Inside the Mind of the Insider: Towards Insider Threat Detection ...
Inside the Threat Matrix - Westcon-Comstor...2016 Beyond Security Inside the Threat Matrix CRA...
Transcript of Inside the Threat Matrix - Westcon-Comstor...2016 Beyond Security Inside the Threat Matrix CRA...
-
Inside the Threat Matrix
Risk Management for Cyber Security Events
-
Private and Confidential
Your Presenter Today
2
Bill Hardin has worked on hundreds of forensic engagements in the
areas of data breach and cyber incident response, theft of trade
secrets, white collar crime, FCPA investigations, and enterprise risk
management. Many of his cases have been mentioned in The Wall
Street Journal, Financial Times, Forbes, and Krebs on Security,
amongst other publications. With a background in finance, operations,
and software development, he brings valuable insights to clients from
multiple dimensions. In addition to his forensic engagement
assignments, Bill has served in numerous interim management roles
for organizations experiencing disruption. He has assisted companies
with various management consulting assignments pertaining to
strategy, operations, and software implementations.
Mr. Hardin is a CPA/CFF, Certified Fraud Examiner (CFE), and a
certified Project Management Professional (PMP). Mr. Hardin has
spoken at numerous events on cybercrime, risk management, and
strategy/operations consulting. He serves on the board for Legal Prep
Charter Schools and is an adjunct professor at DePaul University in
Chicago.
You can reach him at [email protected]
mailto:[email protected]
-
Private and Confidential
DISCLAIMER
3
The material presented in this presentation is not intended to provide legal or other expert
advice as to any of the subjects mentioned, but rather is presented for general information
only. You should consult knowledgeable legal counsel, forensic experts, or other
knowledgeable experts as to any legal or technical information.
-
Private and Confidential4
-
Private and Confidential
Agenda for Today
5
• In the News
• Threats
• Valuation
• Behavioral Aspects
• Game Simulation
• Questions and Answers
-
Private and Confidential6
-
Private and Confidential
In the News
7
IF WHEN
WHIF
-
Private and Confidential8
DISRUPTIONWe Are Here, There, and Everywhere
-
Private and Confidential
Threats
9
Employee
Mistakes
Criminal
HackersHacktivists
Cloud or
3rd Party
Compromise
Malicious
Insider
-
Private and Confidential
Black Market Economics
10
Value of your data
Name
Date of Birth
Challenge Questions
Social Security Number
Employee ID
Driver’s License
User Name
Password
Medical Record Number
Email Address
Email
Address
Social
Security
Number
User
Name
Password
-
Private and Confidential
Game Theory in Practice
11
Behavioral Economics - To cooperate or not to cooperate?
-
Private and Confidential
Ransomware – Jigsaw Variant
12
-
Private and Confidential
Business Email Compromise – Example 1
13
Dear John,
Please wire the proceeds of the sale to the following
account in the amount of $50,000. This is related to
the Sun transaction.
Confirm receipt of this email.
Emanuel Goldstein
-
Private and Confidential
Business Email Compromise – Example 2
14
Dear John,
Please send me the W-2 information for
all company employees. Please
provide in an excel spreadsheet or
send me the PDFs.
Confirm receipt of this email.
Emanuel Goldstein
CEO
-
Private and Confidential15
Phishing Emails
STAGE ONE
300 Individuals
STAGE TWO
15 Individuals Clicked Document and Backdoor
created
30 Individuals Clicked Document and Not Impacted
255 Individuals did not do anything
Threat Actor has full control over asset (including file
share access, email, local file access, installed programs)
-
Private and Confidential16
Ransom – Example 1
PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS!
We have chosen your website/network as target for our next DDoS attack. All of your servers will be subject to a DDoS attack starting in two days.
How do I stop this? We are willing to refrain from attacking your servers for a small fee. The current fee is 5 Bitcoins (BTC). The fee will increase by 5 Bitcoins for each day that has passed without payment.
What if I don't pay? This is not a hoax, do not reply to this email, don't try to reason or negotiate, we will not read any replies. Once you have paid we won't start the attack and you will never hear from us again! Please note that Bitcoin is anonymous and no one will find out that you have complied.
-
Private and Confidential17
An email is sent to the , CFO with the following:
Dear CFO,
We managed to gain access to some things we probably shouldn't have had access
to. After looking through these files and information we found something that stood out to
us. Pricing information, employee data, customer lists, etc..
Like you, we are a for-profit group. Due to security reasons we are only able to receive our
payment in bitcoin. If you are interested in keeping this information private, please send 35
bitcoins to the bitcoin address listed at the very bottom of this email.
We advise you to keep this confidential.
Bitcoin Address:
1P4STNLNAOGNrLRFCyER2vfQVjKRMG7ihGDoy8
Two days. noon pacific time.
Ransom – Example 2
-
Private and Confidential
Ransom Letter - The Next Day
18
CFO receives another email:
Paying our fee is less expensive that going out of business. Here is proof of my request.
(Two documents are attached – one is an excel report, while the other is a word document).
You have one more day to pay my fee or information will be released.
-
Private and Confidential
Statistics Telling the Story
19
Cyber Industry Trends
Paper 5%
Human Error 15%Privacy Policy 8%
Hack 29%
Rogue Employee14%
Software Error3%
Other 8%
Laptops13%
Hard Drives3%
Other 2%
Lost/Stolen Devices
18%
Industry Breakout:
• Healthcare – 30%
• Technology – 11%
• Professional
Services – 14%
• Retail – 9%
• Financial
Institutions – 7%
-
Private and Confidential
Cyber Industry Trends (10 years)
Triggers by Industry Segment (as of 10/2015)
20
0%
5%
10%
15%
20%
25%
Hack RogueEmployee
Lost/StolenDevices
HumanError
PrivacyPolicy
7%
25%
18%21%
10%
Healthcare
0%
5%
10%
15%
20%
25%
30%
35%
40%
Hack RogueEmployee
Lost/StolenDevices
HumanError
PrivacyPolicy
36%
8%
21%
10%12%
Technology
0%
10%
20%
30%
40%
50%
Hack RogueEmployee
Lost/StolenDevices
HumanError
PrivacyPolicy
50%
11% 11%
3%
14%
Retail
0%
5%
10%
15%
20%
25%
30%
Hack RogueEmployee
Lost/StolenDevices
HumanError
PrivacyPolicy
23%
10%
26%
20%
5%
Professional Services
-
Private and Confidential
Exposure for a Company
21
Exposure
Liability
Suits from your
customers
Consumer Class Action Suits
Regulatory
Settlements with the FTC,
State AGs, HHS, FINRA,
SEC, etc.
Privacy Regulatory Proceeding inc. Fines
and Consumer Redress Funds
Defense costs
Privacy Event Expenses
Notification Costs
Forensics Legal
and PR
Credit Monitoring
-
2016 and 2017 Predications
-
Question and Answer Period