Michael Noel, profile picture
Uploaded byMichael Noel
PPTX, PDF255 views

You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-attacks

The document discusses modern cyber threats, particularly focusing on spear phishing, state-sponsored attacks, and ransomware. It offers strategies for organizations to enhance security, including multi-factor authentication, password management, and employing Microsoft security tools. The document emphasizes the importance of protecting intellectual property and implementing a layered defense approach to mitigate risks.

Embed presentation

Download to read offline
You are Doing IT Security Wrong Understanding the Threat of Modern Cyberattacks MICHAEL NOEL, CCO
Michael Noel @MichaelTNoel Authored/Co-authored 20 books including the best-selling SharePoint, Exchange, and Windows Unleashed series Presented at over 250 events in 86 unique countries around the world Partner at Convergent Computing in the San Francisco Bay Area (cco.com)
The Evolution of the Modern Hacker WHY YOU SHOULD BE VERY CONCERNED
Spear Phishing ◦ Spear Phishing is a common approach used by hackers to target Executives and/or people in Finance/HR ◦ List of executives is easy to find from LinkedIn ◦ Email address formats are easy to discover ◦ Execs/Finance/HR personnel are targeted with crafted emails that make it look realistic (i.e. “Bob, here are the latest report numbers from ProjectX.”) ◦ Emails often have a ‘payload’ that is either attached or is a link to a nefarious website controlled by the attacker that then performs ‘credential harvesting’ by prompting the user to enter username/password ◦ Once username and password is obtained, the hacker is then able to login as that user and perform other lateral attacks or attempt to exfiltrate financial data or perform unauthorized transactions.
State Sponsored Attacks ◦ A rising number of hacking cases is coming from well-organized and well-funded hacking ‘farms’ that are sponsored by nation-states ◦ These hacking organizations are designed to steal trade and/or national secrets from organizations in a competing state ◦ Targets are not only defense or NGOs, but also include ‘regular’ organizations that can be targeted for financial reasons for for stealing intellectual property (IP.)
A major issue in recent years has been the rise of so- called ‘ransomware’ attacks. These attacks work by using compromised account credentials to encrypt all data the hacker can find and then to ‘throw away’ the decryption key and only make it available after the payment of a cryptocurrency ‘ransom.’ Aside from paying the ransom (which doesn’t always work,) the only way to recover from this is via full restores, which can take days or weeks Ransomware
The rise in ‘petty theft’ and ‘smash and grab’ theft has led to a rise in the theft of information devices such as laptops and cell phones Thieves are getting more sophisticated and are starting to go after devices in car trunks by looking for active Bluetooth signals Once stolen, if the contents of the device are not encrypted they are likely to be sold to competitors and/or other people interested in the IP Device Theft
Intellectual Property Loss through “Oversharing” Much of the IP that is lost or compromised is not lost via nefarious means, often it is simply ‘overshared.’ This is often due to well-meaning individuals who share documents via links or with poor security and then the email chain is publicized. It can also happen if the proper security protocols are not chosen during the creation of cloud services
Passwords are Not as Secure as You Think Key to password security is not necessarily length, complexity, or even age; but global uniqueness Hackers have access to databases of ‘pwned’ passwords and can run password hashes against these databases in a matter of milliseconds ‘Passphrases’ that consist of unique seed words are infinitely more complex and much harder to crack (i.e. “Yellow birdseed hat pumpkin”) Test your password at https://haveibeenpwned.com
Cached Credentials Exploiting Cached credentials on workstations are a common attack vector Any user with local admin rights to a workstation (obtained legitimately or via phishing) can access the cached credentials of any other user who logged in at some point. If the passwords are not sufficiently complex or match any darknet database entries, they are EASILY cracked.
Lateral Attacks Once a hacker has access to some small portion of your organization, they typically try to then perform ‘lateral’ attacks on other system, especially ones that provide for better access. The goal is to get access to highly privileged accounts such as the Active Directory ‘Domain Admins.’ “Golden Ticket” attacks using hacking tools such as Mimikatz can then leverage elevated domain rights (i.e. Domain Admin) to hack the krbst account and create non-expiring ‘Golden Tickets’ that give unfettered rights to all domain resources
Tips and Tricks to Protect your IP from Theft WHAT DO I DO TO PROTECT MY ORGANIZATION?
Physical Network Host Application Administration Data Defense in Depth Concepts Defense in Depth is a concept in which your data is protected by multiple layers, each of which would need to be compromised before the data itself is accessed Focus on all layers of the DiD model when designing your IT security
Password Best Practices As previously mentioned, use passphrases instead of passwords Don’t change your password as often, but instead choose globally unique passwords Use a password manager tool such as 1Password, LastPass, or the ones provided by Apple, Google Never re-use passwords!
Hyperlink Safety ALWAYS check your hyper-links (right-click if you can or hover over before you click) to see if they go to an site that makes sense. For example, an email from your bank should go to ‘yourbank.com’ and not ‘susahkaya.net’. Better yet, NEVER click on links in emails. If you think an email is legitimate, manually login to the site by opening a browser and typing in the site name or using a known- good bookmark.
Physical Security Don’t allow ‘tailgating’ into your facilities if you can physically prevent this. Modern ‘subway-turnstile’ type entryways can help prevent this Instruct your employees to NEVER plug in loose thumbdrives into company systems. Dropping thumbdrives around a facility is a common approach to planting viruses Follow best practice protocol around guest wireless isolation so that guests can’t access anything internally. This also goes for wired connections (802.1x is a great way to prevent this.)
