecurity posture

Communication Compliance in Microsoft 365

Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...

Rothke stimulating your career as an information security professional

Using SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk

Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...

Using Technology and People to Improve your Threat Resistance and Cyber Security

ConnXus myCBC Webinar Series: Cybersecurity Risks to Your Business

Cyber security

protecting your digital personal life

SOD-Presentation-Des-Moines-10.19.21-v2.pptx

Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...

TACOM 2014: Back To Basics

The Cost and Loss of Not using Single Sign-On with Two-Factor Authentication

Michigan Bankers Association Best 2014 enterprise risk management ppt

Quantifying Cyber Risk, Insurance and The Value of Personal Data

4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx

Phishing Whaling and Hacking Case Studies.pptx

Mehr von MSP360

Webinar - Generating More Revenue with MSP360

MSP360

Seamless Data Protection with MSP360 + Wasabi

MSP360

No matter the size of your IT environment, managing it can become quite complex. To address that, we developed a powerful yet user-friendly solution called MSP360 RMM to streamline your IT management. Join us for an educational webinar where we'll walk you through the key steps to getting started with MSP360 RMM and share valuable insights from our top experts, Dmitry Evdokimov and Andrew Anushin. You’ll learn how to efficiently manage all aspects of your IT infrastructure within a single dashboard and save your time.

Getting Started with MSP360 RMM webinar April 2024

MSP360

Webinar - Unlocking the Critical Value of Cloud Backup and Storage - FINAL

MSP360

MSP360 Managed Backup: Secure Data Protection for Microsoft 365 and Google Wo...

MSP360

Getting Started with MSP360 Managed Backup: Secure Your Data and Save Money ...

MSP360

Join MSP360 along with Nick Cavalancia from Conversational Geek and Tyler Wrightson from Leet Cybersecurity as they discuss: - The ransomware reality – what’s really happening during ransomware attacks? - The ransomware aftermath – what state is a victim network in post-attack? - The ransomware recovery – what recovery efforts are really necessary to bring a business back to a state of operations? - The future of ransomware – what will ransomware look like in the coming year, and how should you prepare?

The Role of Backup and Recovery in the New Ransomware Economy

MSP360

Getting Started With Managed Backup: Configuration Best Practices

MSP360

Cybersecurity Essentials for Educational Institutions

MSP360

Getting Started With Managed Backup - 2023.pptx

MSP360

Cybersecurity 101 - A Masterclass in Securing MSPs and IT Pros Understand Hac...

MSP360

During Cybersecurity Awareness Month, we are reminded of the importance of safeguarding your business and your clients against cyber threats. As an MSP, you must ensure that you are fully compliant and fully educated in the latest cyber insurance regulations to assist your clients in case the need arises. Join Joseph Brunsman, an expert in cyber insurance and cyber law, Nick Cavalancia, a four-time Microsoft MVP, and Kurt Abrahams, CMO at MSP360, as they unravel crucial elements related to cyber insurance. During this webinar, we will explore the following key topics: Adapting to the evolving cyber threat landscape: comprehending the changing landscape of cyber insurance requirements. Effective strategies for reducing cyber insurance costs and countering ransomware attacks. The indispensable role of Object Lock (Immutability).

Unraveling the Mystery of Cyber Insurance - MSP Guide to Cyber Insurance - Pr...

MSP360

Even before ChatGPT wowed the world, artificial intelligence (AI) has been in use by both cybersecurity vendors and adversaries alike. The ability to identify trends, weaknesses, and threats more quickly and accurately than human efforts alone made AI the perfect tool for both sides of the battle for access to your organization's systems, applications, and data. So, what does the current landscape look like for AI as both attacker and defender and how can you best take advantage of the right subsets of AI to improve your cybersecurity stance? Join Guy Caspi, CEO of Deep Instinct, Nick Cavalancia, CEO of Techvangelism, and Brian Helwig, CEO of MSP360, as they discuss: How AI and Deep Learning are being leveraged for both offensive and defensive purposes in the cybersecurity landscape The potential benefits and risks associated with using these technologies Points within your cybersecurity defenses where AI can be most impactful

The Use (and Misuse) of AI in Cybersecurity: Exploring Two Sides of the Same...

