This document discusses advanced persistent threats (APTs) and provides recommendations for countering them. It notes that APTs target specific organizations over long periods to steal large amounts of sensitive information undetected. Traditional security methods are ineffective against APTs, which require new detection and response approaches using multiple layers of defense. The document recommends assuming infrastructure infiltration and granting response teams autonomy to investigate incidents. It also stresses hardening web browsers, mobile devices, and cloud applications against emerging attack vectors.
Satori Whitepaper: Threat Intelligence - a path to taming digital threatsDean Evans
Threat management continues to be a hot topic within cybersecurity, and rightfully so.
Understanding the evolving technical and behavioral threat landscape and adapting
mitigation controls is the key to proactive risk management. Actionable threat intelligence is critical to enabling effective threat management. It provides visibility into the temperature within the threat actor community, what they are doing and how they are doing it (tactics techniques and procedures (TTPs)). The challenge is sorting through the volumes of threat data to identify what’s relevant and actionable.
This document is intended to communicate how threat intelligence can be used to reduce business risk. The audience is security, compliance and IT professionals interested in
proactive risk management.
Cyber defense: Understanding and Combating the ThreatIBM Government
The broad subject of cyber defense makes it just as difficult to achieve. Learn about IBM solutions and SPADE conference insights on the subject of cyber defense which includes both cyber terrorism and the larger umbrella "cyber threat," and the best ways to combat them.
The document discusses intelligence-led cybersecurity. It begins by outlining changes to the threat landscape, from unsophisticated attackers targeting vulnerabilities to advanced persistent threats conducted by well-funded groups. It then discusses risk management, threat management, the intelligence process, and problems that can arise. Key parts of the intelligence process include direction, access to internal and external sources, analysis and assessment, and dissemination of intelligence to customers. The presentation concludes by discussing how to integrate security intelligence into an organization's vision, strategy, governance, operations, engineering, development, compliance and risk management.
The document summarizes Matthew Rosenquist's predictions for the top 10 cybersecurity trends of 2015. These included:
1. Cyber warfare becoming a legitimate tool for governments and increasing sophistication of state-sponsored attacks.
2. Increased active government intervention in cybersecurity through law enforcement, international cooperation, and regulating critical infrastructure protection.
3. High demand and shortage of cybersecurity talent as attacks grow in scale and sophistication.
4. Continued targeting of high-profile organizations despite security improvements.
5. Attacks directly targeting individuals through ransomware and doxing of public figures.
6. Organizations overhauling their approach to risk management and increasing board involvement in security.
C/DIG offers a spectrum of Intelligence products. At the strategic level we track national players to determine their policies, and intentions. At the operational level C/DIG documents their Tactics, Techniques and Procedures (TTP).
At the tactical level we provide threat analysis, identification and forensic analysis. All of this data is used for awareness, education, prevention and defence from cyber-attacks and in support of contingency operations to protect your organization.
Cyberthreat Defense Report 2017 by ImprevaGhader Ahmadi
CyberEdge Group's fourth annual Cyberthreat Defense Report provides a penetrating look at how IT security professionals perceive cyberthreats and plan to defend against them. Based on a survey of 1,100 IT security decision makers and practitioners conducted in November 2016, the report delivers countless insights IT security teams can use to better understand how their perceptions, priorities, and security postures stack up against those of their peers.
The C3i Group works with inter-agency partners and the security industry, collecting information intelligence related to risks emanating from cyberspace. We provide direction and leadership to industry, focusing on the intrinsic risks and threats posed by: potential shortcomings in the cyber information security infrastructure; actions of non-state actors, cyber- terrorists, and criminals; foreign business competitors and governments intent on illegitimately acquiring proprietary information and trade secrets.
Satori Whitepaper: Threat Intelligence - a path to taming digital threatsDean Evans
Threat management continues to be a hot topic within cybersecurity, and rightfully so.
Understanding the evolving technical and behavioral threat landscape and adapting
mitigation controls is the key to proactive risk management. Actionable threat intelligence is critical to enabling effective threat management. It provides visibility into the temperature within the threat actor community, what they are doing and how they are doing it (tactics techniques and procedures (TTPs)). The challenge is sorting through the volumes of threat data to identify what’s relevant and actionable.
This document is intended to communicate how threat intelligence can be used to reduce business risk. The audience is security, compliance and IT professionals interested in
proactive risk management.
Cyber defense: Understanding and Combating the ThreatIBM Government
The broad subject of cyber defense makes it just as difficult to achieve. Learn about IBM solutions and SPADE conference insights on the subject of cyber defense which includes both cyber terrorism and the larger umbrella "cyber threat," and the best ways to combat them.
The document discusses intelligence-led cybersecurity. It begins by outlining changes to the threat landscape, from unsophisticated attackers targeting vulnerabilities to advanced persistent threats conducted by well-funded groups. It then discusses risk management, threat management, the intelligence process, and problems that can arise. Key parts of the intelligence process include direction, access to internal and external sources, analysis and assessment, and dissemination of intelligence to customers. The presentation concludes by discussing how to integrate security intelligence into an organization's vision, strategy, governance, operations, engineering, development, compliance and risk management.
The document summarizes Matthew Rosenquist's predictions for the top 10 cybersecurity trends of 2015. These included:
1. Cyber warfare becoming a legitimate tool for governments and increasing sophistication of state-sponsored attacks.
2. Increased active government intervention in cybersecurity through law enforcement, international cooperation, and regulating critical infrastructure protection.
3. High demand and shortage of cybersecurity talent as attacks grow in scale and sophistication.
4. Continued targeting of high-profile organizations despite security improvements.
5. Attacks directly targeting individuals through ransomware and doxing of public figures.
6. Organizations overhauling their approach to risk management and increasing board involvement in security.
C/DIG offers a spectrum of Intelligence products. At the strategic level we track national players to determine their policies, and intentions. At the operational level C/DIG documents their Tactics, Techniques and Procedures (TTP).
At the tactical level we provide threat analysis, identification and forensic analysis. All of this data is used for awareness, education, prevention and defence from cyber-attacks and in support of contingency operations to protect your organization.
Cyberthreat Defense Report 2017 by ImprevaGhader Ahmadi
CyberEdge Group's fourth annual Cyberthreat Defense Report provides a penetrating look at how IT security professionals perceive cyberthreats and plan to defend against them. Based on a survey of 1,100 IT security decision makers and practitioners conducted in November 2016, the report delivers countless insights IT security teams can use to better understand how their perceptions, priorities, and security postures stack up against those of their peers.
The C3i Group works with inter-agency partners and the security industry, collecting information intelligence related to risks emanating from cyberspace. We provide direction and leadership to industry, focusing on the intrinsic risks and threats posed by: potential shortcomings in the cyber information security infrastructure; actions of non-state actors, cyber- terrorists, and criminals; foreign business competitors and governments intent on illegitimately acquiring proprietary information and trade secrets.
