This document summarizes cyber security threats in 2014, including cyber crime attacks against retailers and banks that stole over 78 million records. Nation-state cyber attacks also increased, with North Korea attacking Sony for political reasons. The document argues that cyber warfare poses challenges because there are no international rules and attacks can be anonymous. It claims that governments can provide threat intelligence but cannot defend companies or stop advanced persistent threats. Overall, the document outlines growing cyber threats in 2014 from crime and nation-states and argues that more must be done to address these challenges.
Cyber Insecurity --The battle to protect data rages on as hackers find new wa...InnovatioNews
eBook from InnovatioNews reports on the issues surrounding cyber security, hacking and data protection. Author Steve Porter cites sources ranging from ex CIA Gus Hunt, LogRhythm's Chris Petersen, Level 3 Communication's Chris Richter, and ProtectWise' Scott Chasin.
There's a Crippling Cyber Attack Coming Your Way! Are we prepared to stop it?Brian K. Dickard
How many of you think that the US power grid can be taken out for an extended time period by a cyberattack? The threat is real and sophisticated, and our ability to mount a coordinated response at both the government and private industry level is limited. This presentation explores the critical issues involved in making meaningful progress to detect and defend against this threat.
The National Retail Federation outlines which data security points matter most to retailers.
For the past decade, NRF has called on Congress to pass a federal data breach notification law that would cover all entities that receive, handle and maintain sensitive personal information. NRF believes a national standard would provide retailers a practical framework to handle consumer notification and must preempt the 47 disparate state data breach notification laws retailers now comply with.
To learn moe visit: https://nrf.com/datasecurity
Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"Jeremiah Grossman
In 2011, attitude towards hacks shifted from "It happens," to "It is happening.” A poorly coded website and web application is all that’s needed to wreak havoc – expensive firewall, pervasive anti-virus and multi-factor authentication be damned. But what is possible? What types of attacks and attackers should we be mindful of? This presentation will show the real risks in a post-2011 Internet.
Cyber Insecurity --The battle to protect data rages on as hackers find new wa...InnovatioNews
eBook from InnovatioNews reports on the issues surrounding cyber security, hacking and data protection. Author Steve Porter cites sources ranging from ex CIA Gus Hunt, LogRhythm's Chris Petersen, Level 3 Communication's Chris Richter, and ProtectWise' Scott Chasin.
There's a Crippling Cyber Attack Coming Your Way! Are we prepared to stop it?Brian K. Dickard
How many of you think that the US power grid can be taken out for an extended time period by a cyberattack? The threat is real and sophisticated, and our ability to mount a coordinated response at both the government and private industry level is limited. This presentation explores the critical issues involved in making meaningful progress to detect and defend against this threat.
The National Retail Federation outlines which data security points matter most to retailers.
For the past decade, NRF has called on Congress to pass a federal data breach notification law that would cover all entities that receive, handle and maintain sensitive personal information. NRF believes a national standard would provide retailers a practical framework to handle consumer notification and must preempt the 47 disparate state data breach notification laws retailers now comply with.
To learn moe visit: https://nrf.com/datasecurity
Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"Jeremiah Grossman
In 2011, attitude towards hacks shifted from "It happens," to "It is happening.” A poorly coded website and web application is all that’s needed to wreak havoc – expensive firewall, pervasive anti-virus and multi-factor authentication be damned. But what is possible? What types of attacks and attackers should we be mindful of? This presentation will show the real risks in a post-2011 Internet.
The Cybersecurity Information Sharing Act (CISA) would spur cyber threat information sharing in smart ways that protect and respect privacy. The bipartisan bill includes compromises from multiple stakeholders.
Government policies - Public Safety - Canada - June 2017 paul young cpa, cga
This presentation looks at public safety spending at the federal level in Canada. The presentation will also focus on key areas like gun control, bail, border security, monitoring and terrorism.
Dealing Data Leaks: Creating Your Data Breach Response Planbenefitexpress
Learn what steps an employer must take after their IT systems are breached. Covers both state and federal rules regarding employer data breach responses.