MSP360

MSP360 Sales Master Class Series Part 1

MSP360

MSP360 Sales Master Class Series Part 1

MSP360

Complicated IT processes for your backup and storage solution are truly a relic of the past. Streamline your internal IT processes with Wasabi and MSP360. With these two solutions combined, you can take advantage of powerful data protection, secure remote access, and simplified IT management in a unified platform all while ensuring your data is stored in the hottest cloud storage. See how you can see the benefits of a simplified, cost-effective and most importantly, secure backup solution for your datacenter. What you will learn: - How Wasabi & MSP360 are the ideal backup solution for IT Teams - How you can keep backup and storage costs down while for SaaS-based management - Ensure top notch data security for all your valuable and critical data By registering for this webinar you agree to share your contact details and be contacted by Wasabi and MSP360.

Cyber Attacks Are Heating Up, Let Wasabi and MSP360 Turn Down The Heat

MSP360

Learn what it will mean to be human and face the cybercrime challenges of the next century. Deep fakes, artificial intelligence, voice cloning, biometrics, robotics, holograms, crypto currency, smart contracts, smart devices, smart homes, smart cities, IOT. In our latest webinar, we’ll discuss: How do they all play a part in the safety and security of humans? What will ransomware, malware, extortion, and kinetic attacks look like in the future? What can you do to protect your business or your clients from the latest attack methods? This webinar is an exploration into the extraordinary things that will happen over the coming years as technology continues to evolve and hackers and cybercriminals look to take advantage of it for their own profit. Join us as we discuss the next frontier in cyber threats.

A Brave New World - An Exploratory Look Into The Future of Hacking and Cyber...

MSP360

A lot has happened at MSP360 lately. We've implemented dozens of amazing features such as: MSP360 Backup - Immutability for Backblaze B2 in MSP360 Backup - Forever forward incremental backups and intelligent retention - Encryption password recovery service, quick restore application, native 2FA, and more MSP360 RMM - MSP360 RMM now has extended support for Windows, macOS, and Linux devices. - Scheduled tasks and script library - Windows update policy and SNMP monitoring MSP360 Connect - Web-based remote access Deep Instinct - Integration with Deep Instinct, a prevention-first cybersecurity solution developed to stop even the most advanced malware attacks, including ransomware, zero-day vulnerabilities, and fileless malware, using the world’s first and only purpose-built, deep-learning cybersecurity framework.

What’s New at MSP360?

MSP360

Which is a more devastating impact from a ransomware attack: the encryption of just about everything brining production to a halt, or the theft and publication of terabytes of sensitive data? Regardless of which answer you choose, today’s ransomware attacks zero in on your accessing most important, critical, sensitive, and valuable data. New storage protection concepts like cyberstorage offer organizations an ability to prevent the success of ransomware attacks, but not everyone has cyberstorage today… or do they?

The Role of Cyberstorage in Stopping Modern Ransomware Attacks

MSP360

Despite even the best security measures, none of us are immune from the menace of ransomware attacks. 2021 saw not only an increase in attacks, but more evolved ransomware variants that threaten data exfiltration and target MSPs. If you want to be prepared, then you need to have a good protection and response plan in place. This session covers important topics to help you prepare and respond quickly to a ransomware attack to minimize down-time and exposure. -Create a cyber incident response plan -Security training -Backup in your in protection strategy -Recovery procedures

MSP360: Ransomware Prepper Guide

MSP360

Mehr von MSP360 (20)

Webinar - Generating More Revenue with MSP360

Seamless Data Protection with MSP360 + Wasabi

Getting Started with MSP360 RMM webinar April 2024

Webinar - Unlocking the Critical Value of Cloud Backup and Storage - FINAL

MSP360 Managed Backup: Secure Data Protection for Microsoft 365 and Google Wo...

Getting Started with MSP360 Managed Backup: Secure Your Data and Save Money ...

The Role of Backup and Recovery in the New Ransomware Economy

Getting Started With Managed Backup: Configuration Best Practices

Cybersecurity Essentials for Educational Institutions

Getting Started With Managed Backup - 2023.pptx

Cybersecurity 101 - A Masterclass in Securing MSPs and IT Pros Understand Hac...

Unraveling the Mystery of Cyber Insurance - MSP Guide to Cyber Insurance - Pr...

The Use (and Misuse) of AI in Cybersecurity: Exploring Two Sides of the Same...

MSP360 Sales Master Class Series Part 1

Cyber Attacks Are Heating Up, Let Wasabi and MSP360 Turn Down The Heat

A Brave New World - An Exploratory Look Into The Future of Hacking and Cyber...