Gartner Security & Risk Management Summit Brochuretrunko
The 2011 Gartner Security & Risk Management brochure is now available. Featuring more than 100+ sessions, 4 complete programs including Security, Risk/Compliance, CISO and Business Continuity Management. For details, please visit www.gartner.com/us/securityrisk
Presentation by Larry Clinton, President of the Internet Security Alliance (ISA) to the 66th Annual Fowler Seminar on Oct 12 2012 titled Evolution of the Cyber Threat - A Unified Systems Approach.
Countering Violent Extremism In Urban Environments Through Design Issuezadok001
This document discusses countering violent extremism through urban design. It begins by outlining different types of violent extremism and their motivations. It then discusses characteristics of the built environment that could attract extremist attacks, such as mass transit systems, government buildings, and iconic structures. The document emphasizes that a risk-led and iterative process is needed when designing spaces to consider threats. It provides an example of assessing different threat levels and establishing design basis threats. It also discusses the importance of considering an organization's risk appetite. The key implications highlighted for designers and owners include assessing threats and risks early, including security considerations in initial designs, and engaging advisors.
Mark Lanterman - The Risk Report October 2015Mark Lanterman
The document discusses steps organizations can take to protect their digital assets and minimize risks of cyberattacks and data breaches. It recommends conducting regular digital security assessments, educating employees on security best practices, limiting unnecessary access to sensitive data, implementing policies around bring-your-own-devices, and auditing third party vendors. It also stresses the importance of regular data backups and developing an organizational culture of security.
Framework for Security: Security in the Community ContextJere Peltonen
Presentation at the ASIS International European Security Conference 2006 in Nice, France. Framework explains what security is and why it is needed. The original presentation includes animation that is not functional in this SlideShare version. Unfortunately, some slides are therefore blurred. Please, get the original presentation from www.yhteisturvallisuus.net -> materiaali -> Security in the Community Context SCC.pps.
The document discusses cyber threats facing the mining industry. It notes that the mining industry, like other industries, is increasingly relying on integrated and automated systems, leaving it vulnerable to cyber attacks. The mining industry deals with targeted cyber espionage campaigns and disruptive attacks aimed at exploiting its strategic role in global supply chains. The document provides an overview of modern mining operations and infrastructure, noting their complexity and geographical distribution, before examining specific cybersecurity issues and threats.
Cyber Threat Intelligence (CTI) primarily focuses on analysing raw data gathered from recent and past events to monitor, detect and prevent threats to an organisation, shifting the focus from reactive to preventive intelligent security measures.
This document discusses the need for collaboration in cyber defense against increasingly sophisticated and organized cyber attacks. It notes that adversaries now specialize and collaborate in different attack phases. The five phases of a cyber attack are outlined as research, infiltration, discovery, capture, and exfiltration. It argues that to effectively counter collaborative adversaries, enterprises must also collaborate by sharing security intelligence in a timely, secure, and confidential manner. Examples of information sharing organizations and challenges to collaboration are provided. It concludes that no practical technology currently enables automated, bi-directional security data sharing at scale.
Ghioni Fabio The Importance of System Availability in Corporate Critical Infr...Fabio Ghioni
This document outlines threats to critical infrastructure from cyber attacks and strategies for defense. It discusses how critical infrastructures have become interconnected macro systems with physical, digital, operational and strategic layers. Cyber attacks are a major threat due to systems' increased reliance on information technology and interconnectivity. The document recommends resilience and redundancy strategies over resistance, to deal with the unpredictability of risks. It proposes structural sinks at hub levels and shared backup facilities as an efficient solution.
The document discusses a proposal to allow private companies to conduct cyber retaliation against foreign attackers. It summarizes the key challenges with this approach, including: [1] It is difficult to accurately identify attackers due to use of compromised systems. [2] Most companies lack the expertise and resources to conduct effective counterattacks. [3] Allowing private retaliation could escalate tensions and cause international incidents. While improved cyber defense is needed, alternative approaches may be better than outsourcing retaliation to private companies.
Industrial Espionage. Fabio Ghioni - Esperto in Tecnologie non convenzionali e del rischio, e in strategia per la difesa nel Cyber Warfare Profiling. Fabio Ghioni, editorialista, Fabio Ghioni saggista, Fabio Ghioni conferenziere, Fabio Ghioni consulente strategico, Fabio Ghioni top manager, è riconosciuto come uno dei maggiori esperti mondiali di sicurezza.
The Evolving Landscape on Information SecuritySimoun Ung
This document provides an overview of the evolving landscape of information security. It discusses the motivation behind cyber attacks, including personal reasons, unlawful profiteering, and corporate or national interests. It then examines common security threats such as social engineering, phishing, distributed denial of service attacks, network attacks, and malwares. The document notes that security standards and best practices need constant refinement as threats continue to evolve in sophistication.
The document discusses cyber influence operations (ICOs), which are defined as operations that affect the logical layer of cyberspace with the intention of influencing attitudes, behaviors, or decisions of target audiences. It provides definitions of related terms like information operations, information warfare, and cyber attacks. Examples are given of different types of ICOs, such as unauthorized access, false flag cyberattacks, DDoS attacks, website defacements and doxing. Specific incidents like the attacks on Estonia, NATO, and doxing of Victoria Nuland are analyzed in terms of their goals of undermining credibility and spreading disinformation. The challenges of attributing ICOs and their generally limited impact are also noted.
The document discusses a new approach to cybersecurity called the Enterprise Immune System. It is based on advanced machine learning and mathematics to detect threats within an organization's networks. Like the human immune system, it learns what normal activity looks like and can detect subtle anomalies that may indicate threats. This allows organizations to protect themselves while still enabling collaboration and connectivity. The system is based on novel probabilistic mathematics that continuously learns and adapts to changing environments in real time.
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHEQS Group
It does not have an ISO standard. NIST barely mentions it. Despite hundreds of publications, no dedicated book is in sight. Enterprise Risk Management frameworks barely touch on it - if they even do. A chapter in Tipton's book dating 2007, proprietary solutions and sparse articles is all we have. In 2007 there was no Cloud yet - and that can be both a big help or a major issue in the process. Mergers & Acquisition is a matter left to Business Administration professionals, who don't like thinking about Information Security risks anyway. Information Security for Mergers & Acquisition is often an afterthought and rarely a deciding factor in due diligence exercises - but when your company acquires a new firm every quarter, you need to start thinking about something. This session will propose a simple framework and you will walk away with an actionable material you can start using tomorrow.
Learning Objectives:
- Understand information security risks and threats connected with merger and acquisition activities, which include months of often precarious IT migrations, a Cloud mess, and legacy services left exposed for months or years.
- Understand how Cloud Computing affects information security risks and threats during a merger and acquisition activities, as well as the positive opportunities they can offer.
