The dangers of using outdated software


 Outdated software contains security flaws which cybercriminals can use as avenues to infiltrate the corporate network.

The dangers of using outdated software.

The life of a file

The life of a file…

8:00 a.m.  The executive secretary begins writing a credit memo for several clients.  The file has sensitive data.

8:15 a.m.   The file is saved to the documents folder on the secretary’s desktop.   The document is truly on a domain server in her profile folder.   There is one copy of the file.

8:17 a.m.   The secretary opens her email and attaches the file.   The secretary emails the document to ten recipients.

8:17:30 a.m.  The file goes to ten different email servers.

8:18: a.m.  The file now sits on eleven computers- ten email servers and on the company’s domain server.

8:19 a.m. The file gets downloaded onto three tablets and one notebook.   The file is now on 16 devices.

8:19 a.m. The file received by two of the email recipients above is synchronized to a cloud backup service.  The file is now on 19 devices.

8:20 a.m. The file is received by the above tablet and is synchronized onto a cloud backup service and synchronizes with the end-user’s phone and their home desktop computer.  The file is now on 22 devices.

8:20:45 a.m. The file on the above recipient is copied to a third party storage solution from their phone.  The file is now on 23 devices.

8:21 a.m.  The file now synchronizes from the one of the above tablets above and is forwarded to a private email.  The file is downloaded to their phone.  The file is now on 25 devices.

8:29 a.m.  The file is received by the remaining six recipients and is synchronized to five cloud servers, lands on four laptops and three smartphones.   The file is now on 43 devices.

8:30 a.m.  The corporate server synchronizes to a backup drive and shots the secretary’s file to an offsite backup.  The file is now on 45 devices.

8:35 a.m.  The secretary copies the file to a USB drive and prepares for a business meeting at another location.  The file is now on 46 devices.

9:05 a.m. One of the email recipients copies the file to a flashdrive and gives the file to an associate.  The file is now on 47 devices.

9:07 a.m. The secretary arrives at the off-site location and gives the flashdrive to a co-worker.  The co-worker prepares for a presentation and copies the file to a presentation laptop.  The file is now on 48 devices.

9:08 a.m.  The flash drive is placed into the pocket of the co-worker.   One of the email recipients copies the file onto a server and shares the file to 8 co-workers.   Six of the co-workers download the file to their tablets.  The file is now on 55 devices.

9:10 a.m.  The presenter at the offsite location  jogs to an out building to get supplies for the meeting.  The flashdrive falls through a hole in his pocket.

9:12 a.m.   An archiving program on the second server copies the file into a data warehouse server.  The data warehouse server makes a copy of the file and backs up the file.  There is now 57 devices.

9:15 a.m.  One of the email recipients cannot open the file on his tablet.   The email recipient copies the file to a flash drive and moves the file to a company laptop.   The file is now on 58 devices.

9:20 a.m.  An email recipient forwards the email to a wrong address and to three correct addresses.   The file goes to four email servers and is downloaded to three laptops and onto a desktop of one user.   The file is now on 67 devices.

9:21 a.m. The email is synchronized to other devices for the last group of recipients.   The file lands on an addition nine devices.   The file is now on 76 devices.

9:30 a.m. The email servers backup the files for the recipients.  The file is now on now on 90+ devices.

9:31 a.m.  The meeting starts at the offsite location.

9:32 a.m.  A stranger finds the flashdrive that was dropped outside of the building.   Another stranger downloads the email that was wrongfully sent to them.

In today’s world, your one file grows as though it were a microorganism.   It is held by many corporations and can be seen by many individuals…in the first hour.

ncsam10_bnr3

A Search Engine that shows devices on the web

Secure your devices.  Bottom-line, there are malicious users on the web that can find your device (webcams, IP cameras, routers, SCADA and other devices).  Change the default passwords and update software/firmware when it is available.  Disable UPNP and look for vulnerabilities that may affect your device.

 

CNN’s Money on “Hacking anything connected to the internet

 

 

2013 Middle Tennessee Cyber Summit: Building Partnerships and Understanding the Threat

2013 Middle Tennessee Cyber Summit:

Building Partnerships and Understanding the Threat

 

Middle Tennessee Cyber Summit: Building Partnerships and Understanding the Threat will be held on the MTSU campus May 7 and 8. This event will address criminal, intelligence, disruptive, and information cyber threats and be of particular interest to city/state/federal governments, healthcare, education, transportation, financial, utilities, and business industries.

