1

August 9, 2012

Why Cyber Security?

Shannon Curran Major Account Manager

Caribbean and Latin America

shannon@fortinet.com

2

What is Cyber Security?

•Body of technologies, processes

and practices designed to protect

networks, computers, programs and data

from attack, damage or unauthorized

access.

•In an interconnected computing

context, the term security implies

cybersecurity.

•Ensuring cybersecurity requires

coordinated efforts throughout an

information system.

Cyber Security (\ˈsī-bər-si-ˌkyu̇r-ə-tē\) (n)

3

History of Cyber Security

“First App downloaded from the cloud”

4

The First Cyber Hack

• The Year: 1903

• The Setting: Royal Institution of Great Britain in London

• The Technology: Wireless Telegraph

• The Context:

»First Public demonstration of Wireless Telegraph by Marconi and Fleming

»Marconi would send a Morse code message from 300 miles away to

showcase his secure wireless technology

• The Assumption:

» Secure wireless communications: "I can tune my instruments so that no

other instrument that is not similarly tuned can tap my messages,"

5

The Hacker

• The Hacker: Nevil Maskelyne

• The Hack:

»Sent a message right before Marconi

was scheduled to send his

»“Rats, Rats, …, there was a young

fellow of Italy, who diddled the public

quite prettily, …“

• The Message:

»Mr. Maskelyne demonstrated that the

Wireless Telegraph has serious security

problems

6

The First Cyber Warfare

World War I essentially created the field of "signals intelligence", or the art of

reading an enemy's wireless traffic

• CODES and CODEBREAKERS

»When WWI broke out in 1914, all major combatants were using wireless

»No alternatives for communications between ships and command stations

• ROOM 40

»British group of Codebreakers

»Successfully decrypted more than 15,000

German wireless messages

• CYBER INTELLIGENCE ultimately

determined the outcome of WWI!

7

And We Ask

Ourselves…Why

Cyber Security?

7

8

In 2012, what are we connecting? EVERYTHING!

9

And with everything connected… Cyber Security is KEY

10

An Analysis of Cyber Attacks

NERC Cyber Attack Task Force , 2012

11

How Did Breaches Occur?

81% Used Hacking

69% Used Malware

10% Physical Attack

5% Privilege Misuse

Who Did the Attacks?

98% External Agents

4% Internal Agents

58% Activist groups

1% Business Partner

Cyber Security Statistics (General & Directed Attacks)

Source: Verizon DBIR 2012

What Was Common?

79% Opportune Target

96% Easy Attacks

94% Involved Servers

97% Easy to Avoid

12

Top 10 Cyber Security Trends for Banks

1. Mobile devices

2. C-suite targeting

3. Social media & personal cyber

threats

4. Malware

5. Digital espionage

6. Cloud computing

7. Interconnection & propagation

8. Zero-day malware &

organized attacks

9. Insider threats

10. Regulatory scrutiny

April 27th, 2012 : Booze Allen Hamilton Cyber Security Consulting USA

13

Cyber Security and Financial Services

Gordon M. Snow Assistant Director, Cyber Division

FBI - Federal Bureau of Investigation Statement before the House Financial Services Committee

Subcommittee on Financial Institutions Washington, D.C.

14, 2011

•Corporate Account Takeovers

•Spearphishing -> malware -> keylogging ->

• $80M lost in unauthorized transfers

•Third Party Payment Processor Breaches

• 2011 breach of credit card handler exposed

130 million customer records

• Credit card numbers, expiration dates, and

internal bank codes.

• $5M in recovery action costs

•Securities and Market Trading Exploitation

• DDoS and TDoS on NASDAQ in 2011

• Malware on legitimate foreign trading sites

•Mobile Banking Exploitation

• 2011 hackers used Twitter iPhone application

• Delivered “ tweets” infected with Trojan

• Sends banking and credit card info to criminals

• $50M lost

•Insider Access

• 2010 high-profile theft of two trading software

source codes from private enterprise

• Millions of dollars in damages

•Telecommunication Network Disruption

• Concern of trading floors becoming infected

and disrupting high-frequency market trading

Federal Bureau of Investigations, November 27th, 2011

14

Risk/Threat Avoidance

Cyber Security Focus Areas for Banking

NYS Cyber Security Conference/v1, Approved for Public Release [05/2012], [PR2012‐46]

•Security Monitoring

•Network and Asset Security Scanning

•Threat Intelligence

•Risk and Network Security Assessments

•Network Security Engineering and Design

Optimization

•Security Dashboards and Metrics

•Incident Response Management

•Forensic Analysis

•Malware Analysis

•Security Infrastructure Management

Risk/Threat Response

15

Who can help us define specific initiatives?