Verizon, in collaboration with 50 other organizations (including FireEye) analyzed 100,000 Data breach incidents, what they found might surprise you. Interesting – when you look across all industries, the 4 largest share of incidents fall into four categories – insider misuse, physical theft / loss, miscellaneous errors and crime ware. We won’t focus on all of these, but of particular note when you look at incidents with confirmed data breaches, two categories stand out: payment card skimmers and cyber espionage. According to Verizon’s cyber threat group, the two fastest growing threats to the enterprise are Denial of Service attacks and Cyber Espionage.
Cybersecurity Context in African Continent - Way ForwardGokul Alex
The slides from the presentation session by Gokul Alex on the Enigmatic Economy of Cyber Crimes and Cyber Attacks across the globe with the specific focus on African Continent ravaging countries such as South Africa, Nigeria, Kenya, etc. Cybersecurity issues are looming large and assuming larger significance in the post pandemic political economies. This presentation was delivered to the TAFFD Virtual Conference on Cybersecurity in July 2020 together with Red Team Hacker Academy and BeyondIdentity.
Looking Ahead Why 2019 Will Be The year of CyberwarfareSecuricon
One year away from the third decade of the 21st century and technology has finally caught up with science fiction. In 2019, we’re going to hear more news about driverless cars, revolutions in artificial intelligence and commercial applications for drones. One thing is for sure: it’s an exciting time to be alive.
Protect the American Investor From Financing CCP’s Surveillance State, Keith ...Keith Krach
Under Secretary of State Keith Krach has championed the cause to protect the average American from unknowingly funding the Chinese Communist Party’s human rights abuses. Krach believes that “most Americans have no idea that their own money—held in pension funds, 401Ks, and brokerage accounts—is financing Chinese companies that support China’s military, security, and intelligence apparatus, as well as human rights abuses on an epic scale, such as those in Xinjiang. Through a web of subsidiaries, index funds, financial products and lack of proper disclosure, the average American investor is involuntarily supporting Chinese companies.”
The Cybersecurity Information Sharing Act (CISA) would spur cyber threat information sharing in smart ways that protect and respect privacy. The bipartisan bill includes compromises from multiple stakeholders.
Government policies - Public Safety - Canada - June 2017 paul young cpa, cga
This presentation looks at public safety spending at the federal level in Canada. The presentation will also focus on key areas like gun control, bail, border security, monitoring and terrorism.
Dealing Data Leaks: Creating Your Data Breach Response Planbenefitexpress
Learn what steps an employer must take after their IT systems are breached. Covers both state and federal rules regarding employer data breach responses.
Verizon, in collaboration with 50 other organizations (including FireEye) analyzed 100,000 Data breach incidents, what they found might surprise you. Interesting – when you look across all industries, the 4 largest share of incidents fall into four categories – insider misuse, physical theft / loss, miscellaneous errors and crime ware. We won’t focus on all of these, but of particular note when you look at incidents with confirmed data breaches, two categories stand out: payment card skimmers and cyber espionage. According to Verizon’s cyber threat group, the two fastest growing threats to the enterprise are Denial of Service attacks and Cyber Espionage.
Cybersecurity Context in African Continent - Way ForwardGokul Alex
The slides from the presentation session by Gokul Alex on the Enigmatic Economy of Cyber Crimes and Cyber Attacks across the globe with the specific focus on African Continent ravaging countries such as South Africa, Nigeria, Kenya, etc. Cybersecurity issues are looming large and assuming larger significance in the post pandemic political economies. This presentation was delivered to the TAFFD Virtual Conference on Cybersecurity in July 2020 together with Red Team Hacker Academy and BeyondIdentity.
Looking Ahead Why 2019 Will Be The year of CyberwarfareSecuricon
One year away from the third decade of the 21st century and technology has finally caught up with science fiction. In 2019, we’re going to hear more news about driverless cars, revolutions in artificial intelligence and commercial applications for drones. One thing is for sure: it’s an exciting time to be alive.
Protect the American Investor From Financing CCP’s Surveillance State, Keith ...Keith Krach
Under Secretary of State Keith Krach has championed the cause to protect the average American from unknowingly funding the Chinese Communist Party’s human rights abuses. Krach believes that “most Americans have no idea that their own money—held in pension funds, 401Ks, and brokerage accounts—is financing Chinese companies that support China’s military, security, and intelligence apparatus, as well as human rights abuses on an epic scale, such as those in Xinjiang. Through a web of subsidiaries, index funds, financial products and lack of proper disclosure, the average American investor is involuntarily supporting Chinese companies.”
