Uploaded byJose L. Quiñones-Borrero
Security and Compliance Panel at the PR TechSummit 2013
Verizon's 2013 Data Breach Report found that 76% of network intrusions exploit weak or stolen credentials, 84% of compromises take minutes or hours, and 66% of breaches lie undiscovered for months. The 2013 Mandiant Report identified the Chinese military group PLA Unit 61398 as the most prolific hacking group and documented the longest persistent attack at 4 years and 10 months. The discussion addressed how to make compliance more effective, get ahead of organized cyber crime, defend against advanced persistent threats from nation states, and whether active defense through hacking back is possible.
More Related Content
Similar to Security and Compliance Panel at the PR TechSummit 2013
Security and Compliance Panel at the PR TechSummit 2013
- 2. Information Security and Compliance JoséL. Quiñones, BS MCSA, MCT, C|EH, C|EI, GCIH, GPEN, RHCSA University of Puerto Rico – School of Medicine Obsidis Consortia, Inc.
- 3. Panelists Andres Colón-Pérez Office ofManagement and Budget Arturo Geigel Office of Management and Budget Carlos Pérez-Otero Tenable Network Security Deoscoidy Sánchez Department of the Treasury
- 4. Verizon's 2013 DataBreach Report • “76% of network intrusions exploit weak or stolen credentials." • “84% of compromises take minutes or hours.." • “66% of breaches lie undiscovered for months, increasing the potential damage.” • “69% of breaches are discovered by external parties” • “37% of breaches affect financial organizations”
- 5. 2013 Mandiant Report •The PLA Unit 61398 is identified by the report as the most prolific hacking group inside the Chinese government. • The longest persistent attack documented by Mandiant lasted 4 years and 10 months.
- 6. Compliance • Considering thechecklist syndrome that is affecting the compliance industry. –What do your think it should be the role of compliance in today’s enterprise and we can make it effective?
- 7. Information Security • Consideringthat organize crime has develop a working model for its business with financial fraud and theft, –What can the government and private sector do to get ahead in the game?
- 8. APT • Evidence suggeststhat other nation states have cyber corps dedicated to IP theft and industrial espionage, –How can we defend our selves for APT attacks?
- 9. Active Defense • Mostsecurity solutions today are reactive in nature, we wait for something to happen to react accordingly. –Can we engage in active defense, hacking back or retribution against an attacker?
- 10.
- 11.
Editor's Notes
- #5 47,000(+) reported security incidents, 621 confirmed data breaches and at least 44 million compromised records in 201238% of breaches impacted larger organizations and 37% of breaches affect financial organizations (PCI) 10% or greater increase from last year’s report76% of network intrusions exploited weak or stolen credentials52% of breaches used some form of hacking78% of initial intrusions rated as low difficulty66% of breaches took months or more to discover69% of breaches are discovered by external parties
- #10 Case: Jerome Heckenkamp, (eBay Hacker)Callback Word documentsNova for easy honeypot deploymentHoneybadger to geolocate attackersHoneyportsInfinitely recursive web directories