SlideShare une entreprise Scribd logo

Application security meetup data privacy_27052021

lior mazor
lior mazor

"Application Security Meetup - Data Privacy", hear about Data Protection and Privacy in Modern times, recent Cyber Fraud attacks and data theft, and practical methods of implementing Data Protection in the process development life cycle.

Technologie
1  sur  41
Data Privacy in Modern time Menny Barzilay (Cytactic)
Alexander Gaft CFE CISA Application Security Meetup – Data Privacy Israel Webinar 27th May 2021 Cyber Fraud – a new Frontier for Corporate Security @copyright '©‘ - Alexander Gaft
New Face of Cyber Fraud 4 1) The biggest threat for 2020 and beyond >>> Sophisticated Organized Crime groups + Technical Skills + Propagation of cyberwarfare tools. 2) Phishing is the most common way of stealing information in today’s cyber world. 3) Ransomware – the most dangerous attack. Ransomware-as-a-service. 4) Mobiles are becoming the more preferred way of launching cyberattacks. Cybercriminals are developing customized applications and platforms. 5) Fraudsters are using AI and Data mining tools. 6) States use their resources for Cyber Fraud . https://www.france24.com/en/20190808-cybercrime-north-korea-nuclear- programme-hacking-china-ballistic-missile Cyberattacks have earned North Korea about $2 billion in just over three years. @copyright '©‘ - Alexander Gaft
Cyber Fraud Predictions for 2021 5  Constant Automated Attacks: hackers will increasingly turn to automated methods, including script creation (using fraudulent information to automate account creation) and credential stuffing (using stolen data from a breach to take over a user’s other accounts) to make cyberattacks and account takeovers easier and more scalable than ever before;  Putting a Face to Frankenstein IDs: Synthetic identity fraud when a fraudster uses a combination of real and fake information to create an entirely new identity – is currently the fastest growing type of financial crime;  Social media will continue to be weaponized for Social Engineering; https://www.securitymagazine.com/articles/94313-fraud-predictions-for-2021-and-beyond
Phishing 6 The purpose of a phishing attack is to get the user to:  download an attachment;  run a file;  click a URL ;  provide credentials or personal details. Prevention measures:  Awareness, including drills * www.cybeready.com – automated training platform  Dedicated Discovery Tools – www.ironscales.com  Threat Intelligence – domain impersonation @copyright '©‘ - Alexander Gaft
Phishing (2) 7 @copyright '©‘ - Alexander Gaft How to recognize: A. Work related email is sent from a public email domain – Look at the details of email address, not just the sender; B. The domain name is misspelled or impersonates known domain (iicl-group.com); C. The email is poorly written (grammar, spelling); D. It includes suspicious attachments or links; E. It creates sense of urgency; Types:  Vishing - phishing done over phone calls.  Smishing - SMS phishing or SMiShing;  Spear Phishing - scam targeted towards a specific individual, organization or business  Whaling - attacker utilizes spear phishing methods to go after a large, high-profile target, such as the c-suite.
Social Engineering 8 Any Impersonation involves in-depth study of the victim (organisation and individual employees): 1) Top management (via LinkedIn and news); 2) Responsibilities, especially for finances; 3) Authorization routines; 4) Payment procedures; 5) Forms and documentation to forge; 6) Network topology 7) Security tools. Prevention measures:  Awareness, including drills @copyright '©‘ - Alexander Gaft
Impersonation fraud / BEC 9 1. Fake CEO / Top manager Scam a) Finance employee received an email / phone call from the CEO. b) Email is usually from a private email box in executives’ name (Gmail, yahoo, etc). c) Request for urgent Money Transfer, due to a business trip, “secret” M&A deal, present to be bought etc. Prevention measures:  Awareness, including Business Travel & Social Engineering;  Call-back procedures;  Segregation of duties;  Ban on use of private emails in business communications;  Mobile Security for company phones.  Periodic Forensic scans of top management’s company equipment. @copyright '©‘ - Alexander Gaft
Impersonation fraud 10 2. Fake vendor / supplier a) Fraudsters impersonate or compromise your existing vendor’s email and contact you. b) They attach forged invoice / payment request. c) They ask to change payment details and account. d) Payment for services is sent to fraudster’s account. ^May be accompanied by phone calls and provision of fake contact details. Prevention measures:  Awareness (both employees and third parties);  Call-back procedure – not via “Reply” but Safe PoC list;  Protection of vendors / suppliers’ database – especially accounts and contact details;  Dual authorization for account change and other vendor details modifications; @copyright '©‘ - Alexander Gaft
Impersonation fraud 11 3. Fake email from “your company” to your customer a) Domain impersonation; Instead of legitimate @icl-group.com, fraudsters procure domains: • @iicl-group.com • @iclgroup.com • @icl.com • @icl.group.com b) Fraudsters contact your customer and ask to change account details for payments Prevention measures:  Awareness (both employees and third parties);  Call-back procedure;  Cyber intelligence, including domains scan @copyright '©‘ - Alexander Gaft
Impersonation fraud 12 4. Employee Impersonation - Payroll a) Fraudsters contact HR or Payroll department from “personal” email; b) Impersonate employee; c) Change account for payroll / bonus. Prevention measures:  Awareness (both employees and third parties);  Call-back procedure. @copyright '©‘ - Alexander Gaft
Impersonation fraud 13 5. Voice Impersonation (AI) https://www.wsj.com/articles/fraudsters-use-ai-to-mimic-ceos-voice-in-unusual-cybercrime-case-11567157402  Criminals used artificial intelligence-based software to impersonate a chief executive’s voice and demand a fraudulent transfer of €220,000 ($243,000) in March 2019 in what cybercrime experts described as an unusual case of artificial intelligence being used in hacking.  The CEO of a U.K.-based energy firm thought he was speaking on the phone with his boss, the chief executive of the firm’s German parent company, who asked him to send the funds to a Hungarian supplier. The caller said the request was urgent, directing the executive to pay within an hour.
New attack vector - Messaging apps 14 https://www.securityinfowatch.com/cybersecurity/article/21110810/the-enterprise-hazard- of-using-consumer-messaging-apps-in-the-workplace A NetSfere study conducted in partnership with 451 Research found that 80% of employee respondents use their smartphones for business purposes on a daily basis. The continued increase in BYOD (Bring Your Own Device) and smartphone adoption coupled with employee use of consumer-grade messaging apps that lack the physical and technical safeguards necessary for enterprise communication is exposing companies to security & fraud risks. Prevention measures:  MDM;  Mobile security tools;  Restrictions on use of messengers for business purposes; @copyright '©‘ - Alexander Gaft