A recent presentation given by us (Cybernetic Global Intelligence) on current trends in Cyber Crime and its effect on companies and law firms in Australia.
Rafeeq Rehman - Breaking the Phishing Attack Chaincentralohioissa
Many security research reports show that phishing is significant contributing factor to data breaches. Verizon data breach investigations report (DBIR) shows that attackers used phishing as their entry point in two third of the security incidents, especially in cyber espionage category. Although the phenomenon of phishing is nothing new, the attackers are enhancing their techniques and using phishing more effectively.
The good news is that understanding the phishing attack chain helps in stopping these attacks, break the phishing chain, and avert a data breach. This session is to understand different phases of phishing attacks and developing a comprehensive strategy to manage risk associated with these attacks.
Jon Stone, CTO and COO at Kelser Corporation spoke to the CT chapter of the CFMA about cyber crime. He shared that cyber crime is big business, the threat is real and you can take action.
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
Phishing is a top organizational security vulnerability because it involves the exploitation of human weakness. This ControlScan National Cyber Security Awareness Month presentation teaches employees how to spot and combat a phishing attack.
Cyber crime in a Smart Phone & Social Media Obsessed WorldJohn Palfreyman
With so much hype, and shrouded in technical gobbledygook it's hard to get a real handle on Cyber Crime, and how we can best prevent and / or investigate it. This presentation explores Cyber Crime, and it's relationship with Cyber Security. It then considers the vulnerabilities introduced by the pervasive use of smart phones and social media technologies, and how a "smarter" approach can be adopted to make systems secure.
Phishing basics: include its history
Introduction: phishing in detail
Techniques: Techniques used like link manipulation,web forgery
New phish: spear phishing
reason behind phishing
latest case study
survey: on top hosting and victim countries
Examples: popular website and email examples
IBM X-Force Threat Intelligence Report 2016thinkASG
Download the latest IBM X-Force Threat Intelligence Report
High-value breaches stole headlines as lackluster security fundamentals left organizations open to attack in 2015.
* The globalization of security incidents is shifting to targets like health-related PII and sensitive personal data
* The growing sophistication and organization of cybercrime rings are helping expand their reach
* New attack techniques like mobile overlay malware are evolving, while classics like DDoS and POS malware remain effective
“Cyber Liability & Cyber Insurance” - A discussion on best practices around Prevention, Detection, and Response!
Sponsored by Datto and Webster Bank
Series brought to you by the Connecticut Technology Council.
____________
TOPIC FOCUS:
1. Evolution and acceptance of Cybersecurity insurance
a. Understanding risk & effect on businesses
i. Used to be major brands, now widespread.
ii. Risk recognized, business leaders looking to minimize risk
b. Describing changes in cybersecurity insurance
How coverages have evolved - not just for biggest companies
i. Insurers are working with (tech) companies to get it right
ii. Where is it going from here? Trends, specialty insurance
2. Describe insurance types/ specifics and how they perform when needed
. Not all policies are the same
a. What to look for
b. How they vary by type of business (Healthcare vs. Retail vs. Software Co.)
c. What gaps still remain (What can’t get covered?)
3. How to minimize cost, get most value for your company
. Some protections on your current policies
a. Gating elements - What the insurance companies want to see - how that might help costs
4. Best practices generally
Rarely does a week go by without the announcement of another major data breach that has put thousands, or even millions of consumers at risk of fraud. From malicious use of compromised credit and debit cards, to increased identity theft risk to drained bank accounts, the threats are real and impact millions of consumers. . A key challenge for the incoming 114th Congress will be to implement long-needed reforms that will protect American consumers personal data from malicious use by criminal hackers.
Data is big, data is valuable and data is trouble. In 2014, the Breach Level Index recorded that over one billion records had been breached, an increase of 78% over 2013. And 2015 is seeing similar levels – the first 2 quarters of the year each seeing a loss of almost 340 million records.
By United Security Providers
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)PwC France
http://bit.ly/Cybersecurite-sept14
Etude mondiale de PwC, CIO et CSO réalisée en ligne du 27 mars 2014 au 25 mai 2014. Les résultats présentés ici sont fondés sur les réponses de plus de 9700 CEO, CFO, CIO, RSSI, les OSC, les vice-présidents et des directeurs de l'information et des pratiques de sécurité de plus de 154 pays.