Full Disk Encryption Always use full disk encryption (FDE) on ALL devices you use, including mobile devices. This will prevent the loss of data in the event of device theft. Force devices to use PINs or Biometrics to unlock their devices before they are decrypted. Put policies in place to ‘wipe’ systems remotely that have been compromised or that have had too many failed attempts to login.
Data Loss Prevention Consider the use of Data Loss Prevention (DLP) technologies that restrict what happens AFTER the data has been accessed. This allows for restrictions on activities such as: ◦ Copy/Paste ◦ Print ◦ Save As. ◦ Programmatically access ◦ Etc. DLP policies are your best tool to avoid IP theft
Multi-Factor Authentication And the #1 most important thing you can enable today to protect your startup is Multi- factor Authentication (MFA.) This will ensure that if an attacker gets the username and password of a user that they won’t be able to get in as the system will prompt for an additional factor. In order of effectiveness, the factors can include: ◦ SMS Text ◦ Biometrics ◦ Authenticator Apps (MS, Google) ◦ Hardware keys
What Microsoft IT Tools Can Help Improve Security? EXAMINING MICROSOFT CLOUD SECURITY OPTIONS
Microsoft Security in Relation to the NIST Cyber Security Framework Identify • Azure Active Directory • Microsoft Intune • SCCM • Microsoft Defender for EndPoint Protect • Azure MFA • Azure AD Privileged Identity Management • Microsoft Identity Manager / Privileged Access Management • Azure Information Protection • Azure AD Password Protection Detect •Azure Sentinel •Microsoft Cloud App Security •Microsoft Defender for Endpoint •MDI •Azure Security Center •Azure AD Identity Protection Respond • Azure Sentinel • Microsoft Defender for Identity (Azure ATP) Recover • Azure Security Center • Azure Backup
Microsoft Cloud App Security MCAS is a multimode Cloud Access Security Broker (CASB) Proactively identifies threats across and in between cloud platforms
Microsoft 365 Defender Microsoft 365 Defender (previously Microsoft Threat Protection). Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection). Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection). Microsoft Defender for Identity (previously Azure Advanced Threat Protection).
Azure Defender Azure Defender for Servers (previously Azure Security Center Standard Edition). Azure Defender for IoT (previously Azure Security Center for IoT). Azure Defender for SQL (previously Advanced Threat Protection for SQL).
Microsoft Defender for Identity (MDI) MDI deploys sensors to domain controllers to look for behaviors associated with compromised internal systems MDI Sensors perform their calculations locally and then forward their alerts to the cloud MDI Integrates with MCAS to provide a single console experience for hybrid events (On-Prem with MDI and Online with MCAS)
Azure Sentinel Security Information & Event Management (SIEM) Platform built on Azure Monitor Azure Sentinel provides for centralized SIEM capabilities for logs, alerting and providing for reporting trends Firewall, switch, Windows, and Linux logs can all be forwarded to Sentinel to allow for retroactive forensics or real- time alerts
Azure AD Password Protection Azure AD Password Protection runs as agents on all internal domain controllers that restrict how a password is constructed. Azure AD Password Protection allows for complexity beyond the default options in an AD environment, disallowing passwords that are known to be compromised and/or include key words
Azure AD Entitlement Management A component of Azure AD Identity Governance, Azure AD Entitlement Management is a compliance and auditing control platform that allows organizations the ability to better control access to Azure resources Administrators can created ‘access packages’ to control what type of rights will be granted, which approvers can grant those rights, and when they expire.
Azure AD Privileged Identity Management (PIM) A separate component of Azure AD Identity Governance, Azure AD Privileged Identity Management (PIM) allows accounts to be ‘privileged by request’ and not by default. Users can initiate requests to raise their privileged roles, and these requests can be moderated by admins and/or monitored. In the event of a compromise, admin users will have no special rights until they have been elevated, which greatly reduces exposure.
Microsoft Identity Manager / PAM The On-Prem version of PIM is integrated into the Microsoft Identity Manager (MIM) suite in the form of Privileged Access Management (PAM.) PAM works similarly to PIM, with the exception being that a Bastion forest is used for accounts with elevated privileges. A Bastion forest exists across a one- way trust and accounts are only elevated as needed. This leaves membership in privileged groups such as ‘Domain Admins’ to very few active accounts.
Azure Information Protection Azure Information Protection provides for the ability to control what happens to data AFTER it has been accessed. Azure IP assigns Information Protection tags to content either manually or via automatic processes. The existing Azure Rights Management Services (Azure RMS) service is now integrated into Azure RMS. Hold Your Own Key (HYOK) allows organizations to secure and encrypt content using their own private key, removing Microsoft from data custody.
Licensing SKU USD / user / month Basic Apps Ent Apps RMS FCI HYOK / Auto Class AADC MFA Password Protection ATA MDI MCAS PIM / MIM / PAM Security Center Sentinel Azure AD – Free Free X Azure AD – Office 365 Apps *O365 X X Azure AD Premium P1 $6.00 X X X X Azure AD Premium P2 $9.00 X X X X X X X Azure Information Protection - Free Free X Azure Information Protection – Office 365 Apps *O365 X X Azure Information Protection Premium P1 $2.00 X X X X Azure Information Protection Premium P2 $5.00 X X X X X Enterprise Mobility + Security E3 $8.74 X X X X X X X X Enterprise Mobility + Security E5 $14.80 X X X X X X X X X X X X Microsoft 365 E3 $35.00 X X X X X X X X Microsoft 365 E5 $63.00 X X X X X X X X X X X X Pay as You Go (Storage and/or Usage) Varies X* X*
Demo
Thank you! Questions? CCO.com @MichaelTNoel Linkedin.com/in/michaeltnoel SharingTheGlobe.com Slideshare.net/michaeltnoel Michael Noel

