SlideShare a Scribd company logo

Cyber_Security_Issues_and_Challenges.pptx

Download as PPTX, PDF
G
GracePeter10

- Advanced persistent threats (APTs) pose sophisticated cybersecurity risks through targeted, long-term attacks aimed at gaining access to sensitive data from specific organizations. APTs differ from traditional threats in that they must be addressed as an agent-oriented problem rather than solely a technological one. - APT actors include nation-states and others seeking strategic intelligence or economic advantage. Their attacks use multiple vectors like social engineering and zero-day exploits, making signature-based defenses ineffective. They persist until successful network compromise. - Effective defenses require a comprehensive strategy viewing the APT as a determined opponent, not just a technical problem. Hardening the entire organization is needed since technological fixes alone won't stop persistent adversaries

Technology
1 of 20
Ready for what’s next. This document contains Booz Allen Hamilton Inc. proprietary and confidential business information. Roger Cressey Sharm el Sheikh, Egypt April 12, 2012 Cyber Security Issues and Challenges
This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. One of the oldest, largest and most experienced strategy and technology consulting firms – Founded in 1914 – 25,000+ professionals – $5 Billion in Annual Sales Our business model is driven by global industry practices emphasizing industry expertise to better serve clients We bring a global perspective — have served clients in over 40 countries We are not aligned with any other integration firms or software vendors – we bring an objective and independent viewpoint to all of our clients At Booz Allen, we focus on delivering results for clients in over 40 countries across multiple domains With deep expertise in both strategy and technology, Booz Allen transcends conventional categories of consulting Booz Allen teams work together with clients to help them succeed... …through the continual interplay of insight and action Producing results that endure tomorrow Booz Allen delivers end-to-end strategy-based transformation solutions through multi- disciplinary skills… … and through our industry expertise which spans virtually every major industry sector Who We Are ... What We Do ... Mission: Booz Allen combines strategy with technology, and insight with action, working with clients to deliver results today that endure tomorrow
This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. 3 The significant increase in the sophistication and frequency of cyber attacks (public and non-public) presents material risks to organizations Most organizations are only prepared to handle a fraction of actual security concerns Cybersecurity Risk Landscape Unprecedented Risk  Intellectual property theft  Monetary losses  Operational disruptions  Company devaluation  Customer suits  Media publicity  Brand degradation  Environmental issues  Regulator intervention Vulnerabilities  Hyper-interconnectivity of information systems  Rapid technological infrastructure expansion  Undefinable business perimeter  Unprepared corporate workforce and culture  Dissimilar security models applied across the enterprise Threat Sources Insiders Criminals State Actors Hacktivists Individuals Representative Attacks Citibank (2009) Computer-security breach targeting Citigroup that resulted in a theft of tens of millions of dollars Lockheed Martin (2011) Perpetrators infiltrated major network linked to Departments of Defense and Homeland Security Night Dragon (2011) Covert and multidimensional cyber attacks conducted against global oil, energy, and petrochemical companies; endangers critical infrastructure RSA (2011) Alleged nation-state attack against SecurID tokens victimized over 760 companies worldwide
This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. Threat Sophistication Actors Individuals/Amateur Hackers Hacktivists (e.g. Anonymous, LulzSec) Cyber Criminals Insiders Nation-states Capabilities Website defacement, Denial of Service (DoS), Phishing scams Website defacement, Distributed Denial of Service (DDoS), web-based attacks , SQL injection Viruses, worms, trojans, malware, botnets, web- based attacks Physical access to transmit, download, or copy information Remote access tools (RAT), custom exploits, spear-phishing, zero-day exploits Intentions Indiscriminately selected companies and/or organizations Selected company and organizations’ operations, brand, and reputation Personally Identifiable Information (PII) (e.g. SSN’s, credit card numbers, health records), proprietary information Trade secrets, proprietary, sensitive, or classified information Trade secrets, proprietary, sensitive, or classified economic and/or national security information Consequence Nuisance, disruptions of business operations Disruption of business operations, reputational loss Customer financial loss, company financial loss, reputational loss, lost productivity Loss of economic competitive advantage, increased foreign competition Loss of national economic competitive advantage, increased foreign competition, loss of national security secrets Estimated Loss1 — $171 million (single case) $5.9 million per year per organization $20 million (single case) $2-$400 billion (1) Costs are UNITED STATES ONLY and based on disparate data, individual cases studies, and broad estimates Sources: “Foreign Spies Stealing US Economic Secrets in Cyberspace.” Office of the National Counterintelligence Executive. October 2011 ; “Second Annual Cost of Cybercrime Study.” Ponemon Institute. August 2011; “Sony Data Breach Cleanup to Cost $171 Million.” Information Week. May 23, 2011. Low High (APT) A variety of cyber threat actors have emerged over the recent years that target the vulnerabilities across cyber programs worldwide 4
This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. APTs constitute a mature attack and introduce a new paradigm of cyber security threats Examples:  Generic phishing scams  Attacks against organizations with little-to-no security – weakest in the heard/opportunistic approach  Cyber techniques available on internet/open source Types of Attackers:  Amateur hackers  Scam artists Examples:  Distribute Denial of Service  Targeted private data extraction  Extortion as motive  Customized tools  Developed techniques Types of Attackers:  Extortionists  Mature cyber criminals Examples:  Highly sophisticated adversaries who can bypass virtually all of today’s “best practice” security controls  Primary goal is long-term, persistent occupation for data theft, intelligence espionage, and other malicious activities Types of Attackers:  Nation states  Sophisticated adversaries Sophisticated, planned over long-periods, complex, and targeted Technical mature, developed by advanced individuals or teams, but not coordinated or extremely targeted Simple, easily accessed tools, done by amateur hacker and not particularly targeted Basic Advanced APTs Maturity Level
This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions.  Underlying cause of APTs is desire to acquire assets from or disrupt a single organization  Because of high cost of mounting an APT attack, only large, highly-influential organizations are typically targeted – Target of high strategic value to attacker – Attackers typically well-funded, organized  Attackers will not use commodity attacks: will find and breach any potential vulnerability – Many APT entry-points are social in nature  Must consider APTs as an actor threat requiring a comprehensive mitigation strategy APTs are Persistent (Targeted )  Because attackers are interested in breaching a specific organization regardless of cost, most technological attacks are highly- customized – Attacks tend to be over multiple vectors and sometimes crafted around 0-day exploits – Traditional signature-based detection (AV and IDS), are generally ineffective  Given a breach, because APTs are agent- oriented threats, simply patching the technology is insufficient – If organization remains unhardened, attacker will simply craft new payload – Traditional cyber security focuses mainly on technological vulnerability, not the attacker: will not work for APTs APTs are Advanced APTs Differ from Traditional Threats in Two Significant Ways Because APTs are targeted at one specific organization, they must be treated as a primarily agent-oriented (people) problems Because attackers are persistent during an APT, attacks are advanced (i.e. many vectors, complex)
