Scribd Logo
Upload

Welcome to Scribd!

  • WI DGS 15 Presentation - Cyber Security - Social Engineering and Hacktivism - Reader

    Uploaded by

    e.Republic
    43 views22 pages
    WI DGS 15 Presentation - Cyber Security - Social Engineering and Hacktivism By Kirsten Reader

    Original Title

    WI DGS 15 Presentation - Cyber Security - Social Engineering and Hacktivism- Reader

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    WI DGS 15 Presentation - Cyber Security - Social Engineering and Hacktivism By Kirsten Reader

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    43 views22 pages

    WI DGS 15 Presentation - Cyber Security - Social Engineering and Hacktivism - Reader

    Uploaded by

    e.Republic
    WI DGS 15 Presentation - Cyber Security - Social Engineering and Hacktivism By Kirsten Reader

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 22

    How are Cybercriminals Threatening Security?

    Robert Myles, CISSP, CISM


    National Practice Manager, S&L Government

    Robert Myles, CISSP, CISM


    USCG Retired
    Recovering CISO with 15 years in Health Care, Academia & Financial services
    Public Safety Practice Manager, National responsibility for Federal, State, Local
    Government
    25 Years in Information Security
    28 years in Health Care
    35 years in IT
    CISSP (2001), CISM (2004)
    IACP, APCO, AAMVA, NFCA, NCJA, NASCIO, IJIS, MS-ISAC CyberSecurity Taskforce

    Social Media

    Changing Landscape and Market Trends

    Internet of Things

    Mobility

    Digital & Social Life

    Computing Ecosystems
    4

    1.2ZB
    7.9ZB

    THE WORLDS DATA IN 2010

    THE WORLDS DATA BY 2015

    THE WORLDS DATA BY 2020

    61.8%

    40ZB
    UNSTRUCTURED DATA
    GROWTH RATE TO 2014

    1. IDC, Digital Universe study, December 2012


    2. IDC, Worldwide Disk-Based Data Protection and Recovery 2012-2016 Forecast, December 2012

    Where is your Data?

    http://thedatamap.org/

    Threat Landscape
    A fundamental shift

    Old Motivation

    Hacking
    Cyber Crime
    Cyber Espionage
    Cyber Warfare
    7

    CYBERCRIME TO CYBERWAR

    In 2010 Computer Worm Attacks Irans


    Nuclear Facilities

    In March 2012, Chinese hackers reportedly


    gained access to designs of more than two
    dozen major U.S. weapons systems and stole
    data from 100 companies

    FBI reports that hackers linked to


    Anonymous have secretly accessed US
    government computers and stolen sensitive
    information in a campaign that began almost
    a year ago

    Specialization of Skill In The Attack Chain


    Reconnaissance: Know your Targets
    Incursion: Gain Access
    Discovery: Create a Map to the Asset
    Capture: Take Control of the Asset
    Exfiltration: Steal or Destroy Asset

    The statistics arent surprising

    60%
    77%

    OF ORGANIZATIONS HAVE >25 INCIDENTS EACH MONTH

    HAVE ROGUE CLOUD DEPLOYMENTS

    6X

    INCREASE IN MOBILE MALWARE LAST YEAR

    243

    AVERAGE # OF DAYS TO DISCOVER A BREACH

    10

    INTERNET OF THINGS

    IoT: Architecture of Risk

    RISK

    RISK

    RISK
    23.56 KM

    123
    BPM

    RISK

    15.8

    RISK

    Whether you consider smartphones part of IoT or not, they are part of the
    architecture of risks, with apps often being the user interface to IoT

    INTERNET SECURITY THREAT REPORT 2015, VOLUME 20

    12

    Security and Public Safety Apps : Example

    NO PRIVACY
    POLICY

    52%

    PII/LOGIN
    CLEAR TEXT

    20%*

    How many other apps and websites is the same password used
    on?
    INTERNET SECURITY THREAT REPORT 2015, VOLUME 20

    *Services that required a login

    13

    How is Public Safety App Data Shared?


    MAX DOMAINS
    CONTACTED

    APP ANALYTICS
    AD NETWORKS

    14

    APP PROVIDER
    OS PROVIDER
    SOCIAL MEDIA
    APP FRAMEWORKS

    AVG DOMAINS
    CONTACTED

    CRM/MARKETING
    UTILITY API

    Each of these vendors could share your data


    again

    INTERNET SECURITY THREAT REPORT 2015, VOLUME 20

    14

    Internet of Things and Privacy

    1 in 4
    68%

    end users admit to not know what access they gave away
    when agreeing to terms of the app

    were willing to trade privacy for a free app

    INTERNET SECURITY THREAT REPORT 2015, VOLUME 20

    Source: 2014 Norton Global Survey

    15

    Password Attacks are Piling Up

    October 6th, 2014

    16

    The statistics arent surprising

    60%
    77%

    OF ORGANIZATIONS HAVE >25 INCIDENTS EACH MONTH

    HAVE ROGUE CLOUD DEPLOYMENTS

    6X

    INCREASE IN MOBILE MALWARE LAST YEAR

    243

    AVERAGE # OF DAYS TO DISCOVER A BREACH

    17

    Incident Response
    Media Protection
    Information Exchange
    Agreements
    Information Integrity
    Auditing &
    Accountability

    The strategies of the past will not


    Identification &
    Authentication
    support the infrastructure
    of today
    and for theConfiguration
    future
    Security Awareness
    Training

    Management

    HIPAA Privacy
    FERPA
    Access Control
    HIPAA Security
    GLBA
    PCI FISMA
    ARRA/HITECH
    Formal Audits
    SOX
    FACTA CJIS IRS 1075
    HIPAA Omnibus Rule
    Physical Security
    Mobile Devices

    Copyright 2014 Symantec Corporation

    Personnel Security
    18

    Best Practices Implement UNIFIED SECURITY


    Dont get caught flatfooted

    Use advanced threat intelligence solutions to help you find indicators of compromise and
    respond faster to incidents.

    Employ a strong
    security posture

    Implement multi-layered endpoint security, network security, encryption, strong authentication


    and reputation-based technologies. Partner with a managed security service provider to extend
    your IT team.

    Prepare for the worst

    Incident management ensures your security framework is optimized, measureable and


    repeatable, and that lessons learned improve your security posture. Consider adding a retainer
    with a third-party expert to help manage crises.

    Provide ongoing
    education and training

    Establish guidelines and company policies and procedures for protecting sensitive data on
    personal and corporate devices. Regularly assess internal investigation teamsand run practice
    drillsto ensure you have the skills necessary to effectively combat cyber threats.

    INTERNET SECURITY THREAT REPORT 2015, VOLUME 20

    19

    If it's Connected,
    it's Vulnerable
    Know the risks.

    Stay Informed

    symantec.com/threatreport

    Security Response Website

    Twitter.com/threatintel

    21

    Thank You
    Robert Myles, CISSP, CISM
    National Practice Manager, State & Local Government
    @RobertMyles

    Robert_Myles@Symantec.com

    http://www.linkedin.com/in/robertmyles/

    You might also like