More Related Content

PPTX
Cybersecurity Training for Nonprofits
byCommunity IT Innovators
 
PDF
Insights into cyber security and risk
byEY
 
PPTX
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
byMichael Noel
 
PPT
Avoiding data breach using security intelligence and big data to stay out of ...
byIBM Security
 
PDF
ICION 2016 - Cyber Security Governance
byCharles Lim
 
PDF
Cyber Security for Digital-Era
byJK Tech
 
PPTX
Topic11
byAnne Starr
 
PPTX
Information & Cyber Security Risk
byMurray Security Services
 
Cybersecurity Training for Nonprofits
byCommunity IT Innovators
 
Insights into cyber security and risk
byEY
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
byMichael Noel
 
Avoiding data breach using security intelligence and big data to stay out of ...
byIBM Security
 
ICION 2016 - Cyber Security Governance
byCharles Lim
 
Cyber Security for Digital-Era
byJK Tech
 
Topic11
byAnne Starr
 
Information & Cyber Security Risk
byMurray Security Services
 

What's hot

PDF
Cisco Cyber Security Essentials Chapter-1
byMukesh Chinta
 
PDF
Cybersecurity Risk Management for Financial Institutions
bySarah Cirelli
 
PDF
Information security for dummies
byIvo Depoorter
 
PDF
Top Cyber Security Trends for 2016
byImperva
 
PPT
Breaking down the cyber security framework closing critical it security gaps
byIBM Security
 
PDF
The Cyber Security Landscape: An OurCrowd Briefing for Investors
byOurCrowd
 
PPTX
cybersecurity strategy planning in the banking sector
byOlivier Busolini
 
PDF
Key Findings from the 2015 IBM Cyber Security Intelligence Index
byIBM Security
 
PPTX
Cyber Crime Threat Landscape - A Focus on the Financial Industry
byWilliam McBorrough
 
PPTX
Cyber Security in the Interconnected World
byRussell_Kennedy
 
PDF
Peter Allor - The New Era of Cognitive Security
byscoopnewsgroup
 
PDF
Information security
byVijayananda Mohire
 
PPTX
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
byIBM Security
 
PDF
IT Security - Guidelines
byPedro Espinosa
 
PPTX
It and-cyber-module-2
byMarneil Sanchez
 
PPTX
Data security 2016 trends and questions
byBill McCabe
 
PDF
Symantec 2011 Social Media Protection Flash Poll Global Results
bySymantec
 
Cisco Cyber Security Essentials Chapter-1
byMukesh Chinta
 
Cybersecurity Risk Management for Financial Institutions
bySarah Cirelli
 
Information security for dummies
byIvo Depoorter
 
Top Cyber Security Trends for 2016
byImperva
 
Breaking down the cyber security framework closing critical it security gaps
byIBM Security
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
byOurCrowd
 
cybersecurity strategy planning in the banking sector
byOlivier Busolini
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
byIBM Security
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
byWilliam McBorrough
 
