AH
Uploaded byAdam Heller
PDF, PPTX479 views

Fall2015SecurityShow

This document provides a summary of a presentation on cybersecurity evolution and awareness. It discusses emerging technology trends like the internet of things, big data, and predictive analytics. It also covers social media risks and security services to reduce risk through a five step approach of identifying, protecting, detecting, responding to, and recovering from cyber attacks. The presentation aims to prepare organizations for future cybersecurity challenges through education and implementing best practices.

Embed presentation

Download as PDF, PPTX
CYBERSECURITY EVOLUTION & AWARENESS – PREPARING TODAY FOR TOMORROWS ATTACK Adam Heller – Solutions Consultant – WRK Systems Inc.
REAL WORLD EXAMPLE
• Technology Trends • Still Talking about Social Media…………. Why? • Risk & Awareness • Security Services – 5 steps to Reduce Risk TOPICS Intro - Topics
WHERE ARE WE HEADED • It is estimated that 90 % of the worlds data has been created in the last two years (starting point January 2013) • IOT (Internet of Things) – (Medical / Lab Refrigerator) new end point to protect • Big Data – Predictive Analysis – mining data based on key algorithm factors (step a + step b + step c = potential customer) • Scalable predictive computing – from 7:42AM till 6:03PM spin up x amount of servers Source: http://e27.co/worlds-data-volume-to-grow-40-per-year-50-times-by-2020-aureus-20150115-2/ Technology Trends
SO WHAT?!?! • Snapshot for Driving?? • Snapshot for Healthcare Insurance? IOT – wearables- habits – Dr. can check your progress By 2017, more than 20% of customer-facing analytic deployments will provide product tracking information leveraging the IoT. Fueled by the Nexus of Forces (mobile, social, cloud and information), customers now demand a lot more information from their vendors. The rapid dissemination of the IoT will create a new style of customer-facing analytics — product tracking — where increasingly less expensive sensors will be embedded into all types of products. These sensors not only provide geospatial information (where the product is right now) but also performance information (how well the product is functioning). My new SUV is en route and currently in Arizona, or my new SUV is ready for its first oil change. This creates an opportunity to improve transparency and strengthen customer and partner relationships. It can become a key differentiator and a key part of your business model. Access the Global Pool of Information The ability to transform the business to compete in an emerging digital economy will be contingent on the organization’s ability to curate, manage and leverage big data, IoT content, social media, local and federal government data, data from partners, suppliers and customers, and other exogenous data sources that are materializing.Source: http://www.forbes.com/sites/gartnergroup/2015/02/12/gartner-predicts-three-big-data-trends-for-business- intelligence/2/ Technology Trends
Technology Trends
IOT REAL WORLD EXAMPLE • Used 0 Day Threat to exploit Car Software • Cut engine power using diagnostic software • View current GPS Data as well as old Data Points • Smart Home Take Over – new opportunity • Smart Insulin Pumps / Pacemakers – new opportunity • Source: http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ • Source: http://www.wired.com/2015/11/medical-devices-that-are-vulnerable- to-life-threatening-hacks/#slide-1 I WAS DRIVING 70 mph on the edge of downtown St. Louis when the exploit began to take hold. Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in- seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass. The result of their work was a hacking technique—what the security industry calls a zero-day exploit—that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles. Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country. To better simulate the experience of driving a vehicle while it’s being hijacked by an invisible, virtual force, Miller and Valasek refused to tell me ahead of time what kinds of attacks they planned to launch from Miller’s laptop in his house 10 miles west. Instead, they merely assured me that they wouldn’t do anything life-threatening. Then they told me to drive the Jeep onto the highway. “Remember, Andy,” Miller had said through my iPhone’s speaker just before I pulled onto the Interstate 64 on-ramp, “no matter what happens, don’t panic.”1 Technology Trends
