Think Cyber - How to stay safe in an online world | May Brooks-Kempler | TEDxSavyon

00:00

I think I know you do you have a

00:17

Facebook account

00:19

how about LinkedIn Instagram so you

00:23

probably like online shopping in Amazon

00:27

or Ebay are you looking for recipes or

00:31

plan your next vacation using Pinterest

00:34

if you answered yes to even one of these

00:38

questions then you're enjoying the

00:40

incredible things that the Internet has

00:42

to offer but I was right I do know you

00:46

and so do other social engineers which

00:50

means you're at risk I have three

00:55

children they are born into the internet

00:57

age and as a cyber security professional

01:00

with almost 20 years of experience I

01:02

have the skills to protect myself and

01:05

them online but you don't have to be a

01:10

master hacker or a security expert to be

01:13

safe online my goal here today is to

01:16

share some of the tools and techniques I

01:18

use so that you too will be able to

01:21

protect yourself your families and your

01:25

business and use the internet without

01:27

fear until the 1920s when someone wanted

01:33

to cross the road they had to simply

01:35

walk across to the other side

01:38

that changed with the increase in

01:41

automobiles and the introduction of

01:43

pedestrian crossing to law crossing the

01:46

road safely is a basic life skill that

01:48

every parent teaches their kids

01:50

I believe that cyber skills are the 21st

01:54

century equivalent of road safety in the

01:57

20th century if we look at our homes

02:01

even if you install the best security

02:04

mechanisms such as alarms CCTV cameras

02:08

sophisticated locks all will fail if

02:11

someone tricks us

02:13

to giving them the keys the same is true

02:16

for home and office networks we can use

02:20

the best security technologies out there

02:22

anti viruses firewalls IPS is deal piece

02:25

I can throw on and on but it's not going

02:28

to help us if we give away our keys for

02:32

example give someone else our passwords

02:36

social engineering is the art of

02:38

manipulation getting someone to do

02:41

something they're not supposed to do a

02:44

social engineer exploits basic human

02:48

traits such as fear and greed curiosity

02:51

and urgency a social engineer uses these

02:55

traits to get you to click a link

02:57

download the file give someone else your

03:00

password or pay an extortionist today

03:04

over 80% of all security incidents

03:07

involve the human factor us that's true

03:12

both for organizations and home users so

03:16

let's go from being the weakest link

03:18

into being the strongest link on the

03:24

fall of 2015 21 year-old Jake met a girl

03:27

online

03:27

they started texting each other flirting

03:31

things heated up and Jake said his

03:34

girlfriend and intimate photo at that

03:38

moment everything changed his girlfriend

03:42

demanded he pay her ransom or she'd sent

03:45

his photo to his friends and family at

03:48

first Jake thought it was a joke but it

03:52

wasn't Jake paid his extortionist

03:55

but the story did not end there the

03:58

extorter demanded more and more money

04:01

pushing Jake to take his own life

04:06

unfortunately this is not an isolated

04:08

incident

04:09

numerous people were driven to commit

04:11

suicide after falling victim to

04:13

sextortion sextortion is an extortion

04:16

attempt based on threats to publish

04:18

intimate photos and videos of the victim

04:21

sextortion targets everyone from

04:24

twelve-year-old children to

04:26

any citizens over 80 people online are

04:30

not always who they claim to be have you

04:36

ever searched your name online try it I

04:40

bet you don't even remember that post

04:44

from 2014 just like an elephant

04:47

the Internet's never forgets what girls

04:51

online stays online a sophisticated

04:54

attacker can build a phishing email the

04:56

targets used specifically for example if

05:00

you're a runner they might send you a

05:03

special form running shoes such attacks

05:06

use data extracted from social media

05:08

accounts of the victim but the threat is

05:11

not limited to the cyber realm when we

05:15

share an Instagram story while abroad

05:18

we're basically inviting a burglar to

05:20

break into our empty houses so think

05:24

before you share your social media

05:27

accounts can be used against you review

05:30

your privacy settings and never upload

05:33

something that might be used against you

05:35

now or in the future how fun is it to

05:42

get a message like this if I click I can

05:46

definitely win a free flight and also

05:50

this might happen that is exactly what

05:54

happened to a friend of mine she's a

05:55

videographer specializing in creating

05:58