Questions? Presentation title – Client name 15 Thank you! A_gaft@yahoo.com @copyright '©‘ - Alexander Gaft
Privacy Training yuli@privacybunker.io Learning by big fines
Founder: Yuli Stremovsky ● Previous significant role: Kesem.IO blockchain payments startup CTO. ● Hands-on cybersecurity architect & technology blogger. ● Filed a security vulnerability in Microsoft Azure Active Directory that revealed a privacy bug. ● Founder of database security company GreenSQL (Hexatier) that helped companies to become PCI compliant. The company was acquired by Huawei and now is a part of Huawei cloud. ● Various roles in RSA Security, Checkpoint. ● https://www.linkedin.com/in/stremovsky/
● Your customer / user / marketing lead. ● It can be your employee. ● Natural person. Note: Data Subject is a data owner. Related terms: ● Data Subject Request - DSR. ● Data Subject Access Request - DSAR. What is data subject?
● End-user facing services ● Collect personal data ● Direct relationship with data subject. Example: ecommerce comp, bank Controllers vs Processors ● Process data on behalf of controllers ● Processor company can be considers Controller for it’s marketing leads Example: Mailchimp, cc processing Note: Individuals can bring claims for compensation and damage against both controllers and processors.
● PII or Personal Identifiable Information. ● Personal data is any information that relates to an identified or identifiable individual. ● Strong identity, i.e. user name, email address, telephone, SSN. ● Weak identity, i.e. browser information, IP address, cookie name. ● Like in triangulation, a combination of weak identities can lead us to a user. ● Strong and weak user identities are PII. Personal data / PII
Processing covers a wide range of operations performed on personal data, including by manual or automated means: Personal Data Processing Collection Recording Organisation Dissemination or making available Structuring Storage Alignment Adaptation or alteration Retrieval Consultation Combination Disclosure by transmission Alignment Use Restriction More
1. Consent 2. Contract 3. Legal obligation 4. Vital interest 5. Public task 6. Legitimate interest Legal bases for processing personal data
1. Lawfulness, fairness and transparency 2. Purpose limitation 3. Accuracy 4. Integrity and confidentiality (security) 5. Accountability 6. Storage limitation 7. Data minimisation GDPR Principles
Example for data minimization
1. Over retention of personal data. 2. Data Controller did not have a legal ground to store personal data longer than was necessary; 3. Second, this was considered an infringement of the data protection by design requirements under Article 25 (1) GDPR; 4. Finally, it was an infringement of the general processing principles set out in Article 5 GDPR. https://www.dataprotectionreport.com/2019/11/first-multi-million-gdpr-fine-in-germany-e14-5-million-for-not- having-a-proper-data-retention-schedule-in-place/ Deutsche Wohnen SE was almost fined €14.5 mln
● Proactive and preventive ● Privacy by default ● Embed in the design ● End-to-end security ● Visibility and transparency ● Respect user privacy Databunker open-source tool was build to serve as a cornerstone for your privacy by design solution. Privacy by design
1. Failing to put “sufficient technical and organizational measures” in place to protect customer data in its call centers. 2. Callers to its call center could obtain customer information by simply providing their name and date of birth which meant that its customer's personal information was not properly safeguarded. 3. GDPR Article 32 - companies are obliged to take appropriate technical and organizational measures to systematically protect the processing of personal data." https://www.techradar.com/news/1and1-hit-with-million-euro-gdpr-fine 1&1 has been fined €9.55 mln
● Rights to be informed ● Right to access ● Right to rectification - fix incorrect personal data ● Right to erasure - forget me ● Right to restrict processing ● Right to data portability ● Right to object ● Rights related to automated decision making including profiling Databunker has an API and UI to automate most of the user requests. GDPR user rights
Pseudonymisation
● Limit PII to what is actually required ● Comply with data subject forget-me request a. Retention method to 1 month or b. Use pseudonymisation or c. Encrypt PII inside log events or d. Manually remove user logs ● Due to government requirements, to keep payment details for 5-10 years it can be as long as required. How to make your service logs GDPR friendly
● From EU to USA: privacy shield framework was cancelled on July 16, 2020. ● Companies now need to use standard contractual clauses (SCC or ‘model clauses’). ● European Data Protection Board (EDPB) guidelines (2020) - has a few examples, including pseudonymisation. Cross border personal data transfer
● In case of a breach, a company has 72 hour to report to the authorities. ● Sometimes you need to report to individual users - to the victims. ● Consult with your lawyers before. Reporting a breach
1. Due to late breach notification. 2. GDPR Article 33 - organizations have 72 hours for breach notification. 3. Twitter was not fined for the data breach itself. https://www.pinsentmasons.com/out-law/news/twitter-gdpr-dispute-resolved-by-edpb Twitter has been fined €450,000
● No cookie consent - github.com ● Others - display cookie popup Cookie consent
1. Company was depositing user cookie before getting user consent without being given an opportunity to refuse. 2. Upon their visit to a website, users should be shown a cookie banner setting out the explicit purposes for which cookies are used, and mentioning the possibility of disabling or opposing these cookies and change parameters by way of a link included in the banner; https://privacyinternational.org/news-analysis/4347/cnil-fines-google-and-amazon-unlawful-use- cookies Google has been fined €100 mln
● Optional categories must be unchecked by default. ● Make sure advertising and similar code is executed after approval. Cookie popup 2
1. Google had not obtained clear consent to process user data (for ads personalization). 2. Option to personalise ads was "pre-ticked" when creating an account, which did not respect the GDPR rules. https://www.bbc.com/news/technology-46944696 Google has been fined £44 mln
CCPA vs GDPR GDPR CCPA Right to be deleted Right of access Extraterritorial scope Any company For big companies PII sale Prior consent Opt out
DATABUNKER DEMO https://demo.databunker.org/ Phone: 4444, Code: 4444, Root token: DEMO
THANK YOU Questions? yuli@privacybunker.io https://privacybunker.io/ https://databunker.org/
Thank You! Questions? To be continued…

