The document discusses the importance of privileged access management (PAM) in mitigating cybersecurity threats, particularly from disgruntled employees and evolving IoT security challenges. Key statistics highlight that a significant number of breaches stem from weak or stolen passwords, underscoring the need for better credential management. The presentation outlines both the risks and the potential return on investment for implementing PAM solutions to secure organizational assets.

1. Crush Common
Cybersecurity
Threats with
Privileged
Access
Management
Rob Black, CISSP
Managing Principal
Fractional CISO
Rob@FractionalCISO.com
@IoTSecurityGuy

2. Security Ledger
Founded in 2012
An independent voice in information security
Pioneering coverage of:
• Internet of Things and security
• Threats to critical infrastructure
• Healthcare cyber security
• Cybersecurity policy
Blog, podcast, in-person & online events
Subscribe to Security Ledger’s Weekly Ledger.
• Executive-focused email newsletter rounding up the top cyber security stories
of the week.
• Visit securityledger.com/subscribe
• Text the word security to the number 345345 to join
Security Ledger | Box Jump LLC

3. High Level Trends worth noting
o Sophisticated, targeted attacks becoming the norm, rather than
exception
o Adversaries include cyber criminals, nation state actors,
competitors, disgruntled/former employees
o No longer about disruption (think “I love you” virus or “SQL
Slammer”
o Intellectual property theft
o Data theft/ransom
o Destructive wipers

4. Crush Common
Cybersecurity
Threats with
Privileged
Access
Management
Rob Black, CISSP
Managing Principal
Fractional CISO
Rob@FractionalCISO.com
@IoTSecurityGuy

5. Agenda
01 Introduction
02 Disgruntled ex-employees
03 IoT security & credentials
04 Quantifying IT cybersecurity risk
05 Return on Investment — PAM

7. A
90%
10%
Key Statistics - 1
81%
of hacking-related breaches
leveraged either stolen and/or
weak passwords.
Verizon 2017 Data Breach Investigations Report
81%
19%

8. 90%
10%
A
65%
35%
B
Key Statistics - 2
11%
of
employees
share
passwords
with co-
workers
5%
share them
with an
outside
party!!!
11%
89%
5%
95%
Ovum market research: Close the password security gap. September 2017

9. 90%
10%
A
65%
35%
B
Key Statistics - 3
34%
of former
employees
access
materials
after leaving
a company.
49%
of IT workers
do it!
34%
66%
49%
51%
Intermedia 2017 Data Vulnerability Report

12. Agenda
01 Introduction
02 Disgruntled ex-employees
03 IoT security & credentials
04 Quantifying IT cybersecurity risk
05 Return on Investment — PAM

14. IT Rampage Details
What did he do?
• Surveyed network for 5
months!
• Deleted virtual servers
• Took Storage Area Network
offline
• Deleted mailboxes from
corporate email server
How?
• Added fake VPN user and
token before he left
• Tricked staff into activating it
• Unchanged admin passwords
for five months after firing a
system administrator!

15. Administrative controls
• Checking active employee when
authorizing token
• Audit of authorized VPN users
• Change system passwords after
departure
Technical controls
• Network monitoring
• Privileged Access Management
What could have stopped the attack?

17. Agenda
01 Introduction
02 Disgruntled ex-employees
03 IoT security & credentials
04 Quantifying IT cybersecurity risk
05 Return on Investment — PAM

18. IoTageddon – Let’s avoid it.

20. IoT Architecture — Smart Water Meters
Smart Meter Base Station Data Center

22. IoT Architecture — Smart Water Meters
Smart Meter Base Station Data Center
X
X
X

23. Not So Smart Meter Details
What did he do?
• Telneted into Base Stations
(from home computer)
• Used known credentials
• Changed RF Frequencies for
Smart Meters, disabling
communication
• Changed code
• Changed at least one password
How?
• Internet accessible critical
infrastructure Telnet enabled
devices
• Unchanged credentials after
firing employee

24. • Every IoT device must have credentials
• In many cases installers use default credentials, share credentials
between devices or know the credentials for each device
• If the installer departs in unfavorable circumstances, there is
significant risk to the organization (and society)
• Ensuring strong credentials for administrative accounts is
paramount to IoT security
IoT Security — Credentials

25. Agenda
01 Introduction
02 Disgruntled ex-employees
03 IoT & credentials
04 Quantifying IT Cybersecurity Risk
05 Return on Investment — PAM

26. Personally Identifiable Information (PII)
Medical
Financial
Test Database
Database Copy
Application

27. Personally Identifiable Information (PII)
Medical
Financial
SaaS Vendor
Who can login to the database?
• System Administrators
• Tech Support
• Developers
• Contractors
• Former Employees
Database
Test Database
Copy
Application