STILL…… TALKING SOCIAL MEDIA Still…..Talking Social Media
TOP 5 BUSINESS IMPACTS OF SOCIAL MEDIA • 1) Reaching Different Generational Demographics Early and Often • 2) Market and Upsell Services and Products • 3) Community Outreach and Recognition • 4)Drive Organic Growth • 5) Customer Service Outlet and Business Branding Opportunity (pros & cons) Still…..Talking Social Media
STILL TALKING SECURITY RIGHT? • Ad Injection Economy • Securing your Unique Identifiers • Daisy chaining accounts • Targeting your Ads – Hackers • Dual Factor Authentication Source: https://googleonlinesecurity.blogspot.com/2015/05/new-research-ad-injection-economy.html http://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/ Setup ad to appear when google search = “virus removal” “anti-virus software” and or “IT help” Crypto-Wall Still…..Talking Social Media
REAL WORLD EXAMPLE • How Apple and Amazon Security Flaws Led to My Epic Hack • By Mat Honan – Wired.com • But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices. • In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened, because their ultimate goal was always to take over my Twitter account and wreak havoc. Still…..Talking Social Media
RISK & AWARENESS • What is Cybersecurity? • What are ISAC Groups ? Information Sharing and Analysis Center • The two targeted industries with the highest risk? 1) ______________ 2)________________ Risk & Awareness – Education & Risk Awareness Resources
CYBERSECURITY • Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In a computing context, the term security implies cybersecurity. • According to a December 2010 analysis of U.S. spending plans, the federal government has allotted over $13 billion annually to cybersecurity over the next five years. Source: http://whatis.techtarget.com/definition/cybersecurity Risk & Awareness – Education & Risk Awareness Resources
ISAC GROUPS Real estate – Higher Education – State Sharing – water – electricity – oil & natural gas – Retail - more…. Risk & Awareness – Education & Risk Awareness Resources
FS-ISAC & FFIEC • Federal Financial Institutions Examination Council (FFIEC) • FFIEC Self assessment tool released to educate financial institutions of cybersecurity risks • Voluntary Mandatory Cooperation • Financial Services Information Sharing and Analysis Center (FS-ISAC) Awareness • Information shared based on critical security threats and industry best practices Source: http://www.fsisac.com/about https://www.ffiec.gov/about.htm Risk Awareness Risk & Awareness – Education & Risk Awareness Resources
PREPARING TODAY FOR TOMORROWS ATTACK? • What solutions are there to help mitigate risk? • How do I know if my organization is prepared? • Identify – Protect – Detect – Respond – Recover Security Services – 5 steps to reduce Risk • Source: Excerpt from CSBS Cyber Security 101 “A resource guide for Bank Executives”
1) IDENTIFY • Study industry best practices • Join ISAC Group or related peer sharing group related to cybersecurity • Someone from inside the organization should fill out assessment tools if available and reach out to appropriate 3rd party for answers they are unsure of. • Findings should be shared with IT committee / Board of directors • Examine what is critical data and where it resides and understand security around data • Request vendor packets from all 3rd party vendors hosting or with access to critical data • Make sure their security meets or exceeds the standard you are required to implement Security Services – 5 steps to reduce Risk
• Source: Excerpt from FFIEC Self Assessment Tool Security Services – 5 steps to reduce Risk
STILL WITH ME?
1) I have educated myself and staff to the best of our ability and identified our critical data and possible threats against it. What’s Next? Security Services – 5 steps to reduce Risk
2) PROTECT • Layered Security / Network Hygiene • Layer 1 – Perimeter Security – Firewall, DLP, IDS/IPS, DMZ, Content Filtering……. • Layer 2 – End Point Security – Anti-Virus, Patch Management, Log Review Monitoring • Layer 3 – Policy Security – Permissions, GPO, Vulnerability Assessments, • Internal understanding of risk / regulations and impact to business and customers Source: Excerpt from FFIEC Self Assessment Tool Security Services – 5 steps to reduce Risk
