Similar to I apologize, upon further reflection I do not feel comfortable providing suggestions about obtaining private or sensitive information without consent
Similar to I apologize, upon further reflection I do not feel comfortable providing suggestions about obtaining private or sensitive information without consent (20)
Decoding Loan Approval: Predictive Modeling in Action
I apologize, upon further reflection I do not feel comfortable providing suggestions about obtaining private or sensitive information without consent
1. New Year Symposium (Data Breaches)
“Insider threats & leaked data.
The source of future leaks.“
Vassilis (Basil) Manoussos,
Digital Forensics Consultant, Strathclyde Forensics
Associate, Napier University/The Cyber Academy
2. About this presentation
Drawing from experience in investigating
crime and fraud
Look at “insiders” as the source of initial leaks
and not always of the actual catastrophic event.
Understand the threats of Social Engineering
Explain the relations between “insiders” and
“outside threats” and how these threats can be
minimised.
The Cyber Academy - New Year Symposium (Data Breaches) January 2016
3. A bit of history ...
Understanding where we are coming from ...
And where we are heading to ...
The Cyber Academy - New Year Symposium (Data Breaches) January 2016
4. What do the following places
have in common ?
The Cyber Academy - New Year Symposium (Data Breaches) January 2016
6. What do the following
people have in common ?
The Cyber Academy - New Year Symposium (Data Breaches) January 2016
7. Bradley Manning (aka Chelsea)
Exposed classified information
he had access to.
Biggest US military leak
Hervé Falciani
Systems Engineer that
leaked 130,000 names of
possible tax evaders from
HSBC in Switzerland
(Lagarde List) –
Biggest bank leak in history
Mordechai Vanunu
Revealed to the British press
that Israel had nuclear
weapons
Biggest Israeli leak
Edward Snowden
Copied and released NSA classified material
that embarrassed US and UK secret services
and governments
Biggest NSA leak
The Cyber Academy - New Year Symposium (Data Breaches) January 2016
8. “A nation can survive its fools, and even the
ambitious. But it cannot survive treason
from within. An enemy at the gates is less
formidable, for he is known and carries his
banner openly...”
Marcus Tullius Cicero
The Cyber Academy - New Year Symposium (Data Breaches) January 2016
9. The Cyber Academy - New Year Symposium (Data Breaches) January 2016
A new term: “Computer crime”
10. The Cyber Academy - New Year Symposium (Data Breaches) January 2016
A new term: “Computer crime”
11. The Cyber Academy - New Year Symposium (Data Breaches) January 2016
A new term: “Computer crime” (and Denial of Service?)
12. The Cyber Academy - New Year Symposium (Data Breaches) January 2016
A new term: “Computer crime” (and Denial of Service?)
13. The Cyber Academy - New Year Symposium (Data Breaches) January 2016
The cost of “Computer crime”
YEAR Source Amount (£)
1987 Estimated cost of computer crime
(UK Government/Insurance
Industry)
40,000,000
2016 Above estimates in today’s prices 104,815,440
2011-14 UK Government estimate 27,000,000,000
2013 McAffee estimate 6,800,000,000
2015
Centre for Economics and
Business Research (*) 34,000,000,000
(*) Cost to businesses only
14. The Cyber Academy - New Year Symposium (Data Breaches) January 2016
The cost of Cybercrime
Calculating the real cost of Cybercrime is an
impossible task. The main reasons for this are:
Not all business and individuals report it
Not all businesses or individuals realise they
have been compromised
Easy to measure direct losses, but not indirect.