Cyber Security in the Interconnected World
byRussell_Kennedy
 
Peter Allor - The New Era of Cognitive Security
byscoopnewsgroup
 
Information security
byVijayananda Mohire
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
byIBM Security
 
IT Security - Guidelines
byPedro Espinosa
 
It and-cyber-module-2
byMarneil Sanchez
 
Data security 2016 trends and questions
byBill McCabe
 
Symantec 2011 Social Media Protection Flash Poll Global Results
bySymantec
 

Similar to You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-attacks

PPTX
Cyber Security and Data Privacy in Information Systems.pptx
byRoshni814224
 
PDF
Information Security Awareness Deck and Training
byjimmygo8
 
PDF
Customer information security awareness training
byAbdalrhmanTHassan
 
PPTX
IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024
byMichael Noel
 
PDF
Implementing Zero Trust: Best Practices for Microsoft Cloud Environments
byMichael Noel
 
PPTX
Cybersecurity: Definition, Importance, and Best Practices.pptx
byCloudavize
 
PPTX
23BIT245 - Cybersecurity Threats and Preventions.pptx
byShlokRameshbhaiPanch
 
PPTX
attack vectors by chimwemwe.pptx
byJenetSilence
 
PPTX
CS5300 class presentation on managing information systems
byzenhubris
 
PPTX
Cybersecurity Basics of awareness presentation .pptx
bywilliambillrials
 
PPTX
Cybersecurity-and-Fraud-Protecting-Your-Digital-Life.pptx
bybalaji9945191
 
PDF
Guarding the Digital Fortress.pdf
byMverve1
 
PDF
F5 Hero Asset - Inside the head of a Hacker Final
byShallu Behar-Sheehan FCIM
 
PPTX
Internet safety and you
byArt Ocain
 
PPTX
Identity and Security in the Cloud
byRichard Diver
 
PDF
Guarding the Digital Fortress Unmasking 10 Common Types of Cybersecurity Thre...
byMverve1
 
PDF
Windows 10: Windows 10 de ITPros a ITPros
byJuan Ignacio Oller Aznar
 
PPTX
It security the condensed version
byBrian Pichman
 
PDF
Data security best practices for risk awareness and mitigation
byNick Chandi
 
PDF
Introduction to information security
byHarish Jangid
 
Cyber Security and Data Privacy in Information Systems.pptx
byRoshni814224
 
Information Security Awareness Deck and Training
byjimmygo8
 
Customer information security awareness training
byAbdalrhmanTHassan
 
IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024
byMichael Noel
 
Implementing Zero Trust: Best Practices for Microsoft Cloud Environments
byMichael Noel
 
Cybersecurity: Definition, Importance, and Best Practices.pptx
byCloudavize
 
23BIT245 - Cybersecurity Threats and Preventions.pptx
byShlokRameshbhaiPanch
 
attack vectors by chimwemwe.pptx
byJenetSilence
 
CS5300 class presentation on managing information systems
byzenhubris
 
Cybersecurity Basics of awareness presentation .pptx
bywilliambillrials
 
Cybersecurity-and-Fraud-Protecting-Your-Digital-Life.pptx
bybalaji9945191
 
Guarding the Digital Fortress.pdf
byMverve1
 
F5 Hero Asset - Inside the head of a Hacker Final
byShallu Behar-Sheehan FCIM
 
Internet safety and you
byArt Ocain
 
Identity and Security in the Cloud
byRichard Diver
 
Guarding the Digital Fortress Unmasking 10 Common Types of Cybersecurity Thre...
byMverve1
 
Windows 10: Windows 10 de ITPros a ITPros
byJuan Ignacio Oller Aznar
 
It security the condensed version
byBrian Pichman
 
Data security best practices for risk awareness and mitigation
byNick Chandi
 
Introduction to information security
byHarish Jangid
 

More from Michael Noel

PPTX
AI is Hacking You - How Cybercriminals Leveral Artificial Intelligence - DWCN...
byMichael Noel
 
PPTX
Combatting Cyberthreats with Microsoft Defender 365 - CollabDays Finland 2023
byMichael Noel
 
PDF
AI is Hacking You - Digital Workplace Conference Australia 2024
byMichael Noel
 
PDF
Digital Defense Abroad - Essential Cybersecurity for Travelers
byMichael Noel
 
PPTX
Understanding the Tools and Features of Office 365 - New Zealand Digital Work...
byMichael Noel
 
PPTX
IT Insecurity - ST Digital Brazzaville
byMichael Noel
 
PPTX
Securing IT Against Modern Threats with Microsoft Cloud Tools - #EUCloudSummi...
byMichael Noel
 
PPTX
Azure Active Directory Connect: Technical Deep Dive - DWCAU 2018 Melbourne
byMichael Noel
 