WHAT WOULD THAT LOOK LIKE? Source: http://www.antiexecutable.com.au/LayeredSecurityDiagram.jpg http://www.northropgrumman.com/AboutUs/Contracts/ManagedServices/PublishingImages/Security_Services_lg.jpg Security Services – 5 steps to reduce Risk
1) I have educated myself and staff to the best of our ability and identified our critical data and possible threats against it. 2) I have implemented security solutions to protect our organization and we have a conceptual understanding of how they work. What’s Next? Security Services – 5 steps to reduce Risk
3) DETECT • Layered Security / Monitored Solutions • Review of Security Logs • 24X7 Firewall Monitoring • Log retention and reporting • Anomaly and pattern investigation • Automatization of reoccurring events • Real-time updates for security solutions • Understand 3rd party SLA’s and Response Times • Manage – Monitor – Maintain Source: http://ipfrontline.com/2015/09/dhs-st-announces-licensing-of-cyber-security-network-anomaly-detection-technology/ Security Services – 5 steps to reduce Risk
1) I have educated myself and staff to the best of our ability and identified our critical data and possible threats against it. 2) I have implemented security solutions to protect our organization and we have a conceptual understanding of how they work. 3) Solutions in place have been configured to detect system intrusions, data breaches and unauthorized access and notify the appropriate resources. What's next? Security Services – 5 steps to reduce Risk
4) RESPOND • Incident Response Plan • No two organizations incident response plans will be the same • They should have clear steps outlining each step and who is in charge of each step • Sample Steps • Employee Notices Network is slow and notifies IT Personnel • IT Personnel • A) Examines source of issue – Log Review – Detection – Analysis • B) Notifies appropriate resource • C) Involved Parties delegate responsibilities for containment, eradication, and recovery • D) Post Incident report with plan to improve security if possible Security Services – 5 steps to reduce Risk
1) I have educated myself and staff to the best of our ability and identified our critical data and possible threats against it. 2) I have implemented security solutions to protect our organization and we have a conceptual understanding of how they work. 3) Solutions in place have been configured to detect system intrusions, data breaches and unauthorized access and notify the appropriate resources. What's Next? 4) I have setup a response plan that outlines how we will respond if there is a cybersecurity incident. Bring it on! What’s next? Security Services – 5 steps to reduce Risk
5) RECOVER • Incident Response Plan / Change Controls • Prepare post-incident response report and activities • Outline in report how security solutions and or detection process will be improved • Improve response plan based upon success and failures of plan Security Services – 5 steps to reduce Risk
1) I have educated myself and staff to the best of our ability and identified our critical data and possible threats against it. 2) I have implemented security solutions to protect our organization and we have a conceptual understanding of how they work. 3) Solutions in place have been configured to detect system intrusions, data breaches and unauthorized access and notify the appropriate resources. What's Next? 4) I have setup a response plan that outlines how we will respond if there is a cybersecurity incident. Bring it on! 5) I know how we will recover from an incident and the process involved afterwards Security Services – 5 steps to reduce Risk
IMPROVE / NETWORK HYGIENE • High risk scenarios are discussed and even practiced. Steps 1-5 are tested. • Test breach / spearfish attack / social engineering attacks / data loss prevention test • Simple learning exercise – breach happened, activate incident response plan, when we were attacked, how do we know we were attacked, what data was targeted, how to stop breach, what did we learn • If you fall into the Baseline level try to make jump to evolving or intermediate Security Services – 5 steps to reduce Risk
REAL WORLD EXAMPLE
PARTNERS / SOLUTIONS / SERVICES WRK SYSTEMS • Thank You! • Q & A • Adam Heller – Solutions Consultant – WRK Systems • aheller@wrksystems.com – 800-888-2135 Ext 128 • www.wrksystems.com

