Cybersecurity Presentation 6-11-15

49
1 IT advisory Cyber Security – Why I Should (or Shouldn’t) be Worried Rodney Murray Douglas Jambor

Transcript of Cybersecurity Presentation 6-11-15

Page 1: Cybersecurity Presentation 6-11-15

1IT advisory

Cyber Security – Why I Should (or Shouldn’t) be Worried

Rodney MurrayDouglas Jambor

Page 2: Cybersecurity Presentation 6-11-15

2IT advisory

Agenda

Brief Look at Current Data Breach Trends

Security Incidents – What are we seeing?

Common Scenarios

Benefits of a Security Assessment

Page 3: Cybersecurity Presentation 6-11-15

3IT advisory

Firm Overview

Page 4: Cybersecurity Presentation 6-11-15

4IT advisory

Data Breach Trends

Page 5: Cybersecurity Presentation 6-11-15

5IT advisory

Recent Statistics

2009 2010 2011 2012 2013 20140

200

400

600

800

1000

1200

1400

1600

1800

728 8291099

16621531

1264

Source: http://datalossdb.org/statistics

Page 6: Cybersecurity Presentation 6-11-15

6IT advisory

Recent Statistics

Financial

Govt. & Public Sector

Education

Retail

Healthcare

6%

8%

10%

11%

37%

Top 5 Sectors Breached by Number of Incidents

Source: 2015 Symantec Internet Threat Report

Page 7: Cybersecurity Presentation 6-11-15

7IT advisory

Recent Statistics

Industrial

Retail

Communications

Financial

Pharmaceuticals

Education

Health

$155

$165

$179

$215

$220

$300

$363

Breach Cost Per Capita 2014

Source: Ponemon Institute 2015 Cost of Data Breach Study

Page 8: Cybersecurity Presentation 6-11-15

8IT advisory

Recent Statistics

Average Time to Identify a Breach206 days

Source: 2015 Verizon Data Breach Report

Ransomware

113%

Page 9: Cybersecurity Presentation 6-11-15

9IT advisory

Recent Statistics

Breach Root Causes 2015

Malicious or Criminal AttackSystem GlitchHuman Error

Source: Ponemon Institute 2015 Cost of Data Breach Study

47%

25%

29%

Page 10: Cybersecurity Presentation 6-11-15

10IT advisory

Recent Statistics

Source: Hackmageddon.com

Cyber Espionage11%

Hack-tivisim

22%

Cyber Crime67%

Page 11: Cybersecurity Presentation 6-11-15

11IT advisory

Recent Statistics

Source: Health and Human Services

Improper Disposal5%

Hacking/IT Incident7%

Loss14%

Theft51%

Unknown 3%

Unauthorized Access20%

Types of Breaches 500+

Page 12: Cybersecurity Presentation 6-11-15

12IT advisory

Recent Statistics

Source: http://datalossdb.org/statistics

Page 13: Cybersecurity Presentation 6-11-15

13IT advisory

Recent Statistics

Source: http://datalossdb.org/statistics

Page 14: Cybersecurity Presentation 6-11-15

14IT advisory

Recent Statistics

Source: http://datalossdb.org/statistics

Page 15: Cybersecurity Presentation 6-11-15

15IT advisory

Recent Known Breaches

Target MichaelsNeiman Marcus AOLExperianPF Chang’sHumana – AtlantaJP Morgan ChaseHome Depot Jimmy John’sAnthem Federal Gov’t

SC Department of RevenueNC Department of Transportation

Page 16: Cybersecurity Presentation 6-11-15

16IT advisory

Additional Breach Examples

www.privacyrights.org

Insurance Vendor inadvertent file access UnknownCapital Management Undetected hack accessed databases 800Insurance Forms sent to DOL posted to public site UnknownCredit Union File published on website 39,000Investment Management

COBRA database accessed Unknown

NASDAQ Malware installed between 11/08 & 10/10

Unknown

Bank Malware on employees computer 115,775Bank Data not redacted for court records 146,000Bank Backup tapes missing during transport Unknown

Page 17: Cybersecurity Presentation 6-11-15

17IT advisory

Data Mobility

2 of 5 employees download work files to personal devices

2 of 5 employees plan to use old company data in new jobs

56% of employees do not believe it is a crime to use a competitor’s trade secrets

68% say their company does not take steps to deter data leakage

- Symantec study

Page 18: Cybersecurity Presentation 6-11-15

18IT advisory

Increasing Compliance Demands

Financial Institutions / Public CompaniesGramm-Leach-BlileyPCI – Credit and debit card dataHIPAA – healthcare / patient dataFISMA - Federal Government ContractorsLarge / public customer requirementsService Organization Controls ReportingIndividual state requirements

Page 19: Cybersecurity Presentation 6-11-15

19IT advisory

What can I do?

Question – If someone was trying to breach your systems today …

WHO WOULD BE THE FIRST TO NOTICE IT?