PPTX
Azure Active Directory Connect: Technical Deep Dive - EU Collab Summit 2018
byMichael Noel
 
PPTX
Office 365; une Analyse Détaillée
byMichael Noel
 
PPTX
AUDWC 2016 - Using SQL Server 20146 AlwaysOn Availability Groups for SharePoi...
byMichael Noel
 
PPTX
SQL 2014 AlwaysOn Availability Groups for SharePoint Farms - SPS Sydney 2014
byMichael Noel
 
PPTX
Office 365; A Detailed Analysis - SPS Kampala 2017
byMichael Noel
 
PPTX
Breaking Down and Understanding Office 365 - SPSJHB 2015
byMichael Noel
 
PPTX
Breaking Down the Tools and Features in Office 365 - EU Collab Summit 2018
byMichael Noel
 
PPTX
SPS Lisbon 2018 - Azure AD Connect Technical Deep Dive
byMichael Noel
 
PPTX
Understanding the Tools and Features of Office 365 : DWT Africa 2018
byMichael Noel
 
PPTX
Ultimate SharePoint Infrastructure Best Practises Session - Isle of Man Share...
byMichael Noel
 
PPTX
Understanding Office 365 Service Offerings - O365 Saturday Sydney 2015
byMichael Noel
 
PPTX
SharePoint Сегодня; Как мы докатились сюда и куда идем дальше - SPSBaku - Mic...
byMichael Noel
 
AI is Hacking You - How Cybercriminals Leveral Artificial Intelligence - DWCN...
byMichael Noel
 
Combatting Cyberthreats with Microsoft Defender 365 - CollabDays Finland 2023
byMichael Noel
 
AI is Hacking You - Digital Workplace Conference Australia 2024
byMichael Noel
 
Digital Defense Abroad - Essential Cybersecurity for Travelers
byMichael Noel
 
Understanding the Tools and Features of Office 365 - New Zealand Digital Work...
byMichael Noel
 
IT Insecurity - ST Digital Brazzaville
byMichael Noel
 
Securing IT Against Modern Threats with Microsoft Cloud Tools - #EUCloudSummi...
byMichael Noel
 
Azure Active Directory Connect: Technical Deep Dive - DWCAU 2018 Melbourne
byMichael Noel
 
Azure Active Directory Connect: Technical Deep Dive - EU Collab Summit 2018
byMichael Noel
 
Office 365; une Analyse Détaillée
byMichael Noel
 
AUDWC 2016 - Using SQL Server 20146 AlwaysOn Availability Groups for SharePoi...
byMichael Noel
 
SQL 2014 AlwaysOn Availability Groups for SharePoint Farms - SPS Sydney 2014
byMichael Noel
 
Office 365; A Detailed Analysis - SPS Kampala 2017
byMichael Noel
 
Breaking Down and Understanding Office 365 - SPSJHB 2015
byMichael Noel
 
Breaking Down the Tools and Features in Office 365 - EU Collab Summit 2018
byMichael Noel
 
SPS Lisbon 2018 - Azure AD Connect Technical Deep Dive
byMichael Noel
 
Understanding the Tools and Features of Office 365 : DWT Africa 2018
byMichael Noel
 
Ultimate SharePoint Infrastructure Best Practises Session - Isle of Man Share...
byMichael Noel
 
Understanding Office 365 Service Offerings - O365 Saturday Sydney 2015
byMichael Noel
 
SharePoint Сегодня; Как мы докатились сюда и куда идем дальше - SPSBaku - Mic...
byMichael Noel
 

Recently uploaded

PDF
UiPath DevConnect 2025: UiPath ScreenPlay - The Future of Human-Like Automation
byDianaGray10
 
PDF
November 2025 OpenMetadata Community Spotlight - Astronomer & Airflow 3
byOpenMetadata
 
PDF
IDSECCONF2025 - Aan Wahyu - Maze–Malware Analysis Platform.pdf
byidsecconf
 
PDF
UiPath DevConnect 2025: UiPath ScreenPlay - The Future of Human-Like Automation
byDianaGray10
 
PDF
OutSystsems User Group Brabant November 2025
bymail496323
 
PDF
IDSECCONF2025 - Rama Tri Nanda - Hunting Stingray GSM on Budget.pdf
byidsecconf
 
PDF
Raj Jain, Recent Advances, Issues, and Challenges in Cybersecurity, Keynote a...
byrjain51
 
PPTX
How Design Systems and AI Agents Accelerate Product Delivery Sixt
byBoyan Dimitrov
 
PDF
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
PDF
SELinux Policy Management in RHEL - RHCSA+.pdf
byLinuxCert Guru
 
