Uploaded byashishsinghion85
PPTX, PDF7 views

Security_Trends_-_Johnson.ppt pdf download

The document discusses the rising importance of information security due to increased data breaches, customer demand for security assurance, and regulatory requirements. It highlights that in 2016, there were 1,093 recorded data breaches and outlines key threats such as ransomware and phishing attacks. Additionally, it emphasizes the necessity of robust incident response planning and strategic security measures to mitigate risks.

Embed presentation

Download to read offline
©2017 RSM US LLP. All Rights Reserved. ©2017 RSM US LLP. All Rights Reserved. SECURITY TRENDS Breaches and the Cyber-Threat Landscape April 21, 2017
©2017 RSM US LLP. All Rights Reserved. Agenda • Current Landscape & Challenges • What Happens During a Breach • Implementing the Security Change
©2017 RSM US LLP. All Rights Reserved. The Rising Criticality of Information Security In the current economic, political, and social landscape addressing security has becoming a core necessity for most organizations: Customers are demanding higher levels of security assurance as concerns about privacy and identity theft rise. Business partners, suppliers, and vendors are requiring assurance from one another, particularly when providing mutual network and information access. Espionage through the use of networks to gain competitive intelligence and to extort organizations is becoming more prevalent. National and international regulations are calling for organizations to demonstrate due care with respect to security. 3 “Information is the oxygen of the modern age. It seeps through the walls topped by barbed wire, it wafts across the electrified borders.” — Ronald Reagan The Guardian, June 14, 1989
©2017 RSM US LLP. All Rights Reserved. Breaches Are On The Rise In 2016, there were 1,093 recorded data breaches Source: http://www.idtheftcenter.org/2016databreaches.html 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 0 200 400 600 800 1000 1200 321 446 656 498 662 421 471 614 783 780 1093 Reported Breaches by Year
©2017 RSM US LLP. All Rights Reserved. High Profile Hacks May 2016 Kansas Heart Hospital ransomware attack Oct. 21 DDoS against Dyn, disrupting Internet services (known as “The Day The Internet Died”) Nov. 28 San Francisco transit hackers disrupted the ability to collect fares Jan. 19 Password leaks of 14 appointees of the Trump Administration Feb. 7 IHG breach to 12 properties, malware active Aug.-Dec. 2016 Feb. 15 Bingham County, Idaho ransomware attack Mar. 22 America’s Job Link Alliance – Kansas Works breach, personal data, SSN, and birth dates stolen FireEye: average time to detect a breach is 146 days, down from 205
©2017 RSM US LLP. All Rights Reserved. Bingham County Case Study • Hit with ransomware on Feb. 15, 2017 • Done through brute force password attempts until they had admin access • Hackers demanded $25-30K in bitcoins • County chose not to pay and used backups to restore • Two servers still infected • March 1, negotiated 3 bitcoins ($3,500) with the hackers • Received the decryption key Source: https://www.eastidahonews.com/2017/03/bingham-county-pays-ransom-release-encrypted-servers/
©2017 RSM US LLP. All Rights Reserved. Security Statistics Quick Hits Compiled from: - NetDiligence/RSM 2016 Annual Cyber Claims Study State and local governments are an attractive target
©2017 RSM US LLP. All Rights Reserved. Key Threats • Advanced Persistent Threats (APTs) • Ransomware • Malvertising • Zero Day Attacks • Phishing Attacks & Social Engineering • Attacks on Cloud Systems • Mobile Security & Smartphone Vulnerability Threats (Wearables, IoT)
©2017 RSM US LLP. All Rights Reserved. Motivations Behind Cyber Attacks Source: Hackmageddon, http://www.hackmageddon.com/category/security/cyber-attack-statistics/ 9.2% 4.3% 72.4% 14.2% 0.1% 9.8% 2.4% 67.0% 20.8% 10.2% 2.5% 62.3% 24.9% 2014 2015 2016  Cyber Crime  Hacktivism  Cyber Espionage  Cyber Warfare Legend  N/A