Recommandé

Business Fraud and Cybersecurity Best Practices in the Office or While Worki...
Business Fraud and Cybersecurity Best Practices in the Office or While Worki... Business Fraud and Cybersecurity Best Practices in the Office or While Worki...
Business Fraud and Cybersecurity Best Practices in the Office or While Worki...ArielMcCurdy
 
Baker Tilly Presents: Emerging Trends in Cybersecurity
Baker Tilly Presents: Emerging Trends in CybersecurityBaker Tilly Presents: Emerging Trends in Cybersecurity
Baker Tilly Presents: Emerging Trends in CybersecurityBakerTillyConsulting
 
Cyber Claims: GDPR and business email compromise drive greater frequencies
Cyber Claims: GDPR and business email compromise drive greater frequenciesCyber Claims: GDPR and business email compromise drive greater frequencies
Cyber Claims: GDPR and business email compromise drive greater frequenciesΔρ. Γιώργος K. Κασάπης
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10seadeloitte
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyMark Albala
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6seadeloitte
 
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsWeak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsOilPriceInformationService
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry BrianHuntMSFCPACRISC
 

Recommandé

Business Fraud and Cybersecurity Best Practices in the Office or While Worki...
Business Fraud and Cybersecurity Best Practices in the Office or While Worki... Business Fraud and Cybersecurity Best Practices in the Office or While Worki...
Business Fraud and Cybersecurity Best Practices in the Office or While Worki...ArielMcCurdy
 
Baker Tilly Presents: Emerging Trends in Cybersecurity
Baker Tilly Presents: Emerging Trends in CybersecurityBaker Tilly Presents: Emerging Trends in Cybersecurity
Baker Tilly Presents: Emerging Trends in CybersecurityBakerTillyConsulting
 
Cyber Claims: GDPR and business email compromise drive greater frequencies
Cyber Claims: GDPR and business email compromise drive greater frequenciesCyber Claims: GDPR and business email compromise drive greater frequencies
Cyber Claims: GDPR and business email compromise drive greater frequenciesΔρ. Γιώργος K. Κασάπης
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10seadeloitte
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyMark Albala
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6seadeloitte
 
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsWeak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsOilPriceInformationService
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry BrianHuntMSFCPACRISC
 
Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Roen Branham
 
2017 october supplementary_reading
2017 october supplementary_reading2017 october supplementary_reading
2017 october supplementary_readingseadeloitte
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security ProtectionShawn Crimson
 
June 2017 - Your Biggest Risk Could Be You
June 2017 - Your Biggest Risk Could Be YouJune 2017 - Your Biggest Risk Could Be You
June 2017 - Your Biggest Risk Could Be Youseadeloitte
 
Cyber Defense For SMB's
Cyber Defense For SMB'sCyber Defense For SMB's
Cyber Defense For SMB'sGuise Bule
 
WHAT’S YOUR ORGANIZATION’S EXPOSURE ON THE DARK WEB?
WHAT’S YOUR ORGANIZATION’S EXPOSURE ON THE DARK WEB?WHAT’S YOUR ORGANIZATION’S EXPOSURE ON THE DARK WEB?
WHAT’S YOUR ORGANIZATION’S EXPOSURE ON THE DARK WEB?Hilary G. Killian
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shiftsmalvvv
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shiftsmalvvv
 
Building your-dream-cyber-team
Building your-dream-cyber-teamBuilding your-dream-cyber-team
Building your-dream-cyber-teamKleomenis Symeon
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attackerseadeloitte
 
Critical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the BoardroomCritical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the BoardroomStanford GSB Corporate Governance Research Initiative
 
September 2019 part 9
September 2019 part 9September 2019 part 9
September 2019 part 9seadeloitte
 
2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual ReportLabris Networks
 
Cybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftCybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftIntellias
 
Reducing-Cyber-Risk-Whitepaper-Email (UK)
Reducing-Cyber-Risk-Whitepaper-Email (UK)Reducing-Cyber-Risk-Whitepaper-Email (UK)
Reducing-Cyber-Risk-Whitepaper-Email (UK)Mark Baker
 
BLURRING BOUNDARIES
BLURRING BOUNDARIESBLURRING BOUNDARIES
BLURRING BOUNDARIES- Mark - Fullbright
 
What Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security ProvidersWhat Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security ProvidersUnited Security Providers AG
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilityDFickett
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
Adam Bulava GCC 2019
Adam Bulava GCC 2019Adam Bulava GCC 2019
Adam Bulava GCC 2019ImekDesign
 
Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"abercius24
 
Cyber security.docx
Cyber security.docxCyber security.docx
Cyber security.docxsaivarun91
 

Contenu connexe

Tendances

Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Roen Branham
 
2017 october supplementary_reading
2017 october supplementary_reading2017 october supplementary_reading
2017 october supplementary_readingseadeloitte
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security ProtectionShawn Crimson
 
June 2017 - Your Biggest Risk Could Be You
June 2017 - Your Biggest Risk Could Be YouJune 2017 - Your Biggest Risk Could Be You
June 2017 - Your Biggest Risk Could Be Youseadeloitte
 
Cyber Defense For SMB's
Cyber Defense For SMB'sCyber Defense For SMB's
Cyber Defense For SMB'sGuise Bule
 
WHAT’S YOUR ORGANIZATION’S EXPOSURE ON THE DARK WEB?
WHAT’S YOUR ORGANIZATION’S EXPOSURE ON THE DARK WEB?WHAT’S YOUR ORGANIZATION’S EXPOSURE ON THE DARK WEB?
WHAT’S YOUR ORGANIZATION’S EXPOSURE ON THE DARK WEB?Hilary G. Killian
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shiftsmalvvv
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shiftsmalvvv
 
Building your-dream-cyber-team
Building your-dream-cyber-teamBuilding your-dream-cyber-team
Building your-dream-cyber-teamKleomenis Symeon
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attackerseadeloitte
 
September 2019 part 9
September 2019 part 9September 2019 part 9
September 2019 part 9seadeloitte
 
2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual ReportLabris Networks
 
Cybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftCybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftIntellias
 
Reducing-Cyber-Risk-Whitepaper-Email (UK)
Reducing-Cyber-Risk-Whitepaper-Email (UK)Reducing-Cyber-Risk-Whitepaper-Email (UK)
Reducing-Cyber-Risk-Whitepaper-Email (UK)Mark Baker
 
What Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security ProvidersWhat Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security ProvidersUnited Security Providers AG
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilityDFickett
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 

Tendances (19)

Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021
 
2017 october supplementary_reading
2017 october supplementary_reading2017 october supplementary_reading
2017 october supplementary_reading
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security Protection
 
June 2017 - Your Biggest Risk Could Be You
June 2017 - Your Biggest Risk Could Be YouJune 2017 - Your Biggest Risk Could Be You
June 2017 - Your Biggest Risk Could Be You
 
Cyber Defense For SMB's
Cyber Defense For SMB'sCyber Defense For SMB's
Cyber Defense For SMB's
 
