Successfully reported this slideshow.

The Post Covid-19 Cybersecurity World - Where Is It Headed?

0

Share

Loading in …3
×
1 of 11
1 of 11

More Related Content

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

The Post Covid-19 Cybersecurity World - Where Is It Headed?

  1. 1. 1 © UNIPHORE 2021 uniphore.com The Post Covid-19 Cybersecurity World: Where Is It Headed? bdNOG13 June 12, 2021 Merike Kaeo, CISO (merike.kaeo@uniphore.com)
  2. 2. 2 © UNIPHORE 2021 uniphore.com DAILY BREACHES AND RANSOMWARE ATTACKS – THE VIRTUAL PANDEMIC
  3. 3. 3 © UNIPHORE 2021 uniphore.com WHY ARE THINGS SO BROKEN? Scale • Billions of new devices • Large amounts of bandwidth Criminal Sophistication • Network architecture clue • Prevalent use of tunneling • More use of encryption • Social media ‘weaponization’ Automation • Outsourced infrastructures • Persistent continuous attacks on targets
  4. 4. 4 © UNIPHORE 2021 uniphore.com THE REALITIES OF WORKING FROM HOME • Increased Stress • Less Privacy • Multiple Demands • Shared Devices • Shared Network • No Physical Security
  5. 5. 5 © UNIPHORE 2021 uniphore.com COVID-19 EXACERBATED ONLINE CRIME • Increased Threat Vectors • Home networks • VPN (lack of) • Routing/DNS • Emails • Unresolved Technical Debt • RPKI • DNSSEC • Digital Certificate Management • Ineffective Monitoring
  6. 6. 6 © UNIPHORE 2021 uniphore.com STEALING CREDENTIALS IS TOO EASY Being a victim of a phishing attack Laptop gets stolen Sharing your password with another person Re-using same password on many systems Spyware on your computer installed a keylogger Storing your private key in an easily accessed file Sending credentials in cleartext emails Unpatched security vulnerabilities are exploited HUMAN TECH
  7. 7. 7 © UNIPHORE 2021 uniphore.com WE HAVE BLIND TRUST ISSUES • Protocol Standards • Implementation Guidelines • Device Certifications • Compliance Mandates • Documented Policies But…There’s The Human Factor You can do everything right and still screw up Question the status quo
  8. 8. 8 © UNIPHORE 2021 uniphore.com INCIDENT RESPONSE NEEDS IMPROVEMENT Everyone Gets Vilified • Why not detected sooner • Why not fixed quicker • Why notifications delayed Issues To Be Resolved • Breach notification laws • Lack of transparency • Escalation chain • Cross sector sharing (DNS, ISP) • Media hype with incomplete information
  9. 9. 9 © UNIPHORE 2021 uniphore.com THE BASIC DETAILS NEED ATTENTION Incident Response / Crisis Plan • Routing and DNS Compromise Vulnerability Disclosure/Patch Plan Fundamental Security Controls • User Authentication/Authorization • Device Authentication/Authorization • Access Control (Packet/Route Filtering) • Data Integrity • Data Confidentiality • Auditing / Logging • DoS Mitigation Most Basic Security Controls Minimize Impact Of Sophisticated Attacks • Don’t rely on defaults • Implement 2FA • Use cryptographically protected protocols • Get alerted for unauthorized changes
  10. 10. 10 © UNIPHORE 2021 uniphore.com Home workstations are now ‘mobile devices’ • What level of control do you have? • What is backed up where? • What is going into a personal cloud? • Who has access to devices? • Who uses screen savers at home? Single home router for Internet access • Where is traffic going? • Can traffic be observed? • Where are DNS queries going? HOME NETWORK AS EXTENSION OF BUSINESS Think Before You Click Lock Down Your Login Connect Via Secure Network Separate Your Networks Limit Access To Work Devices Update Your Software
  11. 11. 11 © UNIPHORE 2021 uniphore.com THANK YOU !

×