©2017 RSM US LLP. All Rights Reserved. Case Study • Attacks are generally carried out in four stages • These four stages are often referred to as “The Breach Quadrilateral” • Controls must be deployed within the environment that impede your adversary at each stage of the breach cycle • Typical defensive focus is on the infiltration stage, but attackers are often most skilled in this area • Successful defense is often tied to controls in the later three Infiltration Propagation Aggregation Exfiltration
©2017 RSM US LLP. All Rights Reserved. A Breach – Attack View 1. Attacker scans and attempts exploitation, but fails 2. Attacker utilizes social engineering against a selected population 3. Victim(s) fall for the ruse allowing attacker to enter the environment 4. Attacker leverages user/system access to spread to other systems 5. Attacker consolidates loot (data, passwords, bank access, etc.) 6. Attacker sends data back out of environment Attacker Affected User 2 3 1 Social Engineering Targets 4 5 Command & Control & Data Staging Server 6 Firewall Corporate Network 74% of targeted attack attempts use email as a vector Infiltration Propagation Aggregation Exfiltration
©2017 RSM US LLP. All Rights Reserved. A Breach – Corrective View 1. Blacklist attacker, add offending IP to custom IDS/SIEM alerts 2. Rapid removal of emails, add embedded outbound IP to alerts, analyze malware from attachments/website, and add custom AV alert 3. Isolate/rebuild systems, password resets for affected users 4. Mass password resets, network isolation, limitation to data stores 5. Emergency DLP scans, system/network isolation, enhanced logging 6. Emergency exfiltration changes, retroactive analysis of offending internal and external IPs, initiation of full breach response process Attacker Affected User 2 3 1 Social Engineering Targets 4 5 Command & Control & Data Staging Server 6 Firewall Corporate Network Infiltration Propagation Aggregation Exfiltration
©2017 RSM US LLP. All Rights Reserved. Importance of Secure Network Design • Attack patterns are becoming more sophisticated • Excellent border security is not enough • Large number of recent high-profile incidents could have been prevented with better internal network security • Insider threats (whether intentional or accidental) pose a serious concern
©2017 RSM US LLP. All Rights Reserved. Incident Response Tabletop Exercises • Many organizations have developed an Incident Response (IR) Plan • A tabletop exercise allows for a test of the IR plan • An independent security group facilitates a notional breach that realistically could impact an organization • The scenario evaluates the effectiveness of the current IR plan • Discover interoperability within the organization • Identify gaps and areas of improvement
©2017 RSM US LLP. All Rights Reserved. Mitigation Planning • Know that the risks are real and aimed at your organization • Plan security strategically • Review existing security policies; may require revisions • Cyber awareness training and test it • Regular security assessments aimed at improving the security team • Consider if moving to the cloud would be improved security • Plan your response to a breach and test your IR plan
©2017 RSM US LLP. All Rights Reserved. This document contains general information, may be based on authorities that are subject to change, and is not a substitute for professional advice or services. This document does not constitute audit, tax, consulting, business, financial, investment, legal or other professional advice, and you should consult a qualified professional advisor before taking any action based on the information herein. RSM US LLP, its affiliates and related entities are not responsible for any loss resulting from or relating to reliance on this document by any person. RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent audit, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit rsmus.com/aboutus for more information regarding RSM US LLP and RSM International. RSM® and the RSM logo are registered trademarks of RSM International Association. The power of being understood® is a registered trademark of RSM US LLP. © 2017 RSM US LLP. All Rights Reserved. RSM US LLP 4801 Main St., Ste. 400 Kansas City, MO 64112 +00 (1) 800 274 3978 www.rsmus.com Security & Privacy Risk & Advisory Services rex.Johnson@rsmus.com Rex Johnson Director