- Why it is important that Information Security is involved in the early phases of due diligence, including during the phases in which the deal is structured and evaluated, and the acquisition model is defined.
- Walk home with a simple framework and actionable material they can start using the day after.
A penetration testing service aims to emulate real-world attacks against an organization's systems and networks in order to identify and demonstrate security vulnerabilities. The goal is to provide insights that can be used to strengthen security before actual malicious actors can exploit weaknesses.
This document provides an overview of the costs associated with data breaches. It begins by introducing the speakers and the agenda. It then discusses what constitutes a data breach and the types of data that may be exposed, such as PII, PHI, intellectual property, and financial information. The document outlines direct and indirect costs of breaches, including response costs, lost productivity, fines, and reputation damage. It provides estimates of costs from studies and actual breaches, which range from hundreds of thousands to over $170 million depending on the size and type of breach. Patterns in breach cost data are discussed. The document aims to help organizations understand and plan for the potential financial impact of a data security incident.
Managed security services for financial services firmsJake Weaver
This document discusses managed security services for financial services firms. It notes that financial services firms are under constant attack from sophisticated cyber threats. Maintaining strong security in-house is challenging due to the evolving threat landscape and constant change. The document recommends that firms consider purchasing managed security services from expert providers. This outsourced approach can provide state-of-the-art protection that is more effective and less costly than building internal security capabilities. Key benefits of managed services include distributed denial of service (DDoS) mitigation, web application protection, and access to security expertise.
The document provides information about the "CI CYBER SECURITY SUMMIT WEST" event taking place on March 1, 2016 in Calgary. It will bring together senior cyber security leaders from different sectors in an interactive roundtable format to discuss critical strategies around topics such as cloud security, third party risks, and information sharing. The agenda includes sessions led by experts on examining threats to infrastructure, optimizing cyber security resources, and safeguarding the global supply chain.
Paradigm Shift! - Customer Information Centric IT Risk AssessmentsFernando Reiser
Readers will be exposed to a methodology for the evaluation of information security risks based on the “Value” of customer/employee information rather than on the “Economic Value” of the information to the organization.
Proactive Defense: Understanding the 4 Main Threat Actor TypesRecorded Future
To avoid the cost and embarrassment of a data breach, you’ll need to understand your adversaries. Most threat actors fall within four main groups, each with their own favorite tactics, techniques, and procedures (TTPs). By gaining a deeper understanding of threat actors, you’ll be able to assign your cyber security budget to fund the right activities.
Gartner Security & Risk Management Summit Brochuretrunko
The 2011 Gartner Security & Risk Management brochure is now available. Featuring more than 100+ sessions, 4 complete programs including Security, Risk/Compliance, CISO and Business Continuity Management. For details, please visit www.gartner.com/us/securityrisk
Presentation by Larry Clinton, President of the Internet Security Alliance (ISA) to the 66th Annual Fowler Seminar on Oct 12 2012 titled Evolution of the Cyber Threat - A Unified Systems Approach.
Countering Violent Extremism In Urban Environments Through Design Issuezadok001
This document discusses countering violent extremism through urban design. It begins by outlining different types of violent extremism and their motivations. It then discusses characteristics of the built environment that could attract extremist attacks, such as mass transit systems, government buildings, and iconic structures. The document emphasizes that a risk-led and iterative process is needed when designing spaces to consider threats. It provides an example of assessing different threat levels and establishing design basis threats. It also discusses the importance of considering an organization's risk appetite. The key implications highlighted for designers and owners include assessing threats and risks early, including security considerations in initial designs, and engaging advisors.
Mark Lanterman - The Risk Report October 2015Mark Lanterman
The document discusses steps organizations can take to protect their digital assets and minimize risks of cyberattacks and data breaches. It recommends conducting regular digital security assessments, educating employees on security best practices, limiting unnecessary access to sensitive data, implementing policies around bring-your-own-devices, and auditing third party vendors. It also stresses the importance of regular data backups and developing an organizational culture of security.
Framework for Security: Security in the Community ContextJere Peltonen
Presentation at the ASIS International European Security Conference 2006 in Nice, France. Framework explains what security is and why it is needed. The original presentation includes animation that is not functional in this SlideShare version. Unfortunately, some slides are therefore blurred. Please, get the original presentation from www.yhteisturvallisuus.net -> materiaali -> Security in the Community Context SCC.pps.
The document discusses cyber threats facing the mining industry. It notes that the mining industry, like other industries, is increasingly relying on integrated and automated systems, leaving it vulnerable to cyber attacks. The mining industry deals with targeted cyber espionage campaigns and disruptive attacks aimed at exploiting its strategic role in global supply chains. The document provides an overview of modern mining operations and infrastructure, noting their complexity and geographical distribution, before examining specific cybersecurity issues and threats.
Cyber Threat Intelligence (CTI) primarily focuses on analysing raw data gathered from recent and past events to monitor, detect and prevent threats to an organisation, shifting the focus from reactive to preventive intelligent security measures.
This document discusses the need for collaboration in cyber defense against increasingly sophisticated and organized cyber attacks. It notes that adversaries now specialize and collaborate in different attack phases. The five phases of a cyber attack are outlined as research, infiltration, discovery, capture, and exfiltration. It argues that to effectively counter collaborative adversaries, enterprises must also collaborate by sharing security intelligence in a timely, secure, and confidential manner. Examples of information sharing organizations and challenges to collaboration are provided. It concludes that no practical technology currently enables automated, bi-directional security data sharing at scale.
Ghioni Fabio The Importance of System Availability in Corporate Critical Infr...Fabio Ghioni
This document outlines threats to critical infrastructure from cyber attacks and strategies for defense. It discusses how critical infrastructures have become interconnected macro systems with physical, digital, operational and strategic layers. Cyber attacks are a major threat due to systems' increased reliance on information technology and interconnectivity. The document recommends resilience and redundancy strategies over resistance, to deal with the unpredictability of risks. It proposes structural sinks at hub levels and shared backup facilities as an efficient solution.
The document discusses a proposal to allow private companies to conduct cyber retaliation against foreign attackers. It summarizes the key challenges with this approach, including: [1] It is difficult to accurately identify attackers due to use of compromised systems. [2] Most companies lack the expertise and resources to conduct effective counterattacks. [3] Allowing private retaliation could escalate tensions and cause international incidents. While improved cyber defense is needed, alternative approaches may be better than outsourcing retaliation to private companies.
Industrial Espionage. Fabio Ghioni - Esperto in Tecnologie non convenzionali e del rischio, e in strategia per la difesa nel Cyber Warfare Profiling. Fabio Ghioni, editorialista, Fabio Ghioni saggista, Fabio Ghioni conferenziere, Fabio Ghioni consulente strategico, Fabio Ghioni top manager, è riconosciuto come uno dei maggiori esperti mondiali di sicurezza.