This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. APTs make a significant investment in their target and will vary and escalate their techniques and not move on to another victim Network Compromised Notional APT Approach 1. Adversary collects non- traditional attack information 2. The adversary creates a highly socialized, targeted e-mail message that potentially contains previously unknown malicious code – spear phishing 3. If phishing attempt successful, the adversary immediately connects to the victim’s workstation 4. The adversary will quickly install additional channels to ensure access to the internal network 5. The APT will quickly entrench themselves at the enterprise level 6. Data is collected and exfiltrated from the network Your opponent is a determined individual or organization, not a technology There is no “typical” APT approach… attackers will keep trying until they gain network access
This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. Organizations with sensitive data need to be especially wary of APTs: marginal improvements in traditional security are not enough 2008: Large Oil Companies 2010: Sophisticated Technology Companies Target Result Motivation  Companies unaware of extent of attack until alerted by FBI; APTs had been persistent since 2008 and actively exfiltrating e-mails and passwords of senior executives  Chinese attackers successfully exfiltrated sensitive data from Google, Adobe, Yahoo, Dow Chemical, and Symantec (a leading manufacturer of computer security products) servers Attackers sought valuable data about new discoveries of oil deposits (this data can cost hundreds of millions of dollars to produce) Attackers sought persistent access to cutting-edge intellectual capital  Attackers successfully infiltrated several nuclear sites and damaged uranium enrichment facilities  Cited as one of the most refined pieces of malware ever discovered, experts believe only a nation state would be able to produce it Attackers sought to disrupt critical industrial infrastructure, specifically targeting nuclear facilities 2010: Stuxnet
This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. Because of the high level of sophistication, traditional cyber remediation techniques are insufficient to address the technological risks posed by APTs Traditional Remediation Techniques Under APTs Traditional Remediation on Traditional Threats Traditional Remediation on Advanced Persistent Threats Password Reset  Attackers have procured user passwords and have active access to user accounts  Password reset removes access to accounts  Password reset temporarily removes access to accounts  Attackers utilize shared accounts to discover changed passwords  Attackers have active access to user accounts again Anti-Virus  Attackers have planted common attack vectors on organization computers  Anti-viral software detects and removes such vectors  Anti-viral software unable to detect custom- created exploits  APTs require custom-crafted detection and removal solutions Network Security  Organization enacts strict firewalls and network security to exclude external traffic  Internal access controls prevent wide data breaches  APTs planted internally already open holes through firewall and network security  Attackers have access to user accounts, bypassing internal access controls
This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. Organizations must immediately take mitigation steps to specifically discover and protect against APTs  APTs are highly targeted: attacker will not relent even if an attack fails  Attackers will find and breach any vulnerability, including social ones  New paradigm: multiple vectors, custom-crafted  Undetectable and unpreventable by normal remediation techniques  Beat best practices  Victim is chosen based on political, financial, and security interests  Individuals are targeted Persistent Advanced Targeted Unique Attributes of APTs (compared to typical cyber threats)  Complexity of attacks is high and constantly increasing  Even best-of-class security companies (e.g. Symantec) are currently vulnerable Increasing Complexity  Number of attacks is increasing exponentially  The number of groups that make good targets is expanding Increasing Multitude  A new remediation approach is needed: APTs are fundamentally different from traditional cyber threats  All organizations, especially ones with globally-sensitive data, need to create a remediation approach: APTs will not go away  Risk analysis required to determine “am I a target?” Recommendation APTs require a fundamentally different approach from typical cyber threats Organizations need to create strategic, comprehensive mitigation plans now Future APTs Trends (predicted on past performance)
This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. The APT Challenge  APTs are highly targeted: attackers will not easily relent even if a counterstrike is launched  Attackers will find and breach any vulnerability, including social and organizational ones  New paradigm: multiple vectors, custom-crafted  Undetectable and unpreventable by normal remediation techniques  Defies typical best practices  Victim organization is selected based on political, financial, and security interests  Individuals are targeted Persistent Advanced Targeted  Complexity of attacks is high and constantly increasing  Even best-of-class security companies (e.g., Symantec) are currently vulnerable Increasing Complexity  Number of attacks is increasing exponentially  The targets of attacks are increasing Increasing Multitude “Companies of all sizes that have any involvement in national security or major global economic activities should expect to come under pervasive and continuous APT attacks...” – McAfee 2011 Threats Predictions  Technology is getting cheaper and the cost for nation states or organized crime to fund these operations has gone down  Lower barriers to commit cyber crime with targets of attacks steadily increasing Cost of Entry The Advanced Persistent Threat (APT) is a new level of threat sophistication that bypasses virtually all leading cybersecurity practices Threat/Risk Landscape
This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. Traditional Best Practices Current Best Practices APT Countermeasure Anti-Virus Compile malicious code immediately before use, protect with kernel driver, run code in Windows safe mode, pack with unknown packing utility Vulnerability Assessments Generally don’t rely on known system vulnerabilities, focus on mis-configured systems, non-vulnerability based targeted spear-phishing attacks, or application vulnerabilities (Adobe PDF Reader, MS Office) Network Firewall Target workstations, malicious code will beacon out, establishing a TCP session, attack over an open port (80, 53, 443, or email) Host Firewall Malicious code adds itself to the host firewall white list Two-Factor Authentication (Common Access Cards) Rootkit installed when user is logged in, then authenticate to the rootkit for future access, CAC not required for lateral movement Email Filtering Send link to malicious code vice the code itself, send from trusted email account, send from trusted network Intrusion Detection Systems Port 443, Open SSL, WinRAR, other encryption Disabling HTML email APTs don’t attempt to “hide” the link they are sending Border Monitoring Provided border protection from external attacks Email Filtering APTs don’t send attachments with .exe, .dll, .vbs, extensions – they send PDFs Proxy Servers HTTP header spoof - proxy server bypass Microsoft Patching Program Use of undocumented vulnerabilities, little or no focus on application patching