More Related Content

PPTX
ACEDS-ACFCS Cybersecurity Webcast
byLogikcull.com
 
PPTX
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
byRaffa Learning Community
 
PPTX
When a Data Breach Happens, What's Your Plan?
byEdge Pereira
 
PDF
Cyber security as a strategic imperative web
bySevenOf9
 
PPTX
Be More Secure than your Competition: MePush Cyber Security for Small Business
byArt Ocain
 
PDF
Cybersecurity: How to be Proactive
byBrown Smith Wallace
 
PPTX
Showreel ICSA Technology Conference
byInstitute of Chartered Secretaries and Administrators
 
PPTX
Selling security to the C-level
byDonald Tabone
 
ACEDS-ACFCS Cybersecurity Webcast
byLogikcull.com
 
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
byRaffa Learning Community
 
When a Data Breach Happens, What's Your Plan?
byEdge Pereira
 
Cyber security as a strategic imperative web
bySevenOf9
 
Be More Secure than your Competition: MePush Cyber Security for Small Business
byArt Ocain
 
Cybersecurity: How to be Proactive
byBrown Smith Wallace
 
Showreel ICSA Technology Conference
byInstitute of Chartered Secretaries and Administrators
 
Selling security to the C-level
byDonald Tabone
 

Similar to Security_Trends_-_Johnson.ppt pdf download

PDF
DATA BREACH LITIGATION HOW TO AVOID IT AND BE BETTER PREPARED
byPriyanka Aash
 
PDF
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
byEMC
 
PPTX
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
byAkramAlqadasi1
 
PPTX
SoCal HIMSS Privacy Security Webinar
byMarty Miller
 
PPTX
What is Information Security and why you should care ...
byJames Mulhern
 
PPTX
Assess risks to IT security.pptx
bylochanrajdahal
 
PDF
Today's Cyber Challenges: Methodology to Secure Your Business
byJoAnna Cheshire
 
PDF
Evidence-Based Security: The New Top Five Controls
byPriyanka Aash
 
PDF
Measures to Avoid Cyber-attacks
bySkillmine Technology Consulting
 
PDF
Measure To Avoid Cyber Attacks
bySkillmine Technology Consulting
 
PPSX
November 2017: Part 6
byseadeloitte
 
PDF
BEA Presentation
byGlenn E. Davis
 
PDF
Before the Breach: Using threat intelligence to stop attackers in their tracks
by- Mark - Fullbright
 
PDF
Information Security Risks - What You Can Do To Help Your Clients Avoid Costl...
byNet at Work
 
PDF
Seattle Tech4Good meetup: Data Security and Privacy
bySabra Goldick
 
PDF
Event Presentation: Cyber Security for Industrial Control Systems
byInfonaligy
 
PDF
Anatomy of a cyber attack
byMark Silver
 
PDF
Top Security Challenges Facing Credit Unions Today
byChris Gates
 
PPTX
I’ve Been Hacked  The Essential Steps to Take Next
byBrian Pichman
 
PDF
ScotSecure Cyber Security Summit 2025 Edinburgh
byRay Bugg
 
DATA BREACH LITIGATION HOW TO AVOID IT AND BE BETTER PREPARED
byPriyanka Aash
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
byEMC
 
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
byAkramAlqadasi1
 
SoCal HIMSS Privacy Security Webinar
byMarty Miller
 
What is Information Security and why you should care ...
byJames Mulhern
 
Assess risks to IT security.pptx
bylochanrajdahal
 
Today's Cyber Challenges: Methodology to Secure Your Business
byJoAnna Cheshire
 
Evidence-Based Security: The New Top Five Controls
byPriyanka Aash
 
Measures to Avoid Cyber-attacks
bySkillmine Technology Consulting
 
Measure To Avoid Cyber Attacks
bySkillmine Technology Consulting
 
November 2017: Part 6
byseadeloitte
 
BEA Presentation
byGlenn E. Davis
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
by- Mark - Fullbright
 
Information Security Risks - What You Can Do To Help Your Clients Avoid Costl...
byNet at Work
 
Seattle Tech4Good meetup: Data Security and Privacy
bySabra Goldick
 
Event Presentation: Cyber Security for Industrial Control Systems
byInfonaligy
 
Anatomy of a cyber attack
byMark Silver
 
Top Security Challenges Facing Credit Unions Today
byChris Gates
 
I’ve Been Hacked  The Essential Steps to Take Next
byBrian Pichman
 
ScotSecure Cyber Security Summit 2025 Edinburgh
byRay Bugg
 

Recently uploaded

PDF
Chapter 05 Drugs Acting on the Central Nervous System: Anticonvulsant (Antiep...
bySandeshSul
 