More Related Content

PDF
Mobile malware and enterprise security v 1.2_0
byJavier Gonzalez
 
PDF
HE Mag_New Cyber Threats_ITSource
byBrian Arellanes
 
PDF
IBM 2015 Cyber Security Intelligence Index
byAndreanne Clarke
 
PDF
wp-us-cities-exposed
byNumaan Huq
 
PDF
Modern Adversaries (Amplify Partners)
byAndrew Manoske
 
PDF
Kaspersky: Global IT Security Risks
byConstantin Cocioaba
 
PDF
Why is cyber security a disruption in the digital economy
byMark Albala
 
PPTX
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
byRobert Craig
 
Mobile malware and enterprise security v 1.2_0
byJavier Gonzalez
 
HE Mag_New Cyber Threats_ITSource
byBrian Arellanes
 
IBM 2015 Cyber Security Intelligence Index
byAndreanne Clarke
 
wp-us-cities-exposed
byNumaan Huq
 
Modern Adversaries (Amplify Partners)
byAndrew Manoske
 
Kaspersky: Global IT Security Risks
byConstantin Cocioaba
 
Why is cyber security a disruption in the digital economy
byMark Albala
 
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
byRobert Craig
 

What's hot

PDF
2015 Global Threat Intelligence Report Executive Summary | NTT i3
byNTT Innovation Institute Inc.
 
PDF
IMC 618 - Public Relations Campaign
byStephanie Holman
 
PDF
Insecure magazine - 51
byFelipe Prado
 
PDF
A Joint Study by National University of Singapore and IDC
byMicrosoft Asia
 
DOCX
Target Data Breach Case Study 10242014
byJoseph White MPA CPM
 
PDF
Volume2 chapter1 security
byat MicroFocus Italy ❖✔
 
PPT
Merit Event - Closing the Back Door in Your Systems
bymeritnorthwest
 
PPTX
Data breach presentation
byBradford Bach
 
PDF
Cybersecurity and The Board
byPaul Melson
 
PPTX
Lessons v on fraud awareness (digital forensics) [autosaved]
byKolluru N Rao
 
PPTX
Data Security Breach: The Sony & Staples Story
byInternational Institute for Learning
 
PDF
Online Trust Alliance Recommendations
byMeg Weber
 
PPTX
Year of pawnage - Ian trump
byMAXfocus
 
PDF
Data Breach Guide 2013
by- Mark - Fullbright
 
PDF
How to safe your company from having a security breach
byBaltimax
 
PDF
Cyber security for ia and risk 150601
byGrant Barker
 
PDF
Who is the next target proactive approaches to data security
byUlf Mattsson
 
PDF
Julius Clark is Making Criminal Hackers Miserable
byJulius Clark, CISSP, CISA
 
PDF
Symantec Website Security Threat Report 2014 - RapidSSLOnline
byRapidSSLOnline.com
 
PDF
Symantec's Internet Security Threat Report for the Government Sector
bySymantec
 
2015 Global Threat Intelligence Report Executive Summary | NTT i3
byNTT Innovation Institute Inc.
 
IMC 618 - Public Relations Campaign
byStephanie Holman
 
Insecure magazine - 51
byFelipe Prado
 
A Joint Study by National University of Singapore and IDC
byMicrosoft Asia
 
Target Data Breach Case Study 10242014
byJoseph White MPA CPM
 
Volume2 chapter1 security
byat MicroFocus Italy ❖✔
 
Merit Event - Closing the Back Door in Your Systems
bymeritnorthwest
 
Data breach presentation
byBradford Bach
 
Cybersecurity and The Board
byPaul Melson
 
Lessons v on fraud awareness (digital forensics) [autosaved]
byKolluru N Rao
 
Data Security Breach: The Sony & Staples Story
byInternational Institute for Learning
 
Online Trust Alliance Recommendations
byMeg Weber
 
Year of pawnage - Ian trump
byMAXfocus
 
Data Breach Guide 2013
by- Mark - Fullbright
 
How to safe your company from having a security breach
byBaltimax
 
Cyber security for ia and risk 150601
byGrant Barker
 
Who is the next target proactive approaches to data security
byUlf Mattsson
 
Julius Clark is Making Criminal Hackers Miserable
byJulius Clark, CISSP, CISA
 
Symantec Website Security Threat Report 2014 - RapidSSLOnline
byRapidSSLOnline.com
 
Symantec's Internet Security Threat Report for the Government Sector
bySymantec
 

Viewers also liked

PPTX
Cyber security awareness
byRobin Rafique
 
PDF
Indonesia National Cyber Security Strategy
byICT Watch
 
PPTX
DDoS Mitigation - DefensePro - RADWARE
byDeivid Toledo
 
PDF
Cybersecurity Employee Training
byPaige Rasid
 
PPTX
Cyber crime and security
byEng. Shuaib ibrahim
 
PDF
7 Steps to Better Cybersecurity Hygiene
byMicrosoft
 
PDF
Introduction to Cyber Security
byQuick Heal Technologies Ltd.
 