PPTX
oop pillor polymorphism Code Presentation
byhifzamahmood8
 
PPTX
Understanding the digital experience of FE teaching staff in 2024/25
byJisc
 
PDF
How to Spot a Fraudulent Shopping Website
byAshwini Singh
 
PDF
SELinux Basics: Managing SELinux Modes and Context - RHCSA+.pdf
byLinuxCert Guru
 
PDF
Top Crypto Supers 15th Report November 2025
byStephen Perrenod
 
PDF
AI in Food Production (Foodwell) - AI Solutions Supporting Operations
bybyteLAKE
 
PDF
PMI PMBOK8 Released on November 13, 2025
byScott M. Graffius
 
PDF
THE THREATS OF INSTABILITY IN BRAZIL'S INTERCONNECTED ELECTRICAL SYSTEM AND H...
byFaga1939
 
PPTX
Support, Monitoring, Continuous Improvement & Scaling Agentic Automation [3/3]
byUiPathCommunity
 
PDF
Command Line Text Processing - RHCSA +.pdf
byLinuxCert Guru
 
UiPath DevConnect 2025: UiPath ScreenPlay - The Future of Human-Like Automation
byDianaGray10
 
November 2025 OpenMetadata Community Spotlight - Astronomer & Airflow 3
byOpenMetadata
 
IDSECCONF2025 - Aan Wahyu - Maze–Malware Analysis Platform.pdf
byidsecconf
 
UiPath DevConnect 2025: UiPath ScreenPlay - The Future of Human-Like Automation
byDianaGray10
 
OutSystsems User Group Brabant November 2025
bymail496323
 
IDSECCONF2025 - Rama Tri Nanda - Hunting Stingray GSM on Budget.pdf
byidsecconf
 
Raj Jain, Recent Advances, Issues, and Challenges in Cybersecurity, Keynote a...
byrjain51
 
How Design Systems and AI Agents Accelerate Product Delivery Sixt
byBoyan Dimitrov
 
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
SELinux Policy Management in RHEL - RHCSA+.pdf
byLinuxCert Guru
 
oop pillor polymorphism Code Presentation
byhifzamahmood8
 
Understanding the digital experience of FE teaching staff in 2024/25
byJisc
 
How to Spot a Fraudulent Shopping Website
byAshwini Singh
 
SELinux Basics: Managing SELinux Modes and Context - RHCSA+.pdf
byLinuxCert Guru
 
Top Crypto Supers 15th Report November 2025
byStephen Perrenod
 
AI in Food Production (Foodwell) - AI Solutions Supporting Operations
bybyteLAKE
 
PMI PMBOK8 Released on November 13, 2025
byScott M. Graffius
 
THE THREATS OF INSTABILITY IN BRAZIL'S INTERCONNECTED ELECTRICAL SYSTEM AND H...
byFaga1939
 
Support, Monitoring, Continuous Improvement & Scaling Agentic Automation [3/3]
byUiPathCommunity
 