PPTX
Problem and Solution (PowerPoint Game Template)
byacpaulite
 
PDF
Judgement Regarding Land Acquisition Act not Applicable to Encroachers.pdf
byssuser9d8e4e
 
PPTX
A Memory of Two Mondays by Arthur Miller
byDhatriParmar
 
PPTX
Plato's Insight model teaching and learning.pptx
byNikhitaDS
 
PPTX
PRE TERM LABOR ( PREMATURE LABOUR IN PREGNANCY)
byMuthu Kumar
 
PPTX
Renal Physiology- Functional anatomy of Kidney.pptx
byDisha Soriya
 
PDF
"Perfection of a Kind": A New Critical Reading of W.H. Auden’s Epitaph on a T...
byKruti Vyas
 
PPTX
Greengnorance Toolkit Module 6 Water Resources
byKarl Donert
 
PPTX
Drug acting on ANS.pptx (Drug acts on Sympathetic and parasympathetic NS)
byManarat International University
 
PPTX
Greengnorance Toolkit Module 5 Waste Management
byKarl Donert
 
PPTX
How to perform product search based on a custom field from the Website Shop p...
byCeline George
 
PPTX
WEEK 2 (2).pptx TLE COOKERY 10 QUARTER 4
byResynFayeCortez2
 
PDF
Family and Marriage __ Sociology __ Jhasketan Kuanar __ NURSING VIBE ONLY .pdf
byJK NURSING VIBES ONLY JHASKETAN KUANAR
 
PDF
Nursing care plan for Vomiting /B.Sc nsg
byDr. Sudhadevi Sadanandan
 
PDF
Art, Memory, and Modernity: A Study of W. H. Auden’s In Memory of W. B. Yeats
bypriyarathod315
 
PDF
Workshop 29 Crystal Review All Students by YogiGoddess
by©LDMMIA, ©Reiki Yoga
 
PPTX
How to Create_Generate Engineering Change Orders ECOs in Odoo 18
byCeline George
 
PPT
Synthesis Repertory.ppt,Repertorium Homoepathicum syntheticum
byDr Dhwanika Dhagat
 
PPTX
Renal Physiology- Juxtaglomerular Apparatus.pptx
byDisha Soriya
 
Chapter 05 Drugs Acting on the Central Nervous System: Anticonvulsant (Antiep...
bySandeshSul
 
Problem and Solution (PowerPoint Game Template)
byacpaulite
 
Judgement Regarding Land Acquisition Act not Applicable to Encroachers.pdf
byssuser9d8e4e
 
A Memory of Two Mondays by Arthur Miller
byDhatriParmar
 
Plato's Insight model teaching and learning.pptx
byNikhitaDS
 
PRE TERM LABOR ( PREMATURE LABOUR IN PREGNANCY)
byMuthu Kumar
 
Renal Physiology- Functional anatomy of Kidney.pptx
byDisha Soriya
 
"Perfection of a Kind": A New Critical Reading of W.H. Auden’s Epitaph on a T...
byKruti Vyas
 
Greengnorance Toolkit Module 6 Water Resources
byKarl Donert
 
Drug acting on ANS.pptx (Drug acts on Sympathetic and parasympathetic NS)
byManarat International University
 
Greengnorance Toolkit Module 5 Waste Management
byKarl Donert
 
How to perform product search based on a custom field from the Website Shop p...
byCeline George
 
WEEK 2 (2).pptx TLE COOKERY 10 QUARTER 4
byResynFayeCortez2
 
Family and Marriage __ Sociology __ Jhasketan Kuanar __ NURSING VIBE ONLY .pdf
byJK NURSING VIBES ONLY JHASKETAN KUANAR
 
Nursing care plan for Vomiting /B.Sc nsg
byDr. Sudhadevi Sadanandan
 
Art, Memory, and Modernity: A Study of W. H. Auden’s In Memory of W. B. Yeats
bypriyarathod315
 