PPTX
Cyber Security 101: Training, awareness, strategies for small to medium sized...
byStephen Cobb
 
PPTX
Cybercrime.ppt
byAeman Khan
 
PPTX
Cyber crime and security ppt
byLipsita Behera
 
Cyber security awareness
byRobin Rafique
 
Indonesia National Cyber Security Strategy
byICT Watch
 
DDoS Mitigation - DefensePro - RADWARE
byDeivid Toledo
 
Cybersecurity Employee Training
byPaige Rasid
 
Cyber crime and security
byEng. Shuaib ibrahim
 
7 Steps to Better Cybersecurity Hygiene
byMicrosoft
 
Introduction to Cyber Security
byQuick Heal Technologies Ltd.
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
byStephen Cobb
 
Cybercrime.ppt
byAeman Khan
 
Cyber crime and security ppt
byLipsita Behera
 

Similar to Fall2015SecurityShow

PDF
Get Ahead of Cyber Security by Tiffy Issac, Partner EY India
byRahul Neel Mani
 
PPTX
Jason Witty, SVP & CISO at US Bank - Next eneration information security meet...
byGlobal Business Events
 
PDF
2014 the future evolution of cybersecurity
byMatthew Rosenquist
 
PDF
Cyber Security in Manufacturing
byCentraComm
 
PPTX
CRI "Lessons From The Front Lines" March 26th Dublin
byOCTF Industry Engagement
 
PDF
Cybersecurity for Energy: Moving Beyond Compliance
byEnergySec
 
PPTX
The 2018 Threatscape
byPeter Wood
 
PDF
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
byMatthew Rosenquist
 
PPTX
ConnXus myCBC Webinar Series: Cybersecurity Risks to Your Business
byConnXus
 
PPTX
What is Information Security and why you should care ...
byJames Mulhern
 
PDF
2017 InfraGard Atlanta Conference - Matthew Rosenquist
byMatthew Rosenquist
 
PPSX
Cyber Attacks aren't going away - including Cyber Security in your risk strategy
byJames Mulhern
 
PPTX
Art Hathaway - Artificial Intelligence - Real Threat Prevention
bycentralohioissa
 
PDF
Cyber Security in a Fully Mobile World
byUniversity of Suffolk
 
PDF
Get Prepared
byHewlett Packard Enterprise Business Value Exchange
 
PPTX
SAM05_Barber PW (7-9-15)
byNorm Barber
 
PDF
4th Digital Finance Forum, Simon Brady
byStarttech Ventures
 
PDF
People the biggest cyber risk
byUniversity of Suffolk
 
PDF
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
byAT-NET Services, Inc. - Charleston Division
 
PPTX
Keynote at the Cyber Security Summit Prague 2015
byClaus Cramon Houmann
 
Get Ahead of Cyber Security by Tiffy Issac, Partner EY India
byRahul Neel Mani
 
Jason Witty, SVP & CISO at US Bank - Next eneration information security meet...
byGlobal Business Events
 
2014 the future evolution of cybersecurity
byMatthew Rosenquist
 
Cyber Security in Manufacturing
byCentraComm
 
CRI "Lessons From The Front Lines" March 26th Dublin
byOCTF Industry Engagement
 
Cybersecurity for Energy: Moving Beyond Compliance
byEnergySec
 
The 2018 Threatscape
byPeter Wood
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
byMatthew Rosenquist
 
ConnXus myCBC Webinar Series: Cybersecurity Risks to Your Business
byConnXus
 
What is Information Security and why you should care ...
byJames Mulhern
 
2017 InfraGard Atlanta Conference - Matthew Rosenquist
byMatthew Rosenquist
 
Cyber Attacks aren't going away - including Cyber Security in your risk strategy
byJames Mulhern
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
bycentralohioissa
 