This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. Non-Traditional Risk Factors - Host − End users with local administrative access − LAN Manager password hashes − Shared local administrator passwords − No proactive threat identification component − Unmanaged and undermanaged systems − Mobile users (especially with VPN) − Adobe Acrobat patch level − Web Browser patch level − Non-sourced DA accounts − MS Office version and service pack − No HBSS, or HBSS with no Threat specific configuration There are a number of traditional and non-traditional host-based risk factors that contribute substantially to your organization’s risk to Threat entrenchment
This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. Non-Traditional Risk Factors - Network There are a number of non-traditional network-based risk factors that contribute substantially to your organization’s risk to a sophisticated Threat − Flat network (Layer 3) − Flat authentication (Active Directory forests) − Excessive lateral movement allowed − Unproxied/unrestricted outbound access − Unmanaged systems on the network − Infrastructure servers with Internet access − Little or no internal network monitoring − Internally hosted public websites − Weak authentication VPN − Lack of proactive threat identification program − Poor Active Directory design and management
This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. The preeminent organizational cyber challenges of 2012 consist of a blend of technical and organizational issues Hypotheses on Top Cybersecurity Program Challenges • Abundance of sensors and data available; not enough analytics • Monitoring capabilities need to more inclusive of threat environment • Threat intelligence and analysis needs to be broader / more relevant Threat Management 1 • Control selection/implementation not risk-based in divisions/regions • Identified ‘cyber risks’ are narrowly focused on technology • Lack of interdependency analysis in risk management processes Information Risk Management 2 • Attackers / malicious code can move laterally throughout enterprise • Infrastructure security budget insufficient compared to growth • Expanding use of insecure mobile devices Infrastructure Security 3 • Massive global penetration of programmable logic controllers (PLCs) and other software-controlled products • Secure software/products soon to be competitive differentiator Application Security 4 • Large concentrations of sensitive data exist outside of well-protected environments • Sensitive information often flows across inadequately protected channels • Unsophisticated mechanisms are employed to assist and enforce end-user document labeling Information Protection 5 • A more dedicated and robust cybersecurity awareness, training, and education program needed • Internal users are not prepared for the modern threat environment • Third parties (e.g., contractors) require more engagement Awareness, Training, & Education 6 • Internal change management and security consulting entities are insufficient for engaging business units • Need for prioritization and phasing of interaction with stakeholders to address cybersecurity risks • Customers and third parties (e.g., vendors, contractors, partners) require more enhanced engagement Communications & Engagement 7 • Inconsistent monitoring and reporting of events or a lack of dedicated continuous monitoring capabilities • Reporting of real-time situational views are not tailored for stakeholders across the enterprise • Guidelines on internal and external escalation processes are not clear nor promulgated Event Management 8 • Governance is not addressed as a senior executive issue • Inconsistent and infrequent interaction with divisions to understand business risks and requirements • Organizational silos lead to ineffective processes / solutions Governance 9
This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. 16 Resiliency must be integrated beyond purely technological areas, to include policies, human capital, management, and operations Highlights  Manage risk from a multidimensional perspective: Policy, People, Operations, and Management, in addition to Technology  Lower risk and become more cost efficient  Align cybersecurity needs to business mission  Craft effective solutions that are not stove-piped to a single area  Protect assets to enable business competitiveness and business reputation Evolving Cybersecurity Capabilities Using an Integrated Mindset
This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. Organizations need to develop all aspects of a cyber security workforce, including: Strong Cybersecurity Workforce Human Capital Management To acquire, develop and retain cybersecurity talent Leadership Development To provide leaders with new cybersecurity competencies Education and Training To create a highly skilled cybersecurity workforce Awareness and Communications To create a cyber-aware, and cyber-active culture
This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. There are defined 11 cyber roles that outline the skills and training requirements needed for a successful cyber workforce Cyber Intel Analyst Cyber Policy Analyst Cybersecurity Analyst Cyber Offense Analyst Cyber Operations Planner Cyber Business Professional Cyber Compliance Analyst Secure Software Engineer Cybersecurity Engineer Cyber Operations Professional Cyber Strategist Cyber Roles Skills Needed/Training Requirements Benefits Systems Requirements Analysis Secure Network Design Secure Application Design Testing Systems Implementation Secure Configuration Management Vulnerability Assessment Cyber Policies, Plans, & Procedures Cyber Program Design Threat Assessment Continuity of Operations Incident Response Certification & Accreditation Vulnerability Assessment Establishes a common lexicon and point of reference across all human capital management activities Allows stakeholders to immediately identify roles, skill sets and training needs, consistently across functional areas Allows existing staff to easily identify with each other to facilitate the formation of communities of interest and practice
This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. 19 Rapid Response Integrated Remediation Evolutionary Response Threat Vector Intelligence Mitigation Mitigation Risk Response Informed Decisions Find and react to adversarial threats • Recognize attack • Conduct triage • Perform forensics • Respond to attack • Recover/reconstitute Design capabilities to counter adversarial threats Gather insights on adversary threats, intentions, and capabilities • All-source analysis • Indications of “early warning” • Threat education • Support to operations, planning and institutional cybersecurity programs • Capability maturity evolution • Vulnerability assessment • Trade-off analysis • Operational planning • Exercises/M&S • Strategic road-mapping 3 A “Dynamic Defense” approach will meet today’s need for resiliency by establishing a network of integrated processes, technologies, and people Build/implement better systems and constructs to keep adversaries out 1 2 4 • Policy • Operations • Technology • Management • People
This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. Contact Information 20 Booz Allen Hamilton Mclean, Virginia USA +1 703 9841421 Cressey_roger@bah.com Roger Cressey Senior Vice President