The Evolving Landscape on Information SecuritySimoun Ung
This document provides an overview of the evolving landscape of information security. It discusses the motivation behind cyber attacks, including personal reasons, unlawful profiteering, and corporate or national interests. It then examines common security threats such as social engineering, phishing, distributed denial of service attacks, network attacks, and malwares. The document notes that security standards and best practices need constant refinement as threats continue to evolve in sophistication.
The document discusses cyber influence operations (ICOs), which are defined as operations that affect the logical layer of cyberspace with the intention of influencing attitudes, behaviors, or decisions of target audiences. It provides definitions of related terms like information operations, information warfare, and cyber attacks. Examples are given of different types of ICOs, such as unauthorized access, false flag cyberattacks, DDoS attacks, website defacements and doxing. Specific incidents like the attacks on Estonia, NATO, and doxing of Victoria Nuland are analyzed in terms of their goals of undermining credibility and spreading disinformation. The challenges of attributing ICOs and their generally limited impact are also noted.
The document discusses a new approach to cybersecurity called the Enterprise Immune System. It is based on advanced machine learning and mathematics to detect threats within an organization's networks. Like the human immune system, it learns what normal activity looks like and can detect subtle anomalies that may indicate threats. This allows organizations to protect themselves while still enabling collaboration and connectivity. The system is based on novel probabilistic mathematics that continuously learns and adapts to changing environments in real time.
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHEQS Group
It does not have an ISO standard. NIST barely mentions it. Despite hundreds of publications, no dedicated book is in sight. Enterprise Risk Management frameworks barely touch on it - if they even do. A chapter in Tipton's book dating 2007, proprietary solutions and sparse articles is all we have. In 2007 there was no Cloud yet - and that can be both a big help or a major issue in the process. Mergers & Acquisition is a matter left to Business Administration professionals, who don't like thinking about Information Security risks anyway. Information Security for Mergers & Acquisition is often an afterthought and rarely a deciding factor in due diligence exercises - but when your company acquires a new firm every quarter, you need to start thinking about something. This session will propose a simple framework and you will walk away with an actionable material you can start using tomorrow.
Learning Objectives:
- Understand information security risks and threats connected with merger and acquisition activities, which include months of often precarious IT migrations, a Cloud mess, and legacy services left exposed for months or years.
- Understand how Cloud Computing affects information security risks and threats during a merger and acquisition activities, as well as the positive opportunities they can offer.
- Why it is important that Information Security is involved in the early phases of due diligence, including during the phases in which the deal is structured and evaluated, and the acquisition model is defined.
- Walk home with a simple framework and actionable material they can start using the day after.
A penetration testing service aims to emulate real-world attacks against an organization's systems and networks in order to identify and demonstrate security vulnerabilities. The goal is to provide insights that can be used to strengthen security before actual malicious actors can exploit weaknesses.
This document provides an overview of the costs associated with data breaches. It begins by introducing the speakers and the agenda. It then discusses what constitutes a data breach and the types of data that may be exposed, such as PII, PHI, intellectual property, and financial information. The document outlines direct and indirect costs of breaches, including response costs, lost productivity, fines, and reputation damage. It provides estimates of costs from studies and actual breaches, which range from hundreds of thousands to over $170 million depending on the size and type of breach. Patterns in breach cost data are discussed. The document aims to help organizations understand and plan for the potential financial impact of a data security incident.
Managed security services for financial services firmsJake Weaver
This document discusses managed security services for financial services firms. It notes that financial services firms are under constant attack from sophisticated cyber threats. Maintaining strong security in-house is challenging due to the evolving threat landscape and constant change. The document recommends that firms consider purchasing managed security services from expert providers. This outsourced approach can provide state-of-the-art protection that is more effective and less costly than building internal security capabilities. Key benefits of managed services include distributed denial of service (DDoS) mitigation, web application protection, and access to security expertise.
The document provides information about the "CI CYBER SECURITY SUMMIT WEST" event taking place on March 1, 2016 in Calgary. It will bring together senior cyber security leaders from different sectors in an interactive roundtable format to discuss critical strategies around topics such as cloud security, third party risks, and information sharing. The agenda includes sessions led by experts on examining threats to infrastructure, optimizing cyber security resources, and safeguarding the global supply chain.
Paradigm Shift! - Customer Information Centric IT Risk AssessmentsFernando Reiser
Readers will be exposed to a methodology for the evaluation of information security risks based on the “Value” of customer/employee information rather than on the “Economic Value” of the information to the organization.
Proactive Defense: Understanding the 4 Main Threat Actor TypesRecorded Future
To avoid the cost and embarrassment of a data breach, you’ll need to understand your adversaries. Most threat actors fall within four main groups, each with their own favorite tactics, techniques, and procedures (TTPs). By gaining a deeper understanding of threat actors, you’ll be able to assign your cyber security budget to fund the right activities.
Advanced persistent threats (APTs) are sophisticated cyber attacks that can breach networks undetected for long periods of time. They trick users into opening infected emails or files that install malware allowing remote access. One company was hacked for a year before detecting unusual late-night data downloads. Countering APTs requires identifying existing threats, protecting critical assets, assessing security vulnerabilities, and developing a risk management plan that limits access while maintaining operations. A holistic organizational approach is needed that changes culture, policy, technology, budgets, and planning to systematically respond to evolving threats.
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
This document discusses the need for organizations to shift from a prevention-focused approach to cybersecurity to one focused on rapid detection and response. It notes that most organizations have mean times to detect threats of weeks or months, leaving critical systems vulnerable. The document introduces the concept of security intelligence and outlines a threat detection and response lifecycle that organizations should optimize to reduce their mean time to detect and respond to threats. This involves processes like discovering threats, qualifying them, investigating incidents, and mitigating risks.
Zero trust is a cybersecurity model that removes the concept of implicit trust from a network and instead verifies anything and everything trying to connect to resources on the network. It aims to reduce the attack surface and prevent lateral movement of attackers inside compromised networks. The document discusses how zero trust can help address challenges like credential theft, insecure access to cloud services, and the use of identities outside the network boundary. It outlines the tenets of zero trust including classifying all resources, granting least privilege access, using dynamic policies, and continuously authenticating and authorizing.
Responding to and recovering from sophisticated security attacksIBM
This document discusses four steps organizations can take to help protect themselves from sophisticated cyber attacks:
1. Prioritize business objectives and set a risk tolerance by determining what is most important to the security of the business.
2. Protect the organization with a proactive security plan by identifying vulnerable areas, types of threats, and areas where an attack could cause the greatest loss.
3. Prepare a response plan for when an attack does occur by learning from past incidents and ensuring the ability to detect, respond to, and recover from attacks.
4. Promote a culture of security awareness across the organization to help prevent attacks from being successful.
6 Steps for Operationalizing Threat IntelligenceSirius
The best form of defense against cyber attacks and those who perpetrate them is to know about them. Collaborative defense has become critical to IT security, and sharing threat intelligence is a force multiplier. But for many organizations, good quality intelligence is hard to come by.