WHAT’S YOUR ORGANIZATION’S EXPOSURE ON THE DARK WEB?
WHAT’S YOUR ORGANIZATION’S EXPOSURE ON THE DARK WEB?WHAT’S YOUR ORGANIZATION’S EXPOSURE ON THE DARK WEB?
WHAT’S YOUR ORGANIZATION’S EXPOSURE ON THE DARK WEB?
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shifts
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shifts
 
Building your-dream-cyber-team
Building your-dream-cyber-teamBuilding your-dream-cyber-team
Building your-dream-cyber-team
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attacker
 
Critical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the BoardroomCritical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the Boardroom
 
September 2019 part 9
September 2019 part 9September 2019 part 9
September 2019 part 9
 
2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual Report
 
Cybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftCybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
 
Reducing-Cyber-Risk-Whitepaper-Email (UK)
Reducing-Cyber-Risk-Whitepaper-Email (UK)Reducing-Cyber-Risk-Whitepaper-Email (UK)
Reducing-Cyber-Risk-Whitepaper-Email (UK)
 
BLURRING BOUNDARIES
BLURRING BOUNDARIESBLURRING BOUNDARIES
BLURRING BOUNDARIES
 
What Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security ProvidersWhat Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security Providers
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liability
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools Tactics
 

Similaire à Application security meetup data privacy_27052021

Adam Bulava GCC 2019
Adam Bulava GCC 2019Adam Bulava GCC 2019
Adam Bulava GCC 2019ImekDesign
 
Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"abercius24
 
Cyber security.docx
Cyber security.docxCyber security.docx
Cyber security.docxsaivarun91
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET Journal
 
Case 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxCase 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxtidwellveronique
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trumpMAXfocus
 
Cyber security master class 2018
Cyber security master class 2018Cyber security master class 2018
Cyber security master class 2018Sanjana Khound
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsIRJET Journal
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresIRJET Journal
 
Top Cybersecurity Threats Impacting Your Business in 2023
Top Cybersecurity Threats Impacting Your Business in 2023Top Cybersecurity Threats Impacting Your Business in 2023
Top Cybersecurity Threats Impacting Your Business in 2023basilmph
 
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia LunaAviva Spectrum™
 
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in Cyberspace
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in CyberspaceColombo White Hat Security 3rd Meetup - Recent Trends & Attacks in Cyberspace
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in CyberspaceDulanja Liyanage
 
Cybersecurity: How Safe Is Your Organization?
Cybersecurity: How Safe Is Your Organization?Cybersecurity: How Safe Is Your Organization?
Cybersecurity: How Safe Is Your Organization?CBIZ, Inc.
 
Security and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowSecurity and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowTechSoup
 
Eamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E CommerceEamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E CommerceEamonnORagh
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Next Dimension Inc.
 

Similaire à Application security meetup data privacy_27052021 (20)

Adam Bulava GCC 2019
Adam Bulava GCC 2019Adam Bulava GCC 2019
Adam Bulava GCC 2019
 
Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"
 
Cyber security.docx
Cyber security.docxCyber security.docx
Cyber security.docx
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing Techniques
 
Case 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxCase 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docx
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trump
 
Cyber security master class 2018
Cyber security master class 2018Cyber security master class 2018
Cyber security master class 2018
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing Tools
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and Countermeasures
 
Top Cybersecurity Threats Impacting Your Business in 2023
Top Cybersecurity Threats Impacting Your Business in 2023Top Cybersecurity Threats Impacting Your Business in 2023
Top Cybersecurity Threats Impacting Your Business in 2023
 
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
 
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in Cyberspace
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in CyberspaceColombo White Hat Security 3rd Meetup - Recent Trends & Attacks in Cyberspace
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in Cyberspace
 
Cybersecurity: How Safe Is Your Organization?
Cybersecurity: How Safe Is Your Organization?Cybersecurity: How Safe Is Your Organization?
Cybersecurity: How Safe Is Your Organization?
 
Security and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowSecurity and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to Know
 
Eamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E CommerceEamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E Commerce
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?
 
Cybersecurity in ME April 25 slides
Cybersecurity in ME April 25 slidesCybersecurity in ME April 25 slides
Cybersecurity in ME April 25 slides
 
What Happens to Your Data When a Company Gets Breached
What Happens to Your Data When a Company Gets BreachedWhat Happens to Your Data When a Company Gets Breached
What Happens to Your Data When a Company Gets Breached
 

Plus de lior mazor

The Power of Malware Analysis and Development.pdf
The Power of Malware Analysis and Development.pdfThe Power of Malware Analysis and Development.pdf
The Power of Malware Analysis and Development.pdflior mazor
 
The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...lior mazor
 
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...lior mazor
 
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxThe Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxlior mazor
 
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxSecure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxlior mazor
 
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptxWhy 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptxlior mazor
 
Vulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdf
Vulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdfVulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdf
Vulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdflior mazor
 
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptxThe Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptxlior mazor
 