Workshop 29 Crystal Review All Students by YogiGoddess
by©LDMMIA, ©Reiki Yoga
 
How to Create_Generate Engineering Change Orders ECOs in Odoo 18
byCeline George
 
Synthesis Repertory.ppt,Repertorium Homoepathicum syntheticum
byDr Dhwanika Dhagat
 
Renal Physiology- Juxtaglomerular Apparatus.pptx
byDisha Soriya
 

Security_Trends_-_Johnson.ppt pdf download

  • 1.
    ©2017 RSM USLLP. All Rights Reserved. ©2017 RSM US LLP. All Rights Reserved. SECURITY TRENDS Breaches and the Cyber-Threat Landscape April 21, 2017
  • 2.
    ©2017 RSM USLLP. All Rights Reserved. Agenda • Current Landscape & Challenges • What Happens During a Breach • Implementing the Security Change
  • 3.
    ©2017 RSM USLLP. All Rights Reserved. The Rising Criticality of Information Security In the current economic, political, and social landscape addressing security has becoming a core necessity for most organizations: Customers are demanding higher levels of security assurance as concerns about privacy and identity theft rise. Business partners, suppliers, and vendors are requiring assurance from one another, particularly when providing mutual network and information access. Espionage through the use of networks to gain competitive intelligence and to extort organizations is becoming more prevalent. National and international regulations are calling for organizations to demonstrate due care with respect to security. 3 “Information is the oxygen of the modern age. It seeps through the walls topped by barbed wire, it wafts across the electrified borders.” — Ronald Reagan The Guardian, June 14, 1989
  • 4.
    ©2017 RSM USLLP. All Rights Reserved. Breaches Are On The Rise In 2016, there were 1,093 recorded data breaches Source: http://www.idtheftcenter.org/2016databreaches.html 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 0 200 400 600 800 1000 1200 321 446 656 498 662 421 471 614 783 780 1093 Reported Breaches by Year
  • 5.
    ©2017 RSM USLLP. All Rights Reserved. High Profile Hacks May 2016 Kansas Heart Hospital ransomware attack Oct. 21 DDoS against Dyn, disrupting Internet services (known as “The Day The Internet Died”) Nov. 28 San Francisco transit hackers disrupted the ability to collect fares Jan. 19 Password leaks of 14 appointees of the Trump Administration Feb. 7 IHG breach to 12 properties, malware active Aug.-Dec. 2016 Feb. 15 Bingham County, Idaho ransomware attack Mar. 22 America’s Job Link Alliance – Kansas Works breach, personal data, SSN, and birth dates stolen FireEye: average time to detect a breach is 146 days, down from 205
  • 6.
    ©2017 RSM USLLP. All Rights Reserved. Bingham County Case Study • Hit with ransomware on Feb. 15, 2017 • Done through brute force password attempts until they had admin access • Hackers demanded $25-30K in bitcoins • County chose not to pay and used backups to restore • Two servers still infected • March 1, negotiated 3 bitcoins ($3,500) with the hackers • Received the decryption key Source: https://www.eastidahonews.com/2017/03/bingham-county-pays-ransom-release-encrypted-servers/
  • 7.
    ©2017 RSM USLLP. All Rights Reserved. Security Statistics Quick Hits Compiled from: - NetDiligence/RSM 2016 Annual Cyber Claims Study State and local governments are an attractive target
  • 8.
    ©2017 RSM USLLP. All Rights Reserved. Key Threats • Advanced Persistent Threats (APTs) • Ransomware • Malvertising • Zero Day Attacks • Phishing Attacks & Social Engineering • Attacks on Cloud Systems • Mobile Security & Smartphone Vulnerability Threats (Wearables, IoT)
  • 9.
    ©2017 RSM USLLP. All Rights Reserved. Motivations Behind Cyber Attacks Source: Hackmageddon, http://www.hackmageddon.com/category/security/cyber-attack-statistics/ 9.2% 4.3% 72.4% 14.2% 0.1% 9.8% 2.4% 67.0% 20.8% 10.2% 2.5% 62.3% 24.9% 2014 2015 2016  Cyber Crime  Hacktivism  Cyber Espionage  Cyber Warfare Legend  N/A
  • 10.
    ©2017 RSM USLLP. All Rights Reserved. Case Study • Attacks are generally carried out in four stages • These four stages are often referred to as “The Breach Quadrilateral” • Controls must be deployed within the environment that impede your adversary at each stage of the breach cycle • Typical defensive focus is on the infiltration stage, but attackers are often most skilled in this area • Successful defense is often tied to controls in the later three Infiltration Propagation Aggregation Exfiltration