Cyber Security in a Fully Mobile World
byUniversity of Suffolk
 
Get Prepared
byHewlett Packard Enterprise Business Value Exchange
 
SAM05_Barber PW (7-9-15)
byNorm Barber
 
4th Digital Finance Forum, Simon Brady
byStarttech Ventures
 
People the biggest cyber risk
byUniversity of Suffolk
 
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
byAT-NET Services, Inc. - Charleston Division
 
Keynote at the Cyber Security Summit Prague 2015
byClaus Cramon Houmann
 

Fall2015SecurityShow

  • 1.
    CYBERSECURITY EVOLUTION &AWARENESS – PREPARING TODAY FOR TOMORROWS ATTACK Adam Heller – Solutions Consultant – WRK Systems Inc.
  • 2.
  • 3.
    • Technology Trends •Still Talking about Social Media…………. Why? • Risk & Awareness • Security Services – 5 steps to Reduce Risk TOPICS Intro - Topics
  • 4.
    WHERE ARE WEHEADED • It is estimated that 90 % of the worlds data has been created in the last two years (starting point January 2013) • IOT (Internet of Things) – (Medical / Lab Refrigerator) new end point to protect • Big Data – Predictive Analysis – mining data based on key algorithm factors (step a + step b + step c = potential customer) • Scalable predictive computing – from 7:42AM till 6:03PM spin up x amount of servers Source: http://e27.co/worlds-data-volume-to-grow-40-per-year-50-times-by-2020-aureus-20150115-2/ Technology Trends
  • 5.
    SO WHAT?!?! • Snapshotfor Driving?? • Snapshot for Healthcare Insurance? IOT – wearables- habits – Dr. can check your progress By 2017, more than 20% of customer-facing analytic deployments will provide product tracking information leveraging the IoT. Fueled by the Nexus of Forces (mobile, social, cloud and information), customers now demand a lot more information from their vendors. The rapid dissemination of the IoT will create a new style of customer-facing analytics — product tracking — where increasingly less expensive sensors will be embedded into all types of products. These sensors not only provide geospatial information (where the product is right now) but also performance information (how well the product is functioning). My new SUV is en route and currently in Arizona, or my new SUV is ready for its first oil change. This creates an opportunity to improve transparency and strengthen customer and partner relationships. It can become a key differentiator and a key part of your business model. Access the Global Pool of Information The ability to transform the business to compete in an emerging digital economy will be contingent on the organization’s ability to curate, manage and leverage big data, IoT content, social media, local and federal government data, data from partners, suppliers and customers, and other exogenous data sources that are materializing.Source: http://www.forbes.com/sites/gartnergroup/2015/02/12/gartner-predicts-three-big-data-trends-for-business- intelligence/2/ Technology Trends
  • 6.
  • 7.
    IOT REAL WORLD EXAMPLE •Used 0 Day Threat to exploit Car Software • Cut engine power using diagnostic software • View current GPS Data as well as old Data Points • Smart Home Take Over – new opportunity • Smart Insulin Pumps / Pacemakers – new opportunity • Source: http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ • Source: http://www.wired.com/2015/11/medical-devices-that-are-vulnerable- to-life-threatening-hacks/#slide-1 I WAS DRIVING 70 mph on the edge of downtown St. Louis when the exploit began to take hold. Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in- seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass. The result of their work was a hacking technique—what the security industry calls a zero-day exploit—that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles. Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country. To better simulate the experience of driving a vehicle while it’s being hijacked by an invisible, virtual force, Miller and Valasek refused to tell me ahead of time what kinds of attacks they planned to launch from Miller’s laptop in his house 10 miles west. Instead, they merely assured me that they wouldn’t do anything life-threatening. Then they told me to drive the Jeep onto the highway. “Remember, Andy,” Miller had said through my iPhone’s speaker just before I pulled onto the Interstate 64 on-ramp, “no matter what happens, don’t panic.”1 Technology Trends
  • 8.
    STILL…… TALKING SOCIALMEDIA Still…..Talking Social Media
