Why Cyber Security
-
Upload
independent -
Category
Documents
-
view
9 -
download
0
Transcript of Why Cyber Security
1
August 9, 2012
Why Cyber Security?
Shannon Curran Major Account Manager
Caribbean and Latin America
2
What is Cyber Security?
•Body of technologies, processes
and practices designed to protect
networks, computers, programs and data
from attack, damage or unauthorized
access.
•In an interconnected computing
context, the term security implies
cybersecurity.
•Ensuring cybersecurity requires
coordinated efforts throughout an
information system.
Cyber Security (\ˈsī-bər-si-ˌkyu̇r-ə-tē\) (n)
4
The First Cyber Hack
• The Year: 1903
• The Setting: Royal Institution of Great Britain in London
• The Technology: Wireless Telegraph
• The Context:
»First Public demonstration of Wireless Telegraph by Marconi and Fleming
»Marconi would send a Morse code message from 300 miles away to
showcase his secure wireless technology
• The Assumption:
» Secure wireless communications: "I can tune my instruments so that no
other instrument that is not similarly tuned can tap my messages,"
5
The Hacker
• The Hacker: Nevil Maskelyne
• The Hack:
»Sent a message right before Marconi
was scheduled to send his
»“Rats, Rats, …, there was a young
fellow of Italy, who diddled the public
quite prettily, …“
• The Message:
»Mr. Maskelyne demonstrated that the
Wireless Telegraph has serious security
problems
6
The First Cyber Warfare
World War I essentially created the field of "signals intelligence", or the art of
reading an enemy's wireless traffic
• CODES and CODEBREAKERS
»When WWI broke out in 1914, all major combatants were using wireless
»No alternatives for communications between ships and command stations
• ROOM 40
»British group of Codebreakers
»Successfully decrypted more than 15,000
German wireless messages
• CYBER INTELLIGENCE ultimately
determined the outcome of WWI!
11
How Did Breaches Occur?
81% Used Hacking
69% Used Malware
10% Physical Attack
5% Privilege Misuse
Who Did the Attacks?
98% External Agents
4% Internal Agents
58% Activist groups
1% Business Partner
Cyber Security Statistics (General & Directed Attacks)
Source: Verizon DBIR 2012
What Was Common?
79% Opportune Target
96% Easy Attacks
94% Involved Servers
97% Easy to Avoid
12
Top 10 Cyber Security Trends for Banks
1. Mobile devices
2. C-suite targeting
3. Social media & personal cyber
threats
4. Malware
5. Digital espionage
6. Cloud computing
7. Interconnection & propagation
8. Zero-day malware &
organized attacks
9. Insider threats
10. Regulatory scrutiny
April 27th, 2012 : Booze Allen Hamilton Cyber Security Consulting USA
13
Cyber Security and Financial Services
Gordon M. Snow Assistant Director, Cyber Division
FBI - Federal Bureau of Investigation Statement before the House Financial Services Committee
Subcommittee on Financial Institutions Washington, D.C.
14, 2011
•Corporate Account Takeovers
•Spearphishing -> malware -> keylogging ->
• $80M lost in unauthorized transfers
•Third Party Payment Processor Breaches
• 2011 breach of credit card handler exposed
130 million customer records
• Credit card numbers, expiration dates, and
internal bank codes.
• $5M in recovery action costs
•Securities and Market Trading Exploitation
• DDoS and TDoS on NASDAQ in 2011
• Malware on legitimate foreign trading sites
•Mobile Banking Exploitation
• 2011 hackers used Twitter iPhone application
• Delivered “ tweets” infected with Trojan
• Sends banking and credit card info to criminals
• $50M lost
•Insider Access
• 2010 high-profile theft of two trading software
source codes from private enterprise
• Millions of dollars in damages
•Telecommunication Network Disruption
• Concern of trading floors becoming infected
and disrupting high-frequency market trading
Federal Bureau of Investigations, November 27th, 2011
14
Risk/Threat Avoidance
Cyber Security Focus Areas for Banking
NYS Cyber Security Conference/v1, Approved for Public Release [05/2012], [PR2012‐46]
•Security Monitoring
•Network and Asset Security Scanning
•Threat Intelligence
•Risk and Network Security Assessments
•Network Security Engineering and Design
Optimization
•Security Dashboards and Metrics
•Incident Response Management
•Forensic Analysis
•Malware Analysis
•Security Infrastructure Management
Risk/Threat Response
15
Who can help us define specific initiatives?
