Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ARP Presentation

990de9383c7b195c93dcb58f12c7d5bf?s=47 ZE82
October 13, 2021

ARP Presentation

Gray Divide



October 13, 2021


  1. The Gray Divide & Social Engineering Figueroa, Lizander Proposed Draft

    for ARP Report
  2. Common Types of Cyber Crime • Phishing Is Easily Perpetrated

    If the Victim Is Unaware or Inexperienced • Identity Theft or Misrepresentation Can be Carried Out Via Emails Readily Within a Corporate Environment • Extortion Via Malware is Rising (Richter, 2021)
  3. Cybercrime Percentages • 95% of cybersecurity breaches are caused by

    human error. • The worldwide information security market is forecast to reach $170.4 billion in 2022. • 88% of organizations worldwide experienced spear phishing attempts in 2019. • 68% of business leaders feel their cybersecurity risks are increasing. • On average, only 5% of companies’ folders are properly protected. • Data breaches exposed 36 billion records in the first half of 2020. • 86% of breaches were financially motivated and 10% were motivated by espionage. • 45% of breaches featured hacking, 17% involved malware and 22% involved phishing. • Between January 1, 2005, and May 31, 2020, there have been 11,762 recorded breaches. • The top malicious email attachment types are .doc and .dot which make up 37%, the next highest is .exe at 19.5%. (Sobers, 2021)
  4. Cyber Crimes Against The Elderly Common Elder Fraud Schemes •

    Romance scam: Criminals pose as interested romantic partners on social media or dating websites to capitalize on their elderly victims’ desire to find companions. • Tech support scam: Criminals pose as technology support representatives and offer to fix non-existent computer issues. The scammers gain remote access to victims’ devices and sensitive information. • Grandparent scam: Criminals pose as a relative—usually a child or grandchild—claiming to be in immediate financial need. • Government impersonation scam: Criminals pose as government employees and threaten to arrest or prosecute victims unless they agree to provide funds or other payments. • Sweepstakes/charity/lottery scam: Criminals claim to work for legitimate charitable organizations to gain victims’ trust. Or they claim their targets have won a foreign lottery or sweepstake, which they can collect for a “fee.” • Home repair scam: Criminals appear in person and charge homeowners in advance for home improvement services that they never provide. • TV/radio scam: Criminals target potential victims using illegitimate advertisements about legitimate services, such as reverse mortgages or credit repair. • Family/caregiver scam: Relatives or acquaintances of the elderly victims take advantage of them or otherwise get their money. (FBI, 2020)
  5. Why Target Elder Individuals? • Cybercriminals rely on gaining access

    to restricted information, but many individuals who grew up with the technology are aware of tricks of their trade. • Elder individuals often find themselves facing the integration of technology and networking across their daily lives without the training to apply it safely. • Criminal activity often relies on a motivated offender, a suitable target and the lack of a capable guardian. As many elders live alone, their ability to reach out for assistance is not readily available to prevent victimization. (Sullivan, 2018)
  6. Password Entropy & Its Purpose Password Entropy : The Complexity

    of the Password’s Structure provides protection based around how long it will take a program to brute force or attempt every possible combination to defeat a password. (Hive Systems & Halsey, 2021)
  7. Why Are Password Policies Beneficial? Expiration Prevents enough time to

    accumulate that would lead to a breach Ensures a constant changeover cycle based around set time frames to allocate manpower in the case of employees not being able to log in Prevents a former employee from using an expired log in or a current employee using a stolen log in Cycling Restrictions Prevents passwords from being reused and therefore predicted or guessed Prohibits the compromising of a password and saving it for later Promotes further security concerning stolen log ins. While a compromised log in may remain active for expiration, upon reset, password may not be recycled and remain compromised Entropy Forms a level of complexity to safeguard the network Prevents passwords from being easily defeated Ensures consistency across users in the need to reset a lost credential (Taha et al., 2013; Wakefield, 2014)
  8. BYOD Policy • The threat of a motivated offender stealing

    private information prohibits the usage of personal devices within closed spaces. This is to prevent accidental or malicious leaks. (Clarke & Felson, 1993 • Protecting Workstations and Records from external cameras prevents sensitive information from reaching beyond unmonitored locations (Wakefield, 2014). • These practices ensure compliance with regulation, but also safeguard client information (Wakefield, 2014).
  9. Perceived Difficulties for Elder Employees Integrating Within The Office Training

    Requirements & Perceived Problems • Usage of Software & Hardware provided to fulfill job duties • Different teams require different procedures, IT is kept separately until needed or sought out • Training is ad-hoc after orientation, self assigned and self motivated Observed Expectations Or Baseline • Most software is basic data entry or record keeping and training is provided as needed • Flexibility is anticipated, but without proper introduction to software or hardware, integration is slow • Without more awareness given, employees may not be readily accessing the tools required to advance and succeed (Chiasson & Van Oorschot, 2015)
  10. Proposals • Increase the level of contextual training offered to

    employees to maintain a higher baseline of knowledge • Remove the requirements for password entropy and expiration in favor for secondary authentication, ie a smart card log in or biometric log in • Promote a consistent training program across departments to facilitate an ease of transition between teams • IT and Network Administrators to provide a liaison between the teams to focus their efforts on promoting an evolving response to team and employee needs
  11. References • References • Chiasson, S., & Van Oorschot, P.

    C. (2015). Quantifying the security advantage of password expiration policies. Designs, Codes and Cryptography, 77(2-3), 401- 408. https://doi.org/10.1007/s10623-015-0071-9 • Clarke, R. V., & Felson, M. (1993). Routine activity and rational choice. Transaction Publishers. • FBI. (2020, June 15). Elder fraud. Federal Bureau of Investigation. https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/elder-fraud • Hive Systems, & Halsey, M. (2021, September 13). Are your passwords in the green? Hive Systems. https://www.hivesystems.io/blog/are-your-passwords-in-the-green • Richter, F. (2021, April 8). Infographic: The most common types of cyber crime. Statista Infographics. https://www.statista.com/chart/24593/most-common-types-of-cyber- crime/
  12. References • Sobers, R. (2021, March 16). 134 cybersecurity statistics

    and trends for 2021. Varonis. https://www.varonis.com/blog/cybersecurity-statistics/ • Sullivan, B. (2018, August 31). Senior scams: How to protect yourself & loved ones. Experian. https://www.experian.com/blogs/ask-experian/senior-scams- heres-how-to-protect-yourself-and-your-loved-ones/ • Taha, M. M., Alhaj, T. A., Moktar, A. E., Salim, A. H., & Abdullah, S. M. (2013). On password strength measurements: Password entropy and password quality. 2013 INTERNATIONAL CONFERENCE ON COMPUTING, ELECTRICAL AND ELECTRONIC ENGINEERING • Wakefield, A. (2014). Corporate security and enterprise risk management. Corporate Security in the 21st Century, 235- 253. https://doi.org/10.1057/9781137346070.0022