Commercial threat intelligence technology and services can help enterprises arm themselves with the strategic, tactical and operational insights they need to identify and respond to global threat activity, and integrate intelligence into their security programs.
Threat intelligence sources have varying levels of relevance and context, and there are concerns about data quality and redundancy, shelf life, public/private data sharing, and threat intelligence standards. However, if processed and applied properly, threat intelligence provides a way for organizations to get the insight they need into attackers’ plans, prioritize and respond to threats, shorten the time between attack and detection, and focus staff efforts and decision-making.
View to learn:
--The difference between threat information and threat intelligence.
--Available sources of intelligence and how to determine if they apply to your business.
--Key steps for preparing to ingest threat information and turn it into intelligence.
--How to derive useful data that helps you achieve your business goals.
--Tools that are available to make collaboration easier.
- Advanced persistent threats (APTs) pose sophisticated cybersecurity risks through targeted, long-term attacks aimed at gaining access to sensitive data from specific organizations. APTs differ from traditional threats in that they must be addressed as an agent-oriented problem rather than solely a technological one.
- APT actors include nation-states and others seeking strategic intelligence or economic advantage. Their attacks use multiple vectors like social engineering and zero-day exploits, making signature-based defenses ineffective. They persist until successful network compromise.
- Effective defenses require a comprehensive strategy viewing the APT as a determined opponent, not just a technical problem. Hardening the entire organization is needed since technological fixes alone won't stop persistent adversaries
UN session about modern ICT threat landscape.
The session was aimed to introduce recent threats targeting UN agencies and some potential recommendations to improve detection, investigation and understanding of these threats and their goals.
Guide to high volume data sources for SIEMJoseph DeFever
The document discusses the need for security teams to have access to more data from a variety of sources to address evolving security challenges. As adversaries become more motivated by lucrative opportunities and employ more evasive and patient attack methods, security teams need more context from diverse data sources to identify unknown threats, investigate long dwell times, and combat evasion techniques. Both basic attacks exploiting misconfigurations and advanced attacks require security teams to maintain visibility across on-premises and cloud environments and access security-relevant data for detections, investigations, and responses. High-profile examples that illustrate the need for more data include cloud-based data breaches, sophisticated supply chain attacks, and evolving ICS/SCADA and IoT attacks.
The Custom Defense Against Targeted AttacksTrend Micro
Advanced persistent threats (APTs) and targeted attacks have a proven ability to penetrate standard security defenses and remain undetected for months while siphoning valuable data or carrying out destructive actions. We review challenges faced by information security leaders, their options for dealing with attackers and how to a Custom Defense approach to deploy a comprehensive Detect—Analyze—Adapt—Respond lifecycle that enhances current security investments while providing new weapons to fight back against their attackers.
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Booz Allen Hamilton
The document discusses the evolving cybersecurity landscape and how it is forcing chief information security officers (CISOs) and chief risk officers (CROs) to reevaluate their strategies and take on new roles. Interviews with security executives found that advanced persistent threats are increasing in frequency and sophistication. This complex threat landscape requires a predictive approach focused on prevention over reaction. It also requires CISOs and CROs to communicate cybersecurity risks to executives in business terms. Many organizations are considering partnering with external cybersecurity firms to access skills and technologies beyond their internal capabilities and manage risks more effectively.
Cyber threats are becoming more sophisticated and targeted attacks are harder to detect. Traditional security controls are no longer sufficient to defend against modern threats. Cyber intelligence provides total visibility into an organization's systems to detect emerging anomalies in real-time, before they become security incidents or crises. This intelligence-based approach uses adaptive technologies and skilled analysts to continuously learn, understand, and address developing issues. It aims to regain the advantage over attackers by enhancing visibility and informing timely decision-making.
Adam Palmer: Managing Advanced Cyber Threats for In-House CounselAdam Palmer
The document discusses advanced persistent threats (APTs), which are sophisticated cyber attacks conducted by well-resourced groups, often state-sponsored. APTs differ from typical attacks by establishing a long-term presence within a network to steal data over time rather than just causing quick damage. They pose serious risks as demonstrated by costly data breaches at companies like Target. Traditional security approaches are ineffective against APTs due to their adaptability and use of techniques like zero-day exploits. Organizations must prepare for inevitable breaches rather than just focusing on prevention alone.
Understanding Advanced Cybersecurity Threats for the In-House CounselAdam Palmer
The document discusses advanced persistent threats (APTs), which are sophisticated cyber attacks by well-resourced actors often sponsored by nation-states. APTs differ from typical cyber attacks in that they establish a long-term foothold within a company's network to steal data over time rather than carrying out single, quick attacks. The impacts of APTs can be substantial, as demonstrated by the large costs and losses companies like Target have faced. While prevention is important, the document emphasizes that companies must also focus on fast detection of threats and effective response plans since APTs are difficult to prevent fully given their resources and tactics like zero-day exploits. It provides advice for general counsels on understanding the APT threat
In the modern-day climate, more and more industries have had to increase IT security
expenses to provide a trusted system of security to all client/company PII from unauthorized users. The massive spike in IT security spending was brought on by the recent cyber breach on Equifax, in which millions of clients’ PII was accessed and distributed by an unauthorized user infiltrating the system. Like the Equifax attack, so many of these attacks require user-interaction to be activated or spread, so organizations must be on the forefront of understanding the internal threats of their own employees can impose.
The document discusses the growing threat of insider attacks and how they are more difficult to detect than external attacks. It defines different types of insider threats and explains why insider threats are so challenging to manage due to issues like ineffective identity and access management. The document provides recommendations for how organizations can better mitigate insider threats through practices like regular auditing, managing privileged access, and using tools that provide visibility and control over user activities.
Similar to Insights on it risks cyber attacks (20)
The document discusses a survey of 225 global executives about their Sarbanes-Oxley (SOX) compliance functions. While most organizations treat SOX compliance as a necessary burden, some have evolved to view it as an opportunity for innovation, automation, and competitive advantage. These forward-thinking companies see correlations between SOX practices and adding value to the business. The document outlines four actions for empowering SOX functions: 1) automating controls, 2) offshoring lower-cost resources, 3) leveraging IT investments, and 4) innovating strategies.
This document discusses opportunities to transform a company's Sarbanes-Oxley (SOX) compliance function for competitive advantage. It identifies four actions: 1) automating manual controls to significantly reduce SOX costs and resource burden, 2) offshoring SOX functions for lower costs, 3) leveraging existing IT investments to improve SOX processes, and 4) innovating SOX execution strategically to enhance competitive positioning. A survey found that while most firms treat SOX as a compliance exercise, some have transformed their functions to drive value through automation, cost efficiencies, and strategic innovation around SOX practices.