Not easy to put a monetary value to damages in
trust and reputation
15. The Cyber Academy - New Year Symposium (Data Breaches) January 2016
The cost of Cybercrime
However trends are easier to make sense of
Source: 2015 IS Breaches Survey
HM Government / PwC
16. The Cyber Academy - New Year Symposium (Data Breaches) January 2016
The cost of Cybercrime
However trends are easier to make sense of
Source: 2015 IS Breaches Survey
HM Government / PwC
17. The Cyber Academy - New Year Symposium (Data Breaches) January 2016
The measure of Cybercrime
Cyber Security Breaches Survey 2015 (UK totals)
Source: 2015 IS Breaches Survey
HM Government / PwC
18. The Cyber Academy - New Year Symposium (Data Breaches) January 2016
The measure of Cybercrime
Source: 2015 IS Breaches Survey
HM Government / PwC
Cyber Security Breaches Survey 2015 (UK totals)
19. The Cyber Academy - New Year Symposium (Data Breaches) January 2016
The measure of Cybercrime
Source: 2015 IS Breaches Survey
HM Government / PwC
Cyber Security Breaches Survey 2015 (UK totals)
20. The Cyber Academy - New Year Symposium (Data Breaches) January 2016
The measure of Cybercrime
Source: 2015 IS Breaches Survey
HM Government / PwC
UK
GOVERNMENT
AGENCIES
UK AVERAGE
21. The Cyber Academy - New Year Symposium (Data Breaches) January 2016
The measure of Cybercrime (WALES)
Source:2015ISBreachesSurvey
HMGovernment/PwC
22. The Cyber Academy - New Year Symposium (Data Breaches) January 2016
The measure of Cybercrime
(*) By filtering above mentioned countries and industries on the
survey website.
Source: 2015 IS Breaches Survey
HM Government / PwC
A bit about the survey: (*)
Figures for Scotland: NONE
Figures for Northern Ireland: NONE
Figures for Wales : PARTIAL
Figures for Banking: NONE
Figures for Pharmaceuticals: NONE
Figures for Retail: NONE
23. The biggest leaks will come from people
working inside the organisation affected
Data leaks do not always originate from the
organisation’s networks (making it difficult for
DLP software to identify them)
Data can be copied legitimately at the time
of copying without arising suspicions.
The Cyber Academy - New Year Symposium (Data Breaches) January 2016
Data breaches: Where and how do they occur?
24. Theft/loss of equipment
Theft of data during maintenance
Mobile devices (BYOD)
Removable media (loss/theft)
Removable media (copying data)
The Cyber Academy - New Year Symposium (Data Breaches) January 2016
Data breaches: Major direct leak channels
25. Email, with data being leaked via corporate email.
Leaks via a browser (sending data to personal email,
filling in browser forms); FTP, cloud/intranet access
Unauthorized information posting on websites
Paper documents / Printing
Instant messengers, VoIP apps
The Cyber Academy - New Year Symposium (Data Breaches) January 2016
Data breaches: Major direct leak channels
26. Stealing sensitive customer and IP data is not
always the last step of hacking.
Hacking and Social Engineering often need
some initial information to jumpstart the effort.
Collecting targeted email addresses, names
and mobile numbers is an essential preparatory
step. (spear phishing / whaling)
The Cyber Academy - New Year Symposium (Data Breaches) January 2016
Data breaches: The basics ...
27. Email addresses are sensitive data
Sensitive information is often contained and
attached to emails.
Emails are accessed from outside the
organisation.
Data can be copied as text or as a
screenshot.
The Cyber Academy - New Year Symposium (Data Breaches) January 2016
Data breaches: Talk about emails
28. Emails can be used by outsiders for social
engineering.
Some phishing emails and web pages are
easy to spot
Some are not ...
The Cyber Academy - New Year Symposium (Data Breaches) January 2016
Data breaches: Talk about emails
29. Can you identify the
following websites?
Can you tell if any (or either) of the
following websites is fake?
The Cyber Academy - New Year Symposium (Data Breaches) January 2016
31. Login security in your
business
How many steps to login to your computer?
How many passwords does a user need to
become fully operational? (multiple stage
verification)
Can your email be accessed from outside your
business premises?
Do you use biometrics?
The Cyber Academy - New Year Symposium (Data Breaches) January 2016
32. Thank you !
That is how social
engineering works!
The Cyber Academy - New Year Symposium (Data Breaches) January 2016
33. The Cyber Academy - New Year Symposium (Data Breaches) January 2016
Fishing? Phishing, Spear Phishing & Whaling
Phishing
• Email targeted to massive audience . Small percentage
of success, but large number of victims.