Determined by People, Process, Technology in place

Reducing risk will require investment … Skillsets / resources Software / hardware solutions Third party relationships for monitoring

Page 20: Cybersecurity Presentation 6-11-15

20IT advisory

Unanticipated Costs

Investigation Costs

Regulatory / Industry Fines or Penalties

Remediation / Infrastructure Change Costs

Brand Damage

Page 21: Cybersecurity Presentation 6-11-15

21IT advisory

Security IncidentsWhat are we seeing?

Page 22: Cybersecurity Presentation 6-11-15

22IT advisory

76% of network intrusions exploited weak or stolen credentials

40% incorporated malware 35% involved physical attacks 29% leveraged social tactics 13% resulted from privilege misuse and

abuse- Symantec study

Cybercrime Lifecycle

Page 23: Cybersecurity Presentation 6-11-15

23IT advisory

Greed

Cybercrime Lifecycle

Page 24: Cybersecurity Presentation 6-11-15

24IT advisory

Victim Identification Sea of opportunity = 1 out of every 7 people

have data worth targeting 1 Billion targets worldwide

Infiltration Using the low hanging fruit exploit methods Not burning Zero-days exploits

Cybercrime Lifecycle

Page 25: Cybersecurity Presentation 6-11-15

25IT advisory

Propagation In the past, we saw hackers grabbing the databases

or flat files and leaving Now, we see hackers latching on data sources and

persisting

Aggregation Exploit a server or workstation in a Business’ internal

network This device become an aggregation point for data

collection

Cybercrime Lifecycle

Page 26: Cybersecurity Presentation 6-11-15

26IT advisory

Data Exfiltration Using advance techniques to exfiltrate data

Encryption

Buyer Identification Web forums

Sometimes up 10,000 users

Liquidate the data and collect the cash

Cybercrime Lifecycle

Page 27: Cybersecurity Presentation 6-11-15

27IT advisory

Recycling The organization reinvests their $$$

Recycle tools and techniques learned

Re-implement these tools, techniques and lessons learned against the next victim

Cybercrime Lifecycle

Page 28: Cybersecurity Presentation 6-11-15

28IT advisory

Data Exfiltration Complete

Page 29: Cybersecurity Presentation 6-11-15

29IT advisory

Hackers View of Your Network

Page 30: Cybersecurity Presentation 6-11-15

30IT advisory

Hackers View of Your Network

Page 31: Cybersecurity Presentation 6-11-15

31IT advisory

Hackers View of Your Network

Page 32: Cybersecurity Presentation 6-11-15

32IT advisory

Hackers View of Your Network

Page 33: Cybersecurity Presentation 6-11-15

33IT advisory

Hackers View of Your Network

Page 34: Cybersecurity Presentation 6-11-15

34IT advisory

Hackers View of Your Network

Page 35: Cybersecurity Presentation 6-11-15

35IT advisory

Hackers View of Your Network

Page 36: Cybersecurity Presentation 6-11-15

36IT advisory

Hackers View of Your Network

Page 37: Cybersecurity Presentation 6-11-15

37IT advisory

Hackers View of Your Network

Page 38: Cybersecurity Presentation 6-11-15

38IT advisory

Game, Set, Match

Page 39: Cybersecurity Presentation 6-11-15

39IT advisory

Common Scenarios

Page 40: Cybersecurity Presentation 6-11-15

40IT advisory

Common Scenario

Sluggish Internet Strange messages / prompts Minor file / folder changes and additions User / system ID changes and additions Notification from employees’ banks of

suspicious Web logon attempts

Page 41: Cybersecurity Presentation 6-11-15

41IT advisory

Common Scenario

Multiple file transfer / receipt methods

Weak remote access controls

Limited / part-time internal IT resources

No proactive monitoring – relying on standard Malware/AV products

Page 42: Cybersecurity Presentation 6-11-15

42IT advisory

Common Scenario

Use of small third party company for IT support – NO SECURITY FOCUS!

Outdated software patches / virus signatures

Low level of employee / customer awareness

Page 43: Cybersecurity Presentation 6-11-15

43IT advisory

Common Scenario

Visitors / non-employees not challenged when onsite

Data on printers?

Workstations?

Other common vulnerabilities?

Page 44: Cybersecurity Presentation 6-11-15

44IT advisory

Common Results

Nuisance viruses

Key logger on individual machines

Botnet sending data outside of the network

Malware

Ransomware

Page 45: Cybersecurity Presentation 6-11-15

45IT advisory

Benefits of a Security Assessment

Page 46: Cybersecurity Presentation 6-11-15

46IT advisory

Information Protection Life Cycle

Page 47: Cybersecurity Presentation 6-11-15

47IT advisory

Data Security and Privacy

Page 48: Cybersecurity Presentation 6-11-15

48IT advisory

Questions

Page 49: Cybersecurity Presentation 6-11-15

49IT advisory

For More Information / Assistance:

Rodney [email protected]

Douglas [email protected]