Recommended

Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of Attack
Mekhi Da ‘Quay Daniels
 
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementProtect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
DevOps.com
 
Countering Advanced Persistent Threats
Countering Advanced Persistent ThreatsCountering Advanced Persistent Threats
Countering Advanced Persistent Threats
Booz Allen Hamilton
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
ObserveIT
 
Adam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House CounselAdam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer
 
Understanding Advanced Cybersecurity Threats for the In-House Counsel
Understanding Advanced Cybersecurity Threats for the In-House CounselUnderstanding Advanced Cybersecurity Threats for the In-House Counsel
Understanding Advanced Cybersecurity Threats for the In-House Counsel
Adam Palmer
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
Casey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Casey Ellis
 

Recommended

Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of Attack
Mekhi Da ‘Quay Daniels
 
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementProtect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
DevOps.com
 
Countering Advanced Persistent Threats
Countering Advanced Persistent ThreatsCountering Advanced Persistent Threats
Countering Advanced Persistent Threats
Booz Allen Hamilton
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
ObserveIT
 
Adam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House CounselAdam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer
 
Understanding Advanced Cybersecurity Threats for the In-House Counsel
Understanding Advanced Cybersecurity Threats for the In-House CounselUnderstanding Advanced Cybersecurity Threats for the In-House Counsel
Understanding Advanced Cybersecurity Threats for the In-House Counsel
Adam Palmer
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
Casey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Casey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
bugcrowd
 
Reorganizing Federal IT to Address Today's Threats
Reorganizing Federal IT to Address Today's ThreatsReorganizing Federal IT to Address Today's Threats
Reorganizing Federal IT to Address Today's Threats
Lumension
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
TechBiz Forense Digital
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
Insider Threat_BAH_Turner
Insider Threat_BAH_TurnerInsider Threat_BAH_Turner
Insider Threat_BAH_Turner
Bob Turner
 
Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012
Don Grauel
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systems
Fidelis Cybersecurity
 
Gp2 Public Policy Assign8 644 Sp10
Gp2 Public Policy Assign8 644 Sp10Gp2 Public Policy Assign8 644 Sp10
Gp2 Public Policy Assign8 644 Sp10
Deepa Devadas
 
Practical and Actionable Threat Intelligence Collection
Practical and Actionable Threat Intelligence CollectionPractical and Actionable Threat Intelligence Collection
Practical and Actionable Threat Intelligence Collection
Seamus Tuohy
 
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWebinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
WPICPE
 
BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
Glenn E. Davis
 
TMT industry Threat Landscape
TMT industry Threat LandscapeTMT industry Threat Landscape
TMT industry Threat Landscape
Loucif Kharouni
 
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Peter1020
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
seadeloitte
 
Best practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_trainingBest practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_training
wardell henley
 
Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0
Satyanandan Atyam
 
Interset-advanced threat detection wp
Interset-advanced threat detection wpInterset-advanced threat detection wp
Interset-advanced threat detection wp
CMR WORLD TECH
 
Insider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdfInsider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdf
ramsetl
 
Guide to high volume data sources for SIEM
Guide to high volume data sources for SIEMGuide to high volume data sources for SIEM
Guide to high volume data sources for SIEM
Joseph DeFever
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Marlabs
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
christinelarrosa
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE RolesWhat is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
DianaGray10
 

