Minimize people with access to data, computers, and networks Identity Theft: steal money 2. *Ransomware: hold system hostage until paying Phishing: extract info for other attacks 4. *Malware: destroy ...Minimize people with access to data, computers, and networks Identity Theft: steal money 2. *Ransomware: hold system hostage until paying Phishing: extract info for other attacks 4. *Malware: destroy data/systems 5. *Public WiFi: extract info for other attacks 6. *BEC: Business Email Compromise – steal money 7. *Passwords: access systems and steal information 8. *Old Hard Drives: extract info for other attacks
Your customers are more aware and sophisticated than ever before • How are you protecting the data I am providing you? • What security measures are you taking to protect the data I am providing you? •...Your customers are more aware and sophisticated than ever before • How are you protecting the data I am providing you? • What security measures are you taking to protect the data I am providing you? • They may ask you or your 3 rd party vendor to fill out their IT departments security assessment form
People with access to data, computers & networks Insiders: Employees and Vendors – Very Large – Malicious – Inadvertent Insider/Outsider Combination – Large Random Outsider: Exposing known weaknesses ...People with access to data, computers & networks Insiders: Employees and Vendors – Very Large – Malicious – Inadvertent Insider/Outsider Combination – Large Random Outsider: Exposing known weaknesses – Medium Purposeful Outsider: Known target - Small