This document discusses current trends in business continuity management. It notes that effective BCM is rising in importance for corporations due to increased complexity, tighter margins for error, and higher expectations for resilience and recovery times after disruptions. Leading trends that companies are adopting to improve their ability to manage emergencies and minimize impacts include implementing an enterprise-wide BCM framework and governance model, integrating business impact analysis and risk assessments, leveraging technologies like cloud computing and virtualization, and fully understanding application interdependencies for recovery.
The document discusses the evolving IT risk landscape for businesses as new technologies like mobile computing, cloud services, and social media break down barriers between work and personal life. This has increased risks around data leakage, third party dependencies, and regulatory compliance. Effective IT risk management is important for businesses to address these challenges and support overall enterprise risk management and business objectives. The document outlines an "IT Risk Universe" framework that identifies 11 key risk categories including security, resilience, data, and strategy alignment that companies can use to assess their IT risk exposure. How much a company relies on defensive IT versus offensive IT impacts the priorities for managing these IT risks.
Building control efficiency: Rationalization, optimization and redesign Vladimir Matviychuk
Increased government reporting requirements have forced those responsible for internal controls to do more. The global recession has required them to do more with less. While regulators press for accountability, investors press for performance. Now, those responsible for internal controls must now take charge by assessing their processes and tools, and execute on efforts to make them as efficient – and effective – as possible. Those able to optimize their controls will be more able to move past compliance toward improved performance and competitive advantage.
Organizations face increasing privacy challenges in 2011 due to factors such as:
1) Stricter privacy regulations and enforcement globally, with regulators planning expanded reach and tougher penalties.
2) Additional data breach notification requirements being adopted worldwide, requiring organizations to adapt processes.
3) Growing emphasis on governance, risk and compliance initiatives to better integrate privacy monitoring and reduce redundancies.
4) Issues around use of cloud computing and mobile devices, requiring organizations to implement controls over personal data use by third parties.
Overall organizations need robust strategies to proactively address evolving privacy requirements across diverse jurisdictions.
This document discusses the results of Ernst & Young's 2010 Global Information Security Survey. Some key findings include:
- 60% of respondents perceived an increase in risk due to new technologies like social media, cloud computing, and mobile devices.
- 46% planned to increase spending on information security.
- Increased workforce mobility and data leakage were significant challenges for many organizations.
- Many organizations are taking steps to address mobile security risks through policies, encryption, and identity management controls.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
CAKE: Sharing Slices of Confidential Data on BlockchainClaudio Di Ciccio
Presented at the CAiSE 2024 Forum, Intelligent Information Systems, June 6th, Limassol, Cyprus.
Synopsis: Cooperative information systems typically involve various entities in a collaborative process within a distributed environment. Blockchain technology offers a mechanism for automating such processes, even when only partial trust exists among participants. The data stored on the blockchain is replicated across all nodes in the network, ensuring accessibility to all participants. While this aspect facilitates traceability, integrity, and persistence, it poses challenges for adopting public blockchains in enterprise settings due to confidentiality issues. In this paper, we present a software tool named Control Access via Key Encryption (CAKE), designed to ensure data confidentiality in scenarios involving public blockchains. After outlining its core components and functionalities, we showcase the application of CAKE in the context of a real-world cyber-security project within the logistics domain.
Paper: https://doi.org/10.1007/978-3-031-61000-4_16
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Things to Consider When Choosing a Website Developer for your Website | FODUUFODUU
Choosing the right website developer is crucial for your business. This article covers essential factors to consider, including experience, portfolio, technical skills, communication, pricing, reputation & reviews, cost and budget considerations and post-launch support. Make an informed decision to ensure your website meets your business goals.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
3. Although companies worldwide have been dealing
with opportunistic cyber attacks for years, many
now find themselves the target of the advanced
persistent threat (APT), which is characterized by
more sophisticated and concentrated efforts. APT
attacks are focused on a single target, lasting until
they are in, and are meant to collect information
over a long period of time. They leave few signs of
their success, wanting to stay hidden for as long
as possible in order to acquire large amounts of
sensitive information.
The information targeted is specific. Attackers are not looking to just grab
anything they come across — the target is an organization’s valuable
intellectual property.
No single technology or process will stop the APT, and traditional security
methods are proving to be ineffective against these threats. While many
organizations are vulnerable to attack because they have under-invested in
security in the past, simply shoring up existing and conventional defenses is not
enough; new approaches and increased vigilance are required. Protecting against
these types of threats requires several layers of defense, knowledge of the threat,
and advanced skills to detect and react to ongoing and successful attacks.
• Recent high-profile attacks have gained the attention of many
executives of large, global companies.
• These attacks are sophisticated and targeted against specific
companies and often target specific employees to gain entry.
• The goal is unnoticed infiltration with a long-term presence to steal as
much information as possible.
• Countering these attacks is complex and must involve prevention,
detection and response.
• We are not aware of any organizations that have successfully stopped
these threats. Smart organizations focus on effective detection and
fast response.
• It takes time to develop a mature program.
• The threat landscape is changing, risks are increasing and companies
need to change their mind-set and approach toward information
security (i.e., establish a “new normal”).
Insights on IT risk | March 2011 1
4. The evolving threat landscape
Despite its roots as a collaboration between defense and research, the early internet was a place where users trusted each other. Bad
behavior was generally more mischief than attack, and it typically was motivated by challenge or glory. But as the internet grew, it
eventually came to resemble the real world, containing friends and business associates, playgrounds and workplaces, and good guys and
bad guys.
Today’s internet serves as critical infrastructure for both Recent high-profile attacks against several enterprises have
government and commerce, and it has attracted a new class been a wake-up call for organizations and information security
of attacker. State-sponsored entities are now targeting specific professionals alike in recognizing this new level of threat.
organizations, as opposed to the more opportunistic attacks that
we’ve seen in the past. If one attack fails, another one will be tried
— again and again. This persistent nature makes these groups more
dangerous and defenses against them more important than ever.
Threat — target landscape
Unsophisticated attackers; Increasing sophistication and
targets are anyone with a organization; criminally Corporate espionage Advanced persistent threat
vulnerability motivated
Risk
Resources and sophistication of attacks
“Hobbyists” Organized crime Corporate espionage Advanced persistent threat (APT)
► Fun ► Criminal intent ► Economically motivated ► Long-term pattern of targeted,
► Challenge ► More coordinated attacks ► Theft of intellectual sophisticated attacks aimed at
► Financially motivated (e.g., theft property governments, companies and
of credit card numbers for use political activists
or sale) ► Politically and economically
motivated
► Well-funded, sophisticated
resources
2 Insights on IT risk | March 2011
5. The evolving threat landscape
Two main types of threats have established themselves: the opportunistic threat and the continuous and orchestrated APT. While the
results may be similar — infiltration, unauthorized access and theft — the motivation behind each is entirely different.