family documentaries a couple of years

06:00

ago she called me after sing a

06:02

weird-looking message on her computer

06:03

screen

06:04

she had a deadline submitting a

06:06

documentary she spent three months

06:08

making so I came over as soon as I

06:12

entered his studio I knew she had a

06:14

serious problem the weird looking

06:17

message was ransomware all her files

06:20

were encrypted and she couldn't access

06:22

them I immediately asked her do you have

06:25

a backup to my dread she said she did

06:28

not my heart sank at that point there

06:32

were only two options pay the ransom and

06:35

hope to get the decryption key or lose

06:38

the work

06:40

having your computer affected by

06:42

ransomware is usually a result of

06:45

clicking a link or downloading a file in

06:47

a phishing email many phishing emails

06:50

are designed as a security alert or

06:52

important message and impersonate

06:55

well-known services such as Facebook

06:57

Amazon Google or Microsoft so please

07:01

think before you click

07:07

Amazon eBay PayPal all know me by name

07:11

they would never call me dear customer

07:14

so beware of non personalized messages

07:18

and unknown senders hover over the links

07:21

and never download attachments from

07:24

unknown sources the best way to protect

07:29

yourself against ransomware is simply

07:32

backing up your important data you can

07:35

use cloud backup or external storage

07:37

devices or if you're paranoid like me

07:39

both it won't prevent the attack but it

07:44

will minimize its effect on your life

07:46

think ahead and backup trying to

07:52

technically hack a company is difficult

07:54

their layers of security that protect

07:57

the network but hackers are smart they

08:01

go for the weakest link the end user

08:04

while random non-personalized phishing

08:07

attacks are still very common in many

08:10

cases the attacker will do his or her

08:13

homework an attacker can search a

08:17

company on social media and look for

08:18

known employees then start digging into

08:21

an employee social media account to help

08:23

build a targeted attack the attacker

08:26

then creates a phishing email that will

08:29

load the user to verify their

08:31

credentials using the stolen credentials

08:34

the attacker can auto forward all emails

08:37

received by the user thus gain

08:39

foreknowledge of everything that goes on

08:41

in that users life and workplace a few

08:46

months ago I was contacted by a CFO in a

08:49

large financial company they almost fell

08:52

victim to

08:53

million-dollar scam my team and I ran a

08:56

few tests and found that an attacker

08:58

used phishing to gain access to an email

09:01

account of one of the executives in the

09:03

company

09:03

the attacker followed email exchange at

09:06

the company and when an interesting deal

09:08

came along he made his move forging an

09:12

email from the executive asking that an

09:14

upcoming bank transfer will be made to a

09:17

new bank account the company got lucky

09:20

and identified the attack on time but

09:23

other companies were not that lucky

09:25

Facebook and Google reported losing over

09:28

a hundred million dollars due to such

09:31

scams a Belgium bank lost over seventy

09:34

five million dollars and many more so

09:37

again think before you click we just

09:42

reviewed three examples of online

09:44

threats extortion ransomware and spear

09:48

phishing personalized attacks obviously

09:52

this talk is not nearly long enough to

09:54

go through all existing online threats

09:56

but to be honest it almost always comes

09:59

down to the same thing social

10:02

engineering security awareness is an

10:05

ongoing process

10:07

the attackers grow in sophistication

10:09

every day so if you feel someone is

10:13

trying to manipulate you get you to do

10:16

something now tap into your innermost

10:19

fears or pixel curiosity be vigilant

10:23

review emails online ads text messages

10:26

with a grain of salt look for red flags

10:30

like non personalized emails unknown

10:33

senders or suspicious-looking links and

10:35

if something that doesn't feel right

10:38

don't ignore your instincts and consult

10:41

a professional when you go home today I

10:46

urge you to remember three things think

10:49

before you share before posting on

10:52

social media think if this is something

10:55

that you should share with the world

10:57

think before you click

10:59

look for phishing warning signs and

11:01

think ahead and back up your important

11:05

data

11:06

I am confident that by using the tools

11:09

and techniques I shared with you today

11:10

you can use the Internet while keeping

11:13

yourselves and your loved ones safe

11:15

online now and forever thank you