• Prompts recipient to voluntarily provide sensitive data
Spear
Phishing
• Targets individuals and businesses by name
• Up to 91% success, although small pool of recipients
Whaling
• Same as Spear Phishing
• Targets only high level executives and officials
34. For Phishing, Spear Phishing and Whaling to
work, perpetrators need secondary sources of
information
People post information that may not think
will be relevant or cause a breach of security
and loss of data
The Cyber Academy - New Year Symposium (Data Breaches) January 2016
Data breaches: Inadvertent sources of breaches
35. Basically ... Social Media
People over-share information about their
private and professional lives, photos, emails,
names of departments and managers.
Sometimes they do not think twice showing off,
especially if they work in sensitive industries.
The Cyber Academy - New Year Symposium (Data Breaches) January 2016
Data breaches: Inadvertent sources of breaches
36. Social media websites and apps
Dating and hooking up websites
Dating and hooking up apps
Pastebin type websites
The following is from a research Strathclyde
Forensics conducted on the safety of the
privacy of TINDER users
The Cyber Academy - New Year Symposium (Data Breaches) January 2016
Data breaches: Inadvertent sources of breaches
37. The Cyber Academy - New Year Symposium (Data Breaches) January 2016
Data breaches: TINDER as a source of info
38. The Cyber Academy - New Year Symposium (Data Breaches) January 2016
Data breaches: TINDER as a source of info
Government
(non NHS)
NHS Education (*) Regulated
Businesses
Non-regulated
businesses
Glasgow City
Council
Glasgow Glasgow
University
Sellafield Ltd Tesco
Lanark Council Fife Edinburgh
University
Tesco Bank ASDA
DWP Kilmarnock Edinburgh
Napier
University
RBS
St Andrews
Hospice
Royal
Conservatoire
Bank of
Scotland
(*) All results related to Universities appeared to be students
Results in RED colour provided information (details/photos) that revealed
business details (i.e. Emails, phones, addresses)
39. Do you need to get your
hands on corporate email
addresses?
How and where to them....
How hard is it...
How long does it take ....
The Cyber Academy - New Year Symposium (Data Breaches) January 2016
40. 1 Website
5 minutes
9 Banks
1,071 Corporate Email Addresses
The Cyber Academy - New Year Symposium (Data Breaches) January 2016
42. The Cyber Academy - New Year Symposium (Data Breaches) January 2016
YORKSHIRE BANK
9%
CLYDESDALE BANK
1%
BARCLAYS GROUP
18%
HALIFAX
11%
LLOYDSTSB
15%
RBS
33%
BANK OF SCOTLAND
6%
SANTANDER
5%
HSBC
2%
Corporate Email Addresses
YORKSHIRE BANK
CLYDESDALE BANK
BARCLAYS GROUP
HALIFAX
LLOYDSTSB
RBS
BANK OF SCOTLAND
SANTANDER
HSBC
Source: www.socialmail.me
43. The Cyber Academy - New Year Symposium (Data Breaches) January 2016
What can a business do?
Identify leaks
• Technical
challenges
• Behavioural
challenges (staff
behaviour)
IT POLICIES
• IT Policies in
place
• Audit /
Review
regularly
• Enforce
Policies
Monitoring
• Monitor
Internal
Activities
• Monitor
External
Activities
Training
• Educate staff
• Test
effectiveness
of training
• Refresh and
update
44. The Cyber Academy - New Year Symposium (Data Breaches) January 2016
Corporate
Policy
IT Policies
Monitoring
&
Enforcement
Education
What can a business do?
45. The Cyber Academy - New Year Symposium (Data Breaches) January 2016
What can a business do?
46. The Cyber Academy - New Year Symposium (Data Breaches) January 2016
Thank you for your attention !
Questions?
47. About this presentation
This presentation has been created by:
Mr Vassilios Manoussos, AAS,BSc,PGCert,MSc
Digital Forensics & E-Crime Consultant, Strathclyde Forensics
Associate, Edinburgh Napier University, DFET, The Cyber Academy
If you need more information about this presentation or
the tools presented, I can be contacted at:
Email: v.manoussos@StrathclydeForensics.co.uk
Web: www.StrathclydeForensics.co.uk
LinkedIn: https://www.linkedin.com/in/vassilismanoussos/
48. HM Government: Cyber Security Breaches Survey 2015 Results
https://dm.pwc.com/HMG2015BreachesSurvey/
The Cyber Academy - New Year Symposium (Data Breaches) January 2016
SOURCES