28. Personally Identifiable Information (PII)
Medical
Financial
Hospital / Education Institution /
Financial Institution
Copy
Who can login to the database?
• System Administrators
• Vendors
• Developers
• Contractors
• Former Employees
Application
Database
Test Database

29. Risk Calculation
Impact
($)
×
(%)
Likelihood

30. • Cost Per Record: $141 on average per Ponemon Institute 2017 Data Breach
Study
Impact Calculation — Records
Number of Records 10,000 100,000 1,000,000
Impact of Breach $1.41 million $14.1 million $141 million

31. US Government planning cost
of human life
• FDA: $7.9 million
• DOT: $9.6 million
Wrongful death in US
• Settlements: $50,000 – $10 million
• Trials: $0 – $50 million
Injury?
Property damage?
Impact Calculation — Life/Safety

32. • Number of breaches per 10,000 employees: 0.15 annually from VivoSecurity
calculation in How to Measure Anything in Cybersecurity Risk
Likelihood Calculation
Note: This methodology is used for simplifying webinar presentation. When assessing your organization, you
should use a method that is specifically tied to your organization’s risks and the security controls in place to
mitigate those risks.
Number of Employees 1,000 5,000 10,000
Breaches per year 0.015 0.075 0.15

33. Records
10,000 100,000 1,000,000
Employees
1,000 $21,150 $211,500 $2,115,000
5,000 $105,750 $1,057,500 $10,575,000
10,000 $211,500 $2,115,000 $21,150,000
Annual Cost Calculation of Breach
Impact × Likelihood

34. Agenda
01 Introduction
02 Disgruntled ex-employees
03 IoT & credentials
04 Quantifying IT cybersecurity risk
05 Return on Investment — PAM

35. 81% of hacking breaches leverage stolen or weak passwords
Assumptions:
• $212,000 annual risk
• 50% of password risk can be reduced with PAM
• Ignores other risks mitigated by PAM
$212K × 81% × 50% = $86K of annual risk can be mitigated with
PAM!
Return on Investment —
Privileged Access Management

36. Handling an organization’s privileged accounts is one of the top vulnerabilities in any
organization’s security posture.
Demonstrate a problem
• “In a recent audit of our servers, we found 3 users with accounts who no longer work here.”
• “We haven’t changed our admin passwords since Frank left last month.”
• “All of our developers have access to all of our production systems.”
Quantify your risk
• What assets are you protecting?
• What are the paths for successful attack?
• What is the likelihood of a successful attack?
How can you get budget for a PAM project?

37. Key Statistics
• 81% of hacking-related breaches leveraged either stolen
and/or weak passwords. Verizon 2017 Data Breach Investigations Report
• 11% of employees share passwords with co-workers and 5%
share them with an outside party!!! Ovum market research: Close the
password security gap. September 2017
• 34% of former employees access materials after leaving a
company. 49% of IT workers do it! Intermedia 2017 Data Vulnerability Report

38. For help quantifying your cybersecurity risk or putting a plan in place
to mitigate the risk, please contact us:
Rob Black, CISSP
Fractional CISO
+1 617.658.3276
Rob@FractionalCISO.com
@IoTSecurityGuy
Next Steps

39. PowerBroker Password Safe
v6.4
Martin Cannard – Product Manager

40. Comprehensive Security Management
► Secure and automate the process for managing privileged account passwords and keys
► Control how people, services, applications and scripts access managed credentials
► Auto-logon users onto RDP, SSH sessions and apps, without revealing the password
► Record all user and administrator activity (with keystrokes) in a comprehensive audit trail
► Alert in real-time as passwords, and keys are released, and session activity is started
► Monitor session activity in real-time, and immediately lock/terminate suspicious activity
► Block & Alert when SSH commands are entered during privileged sessions
Privileged Password Management
People Services A2A
Privileged
Session
Management
SSH Key
Management

41. All actions are indexed and
searchable, along with any
keystrokes recorded.
Clicking on an action will
immediately jump you to that
index point of the recording.
Timestamps may optionally
be displayed, as well as
toggling between showing
keystrokes only, or
keystrokes plus actions.
Privileged Session Recording

42. • Time
• Day
• Date
• Where
• Who
• What
Differentiator: Adaptive Workflow Control
Mobile
Devices
Security
AppliancesDatabases
Operating
Systems
SaaS &
Cloud
Network
DevicesDirectoriesStorageSCADAMainframe

43. Why BeyondTrust? The PAM Industry Leader
Leader: Forrester PIM Wave, 2016 Leader: Gartner Market Guide for PAM, 2017

44. DEMO

45. Poll + Q&A
Thank you for attending
today’s webinar!