Command Line Text Processing - RHCSA +.pdf
byLinuxCert Guru
 

You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-attacks

  • 1.
    You are DoingIT Security Wrong Understanding the Threat of Modern Cyberattacks MICHAEL NOEL, CCO
  • 2.
    Michael Noel @MichaelTNoel Authored/Co-authored 20books including the best-selling SharePoint, Exchange, and Windows Unleashed series Presented at over 250 events in 86 unique countries around the world Partner at Convergent Computing in the San Francisco Bay Area (cco.com)
  • 3.
    The Evolution ofthe Modern Hacker WHY YOU SHOULD BE VERY CONCERNED
  • 4.
    Spear Phishing ◦ SpearPhishing is a common approach used by hackers to target Executives and/or people in Finance/HR ◦ List of executives is easy to find from LinkedIn ◦ Email address formats are easy to discover ◦ Execs/Finance/HR personnel are targeted with crafted emails that make it look realistic (i.e. “Bob, here are the latest report numbers from ProjectX.”) ◦ Emails often have a ‘payload’ that is either attached or is a link to a nefarious website controlled by the attacker that then performs ‘credential harvesting’ by prompting the user to enter username/password ◦ Once username and password is obtained, the hacker is then able to login as that user and perform other lateral attacks or attempt to exfiltrate financial data or perform unauthorized transactions.
  • 5.
    State Sponsored Attacks ◦A rising number of hacking cases is coming from well-organized and well-funded hacking ‘farms’ that are sponsored by nation-states ◦ These hacking organizations are designed to steal trade and/or national secrets from organizations in a competing state ◦ Targets are not only defense or NGOs, but also include ‘regular’ organizations that can be targeted for financial reasons for for stealing intellectual property (IP.)
  • 6.
    A major issuein recent years has been the rise of so- called ‘ransomware’ attacks. These attacks work by using compromised account credentials to encrypt all data the hacker can find and then to ‘throw away’ the decryption key and only make it available after the payment of a cryptocurrency ‘ransom.’ Aside from paying the ransom (which doesn’t always work,) the only way to recover from this is via full restores, which can take days or weeks Ransomware
  • 7.
    The rise in‘petty theft’ and ‘smash and grab’ theft has led to a rise in the theft of information devices such as laptops and cell phones Thieves are getting more sophisticated and are starting to go after devices in car trunks by looking for active Bluetooth signals Once stolen, if the contents of the device are not encrypted they are likely to be sold to competitors and/or other people interested in the IP Device Theft
  • 8.
    Intellectual Property Lossthrough “Oversharing” Much of the IP that is lost or compromised is not lost via nefarious means, often it is simply ‘overshared.’ This is often due to well-meaning individuals who share documents via links or with poor security and then the email chain is publicized. It can also happen if the proper security protocols are not chosen during the creation of cloud services
  • 9.
    Passwords are Notas Secure as You Think Key to password security is not necessarily length, complexity, or even age; but global uniqueness Hackers have access to databases of ‘pwned’ passwords and can run password hashes against these databases in a matter of milliseconds ‘Passphrases’ that consist of unique seed words are infinitely more complex and much harder to crack (i.e. “Yellow birdseed hat pumpkin”) Test your password at https://haveibeenpwned.com
  • 10.
    Cached Credentials Exploiting Cachedcredentials on workstations are a common attack vector Any user with local admin rights to a workstation (obtained legitimately or via phishing) can access the cached credentials of any other user who logged in at some point. If the passwords are not sufficiently complex or match any darknet database entries, they are EASILY cracked.
  • 11.
    Lateral Attacks Once ahacker has access to some small portion of your organization, they typically try to then perform ‘lateral’ attacks on other system, especially ones that provide for better access. The goal is to get access to highly privileged accounts such as the Active Directory ‘Domain Admins.’ “Golden Ticket” attacks using hacking tools such as Mimikatz can then leverage elevated domain rights (i.e. Domain Admin) to hack the krbst account and create non-expiring ‘Golden Tickets’ that give unfettered rights to all domain resources
  • 12.
    Tips and Tricksto Protect your IP from Theft WHAT DO I DO TO PROTECT MY ORGANIZATION?
  • 13.
    Physical Network Host Application Administration Data Defense in DepthConcepts Defense in Depth is a concept in which your data is protected by multiple layers, each of which would need to be compromised before the data itself is accessed Focus on all layers of the DiD model when designing your IT security
  • 14.
    Password Best Practices Aspreviously mentioned, use passphrases instead of passwords Don’t change your password as often, but instead choose globally unique passwords Use a password manager tool such as 1Password, LastPass, or the ones provided by Apple, Google Never re-use passwords!
  • 15.
    Hyperlink Safety ALWAYS checkyour hyper-links (right-click if you can or hover over before you click) to see if they go to an site that makes sense. For example, an email from your bank should go to ‘yourbank.com’ and not ‘susahkaya.net’. Better yet, NEVER click on links in emails. If you think an email is legitimate, manually login to the site by opening a browser and typing in the site name or using a known- good bookmark.
  • 16.
    Physical Security Don’t allow‘tailgating’ into your facilities if you can physically prevent this. Modern ‘subway-turnstile’ type entryways can help prevent this Instruct your employees to NEVER plug in loose thumbdrives into company systems. Dropping thumbdrives around a facility is a common approach to planting viruses Follow best practice protocol around guest wireless isolation so that guests can’t access anything internally. This also goes for wired connections (802.1x is a great way to prevent this.)
  • 17.
