1IT advisory

Cyber Security – Why I Should (or Shouldn’t) be Worried

Rodney MurrayDouglas Jambor

2IT advisory

Agenda

Brief Look at Current Data Breach Trends

Security Incidents – What are we seeing?

Common Scenarios

Benefits of a Security Assessment

3IT advisory

Firm Overview

4IT advisory

Data Breach Trends

5IT advisory

Recent Statistics

2009 2010 2011 2012 2013 20140

200

400

600

800

1000

1200

1400

1600

1800

728 8291099

16621531

1264

Source: http://datalossdb.org/statistics

6IT advisory

Recent Statistics

Financial

Govt. & Public Sector

Education

Retail

Healthcare

6%

8%

10%

11%

37%

Top 5 Sectors Breached by Number of Incidents

Source: 2015 Symantec Internet Threat Report

7IT advisory

Recent Statistics

Industrial

Retail

Communications

Financial

Pharmaceuticals

Education

Health

$155

$165

$179

$215

$220

$300

$363

Breach Cost Per Capita 2014

Source: Ponemon Institute 2015 Cost of Data Breach Study

8IT advisory

Recent Statistics

Average Time to Identify a Breach206 days

Source: 2015 Verizon Data Breach Report

Ransomware

113%

9IT advisory

Recent Statistics

Breach Root Causes 2015

Malicious or Criminal AttackSystem GlitchHuman Error

Source: Ponemon Institute 2015 Cost of Data Breach Study

47%

25%

29%

10IT advisory

Recent Statistics

Source: Hackmageddon.com

Cyber Espionage11%

Hack-tivisim

22%

Cyber Crime67%

11IT advisory

Recent Statistics

Source: Health and Human Services

Improper Disposal5%

Hacking/IT Incident7%

Loss14%

Theft51%

Unknown 3%

Unauthorized Access20%

Types of Breaches 500+

12IT advisory

Recent Statistics

Source: http://datalossdb.org/statistics

13IT advisory

Recent Statistics

Source: http://datalossdb.org/statistics

14IT advisory

Recent Statistics

Source: http://datalossdb.org/statistics

15IT advisory

Recent Known Breaches

Target MichaelsNeiman Marcus AOLExperianPF Chang’sHumana – AtlantaJP Morgan ChaseHome Depot Jimmy John’sAnthem Federal Gov’t

SC Department of RevenueNC Department of Transportation

16IT advisory

Additional Breach Examples

www.privacyrights.org

Insurance Vendor inadvertent file access UnknownCapital Management Undetected hack accessed databases 800Insurance Forms sent to DOL posted to public site UnknownCredit Union File published on website 39,000Investment Management

COBRA database accessed Unknown

NASDAQ Malware installed between 11/08 & 10/10

Unknown

Bank Malware on employees computer 115,775Bank Data not redacted for court records 146,000Bank Backup tapes missing during transport Unknown

17IT advisory

Data Mobility

2 of 5 employees download work files to personal devices

2 of 5 employees plan to use old company data in new jobs

56% of employees do not believe it is a crime to use a competitor’s trade secrets

68% say their company does not take steps to deter data leakage

- Symantec study

18IT advisory

Increasing Compliance Demands

Financial Institutions / Public CompaniesGramm-Leach-BlileyPCI – Credit and debit card dataHIPAA – healthcare / patient dataFISMA - Federal Government ContractorsLarge / public customer requirementsService Organization Controls ReportingIndividual state requirements

19IT advisory

What can I do?

Question – If someone was trying to breach your systems today …

WHO WOULD BE THE FIRST TO NOTICE IT?

Determined by People, Process, Technology in place

Reducing risk will require investment … Skillsets / resources Software / hardware solutions Third party relationships for monitoring

20IT advisory

Unanticipated Costs

Investigation Costs

Regulatory / Industry Fines or Penalties

Remediation / Infrastructure Change Costs

Brand Damage

21IT advisory

Security IncidentsWhat are we seeing?

22IT advisory

76% of network intrusions exploited weak or stolen credentials

40% incorporated malware 35% involved physical attacks 29% leveraged social tactics 13% resulted from privilege misuse and

abuse- Symantec study

Cybercrime Lifecycle

23IT advisory

Greed

Cybercrime Lifecycle

24IT advisory

Victim Identification Sea of opportunity = 1 out of every 7 people

have data worth targeting 1 Billion targets worldwide

Infiltration Using the low hanging fruit exploit methods Not burning Zero-days exploits

Cybercrime Lifecycle

25IT advisory

Propagation In the past, we saw hackers grabbing the databases

or flat files and leaving Now, we see hackers latching on data sources and

persisting

Aggregation Exploit a server or workstation in a Business’ internal

network This device become an aggregation point for data

collection

Cybercrime Lifecycle

26IT advisory

Data Exfiltration Using advance techniques to exfiltrate data

Encryption

Buyer Identification Web forums

Sometimes up 10,000 users

Liquidate the data and collect the cash

Cybercrime Lifecycle

27IT advisory

Recycling The organization reinvests their $$$

Recycle tools and techniques learned

Re-implement these tools, techniques and lessons learned against the next victim

Cybercrime Lifecycle

28IT advisory

Data Exfiltration Complete

29IT advisory

Hackers View of Your Network

30IT advisory

Hackers View of Your Network

31IT advisory

Hackers View of Your Network

32IT advisory

Hackers View of Your Network

33IT advisory

Hackers View of Your Network

34IT advisory

Hackers View of Your Network

35IT advisory

Hackers View of Your Network

36IT advisory

Hackers View of Your Network

37IT advisory

Hackers View of Your Network

38IT advisory

Game, Set, Match

39IT advisory

Common Scenarios

40IT advisory

Common Scenario

Sluggish Internet Strange messages / prompts Minor file / folder changes and additions User / system ID changes and additions Notification from employees’ banks of

suspicious Web logon attempts

41IT advisory

Common Scenario

Multiple file transfer / receipt methods

Weak remote access controls

Limited / part-time internal IT resources

No proactive monitoring – relying on standard Malware/AV products

42IT advisory

Common Scenario

Use of small third party company for IT support – NO SECURITY FOCUS!

Outdated software patches / virus signatures

Low level of employee / customer awareness

43IT advisory

Common Scenario

Visitors / non-employees not challenged when onsite

Data on printers?

Workstations?

Other common vulnerabilities?

44IT advisory

Common Results

Nuisance viruses

Key logger on individual machines

Botnet sending data outside of the network

Malware

Ransomware

45IT advisory

Benefits of a Security Assessment

46IT advisory

Information Protection Life Cycle

47IT advisory

Data Security and Privacy

48IT advisory

Questions

49IT advisory

For More Information / Assistance:

Rodney Murrayrodney.murray@dhgllp.com

Douglas Jambordouglas.jambor@dhgllp.com