  • 11.
    ©2017 RSM USLLP. All Rights Reserved. A Breach – Attack View 1. Attacker scans and attempts exploitation, but fails 2. Attacker utilizes social engineering against a selected population 3. Victim(s) fall for the ruse allowing attacker to enter the environment 4. Attacker leverages user/system access to spread to other systems 5. Attacker consolidates loot (data, passwords, bank access, etc.) 6. Attacker sends data back out of environment Attacker Affected User 2 3 1 Social Engineering Targets 4 5 Command & Control & Data Staging Server 6 Firewall Corporate Network 74% of targeted attack attempts use email as a vector Infiltration Propagation Aggregation Exfiltration
  • 12.
    ©2017 RSM USLLP. All Rights Reserved. A Breach – Corrective View 1. Blacklist attacker, add offending IP to custom IDS/SIEM alerts 2. Rapid removal of emails, add embedded outbound IP to alerts, analyze malware from attachments/website, and add custom AV alert 3. Isolate/rebuild systems, password resets for affected users 4. Mass password resets, network isolation, limitation to data stores 5. Emergency DLP scans, system/network isolation, enhanced logging 6. Emergency exfiltration changes, retroactive analysis of offending internal and external IPs, initiation of full breach response process Attacker Affected User 2 3 1 Social Engineering Targets 4 5 Command & Control & Data Staging Server 6 Firewall Corporate Network Infiltration Propagation Aggregation Exfiltration
  • 13.
    ©2017 RSM USLLP. All Rights Reserved. Importance of Secure Network Design • Attack patterns are becoming more sophisticated • Excellent border security is not enough • Large number of recent high-profile incidents could have been prevented with better internal network security • Insider threats (whether intentional or accidental) pose a serious concern
  • 14.
    ©2017 RSM USLLP. All Rights Reserved. Incident Response Tabletop Exercises • Many organizations have developed an Incident Response (IR) Plan • A tabletop exercise allows for a test of the IR plan • An independent security group facilitates a notional breach that realistically could impact an organization • The scenario evaluates the effectiveness of the current IR plan • Discover interoperability within the organization • Identify gaps and areas of improvement
  • 15.
    ©2017 RSM USLLP. All Rights Reserved. Mitigation Planning • Know that the risks are real and aimed at your organization • Plan security strategically • Review existing security policies; may require revisions • Cyber awareness training and test it • Regular security assessments aimed at improving the security team • Consider if moving to the cloud would be improved security • Plan your response to a breach and test your IR plan
  • 16.
    ©2017 RSM USLLP. All Rights Reserved. This document contains general information, may be based on authorities that are subject to change, and is not a substitute for professional advice or services. This document does not constitute audit, tax, consulting, business, financial, investment, legal or other professional advice, and you should consult a qualified professional advisor before taking any action based on the information herein. RSM US LLP, its affiliates and related entities are not responsible for any loss resulting from or relating to reliance on this document by any person. RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent audit, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit rsmus.com/aboutus for more information regarding RSM US LLP and RSM International. RSM® and the RSM logo are registered trademarks of RSM International Association. The power of being understood® is a registered trademark of RSM US LLP. © 2017 RSM US LLP. All Rights Reserved. RSM US LLP 4801 Main St., Ste. 400 Kansas City, MO 64112 +00 (1) 800 274 3978 www.rsmus.com Security & Privacy Risk & Advisory Services rex.Johnson@rsmus.com Rex Johnson Director