Sailing Through The Storm of Kubernetes CVEs Meetup 29062023.pptx
Sailing Through The Storm of Kubernetes CVEs Meetup 29062023.pptxSailing Through The Storm of Kubernetes CVEs Meetup 29062023.pptx
Sailing Through The Storm of Kubernetes CVEs Meetup 29062023.pptxlior mazor
 
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxEmphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxlior mazor
 
The Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptx
The Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptxThe Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptx
The Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptxlior mazor
 
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119The Hacking Games - Security vs Productivity and Operational Efficiency 20230119
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119lior mazor
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022lior mazor
 
Software Supply Chain Security Meetup 21062022
Software Supply Chain Security Meetup 21062022Software Supply Chain Security Meetup 21062022
Software Supply Chain Security Meetup 21062022lior mazor
 
Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...lior mazor
 
User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022lior mazor
 
Securing and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 bSecuring and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 blior mazor
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021lior mazor
 
Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021lior mazor
 
Application security meetup 02032021
Application security meetup 02032021Application security meetup 02032021
Application security meetup 02032021lior mazor
 

Plus de lior mazor (20)

The Power of Malware Analysis and Development.pdf
The Power of Malware Analysis and Development.pdfThe Power of Malware Analysis and Development.pdf
The Power of Malware Analysis and Development.pdf
 
The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...
 
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
 
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxThe Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
 
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxSecure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
 
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptxWhy 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx
 
Vulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdf
Vulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdfVulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdf
Vulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdf
 
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptxThe Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
 
Sailing Through The Storm of Kubernetes CVEs Meetup 29062023.pptx
Sailing Through The Storm of Kubernetes CVEs Meetup 29062023.pptxSailing Through The Storm of Kubernetes CVEs Meetup 29062023.pptx
Sailing Through The Storm of Kubernetes CVEs Meetup 29062023.pptx
 
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxEmphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
 
The Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptx
The Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptxThe Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptx
The Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptx
 
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119The Hacking Games - Security vs Productivity and Operational Efficiency 20230119
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
 
Software Supply Chain Security Meetup 21062022
Software Supply Chain Security Meetup 21062022Software Supply Chain Security Meetup 21062022
Software Supply Chain Security Meetup 21062022
 
Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...
 
User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022
 
Securing and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 bSecuring and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 b
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
 
Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021
 
Application security meetup 02032021
Application security meetup 02032021Application security meetup 02032021
Application security meetup 02032021
 

Dernier

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 

Dernier (20)