35 % des répondants sont d'Amérique du Nord, 34 % d'Europe, 14 % d'Asie-Pacifique, 13 % en Amérique du Sud, et 4 % du Moyen-Orient et d’Afrique.
Key Findings from the 2015 IBM Cyber Security Intelligence IndexIBM Security
View on-demand presentation: http://securityintelligence.com/events/ibm-2015-cyber-security-intelligence-index/
The cyber threat landscape is increasing in complexity and frequency. Organizations that have historically not been the target of cyber attacks now make headline news with large data losses and compromised transactions. Organizations need a clear point of view on how to respond to these threats, and one that incorporates not only the relevant technology but also the organizational changes needed.
Nick Bradley, Practice Leader of the IBM Threat Research Group and the X-Force Threat Analysis Team, and Nick Coleman, Global Head Cyber Security Intelligence Services outline what organizations need to do now and in the future to stay ahead of the growing cyber security threat.
Verizon 2014 data breach investigation report and the target breachUlf Mattsson
The landscape of threats to sensitive data is changing. New technologies bring with them new vulnerabilities, and organizations like Target are failing to adapt to the shifts around them.
What’s needed is an approach equal to the persistent, advanced attacks companies face every day. The sooner we start adopting the same proactive thinking hackers are using to get at our data, the better we will be able to protect it.
In this webinar, Protegrity CTO and data security thought leader Ulf Mattsson integrates new information from the Verizon 2014 Data Breach Investigation Report (DBIR) into his analysis on what is driving data breaches today, and how we can prevent them in the future.
KEY TOPICS INCLUDE:
• The changing threat landscape
• The effects of new technologies on breaches
• Analysis of recent breaches, including Target
• Compliance vs. security
• The importance of shifting from reactive to proactive thinking
• Preparing for future attacks with new technology & techniques
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know AboutBernard Marr
The vital role that cybersecurity plays in protecting our privacy, rights, freedoms, and everything up to and including our physical safety will be more prominent than ever during 2020.
Leveraging Compliance to “Help” Prevent a Future BreachKevin Murphy
This presentation will use the major attacks of 2017 as examples to show how “real” compliance could have prevented these attacks. The call to action will show how a responsive GRC program partnered with your Security Engineering teams is the best defense for future attacks.
SecureWorld Seattle Vulnerability Mgmt Nov 11 2015
Cyber Crime Seminar Jan 2015
1. Cyber Security 2014
Update
Kevin J. Murphy, CISSP,
CISM, CGEIT
January 12, 2015
http://www.linkedin.com/pub/kevin-murphy/5/256/863
2. Agenda
Cyber Crime
Cyber Warfare
Government Help
Discussion
Note: Intelligence verses Evidence
6/19/2015 2
3. Cyber Threats - Definitions
Cyber Crime
$$$ Motivated- Credit cards, bank
accounts
Non $$$ - Denial of Service (DDOS)
APT = Nation State Espionage
Steal your Intellectual Property
Cyber war = Destructive
Geopolitical Conflict
Economic Attack
Element of modern warfare
6/19/2015 3
4. 2014 Cyber Crime Attacks
Banking Data Breaches
2014 Verizon Data Breach Investigations
Report analyzed 1,367 data-loss
incidents last year, they found that 465
were financial institutions
Data Breach Losses Top More Than 78
Million Records to Date in 2014
6/19/2015 4
6. 2014 Cyber Crime Attacks
Retail Data Breaches
Point of Sale (POS) system
vulnerabilities
Reporting requirements under GLB Act
Some of the victims
Target, Home Depot, Michaels, Neiman
Marcus, Jimmy Johns, Staples, Dairy
Queen, PF Chang’s, etc. etc.
Analysis?
Look at your 3rd Party attack vectors
Understand your POS vendors security
Plans6/19/2015 6
8. 2014 Cyber Crime Attacks
Home Depot – a different nuance
Credit card’s were offered for sale on a
website that traffics in stolen card data
Cards presented as:
"American Sanctions”
"European Sanctions”
Analysis?
