Esentire 2015 IAIC

Cybersecurity: Threats, Response

and Best Practices

Independent Accountants’ Investment

Counsel, Inc.

8 December 2015 Copyright 2015 eSentire, Inc. 1

Leader in threat protection servicesBY THE NUMBERS


2001FOUNDED

500+

CUSTOMERS

99.6%RETENTION RATING

100%YOY GROWTH

$2.5TASSETS PROTECTEDTHREAT

ACTIVE

PROTECTION

Just how much is two trillion?


DISTANCE to the MOON

One Euro coins placed

end-to-end

121 ONE-WAY TRIPS

60.5 ROUND TRIPS

PINTS of GUINNESS

13,500 Staff & Students at CIT

each drink 1 pint every hour

6,172,840 DAYS

16,912 YEARS

US ECONOMY

Hedge Funds: 5% US GDP

We protect 30% of Hedge Funds

OR 1.5-1.75% of US GDP

Serving mid-market industry most

vulnerable to cyber attacks


HIGH

ASSET

VALUE

HIGH

SENSITIVITY

to RISK

MIN.

IN-HOUSERESOURCES


You Will Be HACKED

2014: The year the Internet broke


eBAY

145M

SONY

47,000

HOME DEPOT

109M

TARGET

110M

J.P. MORGAN

83M

HEARTBLEED

SHELLSHOCK

NATION

STATES

ANONYMOUS

SANDWORM

CYBER CRIME IS BIG BUSINESS

$70BILLION DOLLARS

spent on cybersecurity in 2014

$375-575BILLION DOLLARS

in estimated losses in 2014

MOTIVATING FACTORS

Easy Access to

Cyber Weaponry

No Negative

Repercussions

Motivation

is High

Minimal Cyber

Skills Required

THREAT ACTORS

HACTIVIST NATION STATE ACTOR

SMASH+GRAB CRIMINAL INSIDER ORGANIZED CRIME


ANATOMY OF A CYBER ATTACK

INFILTRATEEstablish Beach Head

EXPANDLocate Core Assets

Multiple Exploitations

$ ID IP

EXPLOITSteal and Sell Assets

$

ID

IP

SOPHISTICATED CYBER ATTACKSlike phishing and watering hole attacks are

dominating the landscape.


PHISHING/SPEARPHISHING


Successfully Identified

NONE of the Fake Emails


HALF of the Fake Emails


ALL of the Fake Emails

10% 42% 1%

NOT ALL ATTACKS TARGET TECHNOLOGY

99% Of readers were susceptible

to a phishing campaign

8 December 2015 Copyright © eSentire, Inc. | Confidential 14

Social engineering is a term that

describes a non-technical kind of intrusion

that relies heavily on human interaction and

often involves tricking other people to break

normal security procedures.


RANSOMWARE CRYPTOLOCKER

$1.0Min 6 months

113%

Increase

9.0MAttacks

1000Attacks/Day

FINSEC targeted by attacks


Credential harvesting


$1.9MStolen in

24 HO

UR

S

Legacy security paradigms add new

layers in response to each new threat


PII

Data

Brand

Reputation

Secret designs

Patents/IP

Access to

Critical Systems

Trading

Strategies

Wire Transfer

Credentials

USER PASSWORDS

TWO-FACTOR AUTHENTICATION

MALWARE DETECTION

FIREWALLS

INTRUSION PREVENTION

VPN / SSL / PKI

VIRTUALIZATION

Yet criminals get in and breaches still

happen and the criminals steal our data


ASSETSSmash-Grab

Criminal

Criminal

Cartels Hacktivists

Nation

States

Terrorists

Insiders


TECHNOLOGY IS NOT ENOUGH.

LESS

THAN 40% Of attacks we see are malware based.

So where are the rest of the threats coming from?