More Related Content

Similar to Cyber_Security_Issues_and_Challenges.pptx

Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
bugcrowd
 
Reorganizing Federal IT to Address Today's Threats
Reorganizing Federal IT to Address Today's ThreatsReorganizing Federal IT to Address Today's Threats
Reorganizing Federal IT to Address Today's Threats
Lumension
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
TechBiz Forense Digital
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
Insider Threat_BAH_Turner
Insider Threat_BAH_TurnerInsider Threat_BAH_Turner
Insider Threat_BAH_Turner
Bob Turner
 
Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012
Don Grauel
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systems
Fidelis Cybersecurity
 
Gp2 Public Policy Assign8 644 Sp10
Gp2 Public Policy Assign8 644 Sp10Gp2 Public Policy Assign8 644 Sp10
Gp2 Public Policy Assign8 644 Sp10
Deepa Devadas
 
Practical and Actionable Threat Intelligence Collection
Practical and Actionable Threat Intelligence CollectionPractical and Actionable Threat Intelligence Collection
Practical and Actionable Threat Intelligence Collection
Seamus Tuohy
 
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWebinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
WPICPE
 
BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
Glenn E. Davis
 
TMT industry Threat Landscape
TMT industry Threat LandscapeTMT industry Threat Landscape
TMT industry Threat Landscape
Loucif Kharouni
 
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Peter1020
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
seadeloitte
 
Best practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_trainingBest practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_training
wardell henley
 
Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0
Satyanandan Atyam
 
Interset-advanced threat detection wp
Interset-advanced threat detection wpInterset-advanced threat detection wp
Interset-advanced threat detection wp
CMR WORLD TECH
 
Insider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdfInsider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdf
ramsetl
 
Guide to high volume data sources for SIEM
Guide to high volume data sources for SIEMGuide to high volume data sources for SIEM
Guide to high volume data sources for SIEM
Joseph DeFever
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Marlabs
 

Similar to Cyber_Security_Issues_and_Challenges.pptx (20)

Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
Reorganizing Federal IT to Address Today's Threats
Reorganizing Federal IT to Address Today's ThreatsReorganizing Federal IT to Address Today's Threats
Reorganizing Federal IT to Address Today's Threats
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
Insider Threat_BAH_Turner
Insider Threat_BAH_TurnerInsider Threat_BAH_Turner
Insider Threat_BAH_Turner
 
Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systems
 
Gp2 Public Policy Assign8 644 Sp10
Gp2 Public Policy Assign8 644 Sp10Gp2 Public Policy Assign8 644 Sp10
Gp2 Public Policy Assign8 644 Sp10
 
Practical and Actionable Threat Intelligence Collection
Practical and Actionable Threat Intelligence CollectionPractical and Actionable Threat Intelligence Collection
Practical and Actionable Threat Intelligence Collection
 
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWebinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
 
BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
 
TMT industry Threat Landscape
TMT industry Threat LandscapeTMT industry Threat Landscape
TMT industry Threat Landscape
 
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Best practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_trainingBest practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_training
 
Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0
 
Interset-advanced threat detection wp
Interset-advanced threat detection wpInterset-advanced threat detection wp
Interset-advanced threat detection wp
 
Insider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdfInsider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdf
 
Guide to high volume data sources for SIEM
Guide to high volume data sources for SIEMGuide to high volume data sources for SIEM
Guide to high volume data sources for SIEM
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 

Recently uploaded

Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
christinelarrosa
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE RolesWhat is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
DianaGray10
 
Getting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
Getting the Most Out of ScyllaDB Monitoring: ShareChat's TipsGetting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
Getting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
ScyllaDB
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
Fwdays
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
zjhamm304
 
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
Fwdays
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
Mydbops
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
DanBrown980551
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Ukraine
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
christinelarrosa
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
LizaNolte
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
Fwdays
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
UiPathCommunity
 
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptxAI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
Sunil Jagani
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
Enterprise Knowledge
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
DianaGray10
 

Recently uploaded (20)

Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE RolesWhat is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
 
Getting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
Getting the Most Out of ScyllaDB Monitoring: ShareChat's TipsGetting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
Getting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
 
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
 
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptxAI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
 