Cyber Crime is now Geopolitical
6/19/2015 8
9. 2014 Cyber Crime Attacks
Sony– Nation States enter Cyber Crime
N Korea - Denial of Service to achieve a
political agenda
Someone counterattacks N Korea
Analysis:
When does a cyber attack become an act
of war?
No international agreement
What is a legal response to a nation-state
attack on a public company?
6/19/2015 9
10. 2014 Cyber Crime Attacks
Sony–Analysis:
Does Sony have a legal right to
counterattack?
The US Dept. of Defense has the
Constitutional charter to provide for the
common defense
Can the DoD defend US companies?
War was traditionally between nation
states until recently:
Taliban
ISIS
Cyber Warfare
6/19/2015 10
11. Cyber warfare is dangerous
Potential for huge economic impact
Geopolitically motivated
No cold-war type “rules”
No international agreement
Anonymous attacks have no limits
and pose little risk to the attacker
6/19/2015 11
12. Welcome to the Internet World
Low barriers to entry.
Any country willing to invest in a modern
data center and to train its staff can join in
this high tech world of modern espionage.
13. Welcome to the Internet World
The speed, accuracy, and volume of
internet-based intelligence collected by
foreign intelligence organizations has
increased almost exponentially compared
to the previous Cold War methods.
The cost and risk associated with this
method is dramatically lower than that of
the Cold War.
Low-cost, low-risk ,and high-return
espionage is very lucrative
14. Cyber War verses the Cold
War model
No Détente.
Anonymity—nation states that can operate
in the cyber world with anonymity will also
act far more aggressively and destructively
if the attack cannot be attributed to any
particular actor.
This creates a very dangerous and
potentially very destructive cyber
battlefield of anonymous attackers.
15. 3rd world Cyber attacks
Syrian Electronic Army
6/19/2015 15
What did they learn by this reaction?
17. Understanding Your Attacker
China gets the most press about APT
mainly because its methods of attack seem
to indicate that they really don’t care that
you know they are attacking you.
After all, what can you do about it?
Eventually all industrialized nations will
have some sort of capability as a
necessary part of competing in a global
world.
18. The Legal Landscape
International laws or agreements will not stop
APTs. It is just too lucrative and everyone is
doing it.
Physical attack = physical evidence
APT attacks leave a great deal of “reasonable doubt”
to attribute to the attacker
Legal Extradition—If you have evidence, cases
can only be reliably brought upon an attacker in
your own country.
It is unlikely that you will be able to take legal
action against a state-sponsored attack group or
a nation itself.
19. Legal Landscape
Legal rulings in both the US and the EU
The major software and hardware vendors must share
data about their products so the competitive
landscape remains fair for all vendors and to preserve
consumer choice.
Some software vendors must document all operating
system APIs and have the API technical details
available for use by application -layered products
including competing products.
What was designed to benefit consumers through free
market competition has also provided potential attackers
with a wealth of information about your systems technical
details.
20. Government Help
Governments only have three tools to help:
Intelligence on the threat
The legal process
Diplomacy
Counter Attack?
21. Government Help
Intelligence on the Threat:
Intelligence on the threat is limited until an
attack has actually occurred. That is a bit after
the fact to protect the enterprise.
Diplomacy:
Cyber espionage is just too lucrative for the
attacking governments to come to any global
agreement to limit it.
23. Resources
Books
Economics & Strategies of Data Security, Daniel Geer Jr.
http://www.amazon.com/Economics-Strategies-Data-Security-
DANIEL/dp/B001LZM1BY
Papers
2014 Data Breach Investigations Report
http://www.verizonenterprise.com/DBIR/2014/
The Inevitability of Failure: The Flawed Assumption of Security in Modern
Computing Environments, Peter A. Loscocco, Stephen D. Smalley,
Patrick A. Muckelbauer, Ruth C. Taylor, S. Jeff Turner, John F. Farrell;
National Security Agency
http://www.windowsecurity.com/whitepapers/The_Inevitability_of_Failure
_The_Flawed_Assumption_of_Security_in_Modern_Computing_Environ
ments_.html
Contact Me:
http://www.linkedin.com/pub/kevin-murphy/5/256/863
6/19/2015 23
Editor's Notes
Russian Political Sympathizers? Cyber Crime is now Geopolitical
Russian Political Sympathizers? Cyber Crime is now Geopolitical
Russian Political Sympathizers? Cyber Crime is now Geopolitical