A little bit about SANS…

•100% dedicated to security

•Audits, reports, research, conferences,

webcasts, courses, guidelines

•Trained over 165,000 security professionals

•Active collaboration from the Department of

Defense, Homeland Security, FBI, Cyber

Security Task Force, etc…

16

So how do we go about protecting ourselves?

SANS-20 Critical Security Controls: Twenty Critical Security Controls for Effective Cyber Defense:

Consensus Audit Guidelines

Critical Control 1: Inventory of Authorized and Unauthorized Devices

Critical Control 2: Inventory of Authorized and Unauthorized Software

Critical Control 3: Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers

Critical Control 4: Continuous Vulnerability Assessment and Remediation

Critical Control 5: Malware Defenses

Critical Control 6: Application Software Security

Critical Control 7: Wireless Device Control

Critical Control 8: Data Recovery Capability

Critical Control 9: Security Skills Assessment and Appropriate Training to Fill Gaps

Critical Control 10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches

Critical Control 11: Limitation and Control of Network Ports, Protocols, and Services

Critical Control 12: Controlled Use of Administrative Privileges

Critical Control 13: Boundary Defense

Critical Control 14: Maintenance, Monitoring, and Analysis of Security Audit Logs

Critical Control 15: Controlled Access Based on the Need to Know

Critical Control 16: Account Monitoring and Control

Critical Control 17: Data Loss Prevention

Critical Control 18: Incident Response Capability

Critical Control 19: Secure Network Engineering

Critical Control 20: Penetration Tests and Red Team Exercises

http://www.sans.org/critical-security-controls/

17

We need the point security AND the process…

Antivirus/

Antispyware

Data Loss

Prevention

Antispam WAN

Optimization

Endpoint

Protection/

NAC

Firewall

VPN

IPS

Web

Filtering

App

Control

Vulnerability

Mgmt

Wireless

LAN

IPv6,

Dynamic

Routing

SSL

Inspection

VoIP

1) Consolidation and Optimization of IT and Network Security Mecanisms

2) Establish Process of Monitoring and Active Auditing of all Network Devices

3) Global Threat Communication/Collaboration

18

Cyber Security IS Infrastructure Protection

19

Cyber Security IS Process

1) Reduce the frequency of incidents by effectively securing

networks, systems and applications.

2) Document guidelines for interactions with other organizations

regarding incidents.

I. predetermine communication guidelines

3) Focus on handling incidents that use the most common

attack vectors.

4) Emphasize the importance of incident detection and

analysis throughout the organization.

I. Focus on automation of process

5) Create written guidelines for prioritizing incidents.

I. Functional (e.g., impact to business functions)

II. Information (e.g., effect on the confidentiality and integrity of data

III. Recoverability (e.g., the time and types of resources that must be spent)

6) Use the lessons learned process to gain value from incidents.

I. Hold a lessons-learned meeting to review the effectiveness of the incident

handling process

20

Cybersecurity IS Collective Global Collaboration

•This is key for implementing

robust security in companies

•Governments use it

•Work to establish the “Room

40” of the 21st century

21

Cyber Security IS FortiGuard

22

FortiGuard, an awesome White Hat resource!

23

Pitfalls to Avoid

•Maginot Line

»200 mile fortification, created after WWI

»Bypassed by Germany

•Maginot Security Model

»Ineffective

»Costly

»Complex

24

Summary

• Cyber Warfare has existed since the turn

of the XX century – it’s not new.

• The difference is the technology behind it

• The more we connect, the worse it gets

• Complete Cyber Security plans include:

» Infrastructure Protection

» Processes

»Collective Global Collaboration

• Experience is out there – find what’s right

for you and avoid costly, cumbersome

mistakes

25

Call to Action

Thank you!!!