Upload
turner-and-associates-inc
View
438
Download
0
Embed Size (px)
Citation preview
1IT advisory
Cyber Security – Why I Should (or Shouldn’t) be Worried
Rodney MurrayDouglas Jambor
2IT advisory
Agenda
Brief Look at Current Data Breach Trends
Security Incidents – What are we seeing?
Common Scenarios
Benefits of a Security Assessment
3IT advisory
Firm Overview
4IT advisory
Data Breach Trends
5IT advisory
Recent Statistics
2009 2010 2011 2012 2013 20140
200
400
600
800
1000
1200
1400
1600
1800
728 8291099
16621531
1264
Source: http://datalossdb.org/statistics
6IT advisory
Recent Statistics
Financial
Govt. & Public Sector
Education
Retail
Healthcare
6%
8%
10%
11%
37%
Top 5 Sectors Breached by Number of Incidents
Source: 2015 Symantec Internet Threat Report
7IT advisory
Recent Statistics
Industrial
Retail
Communications
Financial
Pharmaceuticals
Education
Health
$155
$165
$179
$215
$220
$300
$363
Breach Cost Per Capita 2014
Source: Ponemon Institute 2015 Cost of Data Breach Study
8IT advisory
Recent Statistics
Average Time to Identify a Breach206 days
Source: 2015 Verizon Data Breach Report
Ransomware
113%
9IT advisory
Recent Statistics
Breach Root Causes 2015
Malicious or Criminal AttackSystem GlitchHuman Error
Source: Ponemon Institute 2015 Cost of Data Breach Study
47%
25%
29%
10IT advisory
Recent Statistics
Source: Hackmageddon.com
Cyber Espionage11%
Hack-tivisim
22%
Cyber Crime67%
11IT advisory
Recent Statistics
Source: Health and Human Services
Improper Disposal5%
Hacking/IT Incident7%
Loss14%
Theft51%
Unknown 3%
Unauthorized Access20%
Types of Breaches 500+
12IT advisory
Recent Statistics
Source: http://datalossdb.org/statistics
13IT advisory
Recent Statistics
Source: http://datalossdb.org/statistics
14IT advisory
Recent Statistics
Source: http://datalossdb.org/statistics
15IT advisory
Recent Known Breaches
Target MichaelsNeiman Marcus AOLExperianPF Chang’sHumana – AtlantaJP Morgan ChaseHome Depot Jimmy John’sAnthem Federal Gov’t
SC Department of RevenueNC Department of Transportation
16IT advisory
Additional Breach Examples
www.privacyrights.org
Insurance Vendor inadvertent file access UnknownCapital Management Undetected hack accessed databases 800Insurance Forms sent to DOL posted to public site UnknownCredit Union File published on website 39,000Investment Management
COBRA database accessed Unknown
NASDAQ Malware installed between 11/08 & 10/10
Unknown
Bank Malware on employees computer 115,775Bank Data not redacted for court records 146,000Bank Backup tapes missing during transport Unknown
17IT advisory
Data Mobility
2 of 5 employees download work files to personal devices
2 of 5 employees plan to use old company data in new jobs
56% of employees do not believe it is a crime to use a competitor’s trade secrets
68% say their company does not take steps to deter data leakage
- Symantec study
18IT advisory
Increasing Compliance Demands
Financial Institutions / Public CompaniesGramm-Leach-BlileyPCI – Credit and debit card dataHIPAA – healthcare / patient dataFISMA - Federal Government ContractorsLarge / public customer requirementsService Organization Controls ReportingIndividual state requirements
19IT advisory
What can I do?
Question – If someone was trying to breach your systems today …
WHO WOULD BE THE FIRST TO NOTICE IT?
Determined by People, Process, Technology in place
Reducing risk will require investment … Skillsets / resources Software / hardware solutions Third party relationships for monitoring
20IT advisory
Unanticipated Costs
Investigation Costs
Regulatory / Industry Fines or Penalties
Remediation / Infrastructure Change Costs
Brand Damage
21IT advisory
Security IncidentsWhat are we seeing?
22IT advisory
76% of network intrusions exploited weak or stolen credentials
40% incorporated malware 35% involved physical attacks 29% leveraged social tactics 13% resulted from privilege misuse and
abuse- Symantec study
Cybercrime Lifecycle
23IT advisory
Greed
Cybercrime Lifecycle
24IT advisory
Victim Identification Sea of opportunity = 1 out of every 7 people
have data worth targeting 1 Billion targets worldwide
Infiltration Using the low hanging fruit exploit methods Not burning Zero-days exploits
Cybercrime Lifecycle
25IT advisory
Propagation In the past, we saw hackers grabbing the databases
or flat files and leaving Now, we see hackers latching on data sources and
persisting
Aggregation Exploit a server or workstation in a Business’ internal
network This device become an aggregation point for data
collection
Cybercrime Lifecycle
26IT advisory
Data Exfiltration Using advance techniques to exfiltrate data
Encryption
Buyer Identification Web forums
Sometimes up 10,000 users
Liquidate the data and collect the cash
Cybercrime Lifecycle
27IT advisory
Recycling The organization reinvests their $$$
Recycle tools and techniques learned
Re-implement these tools, techniques and lessons learned against the next victim
Cybercrime Lifecycle
28IT advisory
Data Exfiltration Complete
29IT advisory
Hackers View of Your Network
30IT advisory
Hackers View of Your Network
31IT advisory
Hackers View of Your Network
32IT advisory
Hackers View of Your Network
33IT advisory
Hackers View of Your Network
34IT advisory
Hackers View of Your Network
35IT advisory
Hackers View of Your Network
36IT advisory
Hackers View of Your Network
37IT advisory
Hackers View of Your Network
38IT advisory
Game, Set, Match
39IT advisory
Common Scenarios
40IT advisory
Common Scenario
Sluggish Internet Strange messages / prompts Minor file / folder changes and additions User / system ID changes and additions Notification from employees’ banks of
suspicious Web logon attempts
41IT advisory
Common Scenario
Multiple file transfer / receipt methods
Weak remote access controls
Limited / part-time internal IT resources
No proactive monitoring – relying on standard Malware/AV products
42IT advisory
Common Scenario
Use of small third party company for IT support – NO SECURITY FOCUS!
Outdated software patches / virus signatures
Low level of employee / customer awareness
43IT advisory
Common Scenario
Visitors / non-employees not challenged when onsite
Data on printers?
Workstations?
Other common vulnerabilities?
44IT advisory
Common Results
Nuisance viruses
Key logger on individual machines
Botnet sending data outside of the network
Malware
Ransomware
45IT advisory
Benefits of a Security Assessment
46IT advisory
Information Protection Life Cycle
47IT advisory
Data Security and Privacy
48IT advisory
Questions