Opportunistic threats: Opportunistic threats may be motivated Advanced persistent threat: The APT collects information from a
financially, or simply by a desire for vandalism, but they strike at specific group of organizations. The population of target victims has
the softest targets available. Often initiated by simple vulnerability clearly grown over the last several years, and the attackers will use
scanning, access to stolen passwords or discovery of misconfigured any means possible to exploit the target. The APT is characterized
applications, the attacks are usually indiscriminate and strike once by substantial reconnaissance to identify individuals within the
and move on. Denial of service attacks, web defacement and even organization, long periods of persistence (measured in years) and a
the theft of financial information are types of opportunistic threats. desire to remain undetected for as long as possible.
Who is a target?
Originally, the APT targeted military and government entities before moving to softer targets that had military or intelligence value —
namely western defense contractors. More recently, the APT has expanded to a new set of targets, including manufacturing, financial,
energy and high-tech engineering companies. We have assisted numerous APT victims that are not defense contractors, but produce
technology with an economic value — particularly to developing nations. The APT targets any company with useful intellectual property.
Target industries Motivation
• Theft of intellectual property (e.g., equipment test data)
Government contractors
• Theft of government classified information
• Theft of intellectual property to bring competing products to market with less R&D time and investment
Technology providers
• Theft of corporate secrets to gain competitive advantage in negotiating contract and buying terms
• Theft of intellectual property to bring competing products to market with less R&D time and investment
Manufacturing
• Theft of corporate secrets to gain competitive advantage in negotiating contract and buying terms
Any organization with intellectual property that would be
useful in a growing economy is a potential target of the APT.
Insights on IT risk | March 2011 3
6. Countering the evolving threat landscape
Drive security strategy based on the “new normal”
Given the continuous and persistent threat posed by the new wave of attack channels and malicious actors, now is the time for businesses
to establish a “new normal,” i.e., instill a new mind-set and approach into driving the organization’s security strategy.
Traditional approach The new normal
Response to security incidents • Organizations must answer the questions “what?” and “why?”. Start with a threat-centric analysis by
limited to the “how?” (“How understanding the attacker, and therefore identifying what data the attacker wants to collect.
did the attacker get into the • Start by focusing your protection, detection and response efforts around this highest-risk data.
network?”)
Assumption that the corporate • It should be assumed that there are pockets of the corporate infrastructure that have already been infiltrated.
infrastructure is secure until • This shift in mind-set will drive an intelligence-based approach that is necessary to build a solid strategy to
evidence is presented to prove identify and combat the continuous threat of the new wave of malicious actors.
otherwise • Develop detection mechanisms that go beyond AV (antivirus) and IDS (intrusion detection systems), and
proactively seek evidence of compromise.
Outcome of projects in the • Well-trained, expert incident detection and response staff provide a defense against today’s complex threats.
security portfolio is based on the Ongoing security efforts must continuously incorporate actionable intelligence from the threat team to engineer
procurement and deployment of and fine-tune automation achieved by assessment and identification tools.
security tools • Projects in the security portfolio must be justifiable based on results presented by the threat team.
“Red Team” is another term for Red Teams add new value when used to validate existing detection and response mechanisms. When conducted
the capability to counter routine regularly, they can serve as a gauge for effectiveness and a way to measure improvement.
attack and penetration • The scope of Red Team activities should go beyond technical assets to include the protection of high-risk
personnel and executives.
• Red Team efforts must not be hindered by corporate bureaucracy. Executive leadership should grant Red Team
activities greater autonomy to investigate, assess and respond to critical events and suspicious activity.
Emerging attack vectors are an The tactics used by the more sophisticated attackers are increasingly geared toward channels that bypass perimeter
academic endeavor controls. These tactics are no longer an academic projection of the future but a current reality. As such, the following
should be included in the portfolio of security projects:
• Hardening of web browser, laptop and mobile device configurations, especially for high-risk personnel, including
executives.
• Further enhancement of application security assessment and developer training efforts, incorporating emerging
attack vectors that aim to create channels to bypass perimeter controls.
• A solid approach to security controls and monitoring of cloud applications and services.
4 Insights on IT risk | March 2011
7. Countering the evolving threat landscape
Disconnection from internet
Advanced
Sensitive data “airgapped”
Counterintelligence operation
Outbound gateway consolidation PC virtualization
Threat level
Intermediate
Proprietary email scanning Sensitive data/networks segregated
Proxy authentication
Constant phishing simulation
Improved access control
Refocused patching and configuration management efforts
Searchable event repository
Basic
Network instrumentation
Build incident response capability
Degree of response
The new normal
• Organizations should strive to identify why particular elements of the business are of interest to the enemy.
• It should be assumed that there are pockets of the corporate infrastructure that have already been infiltrated.
• Red Team efforts must not be hindered by corporate bureaucracy. Executive leadership should grant Red Team activities greater
autonomy to investigate, assess and respond to critical events and suspicious activity.
• The tactics used by the more sophisticated attackers are increasingly geared toward channels that bypass perimeter controls.
These tactics are no longer an academic projection of the future, but a current reality.
Insights on IT risk | March 2011 5
8. An example of an APT attack
A recent APT attack analyzed by Ernst & Young was executed in • Compromising a user’s social network credentials
two parts: 1. malicious software (malware) download and 2. hidden (e.g., MySpace, Facebook, LinkedIn), by posting URLs or
execution. The malicious code exploited an unknown vulnerability in TinyURLs that encourage friends to go to that link
the Internet Explorer web browser known as a zero-day exploit. The The number of methods to induce a user to click on a link is limited
nefarious aspect of a zero-day exploit is that traditional signature- only by the creativity of the attackers.
based antivirus tools are unable to pick up the attack because
attackers test their malware against commercial packages. To load Once the malware is in, it can take on different forms and functions.
the malware, attackers rely on end users clicking on a hyperlink or In the example attack, it morphed and split itself into the final
opening an attachment in which the browser is forced to download version of the malware, maintaining itself in an encrypted form
the malware. While the company did not detail how the payload until it needed to be executed. The basic function of the malware
was delivered, this part of the attack can be achieved in a number in this attack was similar to previous APTs: creation of a backdoor
of ways: communications channel to the attacker’s home systems over an
encrypted channel, retransformation of the malware, duplication,
• Using specifically crafted emails (phishing or spear-phishing) to search of the enterprise and remote removal of targeted
entice a recipient to click on a link in the message or open an information.
attachment
What should be noticed is that while the payload itself is advanced
• Embedding hyperlinks (URLs) in instant messaging
and extremely sophisticated, the means by which the malware is
conversations
inserted into the environment is not. Phishing, social engineering,
• Compromising a website and replacing legitimate links with hacking a website and user credential theft were all issues long
links that now contain the malware before the APT appeared.
• Spoofing a website either by using a similar name (famous
example: whitehouse.com instead of whitehouse.gov) or by
hacking a victim’s DNS server such that legitimate hyperlinks
now point to the attacker’s server
How does the attack unfold?