Presentations from U.S. Department of Homeland Security, TN Department of Safety and Homeland Security, Federal Bureau of Investigation, United States Secret Service and private sector cyber security.

MTSUCyberBanner

2013 Middle Tennessee Cyber Summit:   Building Partnerships and Understanding the Threat

 When: Tuesday, May 7 – Wednesday, May 8

Where: MTSU campus, Student Union Ballroom

Cost: $30 per attendee

Attendees: state/local/federal govt. agencies, utilities, private sector, education, healthcare, transportation, financial

Credits/Certifications: CEUs available

Middle Tennessee Cyber Summit: Building Partnerships and Understanding the Threat will be held on the MTSU campus May 7-8. This event will address criminal, intelligence, disruptive, and information cyber threats and is scheduled to include presentations from U.S. Department of Homeland Security, TN Department of Safety and Homeland Security, Federal Bureau of Investigation, United States Secret Service, and private sector cyber security organizations.

Tuesday, May 7

7:30 – 8:00       Registration and Networking

8:00 – 8:30       Welcome and Introduction

MTSU Representative

TN Department of Safety and Homeland Security Commissioner Bill Gibbons and Assistant Commissioner David Purkey

8:30 – 9:15      Emerging Threats in Cyber Security

Speaker TBA, U.S. Department of Homeland Security

 9:15 – 10:45     China, Cyber, and U.S. Energy: Who, What, Why, and What’s Next

Betsy Woudenberg, Chief Cyber Officer, Intelligence Arts

A discussion of China as our cyber adversary, using cyber attacks on U.S. and global energy companies to illustrate how the Communist Party’s domestic objectives drive its cyber espionage campaigns

 

10:45 – 11:30    Vendor tables and break

11:30 – 12:30    Lunch

12:30 – 1:15      Keynote

Scott Augenbaum, Supervisory Special Agent, Cyber Crime Squad, Federal Bureau of Investigation

1:15 – 2:30         TBA

Speaker TBA, Federal Bureau of Investigation

2:30 – 2:45         Break

2:45 – 4:30         Secret Service – Cyber Crime Investigations

Todd Hudson, Special Agent in Charge, United States Secret Service

Wednesday, May 8

8:00 – 9:00           Social Engineering

Sese Bennett, Information Officer, State of Tennessee

 

9:00 – 10:00      SCADA

Speaker TBA, U.S. Department of Homeland Security

10:00 – 11:15      Intrusion Case Studies

Steve Mallard, IT Director, Tennessee Technology Center at Shelbyville

11:15 – 11:30      Break (vendor tables close at 12)

11:30 – 12:30      Lunch

12:30 – 2:00        Keynote:SCADA for Spies

Betsy Woudenberg, Chief Cyber Officer, Intelligence Arts

An introduction to SCADA – the technology that automates critical infrastructure – and how adversaries can penetrate these systems using humans and technology

2:00 – 2:15           Break

2:15 – 4:30           Cloud/Mobility Security

Speaker TBA

Event Sponsored by:

 Department of Justice, Office of Justice Programs

Forensic Institute for Research and Education

Middle Tennessee State University

MTSU Information Technology Division

Enterasys Inc.

Mandiant

Registration information:

Date: Tuesday, May 7 – Wednesday May 8

Location: MTSU New Student Union Building

Cost: $30 per attendee (No Federal funds are expended to cover any catering or food)

Attendees: state/local/federal government agencies, utilities, private sector, education, healthcare, transportation, and financial, and law enforcement

Credits/Certifications: CEUs available ($10 MTSU fee)

Register Here

For more information, please contact: Karen Austin at karen.austin@mtsu.edu or 615-494-7971

Middle Tennessee Cyber Summit

Middle Tennessee Cyber Summit: Building Partnerships and Understanding the Threat

Date: May 7 and 8

Location: MTSU New Student Union Building

Registration: March 1, 2013

Middle Tennessee Cyber Summit: Building Partnerships and Understanding the Threat will be held on the MTSU campus May 7 and 8. This event will address criminal, intelligence, disruptive, and information cyber threats and be of particular interest to city/state/federal governments, healthcare, education, transportation, financial, utilities, and business industries.

Presentations from Department of Homeland Security, TN Department of Safety and Homeland Security, Federal Bureau of Investigation, and private sector cyber security.   Registration information can be found at http://www.csimtsu.com beginning March 1, 2013.

MTSU Cyber Summit

Go Hack Yourself – Dark Reading

“Penetration testing is only the first step of self-inspection—
ask internal auditors to scrutinize IT practices beyond compliance to take risk management to the next level – Read More