Lessons from Beyond Tolling: Securing and Managing DataLessons from Beyond Tolling: Securing and...
Transcript of Lessons from Beyond Tolling: Securing and Managing DataLessons from Beyond Tolling: Securing and...
Lessons from Beyond Tolling: Securing and Managing Data
Fred Philipson, Cognizant Technology SolutionsJuly 2017
Who can’t be hacked?
Where is the law enforcement?
Who are these attackers?
Why are they so successful?
What can we learn from others and apply to our organizations?
3
Attacks and Motives Over TimeTime Period Typical Attackers Goals /
MotivationsExamples
Mid 1980’s to early 2000’s Mostly individuals or small teams
Disruption, Hacktivism Worms (Morris, Nimba, Code Red, SQL Slammer)
Early to mid 2000’s Organized groups of cybercriminals
Theft, Fraud - Money is the motivation
Phishing, Identity Theft, Data Theft, Click Fraud, Pharming
Mid 2000’s to 2013 Nation-states Steal intellectual property, identify dissidents, disruptnuclear arms development
Watering Holes
2013 and afterward Cybercriminals and Nation-states and individuals
Mass identity theft and credit card theft
Target, Home Depot, Anthem, JPMChase
2015 Security researchers Safety Jeep / Chrysler
everything is becoming networkable.
Reduce risk and be ready. Balance this. Like a Ninja.
12
Root Causes of Breaches & ConclusionsBreaches Root causes
Target (2014), OPM (2013-2015), Experian (2015) Third-party suppliers (which in turn had a root cause from below)
Target (2014), JPMChase (2014) Spear Phishing
Aurora (2009), Watering Hole (2013), Target (2014), Experian (2015)
Malware / Drive-by-downloads (browser or plug-in vulnerabilities, point-of-sale malware)
JPMChase (2014), OPM (2013-2015) Lack of authentication or two-factor authentication
Anthem (2015), Target (2015), Experian (2015) Stolen credentials
• Most attacks are perpetrated using known vulnerabilities• Compliance does not guarantee security; most compromised organizations were compliant and passed
their audits• About half of the breaches are caused by malicious intent and the other half via human error• “Data stewardship” needs to be every employee’s responsibility. Security is not just the responsibility of
the information security team. At best, the information security team members are the shepherds, guides, and “force multipliers” for security initiatives
13
Lessons from Beyond Tolling
Watch the third parties: Even if you’ve vetted your organization’s information security set up, when you connect to a third party, they must be at the same standard – if they get hacked, you can get hacked
Educate your users to reduce the risk of Spear Phishing and Malware attacks
Add two-factor authentication: Something you know and something you have, e.g. know a password and have a phone or fingerprint
Employ effective restrictions of user rights; rights to install software, install data loss prevention software, mine email, sms, other communications
Maintain Best Practice Security Policies: Maintain up-to-date antivirus, apply patches for OS and apps immediately after testing, pen test and remediation
Mitigate ransomware incidents via backups, anti-virus software, promptly applying security patches, avoiding malicious links. https://www.nomoreransom.org/ for more
Tokenize. When tokens replace live data in systems, it minimizes exposure of sensitive data, reducing risk of compromise or accidental exposure and unauthorized access to sensitive data
Create an Incident Management Planand practice
ProcessPeople Technology
Fred Philipson @ [email protected] or 512.751.8411