Think Cyber - How to stay safe in an online world | May Brooks-Kempler | TEDxSavyon
Summary
TLDRThis script addresses the prevalent risks of social engineering in the digital age, emphasizing the importance of online safety. The speaker, a cybersecurity professional, shares personal experiences and strategies to protect oneself from threats like sextortion, phishing, and ransomware. They stress the significance of vigilance, skepticism towards suspicious links and messages, and the practice of regular data backup to safeguard against potential cyber-attacks.
Takeaways
- 🧑💻 Social engineering is a significant threat as it exploits human traits like fear, greed, curiosity, and urgency to manipulate individuals into compromising their security.
- 🚸 Cyber skills are as essential as road safety in the 21st century, emphasizing the need for everyone to learn how to navigate the internet safely.
- 🔒 Despite having the best security technologies, such as anti-viruses and firewalls, they are ineffective if we give away our 'keys' through actions like sharing passwords.
- 👤 The human factor is the weakest link in security, with over 80% of security incidents involving manipulation of individuals.
- 💔 Sextortion, a form of extortion based on threats to publish intimate photos, can have devastating real-world consequences, including driving victims to suicide.
- 🌐 The internet never forgets, so anything posted online can be used against individuals in the future, emphasizing the importance of being cautious with online content.
- 🏠 Sharing personal information on social media, like being on vacation, can inadvertently invite real-world threats, like burglary.
- 📧 Phishing emails can be highly personalized and sophisticated, using data from social media to target victims effectively.
- 💡 Always be vigilant and verify the authenticity of emails and messages, especially those that seem urgent or personalized.
- 💾 Regularly backing up important data is crucial to mitigate the effects of ransomware attacks, even though it won't prevent the attack itself.
- 🎯 Targeted attacks, such as spear phishing, are more dangerous as they are tailored to the individual, making them harder to detect and more likely to succeed.
Q & A
What is the main message the speaker is trying to convey in the script?
-The speaker is emphasizing the importance of cybersecurity awareness and providing tools and techniques to protect oneself, family, and business online against social engineering and other online threats.
Why does the speaker compare cyber skills to road safety in the 20th century?
-The speaker compares cyber skills to road safety to highlight that just as crossing the road safely is a basic life skill taught to children, so too should cybersecurity be taught as a fundamental skill in the digital age.
What is the role of social engineering in cybersecurity threats?
-Social engineering is the art of manipulation, where attackers exploit human traits like fear, greed, curiosity, and urgency to get victims to perform actions against their interests, such as clicking malicious links or giving away passwords.
What is sextortion and how does it affect victims?
-Sextortion is an extortion attempt based on threats to publish intimate photos and videos of the victim. It can have severe emotional and psychological impacts, with some victims even being driven to commit suicide.
Why is it important to search your name online?
-Searching your name online helps you understand what information about you is publicly available and can be used against you, such as old posts or images that you may have forgotten about.
What is the significance of the story about the videographer and ransomware?
-The story illustrates the real-life consequences of ransomware attacks, emphasizing the importance of having backups to minimize the impact of such an attack on one's work and life.
What are some common tactics used in phishing emails?
-Common tactics in phishing emails include impersonating well-known services, using security alerts or important messages, and personalizing the content to the recipient's interests or habits to make the email seem more legitimate.
Why is it advised to hover over links and not download attachments from unknown sources?
-Hovering over links can reveal the actual destination URL, which may differ from what is displayed, helping to identify phishing attempts. Not downloading attachments from unknown sources prevents the potential execution of malware.
What is the purpose of targeted attacks or spear phishing?
-Targeted attacks or spear phishing are designed to deceive specific individuals or organizations by using personalized emails that appear legitimate, with the goal of stealing sensitive information or gaining unauthorized access.
What are the three key takeaways the speaker wants the audience to remember?
-The three key takeaways are to think before sharing on social media, think before clicking on links or opening attachments, and to think ahead by regularly backing up important data.
How can individuals protect themselves against online threats like ransomware?
-Individuals can protect themselves by being vigilant, recognizing phishing warning signs, backing up important data, and consulting a professional when in doubt about a suspicious message or request.
Outlines
🔒 The Importance of Cybersecurity Awareness
The speaker begins by highlighting the ubiquity of the Internet in daily life, mentioning platforms like Facebook, LinkedIn, Instagram, Amazon, eBay, and Pinterest. They emphasize the risks associated with social engineering, a method used by cybercriminals to manipulate individuals into revealing sensitive information. The speaker, a cybersecurity professional and parent, aims to share tools and techniques for online safety. Drawing a parallel between road safety and cybersecurity, they argue that the latter is a crucial skill for the 21st century. The paragraph concludes with a real-life story of sextortion, illustrating the severe consequences of falling victim to social engineering.