Reconnaissance Attack Run malware Pivot Exfiltrate
• Recent conference • Phishing email • Add new accounts • Use stolen • Log onto target
attendees • Vulnerability scan • Increase accounts to system remotely,
• Executive permissions strengthen using stolen
• Removable media foothold credentials
How?
biographies • Install back door
• Web application • Attack newly • Package data in
• Previously stolen • Exfiltrate SAM file
emails discovered password-protected
• Install scanning vulnerable devices archives
tools and scan • Exfiltrate data to
intermediate servers
via company proxies
• The APT probably • Although initial • From this point • The APT will lie • Malware is usually
knows which users attacks are forward, APT low and pivot as not on the target
Challenge
hold sensitive data sophisticated, they can and will be needed. They devices.
better than you are not frequently using legitimate will re-establish • Exfiltration is
do. needed. accounts. IDS footholds if they staged carefully
or AV will be detect their and executed very
oblivious. presence is in quickly.
• Malware can sleep jeopardy.
to avoid detection.
6 Insights on IT risk | March 2011
9. Ernst & Young’s incident response services
Ernst & Young has proven experience in handling advanced threats and building incident response capability. We assist clients in building a
sustainable in-house capability to plan for, protect against, detect and respond to cybersecurity incidents, and we provide investigation and
remediation services in the event of a breach.
We offer a proactive APT assessment to evaluate vulnerability to common APT attack vectors and to identify whether an APT or malware
attack has occurred.
• Assess environment
• Identify and remediate gaps
• Develop incident response plan
Plan
• Computer Incident Response
• Harden environment
Team (CIRT) staffed and
• Improve authentication
trained
t i d
• Manage privileged accounts
• CIRT chartered with authority Respond Protect • Limit unnecessary
to drive response
communication
• Response and remediation
• Potentially reduce user
cycle times are measured
privileges
Detect
D t t
• Network security monitoring program
in place — not just IDS
• Key network egress points monitored
• L
Logs archived and analyzed
hi d d l d
• Key host information collected
Next steps Page 1 Useful PowerPoint graphics
Given the continuous and persistent threat posed by the new If you think that you may be the target of an APT, consider the
wave of attack channels and malicious entities, now is the time actions you should take. Remember that your security program
for businesses to establish a “new normal,” that is, to instill a new needs to include elements to protect against these threats, detect
mind-set and approach toward the organization’s security strategy. an ongoing or successful attack, and be able to effectively respond
Organizations need to better understand the threats and their to the attack. Given the nature of the APT, no one control or
potential risks (e.g., are they a likely target for an APT or just an countermeasure is likely to be effective; a defense-in-depth strategy
opportunistic threat?). Based on a better understanding of their is paramount.
risks, companies should examine their current security strategy,
Finally, if you are a high-risk organization, take action as if you
controls, and maturity of controls to determine their gaps and
have been compromised. Given the ability of APT malware to evade
weaknesses. This may seem like an obvious first step, but recent
normal prevention and detection mechanisms, if you haven’t taken
experience shows that many companies have defined their security
specific measures to protect yourself, you may already be a victim
programs and required controls based on compliance requirements
and not know it.
as opposed to risk. A compliance-driven approach to security may
not only increase cost due to repetition of activities, but the core
notion of reducing enterprise risk is often absent. Organizations
that merely focus on third-party requirements and regulations
in lieu of a holistic approach to business risk end up driving
compliance, not security.
Insights on IT risk | March 2011 7
10. Why Ernst & Young?
Ernst & Young is the most globally integrated professional services Our IT risk and assurance professionals assist clients to use
organization in the world, with more than 141,000 professionals technology to achieve a competitive advantage. They advise
working in 41 countries. World-renowned for our assurance, tax, on how to make IT more efficient and how to manage the risks
transaction and business advisory services, Ernst & Young is also a associated with running IT operations. They focus on helping clients
global leader in the field of information technology risk and security. improve and secure their technology so that it serves the business
effectively and enhances results: this includes several focused
For more than 20 years, our clients have benefited from an
competency groups, including application controls and security,
extensive portfolio of professional services in assessment,
third-party reporting and IT risk advisory.
remediation, design and implementation of effective enterprise
security services. Ernst & Young brings together an unparalleled Our privacy advisors assist clients with enabling the governance,
team of highly experienced industry, security, privacy and risk risk and compliance efforts related to the use of personal
management professionals, to meet the complex needs of some information, assessing enterprise privacy risk, leading privacy
of the most data-intensive organizations in the world. We have internal audits and inventorying the use of personal information in
developed proven industry leading methods, tools and resources to business processes, technologies and third parties.
address our clients’ information risk management challenges and to
Our Information Security practice offers a wide range of
support the ongoing security, integrity and availability of our client’s
management, assessment and improvement services. Our
information assets and processes.
targeted security services help our clients maintain the appropriate
As a large established professional services organization, alignment between their security, IT and business strategies,
Ernst & Young’s name and experience lend weight to each project enabling them to maintain their focus on their business needs while
we undertake: we provide a broad business risk perspective that will addressing their security and risk issues.
enhance a project’s value with your senior management and your
audit committee.
Companies choose to work with us because of our intense
client focus, and our deep technical and sector-based business
knowledge. We have earned a reputation as a leading innovator
because we invest heavily in our people, our processes and in our
technology capabilities.
8 Insights on IT risk | March 2011
11. Contacts
Global
Norman Lonergan +44 20 7980 0596 norman.lonergan@uk.ey.com
(Advisory Services Leader, London)
Paul van Kessel +31 88 40 71271 paul.van.kessel@nl.ey.com
(IT Risk and Assurance Services Leader, Amsterdam)
Advisory Services
Robert Patton +1 404 817 5579 robert.patton@ey.com
(Americas Leader, Atlanta)
Andrew Embury +44 20 7951 1802 aembury@uk.ey.com
(Europe, Middle East, India and Africa Leader, London)
Doug Simpson +61 2 9248 4923 doug.simpson@au.ey.com
(Asia-Pacific Leader, Sydney)
Naoki Matsumura +81 3 3503 1100 matsumura-nk@shinnihon.or.jp
(Japan Leader, Tokyo)
IT Risk and Assurance Services
Bernie Wedge +1 404 817 5120 bernard.wedge@ey.com
(Americas Leader, Atlanta)
Paul van Kessel +31 88 40 71271 paul.van.kessel@nl.ey.com
(Europe, Middle East, India and Africa Leader, Amsterdam)
Troy Kelly +85 2 2629 3238 troy.kelly@hk.ey.com
(Asia-Pacific Leader, Hong Kong)
Giovanni Stagno +81 3 3503 1100 stagno-gvnn@shinnihon.or.jp
(Japan Leader, Chiyoda-ku)
Insights on IT risk | March 2011 9