Increase in

Spearphising Attacks

Increase in

Drive-By Download Attack

Increase in

Brute Force Attacks

100% 10% 20%

Legacy security is no match for

targeted attacks


Smash-n-GrabIndiscriminate

Targeted HeistAdvanced | Persistent | Organized | Motivated

Threats are evolving from nuisance to targeted attacks

TRADITIONAL SECURITYCompliance-based | Reactionary

NEW APPROACHIntelligence-driven | Continuous

PHILOSOPHY Perimeter (multiple, dislocated) Assume constant compromise

FOCUS Protect all systems Prioritize high-risk assets

DETECTION Signature-based technology Behavioral-based technology & methods

AWARENESS Headline news Consume real-time threat feeds

RESPONSE Shut down/wipe compromised systems Quarantine, gather and preserve forensics

TECHNOLOGY

Advanced IPS Technology

Custom SOC MGMT Systems

Full Packet Capture Forensics

PEOPLE

Grey Matter Analytics

Skilled Security Analysts

Crack Threat Research Team

PROCESS

Continuous Threat Research

SOC Incident Response

Certification and Education

Continuous Advanced Threat Protection



OUR QUICK DETECTION AND CONTAINMENT MITIGATES

THREATS IMMEDIATE

VS. TO ENSURE THAT YOU

WONT FACE A

CHERNOBYL-SIZED

SECURITY

BREACH

SOC trending data (+500)


SOC funnel


RAW142,012,187

FILTERED10,424,904

AGGREGATED1,072,897

ESCALATED3223

ALERTS115,699

AUTOMATED

DETECTION &

CONTAINMENT

HUMAN

INVESTIGATION &

CONTAINMENT

35SEC

Valley of

Despair

Regulators are worried


We know accounts are getting hacked and the broker dealers

are making the customer whole just to protect their names,

what my bosses are worried about is what happens when

they can’t or choose not to write that check – does the

government have to intervene?

Mike Ruffino, COO, FINRA

The government doesn’t want to get drawn in a position to

prop up the market like it did with the housing crisis. It is our

belief our clients can do considerably more to manage these

risks. We are in the learning phase now.

Jane Jarcho, SEC

February 3 2015: SEC and FINRA Reports Released

I. Risk Governance and Oversight

II. Risk Assessments

III. Cybersecurity Technical Controls

IV. Incident Response – Management and Resilience

V. External Dependency Management/Vendor Due Diligence

VI. Employee Training

VII. Threat Intelligence and Information Sharing

8 December 2015Follow Us @eSentire

Copyright © eSentire 2015Slide 27

Pragmatic Cybersecurity To-Do List

for 2015

» Document security defense mechanisms (I, II, III, V, VII)

» Document defense strategies should an incident occur (IV)

» Implement Employee Education Efforts (VI)

» Participate in Peer Groups (VII)

» Become familiar with industry “best practices” (VII)

» Investigate Gartner’s Adaptive Security Architecture (III, VI)

Follow Us @eSentire

Copyright © eSentire 2015Slide 28

Cybersecurity Must-haves


CONTINUOUS

MONITORING24x7 Network/Data Security

Threat Management NOT

Device Management

INCIDENT RESPONSEPrepare for the Inevitable

Have a Plan

Perform Regular Fire drills

Based on Your Plan

PERIODIC REVIEWPerform Regular Vulnerability

AssessmentsTest Physical Security Systems

SECURITY TECHRegular Patch

and Firmware UpdatesMonitor Security Nodes

NETWORKEnforce Passwords and Least

Privilege

Regular Back-ups and

Log Network Access

PEOPLEThink before you click!

(Healthy skepticism)

Cyber Security Training

Acceptable Use Policy



CONTINUOUS



Device Management


Have a Plan


Based on Your Plan






Privilege


Log Network Access







CONTINUOUS



Device Management


Have a Plan


Based on Your Plan






Privilege


Log Network Access







CONTINUOUS



Device Management


Have a Plan


Based on Your Plan






Privilege


Log Network Access







CONTINUOUS



Device Management


Have a Plan


Based on Your Plan






Privilege


Log Network Access







CONTINUOUS



Device Management


Have a Plan


Based on Your Plan






Privilege


Log Network Access





Must reads on cybersecurity


Must reads on cybersecurity


SEC

CYBERSECURITY

EXAMINATIONS

____

FINRA

CYBERSECURITY

REPORT

NIST

CYBERSECURITY

FRAMEWORK

Thank you

eSentire Active Threat Protection

8 December 2015Copyright 2015 eSentire, Inc. 37

+1 866 579 2200

[email protected]

www.esentire.com

@eSentire

Business

Esentire 2015 IAIC