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 

Application security meetup data privacy_27052021

  • 1.
  • 2. Data Privacy in Modern time Menny Barzilay (Cytactic)
  • 3. Alexander Gaft CFE CISA Application Security Meetup – Data Privacy Israel Webinar 27th May 2021 Cyber Fraud – a new Frontier for Corporate Security @copyright '©‘ - Alexander Gaft
  • 4. New Face of Cyber Fraud 4 1) The biggest threat for 2020 and beyond >>> Sophisticated Organized Crime groups + Technical Skills + Propagation of cyberwarfare tools. 2) Phishing is the most common way of stealing information in today’s cyber world. 3) Ransomware – the most dangerous attack. Ransomware-as-a-service. 4) Mobiles are becoming the more preferred way of launching cyberattacks. Cybercriminals are developing customized applications and platforms. 5) Fraudsters are using AI and Data mining tools. 6) States use their resources for Cyber Fraud . https://www.france24.com/en/20190808-cybercrime-north-korea-nuclear- programme-hacking-china-ballistic-missile Cyberattacks have earned North Korea about $2 billion in just over three years. @copyright '©‘ - Alexander Gaft
  • 5. Cyber Fraud Predictions for 2021 5  Constant Automated Attacks: hackers will increasingly turn to automated methods, including script creation (using fraudulent information to automate account creation) and credential stuffing (using stolen data from a breach to take over a user’s other accounts) to make cyberattacks and account takeovers easier and more scalable than ever before;  Putting a Face to Frankenstein IDs: Synthetic identity fraud when a fraudster uses a combination of real and fake information to create an entirely new identity – is currently the fastest growing type of financial crime;  Social media will continue to be weaponized for Social Engineering; https://www.securitymagazine.com/articles/94313-fraud-predictions-for-2021-and-beyond
  • 6. Phishing 6 The purpose of a phishing attack is to get the user to:  download an attachment;  run a file;  click a URL ;  provide credentials or personal details. Prevention measures:  Awareness, including drills * www.cybeready.com – automated training platform  Dedicated Discovery Tools – www.ironscales.com  Threat Intelligence – domain impersonation @copyright '©‘ - Alexander Gaft
  • 7. Phishing (2) 7 @copyright '©‘ - Alexander Gaft How to recognize: A. Work related email is sent from a public email domain – Look at the details of email address, not just the sender; B. The domain name is misspelled or impersonates known domain (iicl-group.com); C. The email is poorly written (grammar, spelling); D. It includes suspicious attachments or links; E. It creates sense of urgency; Types:  Vishing - phishing done over phone calls.  Smishing - SMS phishing or SMiShing;  Spear Phishing - scam targeted towards a specific individual, organization or business  Whaling - attacker utilizes spear phishing methods to go after a large, high-profile target, such as the c-suite.
  • 8. Social Engineering 8 Any Impersonation involves in-depth study of the victim (organisation and individual employees): 1) Top management (via LinkedIn and news); 2) Responsibilities, especially for finances; 3) Authorization routines; 4) Payment procedures; 5) Forms and documentation to forge; 6) Network topology 7) Security tools. Prevention measures:  Awareness, including drills @copyright '©‘ - Alexander Gaft
  • 9. Impersonation fraud / BEC 9 1. Fake CEO / Top manager Scam a) Finance employee received an email / phone call from the CEO. b) Email is usually from a private email box in executives’ name (Gmail, yahoo, etc). c) Request for urgent Money Transfer, due to a business trip, “secret” M&A deal, present to be bought etc. Prevention measures:  Awareness, including Business Travel & Social Engineering;  Call-back procedures;  Segregation of duties;  Ban on use of private emails in business communications;  Mobile Security for company phones.  Periodic Forensic scans of top management’s company equipment. @copyright '©‘ - Alexander Gaft
  • 10. Impersonation fraud 10 2. Fake vendor / supplier a) Fraudsters impersonate or compromise your existing vendor’s email and contact you. b) They attach forged invoice / payment request. c) They ask to change payment details and account. d) Payment for services is sent to fraudster’s account. ^May be accompanied by phone calls and provision of fake contact details. Prevention measures:  Awareness (both employees and third parties);  Call-back procedure – not via “Reply” but Safe PoC list;  Protection of vendors / suppliers’ database – especially accounts and contact details;  Dual authorization for account change and other vendor details modifications; @copyright '©‘ - Alexander Gaft
  • 11. Impersonation fraud 11 3. Fake email from “your company” to your customer a) Domain impersonation; Instead of legitimate @icl-group.com, fraudsters procure domains: • @iicl-group.com • @iclgroup.com • @icl.com • @icl.group.com b) Fraudsters contact your customer and ask to change account details for payments Prevention measures:  Awareness (both employees and third parties);  Call-back procedure;  Cyber intelligence, including domains scan @copyright '©‘ - Alexander Gaft
  • 12. Impersonation fraud 12 4. Employee Impersonation - Payroll a) Fraudsters contact HR or Payroll department from “personal” email; b) Impersonate employee; c) Change account for payroll / bonus. Prevention measures:  Awareness (both employees and third parties);  Call-back procedure. @copyright '©‘ - Alexander Gaft
  • 13. Impersonation fraud 13 5. Voice Impersonation (AI) https://www.wsj.com/articles/fraudsters-use-ai-to-mimic-ceos-voice-in-unusual-cybercrime-case-11567157402  Criminals used artificial intelligence-based software to impersonate a chief executive’s voice and demand a fraudulent transfer of €220,000 ($243,000) in March 2019 in what cybercrime experts described as an unusual case of artificial intelligence being used in hacking.  The CEO of a U.K.-based energy firm thought he was speaking on the phone with his boss, the chief executive of the firm’s German parent company, who asked him to send the funds to a Hungarian supplier. The caller said the request was urgent, directing the executive to pay within an hour.
  • 14. New attack vector - Messaging apps 14 https://www.securityinfowatch.com/cybersecurity/article/21110810/the-enterprise-hazard- of-using-consumer-messaging-apps-in-the-workplace A NetSfere study conducted in partnership with 451 Research found that 80% of employee respondents use their smartphones for business purposes on a daily basis. The continued increase in BYOD (Bring Your Own Device) and smartphone adoption coupled with employee use of consumer-grade messaging apps that lack the physical and technical safeguards necessary for enterprise communication is exposing companies to security & fraud risks. Prevention measures:  MDM;  Mobile security tools;  Restrictions on use of messengers for business purposes; @copyright '©‘ - Alexander Gaft