📱 Social Media and the Risks of Oversharing
This paragraph delves into the dangers of oversharing on social media, which can be exploited by attackers to craft targeted phishing attacks. The speaker warns about the permanence of online content and advises reviewing privacy settings to prevent misuse of personal information. They share an anecdote about a friend who fell victim to ransomware, stressing the importance of backups to mitigate the effects of such attacks. The speaker also cautions against clicking on suspicious links or downloading attachments from unknown sources, and advises to be wary of non-personalized messages that may be phishing attempts.
🛡️ Strengthening the Human Firewall Against Cyber Threats
The final paragraph focuses on the continuous evolution of cyber threats and the importance of maintaining vigilance. The speaker discusses the sophistication of attackers and the need for individuals to be aware of social engineering tactics. They stress the importance of being cautious with emails, online ads, and text messages, and to look for signs of phishing. The speaker concludes by urging the audience to think before sharing on social media, clicking on links, and to always back up important data. The goal is to transform from being a potential weak link in cybersecurity to becoming a strong link that protects oneself and loved ones from online threats.
Mindmap
Keywords
💡Social Engineering
💡Cybersecurity
💡Internet
💡Phishing
💡Ransomware
💡Backup
💡Sextortion
💡Privacy Settings
💡Spear Phishing
💡Security Awareness
💡Scam
Highlights
The importance of online safety in the digital age, with social engineers posing a risk to those who engage in common online activities.
The speaker's background as a cybersecurity professional with nearly 20 years of experience.
The analogy between learning cyber skills and the necessity of road safety in the 20th century.
The ineffectiveness of high-tech security measures if individuals are tricked into revealing sensitive information.
The definition and explanation of social engineering as manipulation exploiting human traits.
The alarming statistic that over 80% of security incidents involve human error.
A tragic case study involving sextortion and its severe consequences.
The permanence of online content and its potential use in targeted attacks.
The dangers of oversharing on social media and its implications for personal security.
A personal anecdote about a friend who fell victim to ransomware due to a phishing email.
The critical role of backups in mitigating the effects of ransomware attacks.
The prevalence of spear phishing and its customization based on personal information.
The speaker's experience with a CFO who narrowly avoided a million-dollar scam.
The significant financial losses reported by major companies due to phishing scams.
Advice on being vigilant against social engineering by scrutinizing emails and online ads.
The three key takeaways: think before sharing, clicking, and the importance of backing up data.
Transcripts
I think I know you do you have a
Facebook account
how about LinkedIn Instagram so you
probably like online shopping in Amazon
or Ebay are you looking for recipes or
plan your next vacation using Pinterest
if you answered yes to even one of these
questions then you're enjoying the
incredible things that the Internet has
to offer but I was right I do know you
and so do other social engineers which
means you're at risk I have three
children they are born into the internet
age and as a cyber security professional
with almost 20 years of experience I
have the skills to protect myself and
them online but you don't have to be a
master hacker or a security expert to be
safe online my goal here today is to
share some of the tools and techniques I
use so that you too will be able to
protect yourself your families and your
business and use the internet without
fear until the 1920s when someone wanted
to cross the road they had to simply
walk across to the other side
that changed with the increase in
automobiles and the introduction of
pedestrian crossing to law crossing the
road safely is a basic life skill that
every parent teaches their kids
I believe that cyber skills are the 21st
century equivalent of road safety in the
20th century if we look at our homes
even if you install the best security
mechanisms such as alarms CCTV cameras
sophisticated locks all will fail if
someone tricks us
to giving them the keys the same is true
for home and office networks we can use
the best security technologies out there
anti viruses firewalls IPS is deal piece
I can throw on and on but it's not going
to help us if we give away our keys for
example give someone else our passwords
social engineering is the art of
manipulation getting someone to do
something they're not supposed to do a
social engineer exploits basic human
traits such as fear and greed curiosity
and urgency a social engineer uses these
traits to get you to click a link
download the file give someone else your
password or pay an extortionist today
over 80% of all security incidents
involve the human factor us that's true
both for organizations and home users so
let's go from being the weakest link
into being the strongest link on the
fall of 2015 21 year-old Jake met a girl
online
they started texting each other flirting
things heated up and Jake said his
girlfriend and intimate photo at that
moment everything changed his girlfriend
demanded he pay her ransom or she'd sent
his photo to his friends and family at
first Jake thought it was a joke but it
wasn't Jake paid his extortionist
but the story did not end there the
extorter demanded more and more money
pushing Jake to take his own life
unfortunately this is not an isolated