    Full Disk Encryption Alwaysuse full disk encryption (FDE) on ALL devices you use, including mobile devices. This will prevent the loss of data in the event of device theft. Force devices to use PINs or Biometrics to unlock their devices before they are decrypted. Put policies in place to ‘wipe’ systems remotely that have been compromised or that have had too many failed attempts to login.
  • 18.
    Data Loss Prevention Considerthe use of Data Loss Prevention (DLP) technologies that restrict what happens AFTER the data has been accessed. This allows for restrictions on activities such as: ◦ Copy/Paste ◦ Print ◦ Save As. ◦ Programmatically access ◦ Etc. DLP policies are your best tool to avoid IP theft
  • 19.
    Multi-Factor Authentication And the#1 most important thing you can enable today to protect your startup is Multi- factor Authentication (MFA.) This will ensure that if an attacker gets the username and password of a user that they won’t be able to get in as the system will prompt for an additional factor. In order of effectiveness, the factors can include: ◦ SMS Text ◦ Biometrics ◦ Authenticator Apps (MS, Google) ◦ Hardware keys
  • 20.
    What Microsoft ITTools Can Help Improve Security? EXAMINING MICROSOFT CLOUD SECURITY OPTIONS
  • 21.
    Microsoft Security inRelation to the NIST Cyber Security Framework Identify • Azure Active Directory • Microsoft Intune • SCCM • Microsoft Defender for EndPoint Protect • Azure MFA • Azure AD Privileged Identity Management • Microsoft Identity Manager / Privileged Access Management • Azure Information Protection • Azure AD Password Protection Detect •Azure Sentinel •Microsoft Cloud App Security •Microsoft Defender for Endpoint •MDI •Azure Security Center •Azure AD Identity Protection Respond • Azure Sentinel • Microsoft Defender for Identity (Azure ATP) Recover • Azure Security Center • Azure Backup
  • 22.
    Microsoft Cloud AppSecurity MCAS is a multimode Cloud Access Security Broker (CASB) Proactively identifies threats across and in between cloud platforms
  • 23.
    Microsoft 365 Defender Microsoft365 Defender (previously Microsoft Threat Protection). Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection). Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection). Microsoft Defender for Identity (previously Azure Advanced Threat Protection).
  • 24.
    Azure Defender Azure Defenderfor Servers (previously Azure Security Center Standard Edition). Azure Defender for IoT (previously Azure Security Center for IoT). Azure Defender for SQL (previously Advanced Threat Protection for SQL).
  • 25.
    Microsoft Defender forIdentity (MDI) MDI deploys sensors to domain controllers to look for behaviors associated with compromised internal systems MDI Sensors perform their calculations locally and then forward their alerts to the cloud MDI Integrates with MCAS to provide a single console experience for hybrid events (On-Prem with MDI and Online with MCAS)
  • 26.
    Azure Sentinel Security Information& Event Management (SIEM) Platform built on Azure Monitor Azure Sentinel provides for centralized SIEM capabilities for logs, alerting and providing for reporting trends Firewall, switch, Windows, and Linux logs can all be forwarded to Sentinel to allow for retroactive forensics or real- time alerts
  • 27.
    Azure AD Password Protection AzureAD Password Protection runs as agents on all internal domain controllers that restrict how a password is constructed. Azure AD Password Protection allows for complexity beyond the default options in an AD environment, disallowing passwords that are known to be compromised and/or include key words
  • 28.
    Azure AD EntitlementManagement A component of Azure AD Identity Governance, Azure AD Entitlement Management is a compliance and auditing control platform that allows organizations the ability to better control access to Azure resources Administrators can created ‘access packages’ to control what type of rights will be granted, which approvers can grant those rights, and when they expire.
  • 29.
    Azure AD PrivilegedIdentity Management (PIM) A separate component of Azure AD Identity Governance, Azure AD Privileged Identity Management (PIM) allows accounts to be ‘privileged by request’ and not by default. Users can initiate requests to raise their privileged roles, and these requests can be moderated by admins and/or monitored. In the event of a compromise, admin users will have no special rights until they have been elevated, which greatly reduces exposure.
  • 30.
    Microsoft Identity Manager/ PAM The On-Prem version of PIM is integrated into the Microsoft Identity Manager (MIM) suite in the form of Privileged Access Management (PAM.) PAM works similarly to PIM, with the exception being that a Bastion forest is used for accounts with elevated privileges. A Bastion forest exists across a one- way trust and accounts are only elevated as needed. This leaves membership in privileged groups such as ‘Domain Admins’ to very few active accounts.
  • 31.
    Azure Information Protection AzureInformation Protection provides for the ability to control what happens to data AFTER it has been accessed. Azure IP assigns Information Protection tags to content either manually or via automatic processes. The existing Azure Rights Management Services (Azure RMS) service is now integrated into Azure RMS. Hold Your Own Key (HYOK) allows organizations to secure and encrypt content using their own private key, removing Microsoft from data custody.
  • 32.
    Licensing SKU USD / user/ month Basic Apps Ent Apps RMS FCI HYOK / Auto Class AADC MFA Password Protection ATA MDI MCAS PIM / MIM / PAM Security Center Sentinel Azure AD – Free Free X Azure AD – Office 365 Apps *O365 X X Azure AD Premium P1 $6.00 X X X X Azure AD Premium P2 $9.00 X X X X X X X Azure Information Protection - Free Free X Azure Information Protection – Office 365 Apps *O365 X X Azure Information Protection Premium P1 $2.00 X X X X Azure Information Protection Premium P2 $5.00 X X X X X Enterprise Mobility + Security E3 $8.74 X X X X X X X X Enterprise Mobility + Security E5 $14.80 X X X X X X X X X X X X Microsoft 365 E3 $35.00 X X X X X X X X Microsoft 365 E5 $63.00 X X X X X X X X X X X X Pay as You Go (Storage and/or Usage) Varies X* X*
  • 33.
  • 39.