A little bit about SANS…
•100% dedicated to security
•Audits, reports, research, conferences,
webcasts, courses, guidelines
•Trained over 165,000 security professionals
•Active collaboration from the Department of
Defense, Homeland Security, FBI, Cyber
Security Task Force, etc…
16
So how do we go about protecting ourselves?
SANS-20 Critical Security Controls: Twenty Critical Security Controls for Effective Cyber Defense:
Consensus Audit Guidelines
Critical Control 1: Inventory of Authorized and Unauthorized Devices
Critical Control 2: Inventory of Authorized and Unauthorized Software
Critical Control 3: Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers
Critical Control 4: Continuous Vulnerability Assessment and Remediation
Critical Control 5: Malware Defenses
Critical Control 6: Application Software Security
Critical Control 7: Wireless Device Control
Critical Control 8: Data Recovery Capability
Critical Control 9: Security Skills Assessment and Appropriate Training to Fill Gaps
Critical Control 10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
Critical Control 11: Limitation and Control of Network Ports, Protocols, and Services
Critical Control 12: Controlled Use of Administrative Privileges
Critical Control 13: Boundary Defense
Critical Control 14: Maintenance, Monitoring, and Analysis of Security Audit Logs
Critical Control 15: Controlled Access Based on the Need to Know
Critical Control 16: Account Monitoring and Control
Critical Control 17: Data Loss Prevention
Critical Control 18: Incident Response Capability
Critical Control 19: Secure Network Engineering
Critical Control 20: Penetration Tests and Red Team Exercises
http://www.sans.org/critical-security-controls/
17
We need the point security AND the process…
Antivirus/
Antispyware
Data Loss
Prevention
Antispam WAN
Optimization
Endpoint
Protection/
NAC
Firewall
VPN
IPS
Web
Filtering
App
Control
Vulnerability
Mgmt
Wireless
LAN
IPv6,
Dynamic
Routing
SSL
Inspection
VoIP
1) Consolidation and Optimization of IT and Network Security Mecanisms
2) Establish Process of Monitoring and Active Auditing of all Network Devices
3) Global Threat Communication/Collaboration
19
Cyber Security IS Process
1) Reduce the frequency of incidents by effectively securing
networks, systems and applications.
2) Document guidelines for interactions with other organizations
regarding incidents.
I. predetermine communication guidelines
3) Focus on handling incidents that use the most common
attack vectors.
4) Emphasize the importance of incident detection and
analysis throughout the organization.
I. Focus on automation of process
5) Create written guidelines for prioritizing incidents.
I. Functional (e.g., impact to business functions)
II. Information (e.g., effect on the confidentiality and integrity of data
III. Recoverability (e.g., the time and types of resources that must be spent)
6) Use the lessons learned process to gain value from incidents.
I. Hold a lessons-learned meeting to review the effectiveness of the incident
handling process
20
Cybersecurity IS Collective Global Collaboration
•This is key for implementing
robust security in companies
•Governments use it
•Work to establish the “Room
40” of the 21st century
23
Pitfalls to Avoid
•Maginot Line
»200 mile fortification, created after WWI
»Bypassed by Germany
•Maginot Security Model
»Ineffective
»Costly
»Complex
24
Summary
• Cyber Warfare has existed since the turn
of the XX century – it’s not new.
• The difference is the technology behind it
• The more we connect, the worse it gets
• Complete Cyber Security plans include:
» Infrastructure Protection
» Processes
»Collective Global Collaboration
• Experience is out there – find what’s right
for you and avoid costly, cumbersome
mistakes