What’s New at MSP360?

The Role of Cyberstorage in Stopping Modern Ransomware Attacks

MSP360: Ransomware Prepper Guide

Kürzlich hochgeladen

Extensible Python: Robustness through Addition - PyCon 2024

Patrick Viafore

Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf

FIDO Alliance

IESVE for Early Stage Design and Planning

IES VE

Oauth 2.0 Introduction and Flows with MuleSoft

shyamraj55

The presentation underscores the strategic advantage of treating design systems not just as technical assets but as vital business components that require thoughtful management, robust planning, and strategic alignment with organizational goals. Key Points Covered: - Understanding Design Systems as Business Entities: Conceptualizing design systems as internal business entities can streamline their integration and evolution within a company. - Adoption and Expansion: Elaborating on the importance of tactical adoption across organizational structures, enhancing product suites to cater to user needs and broadening scope to mobile and content authoring solutions. - Data-Driven Development: Utilizing data insights for component development ensures that resources are allocated to create valuable, widely used features. - Financial Modeling for Design Systems: Developing sustainable funding models is crucial for long-term support and success of design systems. - Promoting Internal Buy-In: Stressing on strategies for promoting design systems within the organization to increase engagement and investment from internal stakeholders.

A Business-Centric Approach to Design System Strategy

UXDXConf

I'm excited to share my latest predictions on how AI, robotics, and other technological advancements will reshape industries in the coming years. The slides explore the exponential growth of computational power, the future of AI and robotics, and their profound impact on various sectors. Why this matters: The success of new products and investments hinges on precise timing and foresight into emerging categories. This deck equips founders, VCs, and industry leaders with insights to align future products with upcoming tech developments. These insights enhance the ability to forecast industry trends, improve market timing, and predict competitor actions. Highlights: ▪ Exponential Growth in Compute: How $1000 will soon buy the computational power of a human brain ▪ Scaling of AI Models: The journey towards beyond human-scale models and intelligent edge computing ▪ Transformative Technologies: From advanced robotics and brain interfaces to automated healthcare and beyond ▪ Future of Work: How automation will redefine jobs and economic structures by 2040 With so many predictions presented here, some will inevitably be wrong or mistimed, especially with potential external disruptions. For instance, a conflict in Taiwan could severely impact global semiconductor production, affecting compute costs and related advancements. Nonetheless, these slides are intended to guide intuition on future technological trends.

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl

Peter Udo Diehl

As an SEO expert specializing in the IPTV and VPN niches with over five years of experience, I navigate the unique challenges of these industries adeptly. My strategic approach encompasses competitive analysis, targeted keyword research, content optimization, and high-quality backlink creation. My goal is to optimize my clients' online visibility, generating targeted organic traffic and maximizing their return on investment. With a results-driven approach and a passion for innovation, I'm poised to assist my clients in thriving in an ever-evolving digital landscape. <a href="https://iptvreel.com">

THE BEST IPTV in GERMANY for 2024: IPTVreel

reely ones

How to differentiate Sales Cloud and CPQ on first glance might be tricky if you do not know where to look and what to look at. You will know :-) Managing the sales process within Salesforce is a common use case that can be managed with standart Sales Cloud. If you want to do entire quoting process you will find out Salesforce CPQ solution exists. What is then the difference if both can handle selling products? You will see comparison of 10 different features, which Sales Cloud and Salesforce CPQ handle differently. Simple question you will always remember if you should consider using Salesforce CPQ will be a cherry on top.

10 Differences between Sales Cloud and CPQ, Blanka Doktorová

CzechDreamin

Where to Learn More About FDO _ Richard at FIDO Alliance.pdf

FIDO Alliance

Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...

FIDO Alliance

FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...