Editor's Notes

  • #1 Title page to include presentation title/topic, speaker, date etc.
  • #3 Reagan quote – information is the oxygen of the modern era, really hard to contain and essential to everything we do customer data is compromised and it makes the headlines your brand and reputation are negatively affected by a security breach, resulting in a loss of investor and consumer confidence and loyalty sensitive intellectual property (such as trade secrets and new product information) is stolen by a competitor or made public your organization is found to be non-compliant with regulations (national, state, local) as they relate to the protection of information and information security your network goes down because of a security breach you can’t detect a security breach
  • #5 Mirai code that brought down several ISP IHG hack notable as the hack occurred over a five month period. FBI Attack - The hack happened by the exploitation of a zero-day vulnerability in the Plone CMS, according to a report by Hacker News. Since, Plone has denied that there was a zero-day vulnerability, yet released a security update on the 17th of January to “patch various vulnerabilities”. Bingham County - The ransomware attack delivered malware to the county servers that encrypted the data and made the computer systems inaccessible to county employees. Asked for $25-30K through BitCoin or Western Union. Topeka, America’s Job Link Allicance – including Kansas Works, was breached with data stolen that included personal information such as SSN and DOB. Job seekers in 10 states.
  • #8 The key threats today are under a number of different and more sophisticated attacks. As we chose to be more mobile, we open ourselves up to more risk.
  • #9 Cyber Crime is still, by far, the largest motivation behind a cyber attack Hactivism has declined over the past few years. Especially as organizations such as Anonymous have declined.
  • #10 Infiltration: Breaking In. Organizations often focus majority of their controls on this phase Identify and block attackers during initial “foot printing” and exploitation Never allow the attackers to gain the full access they need for later stages. Propagation: The bad guys are in. The most critical stage, but treated as an operations hygiene issue by most organizations. When properly constructed early responses can keep an issue as an “event” rather than an “incident” Most commonly missed component is the work to identify true issues rather than just symptoms. Aggregation: Accessing and collecting information. The stage where the issue transitions from an “event” to an “incident.” Depending on the law/regulation even if the data is not exfiltrated, attacker access is enough for a “breach” Corrective actions are focused on breaking access to data at the source or at the staging point, and/or the attacker’s ability to remove it from the environment. Exfiltration: Taking the information out of your environment. Exfiltration identification and blocking is your last chance control. Attack needs to export compromised data (intellectual property, PII, Cardholder Data, corporate financials, etc.) Blocking/alerting on these attempts can kill the incident. Logging the actions can assist in post-breach issues
  • #11 Infiltration: Propagation: External scanning/exploit attempts Password cracking, pass the hash, default passwords, create new accounts Social Engineering Emails Internal Exploitation of unpatched system Web Application Remote Access Attacks Moving into critical areas of network Attempts DoS Malware infection Aggregation: Exfiltration: Attempts to access sensitive data Command and control Consolidation of data Export stolen data out of the environment
  • #12 Evidence Infiltration: Propagation: IDS alerts System logs, domain logs, authentication sources Email system alerts, DNS information, malware alerts Alerts from local protective solutions (endpoint, anti-virus, internal IDS) Failed logins, web app logs, firewall logs Failed access attempts Notification from the attackers (hey, we are in your system) Aggregation: Exfiltration: Server logs, DLP alerts, database activity Firewall rejects, GeoIP alerts, malicious IP/domain alerts Connection logs including quantity of data moved Firewall rejects for outbound filtering, DLP in motion alerts
  • #14 IR Tabletop exercises allow for organizations to test their current IR plan and policies. Helps evaluate an existing IR plan, discover interoperability within an organization, and identify gaps and areas of improvement
  • #15 The best way to protect your organization and your data center is to plan ahead and prepare for what you may have to mitigate: The threats are real, and cyber crime is on the rise Think strategically how to plan your defensive posture Some of your policies may be out of date, review them and consider if they need to be revised The human factor is the weakest link. Always enforce cyber awareness with your people Regular security assessments help. Go beyond just a pen test. Something like Red Team / Blue Team can provide a lot of valuable information Use of the Cloud can provide better security, when you partner with the right organizations. Ensure they are secure Plan for a breach, for when it will occur. Test your IR plan
  • #16 [REQUIRED] This should be displayed at the end of every presentation to cover us from a legal standpoint. Contact information is optional.