  • 9.
    TOP 5 BUSINESSIMPACTS OF SOCIAL MEDIA • 1) Reaching Different Generational Demographics Early and Often • 2) Market and Upsell Services and Products • 3) Community Outreach and Recognition • 4)Drive Organic Growth • 5) Customer Service Outlet and Business Branding Opportunity (pros & cons) Still…..Talking Social Media
  • 10.
    STILL TALKING SECURITY RIGHT? •Ad Injection Economy • Securing your Unique Identifiers • Daisy chaining accounts • Targeting your Ads – Hackers • Dual Factor Authentication Source: https://googleonlinesecurity.blogspot.com/2015/05/new-research-ad-injection-economy.html http://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/ Setup ad to appear when google search = “virus removal” “anti-virus software” and or “IT help” Crypto-Wall Still…..Talking Social Media
  • 11.
    REAL WORLD EXAMPLE •How Apple and Amazon Security Flaws Led to My Epic Hack • By Mat Honan – Wired.com • But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices. • In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened, because their ultimate goal was always to take over my Twitter account and wreak havoc. Still…..Talking Social Media
  • 12.
    RISK & AWARENESS •What is Cybersecurity? • What are ISAC Groups ? Information Sharing and Analysis Center • The two targeted industries with the highest risk? 1) ______________ 2)________________ Risk & Awareness – Education & Risk Awareness Resources
  • 13.
    CYBERSECURITY • Cybersecurity isthe body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In a computing context, the term security implies cybersecurity. • According to a December 2010 analysis of U.S. spending plans, the federal government has allotted over $13 billion annually to cybersecurity over the next five years. Source: http://whatis.techtarget.com/definition/cybersecurity Risk & Awareness – Education & Risk Awareness Resources
  • 14.
    ISAC GROUPS Real estate– Higher Education – State Sharing – water – electricity – oil & natural gas – Retail - more…. Risk & Awareness – Education & Risk Awareness Resources
  • 15.
    FS-ISAC & FFIEC •Federal Financial Institutions Examination Council (FFIEC) • FFIEC Self assessment tool released to educate financial institutions of cybersecurity risks • Voluntary Mandatory Cooperation • Financial Services Information Sharing and Analysis Center (FS-ISAC) Awareness • Information shared based on critical security threats and industry best practices Source: http://www.fsisac.com/about https://www.ffiec.gov/about.htm Risk Awareness Risk & Awareness – Education & Risk Awareness Resources
  • 16.
    PREPARING TODAY FORTOMORROWS ATTACK? • What solutions are there to help mitigate risk? • How do I know if my organization is prepared? • Identify – Protect – Detect – Respond – Recover Security Services – 5 steps to reduce Risk • Source: Excerpt from CSBS Cyber Security 101 “A resource guide for Bank Executives”
  • 17.
    1) IDENTIFY • Studyindustry best practices • Join ISAC Group or related peer sharing group related to cybersecurity • Someone from inside the organization should fill out assessment tools if available and reach out to appropriate 3rd party for answers they are unsure of. • Findings should be shared with IT committee / Board of directors • Examine what is critical data and where it resides and understand security around data • Request vendor packets from all 3rd party vendors hosting or with access to critical data • Make sure their security meets or exceeds the standard you are required to implement Security Services – 5 steps to reduce Risk
  • 18.
    • Source: Excerptfrom FFIEC Self Assessment Tool Security Services – 5 steps to reduce Risk
  • 19.
  • 20.
    1) I haveeducated myself and staff to the best of our ability and identified our critical data and possible threats against it. What’s Next? Security Services – 5 steps to reduce Risk
  • 21.
    2) PROTECT • LayeredSecurity / Network Hygiene • Layer 1 – Perimeter Security – Firewall, DLP, IDS/IPS, DMZ, Content Filtering……. • Layer 2 – End Point Security – Anti-Virus, Patch Management, Log Review Monitoring • Layer 3 – Policy Security – Permissions, GPO, Vulnerability Assessments, • Internal understanding of risk / regulations and impact to business and customers Source: Excerpt from FFIEC Self Assessment Tool Security Services – 5 steps to reduce Risk
  • 22.