  • 15. Questions? Presentation title – Client name 15 Thank you! A_gaft@yahoo.com @copyright '©‘ - Alexander Gaft
  • 17. Founder: Yuli Stremovsky ● Previous significant role: Kesem.IO blockchain payments startup CTO. ● Hands-on cybersecurity architect & technology blogger. ● Filed a security vulnerability in Microsoft Azure Active Directory that revealed a privacy bug. ● Founder of database security company GreenSQL (Hexatier) that helped companies to become PCI compliant. The company was acquired by Huawei and now is a part of Huawei cloud. ● Various roles in RSA Security, Checkpoint. ● https://www.linkedin.com/in/stremovsky/
  • 18. ● Your customer / user / marketing lead. ● It can be your employee. ● Natural person. Note: Data Subject is a data owner. Related terms: ● Data Subject Request - DSR. ● Data Subject Access Request - DSAR. What is data subject?
  • 19. ● End-user facing services ● Collect personal data ● Direct relationship with data subject. Example: ecommerce comp, bank Controllers vs Processors ● Process data on behalf of controllers ● Processor company can be considers Controller for it’s marketing leads Example: Mailchimp, cc processing Note: Individuals can bring claims for compensation and damage against both controllers and processors.
  • 20. ● PII or Personal Identifiable Information. ● Personal data is any information that relates to an identified or identifiable individual. ● Strong identity, i.e. user name, email address, telephone, SSN. ● Weak identity, i.e. browser information, IP address, cookie name. ● Like in triangulation, a combination of weak identities can lead us to a user. ● Strong and weak user identities are PII. Personal data / PII
  • 21. Processing covers a wide range of operations performed on personal data, including by manual or automated means: Personal Data Processing Collection Recording Organisation Dissemination or making available Structuring Storage Alignment Adaptation or alteration Retrieval Consultation Combination Disclosure by transmission Alignment Use Restriction More
  • 22. 1. Consent 2. Contract 3. Legal obligation 4. Vital interest 5. Public task 6. Legitimate interest Legal bases for processing personal data
  • 23. 1. Lawfulness, fairness and transparency 2. Purpose limitation 3. Accuracy 4. Integrity and confidentiality (security) 5. Accountability 6. Storage limitation 7. Data minimisation GDPR Principles
  • 25. 1. Over retention of personal data. 2. Data Controller did not have a legal ground to store personal data longer than was necessary; 3. Second, this was considered an infringement of the data protection by design requirements under Article 25 (1) GDPR; 4. Finally, it was an infringement of the general processing principles set out in Article 5 GDPR. https://www.dataprotectionreport.com/2019/11/first-multi-million-gdpr-fine-in-germany-e14-5-million-for-not- having-a-proper-data-retention-schedule-in-place/ Deutsche Wohnen SE was almost fined €14.5 mln
  • 26. ● Proactive and preventive ● Privacy by default ● Embed in the design ● End-to-end security ● Visibility and transparency ● Respect user privacy Databunker open-source tool was build to serve as a cornerstone for your privacy by design solution. Privacy by design
  • 27. 1. Failing to put “sufficient technical and organizational measures” in place to protect customer data in its call centers. 2. Callers to its call center could obtain customer information by simply providing their name and date of birth which meant that its customer's personal information was not properly safeguarded. 3. GDPR Article 32 - companies are obliged to take appropriate technical and organizational measures to systematically protect the processing of personal data." https://www.techradar.com/news/1and1-hit-with-million-euro-gdpr-fine 1&1 has been fined €9.55 mln
  • 28. ● Rights to be informed ● Right to access ● Right to rectification - fix incorrect personal data ● Right to erasure - forget me ● Right to restrict processing ● Right to data portability ● Right to object ● Rights related to automated decision making including profiling Databunker has an API and UI to automate most of the user requests. GDPR user rights
  • 30. ● Limit PII to what is actually required ● Comply with data subject forget-me request a. Retention method to 1 month or b. Use pseudonymisation or c. Encrypt PII inside log events or d. Manually remove user logs ● Due to government requirements, to keep payment details for 5-10 years it can be as long as required. How to make your service logs GDPR friendly
  • 31. ● From EU to USA: privacy shield framework was cancelled on July 16, 2020. ● Companies now need to use standard contractual clauses (SCC or ‘model clauses’). ● European Data Protection Board (EDPB) guidelines (2020) - has a few examples, including pseudonymisation. Cross border personal data transfer
  • 32. ● In case of a breach, a company has 72 hour to report to the authorities. ● Sometimes you need to report to individual users - to the victims. ● Consult with your lawyers before. Reporting a breach
  • 33. 1. Due to late breach notification. 2. GDPR Article 33 - organizations have 72 hours for breach notification. 3. Twitter was not fined for the data breach itself. https://www.pinsentmasons.com/out-law/news/twitter-gdpr-dispute-resolved-by-edpb Twitter has been fined €450,000
  • 34. ● No cookie consent - github.com ● Others - display cookie popup Cookie consent
  • 35. 1. Company was depositing user cookie before getting user consent without being given an opportunity to refuse. 2. Upon their visit to a website, users should be shown a cookie banner setting out the explicit purposes for which cookies are used, and mentioning the possibility of disabling or opposing these cookies and change parameters by way of a link included in the banner; https://privacyinternational.org/news-analysis/4347/cnil-fines-google-and-amazon-unlawful-use- cookies Google has been fined €100 mln
  • 36. ● Optional categories must be unchecked by default. ● Make sure advertising and similar code is executed after approval. Cookie popup 2
  • 37. 1. Google had not obtained clear consent to process user data (for ads personalization). 2. Option to personalise ads was "pre-ticked" when creating an account, which did not respect the GDPR rules. https://www.bbc.com/news/technology-46944696 Google has been fined £44 mln
  • 38. CCPA vs GDPR GDPR CCPA Right to be deleted Right of access Extraterritorial scope Any company For big companies PII sale Prior consent Opt out