Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Its not ITs problem


Published on

  • Be the first to comment

  • Be the first to like this

Its not ITs problem

  1. 1. It’s not ITs problem Shiva Bissessar, BSc (Hons), MBA, MSc Managing & Technical Director Pinaka Technology Solutions +868 678 5078 21st Jan 2015
  2. 2. Assisting Organizations With Their Strategic ICT & Information Security Needs
  3. 3. • Continue work on examining opportunity and risks of Digital Currency in Caribbean • Partnering with vendors to provide:  Software Development / Code QA (efficiency, security)  Appliances for Network Forensics What’s Pinaka doing in 2015?
  4. 4. Agenda • Case Study • Incident • Analysis • Solution • InfoSec Workshops (i) Governance (ii) Awareness
  5. 5. “The Most Devastating Corporate Cyber Attack Ever!”
  6. 6. INCIDENT
  7. 7. Breach: Confidentiality & Availability Compromised • Guardian of Peace screens • Data erased (entire servers + computing services) • Data taken (10s - 100s TB over 1 year* ) including: o Employee’s Personal Data SSN, ID, Passport, credit card & bank info, usernames, passwords, health info o Intellectual Property o Screeners, forthcoming films, scripts o Corporate data including E-mails (100,000s docs) • Data released to public • Threats of worse things to come (ransom) *Purported GOP member
  8. 8. As The Story Develops… • Scrambling to continue daily operations o Phones, e-mail, computer services down o Improvise with cellphones, Gmail and notepads o Cut paychecks manually o Resort to old BB phones • Shutdown everything; re –architect; secure • Reputation loss o Employees felt vulnerable which leads to lawsuits • Significant changes to film release strategy • Threats of lawsuits to media outlets redistributing data • Attribution
  9. 9. ANALYSIS
  10. 10. New York Times, 18th Jan’15 • NSA saw “spear phishing” attacks on Sony in early September. • In retrospect investigators determined that the North had stolen the “credentials” of a Sony systems administrator • This allowed the hackers to roam freely inside Sony’s systems.
  11. 11. “Why Sony Didn't Learn From Its 2011 Hack”, 24th Dec’14 • The company has long had a reputation for operating in silos. SPE was most isolated • “…their CIO should have implemented corporate-wide protection measures and beefed up info-sec training for employees that would be standardized across the organization,”
  12. 12. SOLUTION
  13. 13. Information Security Workshops Strategic Information Security Governance End User Information Security Awareness ORGANIZATION Understanding importance of Organizational Info Sec Governance Strategy in the context of proposed cybercrime bill and global threat outlook Sensitization of end users of Information Security threats with emphasis on Social Engineering PASTCLIENTS
  14. 14. PART I – Information Security Governance • Importance of Information Security • Local & Regional Threats • Types of Attackers & Motivations • Consequences of Attacks • Why Info Sec Governance Required • “Due Diligence” • Securing People & Process • Risk Management • Info Sec Policies • Audit & Info Sec Mgmt. • Org Structure & Behaviours • “Illegal Devices” &“Remote Forensic Tools” PART II – Global, Regional & Local Picture • Threats & Vulnerabilities • Phishing, Spoofing, Vishing, Water Holing, Ransomware, Skimming • Reports & Stats • Local & Regional National Cyber Security Efforts • TARGET 2013 Breach Analysis • Controls Strategic Information Security Governance Target Audience • IT Executive/Senior Management • IT Management & Professionals • Risk Management • Internal Audit • HR Professionals • Legal Officers
  15. 15. PART I – Information Security 101 • Importance of Information Security • Local & Regional Context • Why Are There Growing Threats • Types of Attackers & Motivations • Consequences of Attacks • Web Security Essentials • Threat & Vulnerabilities PART II - Social Engineering • Users’ Security Appetite • Attack Scenario Analysis • Phishing, Spoofing, Vishing, Water Holing, Ransomware, Skimming • Resources End User Information Security Awareness Target Audience • Executives • Executive Secretaries • Finance & Legal staff • Asset Management group • Any personnel who handle: • Sensitive information • Large financial transactions • Customer account verification
  16. 16. • Location: Clients’ facilities • Duration: 3-4 hours (per workshop) • Participant: 10-12 persons (per workshop) • Cost: Please get in contact for details • ‘Train the Trainer’ certified deliveries with use of appropriate training aides and method to reinforce learning during these sessions. • Flip chart/whiteboard, handouts, videos and questions are used in both workshops • Customizable options available upon request e.g based on client industry, number of participants etc. Workshop Details
  17. 17. Don’t wait for an incident to occur, get in contact now… Shiva Bissessar, BSc (Hons), MBA, MSc Managing & Technical Director Shiva Bissessar, BSc (Hons), MBA, MSc Managing & Technical Director Pinaka Technology Solutions +868 678 5078