WEPA Company Overview and Cybersecurity Insights

Questions and Answers

Which of the following best describes the relationship between IT and OT?

• IT is the same as OT but used in the manufacturing sector.
• OT is a subset of IT, focusing on software applications.
• OT is essentially IT that is used to control the physical world. (correct)
• IT and OT are completely separate with no overlap in function.

What does the acronym 'MFA' stand for in the context of cybersecurity?

• Managed Firewall Access
• Mainframe Functional Array
• Mobile File Allocation
• Multi-factor Authentication (correct)

According to the projections, what is the estimated cost of cybercrime by 2026?

• $20 billion USD
• $200 trillion USD
• $2 trillion USD
• $20 trillion USD (correct)

What is the core concept behind a Zero Trust Architecture (ZTA)?

Assuming all users and devices, are a potential threat even if they are inside the network. (D)

Which of these is NOT mentioned as a threat to businesses?

Phishing (A)

What is the primary purpose of a Business Impact Analysis (BIA)?

To identify and prioritize critical business assets. (C)

What does RPO (Recovery Point Objective) primarily determine?

The maximum acceptable amount of data loss. (B)

Which of the following best describes an RTO (Recovery Time Objective)?

The time required to restore a business function. (D)

Considering WEPA's business, which of the following would likely be the most affected by a disaster, according to a BIA?

The production line for hygienic paper products (A)

What is the main purpose of the Business Continuity Plan (BCP)?

To document a strategy to continue operations during disruptions. (C)

Flashcards

Business Continuity Plan (BCP)

A plan that outlines how to keep a business operational during a disaster.

Business Impact Analysis (BIA)

A document that identifies, prioritizes, and analyzes the impact of losing critical business assets.

Recovery Point Objective (RPO)

The maximum amount of data loss that a business can tolerate.

Recovery Time Objective (RTO)

The target time it takes to restore critical systems and operations after an outage.

Service Level Agreement (SLA)

A formal agreement that outlines the level of service a provider guarantees to a client.

MFA (Multi-factor Authentication)

A system that uses multiple verification methods to authenticate user identities, making it much harder for unauthorized individuals to access sensitive data. Examples include requiring a password, a security token, and a fingerprint scan.

Phishing

A type of social engineering attack where attackers impersonate legitimate entities to trick victims into providing personal information or granting access to sensitive systems.

CVSS (Common Vulnerability Scoring System)

A scoring system that measures the severity of vulnerabilities found in software or systems. It helps prioritize vulnerabilities based on the potential impact they could have on systems.

VPN (Virtual Private Network)

A technology that enables secure access to private networks over a public network like the internet, protecting data and communication from unauthorized access.

Zero Trust Architecture (ZTA)

A security framework that assumes no user or device can be trusted by default. It requires strict authentication and authorization for every access attempt, ensuring that only authorized users can access resources.

Study Notes

Company Information

• Company: WEPA
• Founded: 1948
• Description: Second largest hygienic paper product manufacturer in Europe.
• Employees: 4500
• Plants: 15 in 6 different countries
• Focus: Together for a better life

Key Person

• Tibor Toronyi: Head of Infrastructure & Security at WEPA
• Experience: 45 years IT experience
• Skills: Programming, system administration, networking, cybersecurity (and destroying electronics)
• Areas of expertise: Variety of industries, managed service provider (MSP), education, healthcare, automotive, steel galvanizing, spirits & wines, hygienic paper, Neural Networks
• Related projects: High-frequency finance (with Ramazan Gencay)

Business Units

• Consumer
• Professional
• Venture
• Foundation

Financial

• World record: 2,250 mpm - 3,240 kms (01.2024)

Cybersecurity Terminology

• MFA: Multi-factor Authentication
• Phishing/vPhishing/BEC/Whaling
• CVSS: Common Vulnerability Scoring System (NAIC)
• VPN: Virtual Private Network
• CIR: Cyber-Incident Response
• ZTA: Zero Trust Architecture (Network, Access, Security)
• IAM: Identity Access Management
• EDR, XDR / MXDR, SOC / NOC, IDS / IPS, SIEM, Red / Blue / Purple team

IT Terminology

• BIA: Business Impact Analysis
• DRP: Disaster Recovery Process
• RTO: Recovery Time Objective
• RPO: Recovery Point Objective
• SLA: Service Level Agreement
• BCP: Business Continuity Plan
• UI: User Interface
• UX: User Experience
• OT: Operational Technology
• Cloud: increase in vulnerabilities

Business Threats

• Cybercrime projections: $20 trillion USD by 2026
• Deepfakes
• Google Finance worker: $25 million payout
• Catfishing
• Google: Fake IT Worker scams
• Third-party risks
• AI: Quick analysis, sophisticated automated attacks,
• Cloud security: Not as safe as people think: 154% increase in vulnerabilities
• Internet of Things (IoT): Television spying concern
• State-sponsored / global cyberattacks: close to midnight (23:58:45)

Conclusion - Actionable Information

• Develop better situational awareness
• Enhance business and personal security
• Expect a security breach