FIDO Alliance

TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...

marcuskenyatta275

Designing inclusive products is not only a social responsibility but also a business imperative. This talk delves into the journey of creating accessible hardware products that cater to diverse user needs. Key Topics Covered: 1. Introduction to Inclusive Design - Importance of accessibility in product design - Overview of Comcast's commitment to making products accessible to a wide audience 2. Case Study: Xfinity Large Button Voice Remote - Initial challenges and the evolution of the product - User research and feedback that shaped the design - Key features of the final product and their benefits 3. Designing for Diverse Needs - Understanding human-centered design and its historical context - The impact of designing for people with disabilities on overall product quality - Examples from other industries, such as architecture and industrial design 4. Integrating Accessibility from the Beginning - The cost and efficiency benefits of designing for accessibility from the start - The process of embedding accessibility as a core trait rather than an optional feature 5. Real-World Impact and Continuous Improvement - Insights from in-home studies with users having assistive needs - How continuous feedback and iterative design lead to better products - The role of inclusive research and development practices

Designing for Hardware Accessibility at Comcast

UXDXConf

Heather Hedden, Senior Consultant at Enterprise Knowledge, presented “Enterprise Knowledge Graphs: The Importance of Semantics” on May 9, 2024, at the annual Data Summit in Boston. In her presentation, Hedden describes the components of an enterprise knowledge graph and provides further insight into the semantic layer – or knowledge model – component, which includes an ontology and controlled vocabularies, such as taxonomies, for controlled metadata. While data experts tend to focus on the graph database components (RDF triple store or a label property graph), Hedden emphasizes they should not overlook the importance of the semantic layer.

Enterprise Knowledge Graphs - Data Summit 2024

Enterprise Knowledge

Join me in this session where I'll share our journey of building a fully serverless application that flawlessly managed check-ins for an event with a staggering 80 thousand registrations. We'll dive into three key strategies that made this possible. Firstly, by harnessing DynamoDB global tables, we ensured global service availability and data replication across regions, boosting performance and disaster recovery. Next, we'll explore how we seamlessly integrated real-time updates into the app using Appsync subscriptions, making the experience dynamic and engaging for users. Finally, I'll discuss how provisioned concurrency not only improved performance but also kept costs in check, highlighting the cost-effectiveness of serverless architectures. Through these strategies and the inherent scalability of serverless technology, our application effortlessly handled massive user loads without manual intervention. This session is a real world example to the power and efficiency of modern cloud-based solutions in enabling seamless scalability and robust performance with Serverless

How we scaled to 80K users by doing nothing!.pdf

Srushith Repakula

AI presentation and introduction - Retrieval Augmented Generation RAG 101

vincent683379

When you think of a highly secure meeting environment, do you instantly think 'Microsoft Teams'!? Or do you think about some unknown application, troublesome UI and daunting login process...? If you think the latter - let's change that! In this session Femke will show you how using Teams Premium features can create secure, but also good looking meetings! PRETTY. Make sure your company's brand is represented before, during and after the meeting with Customization policies in place. SECURE. Lets utilize Meeting templates and Sensitivity Labels to protect your meeting and data to prevent sensitive information from being leaked. After this session, you will have a clear understanding of the capabilities of Teams Premium features and how to set up the perfect meeting that suits your organizational requirements!

ECS 2024 Teams Premium - Pretty Secure

Femke de Vroome

Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)

Julian Hyde

This talk focuses on the practical aspects of integrating various telephony systems with Salesforce, drawing on examples from implementations in the Czech scene. It aims to inform attendees about the spectrum of telephony solutions available, from small to large scale, and their compatibility with Salesforce. The presentation will highlight key considerations for selecting a telephony provider that integrates smoothly with Salesforce, including important questions to support the decision-making process. It will also discuss methods for integrating existing telephony systems with Salesforce, aimed at companies contemplating or in the process of adopting this CRM platform. The discussion is designed to provide a straightforward overview of the steps and considerations involved in telephony and Salesforce integration, with an emphasis on functionality, compatibility, and the practical experiences of Czech companies.

Integrating Telephony Systems with Salesforce: Insights and Considerations, B...

CzechDreamin

Speed Wins: From Kafka to APIs in Minutes

confluent

Kürzlich hochgeladen (20)

Extensible Python: Robustness through Addition - PyCon 2024

Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf

IESVE for Early Stage Design and Planning

Oauth 2.0 Introduction and Flows with MuleSoft

A Business-Centric Approach to Design System Strategy

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl

THE BEST IPTV in GERMANY for 2024: IPTVreel

10 Differences between Sales Cloud and CPQ, Blanka Doktorová

Where to Learn More About FDO _ Richard at FIDO Alliance.pdf

Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...

FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...

TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...

Designing for Hardware Accessibility at Comcast

Enterprise Knowledge Graphs - Data Summit 2024

How we scaled to 80K users by doing nothing!.pdf

AI presentation and introduction - Retrieval Augmented Generation RAG 101

ECS 2024 Teams Premium - Pretty Secure

Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)

Integrating Telephony Systems with Salesforce: Insights and Considerations, B...

