Building Human Intelligence – Pun Intended
-
Upload
energysec -
Category
Technology
-
view
111 -
download
1
description
Transcript of Building Human Intelligence – Pun Intended
Building Human Intelligence – Pun Intended
Rohyt Belani
Co-founder & CEO, PhishMe
@rohytbelani @PhishMe
Nature of Advanced Cyber Attacks
Disruption
Cybercrime
Cyber-Espionage
and Cybercrime
Dam
ages
2005 2005 2009 2011 2013
Worms Viruse
s
Spyware/ Bots
Advanced Persistent Threats
Zero-Day Targeted Attacks Dynamic Trojans
Stealth Bots
Changing cyber
attacks
Evolving cyber
actors
Shrinking barriers to
entry
New Threat Landscape
Some Statistics
• Massive-scale phishing attacks loom as new threat, USA Today • Ponemon Institute: 2012 Cost of Cyber Crime Study • 2012 Verizon Data Breach Investigations Report • 'Spear phishing' the main email attachment threat, ComputerWorld UK
In a single campaign,
..and technical controls are failing
Did these companies
not have the best
defensive and
detective technologies
in place?
We need to change the way we defend
“But security awareness doesn’t work”
It didn’t, because we were:
• Boring
• De-focused
• Compliance oriented
• Passive
and..
We didn’t have metrics to prove
otherwise
Understanding the Hu Element
Memories associated with emotional events are stored here
Learning Theory
• For memories to last, we need long term potentiation (LTP)
• LTP – “ long-lasting enhancement in signal transmission between two neurons that results from stimulating them synchronously”
• Persistence or repetition of an activity tends to induce lasting cellular changes that add to stability in signal transmission between neurons
Human Psyche Hacked
• To change behavior, we need:
– Emotional triggers
– Repetition
– Feedback loops
– Focused information
– Develop intuition
Making It Work: It Needs to be Continuous
What happened here?
Making It Work: Focus on the Real Threats
Before you spend time and money on training ask yourself – can I fix this issue with a technical control? Example, Password complexity – do I really need my users to know what makes a strong password? USB sticks – can’t I just disable them?
Making It Work: Think “Marketing”
Making It Work: Immerse in the Experience
Knives At A Gunfight
2012 Verizon Data Breach Investigations Report: Time windows for financial and PCI breaches.
Time from compromise
to discovery:
Days - Months
Time from compromise
to exfiltration:
Minutes - Days
Effective threat protection demands discovery in minutes, not months
Time from discovery to
containment:
Days - Months
We Have a Detection Problem!
• Median number of days that attackers were present on a victim network before detection?
2431
• Percentage of breaches that went undetected for “months or more”?
66%2
1 www.mandiant.com/library/M-Trends_2013.pdf
2 http://www.verizonenterprise.com/DBIR/2013/
Can We Think Outside the Shiny Box?
Most people respond to emails within the first few hours of receiving them – if they are trained to report we get relevant, near time threat intelligence Users who learn to not fall for phishing attacks also learn to report them
Threat intelligence opportunity
Control cost by incident phase D
iffi
cult
y to
Det
ect
Cost to Control $5.5MM, Average cost to remediate a breach in 2012
Compromise Exfiltration Propagation Persistence
With a thriving user reporting ecosystem
Improve Incident Response
• Users provide new source of near-time threat data
• Early detection drives down key cost factors such as time from incident to response
• Response can start Day 1 – Redirect and capture C&C traffic
– Remove same/similar emails from other inboxes
– Block additional inbound/outbound
– Increase monitoring at targeted entities
– If a successful compromise containment may be limited
This is the end goal…