Cyber_Security_Issues_and_Challenges.pptx

  • 1. Ready for what’s next. This document contains Booz Allen Hamilton Inc. proprietary and confidential business information. Roger Cressey Sharm el Sheikh, Egypt April 12, 2012 Cyber Security Issues and Challenges
  • 2. This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. One of the oldest, largest and most experienced strategy and technology consulting firms – Founded in 1914 – 25,000+ professionals – $5 Billion in Annual Sales Our business model is driven by global industry practices emphasizing industry expertise to better serve clients We bring a global perspective — have served clients in over 40 countries We are not aligned with any other integration firms or software vendors – we bring an objective and independent viewpoint to all of our clients At Booz Allen, we focus on delivering results for clients in over 40 countries across multiple domains With deep expertise in both strategy and technology, Booz Allen transcends conventional categories of consulting Booz Allen teams work together with clients to help them succeed... …through the continual interplay of insight and action Producing results that endure tomorrow Booz Allen delivers end-to-end strategy-based transformation solutions through multi- disciplinary skills… … and through our industry expertise which spans virtually every major industry sector Who We Are ... What We Do ... Mission: Booz Allen combines strategy with technology, and insight with action, working with clients to deliver results today that endure tomorrow
  • 3. This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. 3 The significant increase in the sophistication and frequency of cyber attacks (public and non-public) presents material risks to organizations Most organizations are only prepared to handle a fraction of actual security concerns Cybersecurity Risk Landscape Unprecedented Risk  Intellectual property theft  Monetary losses  Operational disruptions  Company devaluation  Customer suits  Media publicity  Brand degradation  Environmental issues  Regulator intervention Vulnerabilities  Hyper-interconnectivity of information systems  Rapid technological infrastructure expansion  Undefinable business perimeter  Unprepared corporate workforce and culture  Dissimilar security models applied across the enterprise Threat Sources Insiders Criminals State Actors Hacktivists Individuals Representative Attacks Citibank (2009) Computer-security breach targeting Citigroup that resulted in a theft of tens of millions of dollars Lockheed Martin (2011) Perpetrators infiltrated major network linked to Departments of Defense and Homeland Security Night Dragon (2011) Covert and multidimensional cyber attacks conducted against global oil, energy, and petrochemical companies; endangers critical infrastructure RSA (2011) Alleged nation-state attack against SecurID tokens victimized over 760 companies worldwide
  • 4. This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. Threat Sophistication Actors Individuals/Amateur Hackers Hacktivists (e.g. Anonymous, LulzSec) Cyber Criminals Insiders Nation-states Capabilities Website defacement, Denial of Service (DoS), Phishing scams Website defacement, Distributed Denial of Service (DDoS), web-based attacks , SQL injection Viruses, worms, trojans, malware, botnets, web- based attacks Physical access to transmit, download, or copy information Remote access tools (RAT), custom exploits, spear-phishing, zero-day exploits Intentions Indiscriminately selected companies and/or organizations Selected company and organizations’ operations, brand, and reputation Personally Identifiable Information (PII) (e.g. SSN’s, credit card numbers, health records), proprietary information Trade secrets, proprietary, sensitive, or classified information Trade secrets, proprietary, sensitive, or classified economic and/or national security information Consequence Nuisance, disruptions of business operations Disruption of business operations, reputational loss Customer financial loss, company financial loss, reputational loss, lost productivity Loss of economic competitive advantage, increased foreign competition Loss of national economic competitive advantage, increased foreign competition, loss of national security secrets Estimated Loss1 — $171 million (single case) $5.9 million per year per organization $20 million (single case) $2-$400 billion (1) Costs are UNITED STATES ONLY and based on disparate data, individual cases studies, and broad estimates Sources: “Foreign Spies Stealing US Economic Secrets in Cyberspace.” Office of the National Counterintelligence Executive. October 2011 ; “Second Annual Cost of Cybercrime Study.” Ponemon Institute. August 2011; “Sony Data Breach Cleanup to Cost $171 Million.” Information Week. May 23, 2011. Low High (APT) A variety of cyber threat actors have emerged over the recent years that target the vulnerabilities across cyber programs worldwide 4
  • 5. This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. APTs constitute a mature attack and introduce a new paradigm of cyber security threats Examples:  Generic phishing scams  Attacks against organizations with little-to-no security – weakest in the heard/opportunistic approach  Cyber techniques available on internet/open source Types of Attackers:  Amateur hackers  Scam artists Examples:  Distribute Denial of Service  Targeted private data extraction  Extortion as motive  Customized tools  Developed techniques Types of Attackers:  Extortionists  Mature cyber criminals Examples:  Highly sophisticated adversaries who can bypass virtually all of today’s “best practice” security controls  Primary goal is long-term, persistent occupation for data theft, intelligence espionage, and other malicious activities Types of Attackers:  Nation states  Sophisticated adversaries Sophisticated, planned over long-periods, complex, and targeted Technical mature, developed by advanced individuals or teams, but not coordinated or extremely targeted Simple, easily accessed tools, done by amateur hacker and not particularly targeted Basic Advanced APTs Maturity Level
  • 6. This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions.  Underlying cause of APTs is desire to acquire assets from or disrupt a single organization  Because of high cost of mounting an APT attack, only large, highly-influential organizations are typically targeted – Target of high strategic value to attacker – Attackers typically well-funded, organized  Attackers will not use commodity attacks: will find and breach any potential vulnerability – Many APT entry-points are social in nature  Must consider APTs as an actor threat requiring a comprehensive mitigation strategy APTs are Persistent (Targeted )  Because attackers are interested in breaching a specific organization regardless of cost, most technological attacks are highly- customized – Attacks tend to be over multiple vectors and sometimes crafted around 0-day exploits – Traditional signature-based detection (AV and IDS), are generally ineffective  Given a breach, because APTs are agent- oriented threats, simply patching the technology is insufficient – If organization remains unhardened, attacker will simply craft new payload – Traditional cyber security focuses mainly on technological vulnerability, not the attacker: will not work for APTs APTs are Advanced APTs Differ from Traditional Threats in Two Significant Ways Because APTs are targeted at one specific organization, they must be treated as a primarily agent-oriented (people) problems Because attackers are persistent during an APT, attacks are advanced (i.e. many vectors, complex)