Speed Wins: From Kafka to APIs in Minutes

Cybersecurity 101 - A Masterclass in Securing MSPs and IT Pros Secure Your Future: Getting Cyber Ready for 2024

1. MSP Security Masterclass Webinar 3 of 3 Tyler Wrightson Leet Cyber Security

6. @tbwrightson

10. First Week Recap • Hackers Target MSPs • Risk is Bidirectional 1. Admin policy & Training to avoid password reuse 2. MFA Everything (of value) 3. Minimum Necessary & Least Privilege 4. Complacency

11. Last Week Recap • Strength in Small Business • Foundations – Business Risk – Vuln != Risk – Context Matters

12. Last Week Recap – Top Five Controls 1. MFA 1. Email & VPN 2. Legacy Protocols 3. “Other” login locations 2. VPN ACLs 1. Minimum Necessary & Least Privilege 2. Isolate what matters 3. Internal Network ACLs

13. Last Week Recap – Top Five Controls 4. Privileges & Passwords 1. Local Admins Group 2. Credential Reuse (and Pass-The-Hash) 3. Privileged Users 4. LAPS & PAWs 5. MDR – Specifically Managed – Not NSM

14.

15.

16. Getting Cyber Ready for 2024 What will hacking look like in 2024 and what can MSPs do about it

17.

18.

19. Know Thyself and... -Sun Tzu

20.

21.

22.

23.

24. Hackers look to inflict…

25. Cyber Criminals are like water

26.

27.

28. “No ones going to touch us, no one knows us”

29.

30.

31. Spray & Pray

32. Scan & Slam

33. Access Brokers

34. It’s been a tough year…

35.

36. 1. Next Gen Social Engineering • “Synthetic Media” (image, video, audio and text) – AI Image generation – Deepfakes – Voice Cloning – Text

37.

38.

39. Voice Clone – What do we say? • Anything that works in a phishing email • Get me some gift cards • Funds transfer, credit card payment, bank info • We’re almost done with your loan application, just one more thing • I have a new cell phone number, then “Hey did you get my voicemail” • Text your MFA code to a test • Leave Keys, access tokens, computers, phone, tablet • Someone will be there soon to grab X… • Leave where you are • Go somewhere specific • ANYTHING

40. Text Cloning • Scrape your blog – Draft an email • Scrape social media – How do you talk to relatives – How do you talk to Spouse • Chatbot / SMS automation – Voice recordings – Romance scams • Perfect English, no more typos • Perfect industry lingo and references

41.

42.

43.

44.

45.

46.

47.

48.

49.

50.

51.

52.

53.

54.

55. What Can MSPs Do About it… • Awareness & Education • Educate your clients – AI, Voicecloning, Deepfakes • Continue your education – Understand your adversary

56.

57. Technical Controls?

58. Questions

59.

60.

61. Cyber Insurance

62. • Cyber Insurance Carriers continue to focus on a core set of critical Security Controls as a primary requirement when evaluating a prospective insureds • Prospective insureds should have strong responses for all control areas. • Priority may vary slightly from one insurance carrier to another, based on insured’s industry sector, size, and Cyber profile. • Poor responses in one or more controls may result in declination, refusal to quote, elimination or co-insurance on ransomware coverage 66 Critical Controls for Cyber Insurability MFA EDR PAM Tested Backups Segregated Backups Service Accounts OT Security Cloud & Email Security Vendor Risk Management Tabletop Exercises Network Segmentation # of Domain Admins IR/BC/DR Planning 24/7 Monitoring Vulnerability Management Cyber Awareness & Training

Cybersecurity 101 - A Masterclass in Securing MSPs and IT Pros Secure Your Future: Getting Cyber Ready for 2024

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Ähnlich wie Cybersecurity 101 - A Masterclass in Securing MSPs and IT Pros Secure Your Future: Getting Cyber Ready for 2024

Ähnlich wie Cybersecurity 101 - A Masterclass in Securing MSPs and IT Pros Secure Your Future: Getting Cyber Ready for 2024 (20)

Mehr von MSP360

Mehr von MSP360 (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Cybersecurity 101 - A Masterclass in Securing MSPs and IT Pros Secure Your Future: Getting Cyber Ready for 2024