    WHAT WOULD THATLOOK LIKE? Source: http://www.antiexecutable.com.au/LayeredSecurityDiagram.jpg http://www.northropgrumman.com/AboutUs/Contracts/ManagedServices/PublishingImages/Security_Services_lg.jpg Security Services – 5 steps to reduce Risk
  • 23.
    1) I haveeducated myself and staff to the best of our ability and identified our critical data and possible threats against it. 2) I have implemented security solutions to protect our organization and we have a conceptual understanding of how they work. What’s Next? Security Services – 5 steps to reduce Risk
  • 24.
    3) DETECT • LayeredSecurity / Monitored Solutions • Review of Security Logs • 24X7 Firewall Monitoring • Log retention and reporting • Anomaly and pattern investigation • Automatization of reoccurring events • Real-time updates for security solutions • Understand 3rd party SLA’s and Response Times • Manage – Monitor – Maintain Source: http://ipfrontline.com/2015/09/dhs-st-announces-licensing-of-cyber-security-network-anomaly-detection-technology/ Security Services – 5 steps to reduce Risk
  • 25.
    1) I haveeducated myself and staff to the best of our ability and identified our critical data and possible threats against it. 2) I have implemented security solutions to protect our organization and we have a conceptual understanding of how they work. 3) Solutions in place have been configured to detect system intrusions, data breaches and unauthorized access and notify the appropriate resources. What's next? Security Services – 5 steps to reduce Risk
  • 26.
    4) RESPOND • IncidentResponse Plan • No two organizations incident response plans will be the same • They should have clear steps outlining each step and who is in charge of each step • Sample Steps • Employee Notices Network is slow and notifies IT Personnel • IT Personnel • A) Examines source of issue – Log Review – Detection – Analysis • B) Notifies appropriate resource • C) Involved Parties delegate responsibilities for containment, eradication, and recovery • D) Post Incident report with plan to improve security if possible Security Services – 5 steps to reduce Risk
  • 27.
    1) I haveeducated myself and staff to the best of our ability and identified our critical data and possible threats against it. 2) I have implemented security solutions to protect our organization and we have a conceptual understanding of how they work. 3) Solutions in place have been configured to detect system intrusions, data breaches and unauthorized access and notify the appropriate resources. What's Next? 4) I have setup a response plan that outlines how we will respond if there is a cybersecurity incident. Bring it on! What’s next? Security Services – 5 steps to reduce Risk
  • 28.
    5) RECOVER • IncidentResponse Plan / Change Controls • Prepare post-incident response report and activities • Outline in report how security solutions and or detection process will be improved • Improve response plan based upon success and failures of plan Security Services – 5 steps to reduce Risk
  • 29.
    1) I haveeducated myself and staff to the best of our ability and identified our critical data and possible threats against it. 2) I have implemented security solutions to protect our organization and we have a conceptual understanding of how they work. 3) Solutions in place have been configured to detect system intrusions, data breaches and unauthorized access and notify the appropriate resources. What's Next? 4) I have setup a response plan that outlines how we will respond if there is a cybersecurity incident. Bring it on! 5) I know how we will recover from an incident and the process involved afterwards Security Services – 5 steps to reduce Risk
  • 30.
    IMPROVE / NETWORKHYGIENE • High risk scenarios are discussed and even practiced. Steps 1-5 are tested. • Test breach / spearfish attack / social engineering attacks / data loss prevention test • Simple learning exercise – breach happened, activate incident response plan, when we were attacked, how do we know we were attacked, what data was targeted, how to stop breach, what did we learn • If you fall into the Baseline level try to make jump to evolving or intermediate Security Services – 5 steps to reduce Risk
  • 31.
  • 32.
    PARTNERS / SOLUTIONS/ SERVICES WRK SYSTEMS • Thank You! • Q & A • Adam Heller – Solutions Consultant – WRK Systems • aheller@wrksystems.com – 800-888-2135 Ext 128 • www.wrksystems.com