incident
numerous people were driven to commit
suicide after falling victim to
sextortion sextortion is an extortion
attempt based on threats to publish
intimate photos and videos of the victim
sextortion targets everyone from
twelve-year-old children to
any citizens over 80 people online are
not always who they claim to be have you
ever searched your name online try it I
bet you don't even remember that post
from 2014 just like an elephant
the Internet's never forgets what girls
online stays online a sophisticated
attacker can build a phishing email the
targets used specifically for example if
you're a runner they might send you a
special form running shoes such attacks
use data extracted from social media
accounts of the victim but the threat is
not limited to the cyber realm when we
share an Instagram story while abroad
we're basically inviting a burglar to
break into our empty houses so think
before you share your social media
accounts can be used against you review
your privacy settings and never upload
something that might be used against you
now or in the future how fun is it to
get a message like this if I click I can
definitely win a free flight and also
this might happen that is exactly what
happened to a friend of mine she's a
videographer specializing in creating
family documentaries a couple of years
ago she called me after sing a
weird-looking message on her computer
screen
she had a deadline submitting a
documentary she spent three months
making so I came over as soon as I
entered his studio I knew she had a
serious problem the weird looking
message was ransomware all her files
were encrypted and she couldn't access
them I immediately asked her do you have
a backup to my dread she said she did
not my heart sank at that point there
were only two options pay the ransom and
hope to get the decryption key or lose
the work
having your computer affected by
ransomware is usually a result of
clicking a link or downloading a file in
a phishing email many phishing emails
are designed as a security alert or
important message and impersonate
well-known services such as Facebook
Amazon Google or Microsoft so please
think before you click
Amazon eBay PayPal all know me by name
they would never call me dear customer
so beware of non personalized messages
and unknown senders hover over the links
and never download attachments from
unknown sources the best way to protect
yourself against ransomware is simply
backing up your important data you can
use cloud backup or external storage
devices or if you're paranoid like me
both it won't prevent the attack but it
will minimize its effect on your life
think ahead and backup trying to
technically hack a company is difficult
their layers of security that protect
the network but hackers are smart they
go for the weakest link the end user
while random non-personalized phishing
attacks are still very common in many
cases the attacker will do his or her
homework an attacker can search a
company on social media and look for
known employees then start digging into
an employee social media account to help
build a targeted attack the attacker
then creates a phishing email that will
load the user to verify their
credentials using the stolen credentials
the attacker can auto forward all emails
received by the user thus gain
foreknowledge of everything that goes on
in that users life and workplace a few
months ago I was contacted by a CFO in a
large financial company they almost fell
victim to
million-dollar scam my team and I ran a
few tests and found that an attacker
used phishing to gain access to an email
account of one of the executives in the
company
the attacker followed email exchange at
the company and when an interesting deal
came along he made his move forging an
email from the executive asking that an
upcoming bank transfer will be made to a
new bank account the company got lucky
and identified the attack on time but
other companies were not that lucky
Facebook and Google reported losing over
a hundred million dollars due to such
scams a Belgium bank lost over seventy
five million dollars and many more so
again think before you click we just
reviewed three examples of online
threats extortion ransomware and spear
phishing personalized attacks obviously
this talk is not nearly long enough to
go through all existing online threats
but to be honest it almost always comes
down to the same thing social
engineering security awareness is an
ongoing process
the attackers grow in sophistication
every day so if you feel someone is
trying to manipulate you get you to do
something now tap into your innermost
fears or pixel curiosity be vigilant
review emails online ads text messages
with a grain of salt look for red flags
like non personalized emails unknown
senders or suspicious-looking links and
if something that doesn't feel right
don't ignore your instincts and consult
a professional when you go home today I
urge you to remember three things think
before you share before posting on
social media think if this is something
that you should share with the world
think before you click
look for phishing warning signs and
think ahead and back up your important
data
I am confident that by using the tools
and techniques I shared with you today
you can use the Internet while keeping
yourselves and your loved ones safe
online now and forever thank you
Weitere ähnliche Videos ansehen
How to Prevent Ransomware? Best Practices
8 Most Common Cybersecurity Threats | Types of Cyber Attacks | Cybersecurity for Beginners | Edureka
Top 10 Cyberattacks: How to protect yourself
Цифровая грамотность и безопасность в сети
Cara Mengamankan Website dari Serangan Hacker | IDCloudHost
Malicious Software
5.0 / 5 (0 votes)