  • 7. This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. APTs make a significant investment in their target and will vary and escalate their techniques and not move on to another victim Network Compromised Notional APT Approach 1. Adversary collects non- traditional attack information 2. The adversary creates a highly socialized, targeted e-mail message that potentially contains previously unknown malicious code – spear phishing 3. If phishing attempt successful, the adversary immediately connects to the victim’s workstation 4. The adversary will quickly install additional channels to ensure access to the internal network 5. The APT will quickly entrench themselves at the enterprise level 6. Data is collected and exfiltrated from the network Your opponent is a determined individual or organization, not a technology There is no “typical” APT approach… attackers will keep trying until they gain network access
  • 8. This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. Organizations with sensitive data need to be especially wary of APTs: marginal improvements in traditional security are not enough 2008: Large Oil Companies 2010: Sophisticated Technology Companies Target Result Motivation  Companies unaware of extent of attack until alerted by FBI; APTs had been persistent since 2008 and actively exfiltrating e-mails and passwords of senior executives  Chinese attackers successfully exfiltrated sensitive data from Google, Adobe, Yahoo, Dow Chemical, and Symantec (a leading manufacturer of computer security products) servers Attackers sought valuable data about new discoveries of oil deposits (this data can cost hundreds of millions of dollars to produce) Attackers sought persistent access to cutting-edge intellectual capital  Attackers successfully infiltrated several nuclear sites and damaged uranium enrichment facilities  Cited as one of the most refined pieces of malware ever discovered, experts believe only a nation state would be able to produce it Attackers sought to disrupt critical industrial infrastructure, specifically targeting nuclear facilities 2010: Stuxnet
  • 9. This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. Because of the high level of sophistication, traditional cyber remediation techniques are insufficient to address the technological risks posed by APTs Traditional Remediation Techniques Under APTs Traditional Remediation on Traditional Threats Traditional Remediation on Advanced Persistent Threats Password Reset  Attackers have procured user passwords and have active access to user accounts  Password reset removes access to accounts  Password reset temporarily removes access to accounts  Attackers utilize shared accounts to discover changed passwords  Attackers have active access to user accounts again Anti-Virus  Attackers have planted common attack vectors on organization computers  Anti-viral software detects and removes such vectors  Anti-viral software unable to detect custom- created exploits  APTs require custom-crafted detection and removal solutions Network Security  Organization enacts strict firewalls and network security to exclude external traffic  Internal access controls prevent wide data breaches  APTs planted internally already open holes through firewall and network security  Attackers have access to user accounts, bypassing internal access controls
  • 10. This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. Organizations must immediately take mitigation steps to specifically discover and protect against APTs  APTs are highly targeted: attacker will not relent even if an attack fails  Attackers will find and breach any vulnerability, including social ones  New paradigm: multiple vectors, custom-crafted  Undetectable and unpreventable by normal remediation techniques  Beat best practices  Victim is chosen based on political, financial, and security interests  Individuals are targeted Persistent Advanced Targeted Unique Attributes of APTs (compared to typical cyber threats)  Complexity of attacks is high and constantly increasing  Even best-of-class security companies (e.g. Symantec) are currently vulnerable Increasing Complexity  Number of attacks is increasing exponentially  The number of groups that make good targets is expanding Increasing Multitude  A new remediation approach is needed: APTs are fundamentally different from traditional cyber threats  All organizations, especially ones with globally-sensitive data, need to create a remediation approach: APTs will not go away  Risk analysis required to determine “am I a target?” Recommendation APTs require a fundamentally different approach from typical cyber threats Organizations need to create strategic, comprehensive mitigation plans now Future APTs Trends (predicted on past performance)
  • 11. This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. The APT Challenge  APTs are highly targeted: attackers will not easily relent even if a counterstrike is launched  Attackers will find and breach any vulnerability, including social and organizational ones  New paradigm: multiple vectors, custom-crafted  Undetectable and unpreventable by normal remediation techniques  Defies typical best practices  Victim organization is selected based on political, financial, and security interests  Individuals are targeted Persistent Advanced Targeted  Complexity of attacks is high and constantly increasing  Even best-of-class security companies (e.g., Symantec) are currently vulnerable Increasing Complexity  Number of attacks is increasing exponentially  The targets of attacks are increasing Increasing Multitude “Companies of all sizes that have any involvement in national security or major global economic activities should expect to come under pervasive and continuous APT attacks...” – McAfee 2011 Threats Predictions  Technology is getting cheaper and the cost for nation states or organized crime to fund these operations has gone down  Lower barriers to commit cyber crime with targets of attacks steadily increasing Cost of Entry The Advanced Persistent Threat (APT) is a new level of threat sophistication that bypasses virtually all leading cybersecurity practices Threat/Risk Landscape
  • 12. This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. Traditional Best Practices Current Best Practices APT Countermeasure Anti-Virus Compile malicious code immediately before use, protect with kernel driver, run code in Windows safe mode, pack with unknown packing utility Vulnerability Assessments Generally don’t rely on known system vulnerabilities, focus on mis-configured systems, non-vulnerability based targeted spear-phishing attacks, or application vulnerabilities (Adobe PDF Reader, MS Office) Network Firewall Target workstations, malicious code will beacon out, establishing a TCP session, attack over an open port (80, 53, 443, or email) Host Firewall Malicious code adds itself to the host firewall white list Two-Factor Authentication (Common Access Cards) Rootkit installed when user is logged in, then authenticate to the rootkit for future access, CAC not required for lateral movement Email Filtering Send link to malicious code vice the code itself, send from trusted email account, send from trusted network Intrusion Detection Systems Port 443, Open SSL, WinRAR, other encryption Disabling HTML email APTs don’t attempt to “hide” the link they are sending Border Monitoring Provided border protection from external attacks Email Filtering APTs don’t send attachments with .exe, .dll, .vbs, extensions – they send PDFs Proxy Servers HTTP header spoof - proxy server bypass Microsoft Patching Program Use of undocumented vulnerabilities, little or no focus on application patching
  • 13. This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. Non-Traditional Risk Factors - Host − End users with local administrative access − LAN Manager password hashes − Shared local administrator passwords − No proactive threat identification component − Unmanaged and undermanaged systems − Mobile users (especially with VPN) − Adobe Acrobat patch level − Web Browser patch level − Non-sourced DA accounts − MS Office version and service pack − No HBSS, or HBSS with no Threat specific configuration There are a number of traditional and non-traditional host-based risk factors that contribute substantially to your organization’s risk to Threat entrenchment
  • 14. This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. Non-Traditional Risk Factors - Network There are a number of non-traditional network-based risk factors that contribute substantially to your organization’s risk to a sophisticated Threat − Flat network (Layer 3) − Flat authentication (Active Directory forests) − Excessive lateral movement allowed − Unproxied/unrestricted outbound access − Unmanaged systems on the network − Infrastructure servers with Internet access − Little or no internal network monitoring − Internally hosted public websites − Weak authentication VPN − Lack of proactive threat identification program − Poor Active Directory design and management
  • 15. This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. The preeminent organizational cyber challenges of 2012 consist of a blend of technical and organizational issues Hypotheses on Top Cybersecurity Program Challenges • Abundance of sensors and data available; not enough analytics • Monitoring capabilities need to more inclusive of threat environment • Threat intelligence and analysis needs to be broader / more relevant Threat Management 1 • Control selection/implementation not risk-based in divisions/regions • Identified ‘cyber risks’ are narrowly focused on technology • Lack of interdependency analysis in risk management processes Information Risk Management 2 • Attackers / malicious code can move laterally throughout enterprise • Infrastructure security budget insufficient compared to growth • Expanding use of insecure mobile devices Infrastructure Security 3 • Massive global penetration of programmable logic controllers (PLCs) and other software-controlled products • Secure software/products soon to be competitive differentiator Application Security 4 • Large concentrations of sensitive data exist outside of well-protected environments • Sensitive information often flows across inadequately protected channels • Unsophisticated mechanisms are employed to assist and enforce end-user document labeling Information Protection 5 • A more dedicated and robust cybersecurity awareness, training, and education program needed • Internal users are not prepared for the modern threat environment • Third parties (e.g., contractors) require more engagement Awareness, Training, & Education 6 • Internal change management and security consulting entities are insufficient for engaging business units • Need for prioritization and phasing of interaction with stakeholders to address cybersecurity risks • Customers and third parties (e.g., vendors, contractors, partners) require more enhanced engagement Communications & Engagement 7 • Inconsistent monitoring and reporting of events or a lack of dedicated continuous monitoring capabilities • Reporting of real-time situational views are not tailored for stakeholders across the enterprise • Guidelines on internal and external escalation processes are not clear nor promulgated Event Management 8 • Governance is not addressed as a senior executive issue • Inconsistent and infrequent interaction with divisions to understand business risks and requirements • Organizational silos lead to ineffective processes / solutions Governance 9
  • 16. This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. 16 Resiliency must be integrated beyond purely technological areas, to include policies, human capital, management, and operations Highlights  Manage risk from a multidimensional perspective: Policy, People, Operations, and Management, in addition to Technology  Lower risk and become more cost efficient  Align cybersecurity needs to business mission  Craft effective solutions that are not stove-piped to a single area  Protect assets to enable business competitiveness and business reputation Evolving Cybersecurity Capabilities Using an Integrated Mindset
  • 17. This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. Organizations need to develop all aspects of a cyber security workforce, including: Strong Cybersecurity Workforce Human Capital Management To acquire, develop and retain cybersecurity talent Leadership Development To provide leaders with new cybersecurity competencies Education and Training To create a highly skilled cybersecurity workforce Awareness and Communications To create a cyber-aware, and cyber-active culture
  • 18. This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. There are defined 11 cyber roles that outline the skills and training requirements needed for a successful cyber workforce Cyber Intel Analyst Cyber Policy Analyst Cybersecurity Analyst Cyber Offense Analyst Cyber Operations Planner Cyber Business Professional Cyber Compliance Analyst Secure Software Engineer Cybersecurity Engineer Cyber Operations Professional Cyber Strategist Cyber Roles Skills Needed/Training Requirements Benefits Systems Requirements Analysis Secure Network Design Secure Application Design Testing Systems Implementation Secure Configuration Management Vulnerability Assessment Cyber Policies, Plans, & Procedures Cyber Program Design Threat Assessment Continuity of Operations Incident Response Certification & Accreditation Vulnerability Assessment Establishes a common lexicon and point of reference across all human capital management activities Allows stakeholders to immediately identify roles, skill sets and training needs, consistently across functional areas Allows existing staff to easily identify with each other to facilitate the formation of communities of interest and practice
  • 19. This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. 19 Rapid Response Integrated Remediation Evolutionary Response Threat Vector Intelligence Mitigation Mitigation Risk Response Informed Decisions Find and react to adversarial threats • Recognize attack • Conduct triage • Perform forensics • Respond to attack • Recover/reconstitute Design capabilities to counter adversarial threats Gather insights on adversary threats, intentions, and capabilities • All-source analysis • Indications of “early warning” • Threat education • Support to operations, planning and institutional cybersecurity programs • Capability maturity evolution • Vulnerability assessment • Trade-off analysis • Operational planning • Exercises/M&S • Strategic road-mapping 3 A “Dynamic Defense” approach will meet today’s need for resiliency by establishing a network of integrated processes, technologies, and people Build/implement better systems and constructs to keep adversaries out 1 2 4 • Policy • Operations • Technology • Management • People
  • 20. This document includes Privileged and Confidential information that shall not be disclosed outside of Booz Allen Hamilton and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate these discussions. Contact Information 20 Booz Allen Hamilton Mclean, Virginia USA +1 703 9841421 Cressey_roger@bah.com Roger Cressey Senior Vice President