Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to The Threat Is Real. Protect Yourself.
Similar to The Threat Is Real. Protect Yourself. (20)
More from Teri Radichel
More from Teri Radichel (16)
Recently uploaded
Recently uploaded (20)
The Threat Is Real. Protect Yourself.
- 1. The Threat is Real. Protect Yourself. Teri Radichel | @teriradichel Director, Security Strategy & Research
- 3. And this… How will you prevent your stolen data from impersonating you?
- 4. Estimated Cost of Target Breach
- 5. Understanding The Cyber Threat Landscape
- 6. Election Hacking and Social Media Influence • Voting machines hacked at Defcon in minutes • Multiple announcements of voter data records breached • Fake accounts and bots on social media • Fake news articles • Foreign entities purchasing advertising • Similar reports in other countries
- 7. So What Does That Have To Do With My Business?
- 8. 2017 Verizon Data Breach Investigations Report
- 9. Devices Infected With Malware Attack Other Devices and Networks
- 10. How Can Businesses Protect Themselves? •Understand common attack vectors •Implement mitigations •Monitor for anomalies •Have a recovery plan
- 11. Understand Security Breach Trends WatchGuard Quarterly Security Report
- 12. Where To Start…Risk Based Prioritization Start by addressing the security risk that is most likely to occur and could cause the most damage to your business.
- 13. Use Multi-Factor Authentication. Everywhere. 2017 Verizon Data Breach Investigations Report 81% of hacking-related breaches leveraged either stolen and/or weak passwords
- 14. Encryption is Not Preventing Breaches. Why? Attackers can easily find the key. Store encryption keys securely – not right next to the encrypted data! Don’t store all the data in ONE place with the SAME key.
- 15. The initial attack vectors and spread of ransomware can be stopped in many cases with standard security best practices. 41% Hit by Ransomware last 12 Months
- 16. Patch. Yes, It’s Hard. • Every application • Every software library • Every computer • Every printer • Every network device • Every IOT device • Every phone Consider using software repositories and automated monitoring for out of date software.
- 17. Q: Is it Easier to Patch or Block a Port? • WannaCry Port 445 (SMB) exposed to Internet . • Mirai Botnet Port 23 (Telnet). • NotPetya Port 445 and 139 on internal networks. A well-designed network can prevent many attacks before they reach the unpatched software.
- 18. Malware Must Traverse Your Network MONITOR: • Longest Sessions • Most Sessions • Most Data • Unexpected Countries • Strange TLDs • Unusual Packet Sizes • Automated Traffic Know your traffic and what doesn’t look right!
- 19. Cloud Attack Vectors Understand the cloud service security controls before storing sensitive data. Follow best practices for access controls such as AWS IAM top 10. Limit network and administrative access to what is required. Monitor network traffic with tools that help prevent and detect. Breaches result from: • Misconfiguration of access. • No segregation of duties. • Improper handling of keys. • Poorly designed networks. • Hybrid cloud (vs. cloud-only).
- 20. 50% of SMBs have been breached in the past 12 months The 2016 State of SMB Cybersecurity, Ponemon Institute Plan ahead. Back up data to an alternate location, with different access permissions and encryption key. Test regularly to make sure your backups are working.
Editor's Notes
- Why I got into security…the story of my own personal cyber-attack experience. Side note: I cannot help but wonder in the case of my breach if some insiders were not involved, or at least covering up their own lack of knowledge in the matter. Companies would be wise to beware of the insider threat, whether intentional or accidental: https://www.secplicity.org/2017/09/01/insider-threat-history-defense/
- Just a few of the top breaches in 2017. As one of my twitter followers pointed out – does this slide need an explanation?
- Our identity for everything we do online is often verified via the information that was stolen in the Equifax breach. Now what?
- https://www.infosecurity-magazine.com/news/target-breach-costs-could-total-1bn/ How many Target stores could we build for $1 billion dollars? I found one estimate that said a Target store costs $41 million dollars to build… How many people could be employed for $1 billion dollars? How many new projects or how much more marketing and advertising could Target do for $1 billion?
- The cyber-threat landscape extends past the borders of our country and involves more than just bank accounts. If you work in IT or security, it’s a good idea to become familiar with these groups, how they operate, and the potential damage security breaches can cause. Here’s some research I did into the possibility of cyber-attacks being involved in recent US Navy ship collisions: https://www.secplicity.org/2017/08/26/us-navy-ship-collisions-result-hacking/
- https://www.secplicity.org/2017/09/07/social-media-bots-influencing/ https://www.wired.com/story/voting-machine-hacks-defcon/ (June 20, 2017) http://money.cnn.com/2017/08/17/technology/business/chicago-voter-records-exposed-upguard/index.html (Aug 17, 2017)
- http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/
- When we leave our networks, computers, and devices unprotected, pretty soon we have a whole mess of computers that have been compromised and are talking to each other over the Internet and attacking other computers. A botnet is a group of computers infected with malware from a particular attacker will talk back to what is called a command and control or “C2” server. The infected computers controlled by the attacker are called ”zombies” or ”bots”. The attacker uses these servers to perform various illegal activities. So are all these computers the attackers computers? No. They are your computers and my computers, under the attacker’s control.
- Read security breach reports to determine what the top attack vectors are hitting companies or organizations like yours. https://www.watchguard.com/wgrd-resource-center/security-report
- This image comes from my paper and case study on the Target Breach: https://www.sans.org/reading-room/whitepapers/casestudies/case-study-critical-controls-prevented-target-breach-35412 The concept of risk based approach to security is explained further in the SANS Security Bootcamp: https://www.sans.org/course/security-essentials-bootcamp-style
- http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/ If multi-factor authentication is required, will be harder for attackers who have stolen passwords to use those stolen credentials.
- A recent article on ideas for protecting encryption keys: https://www.secplicity.org/2017/08/09/carbon-black-data-leaks-good-reminder-protect-keys/ I wrote about not protecting encryption keys being the equivalent of leaving your house for work, locking the door and leaving the keys hanging on the door in 2010. I did not read this anywhere and thought I came up with it independently, but have since heard other people use this analogy. Here’s my original post where I was pondering the issue with encryption keys: http://websitenotebook.blogspot.com/2010/10/securing-encryption-keys.html
- This prior ransomware statistic previously posted on the Barkly web site and referencing Osterman Research is probably much worse now. Barkly reports that 6 in 10 malware payloads were ransomware in 2017. https://blog.barkly.com/ransomware-statistics-2017
- WannaCry https://www.us-cert.gov/ncas/alerts/TA16-288A Mirai https://isc.sans.edu/forums/diary/What+is+happening+on+2323TCP/21563/ NotPetya https://securelist.com/schroedingers-petya/78870/ Auto-Block Suspicious Ports with WatchGuard Firewall https://www.secplicity.org/2017/08/11/using-firewall-policies-auto-block-rogue-hosts-external-networks/
- WatchGuard Dimension https://www.watchguard.com/wgrd-products/watchguard-dimension I found out I was had malware running on my web server by looking at network traffic. You can and should do the same.
- I’ll be speaking more about this at AWS re:Invent 2017 and possibly at other upcoming conferences. https://reinvent.awsevents.com/ If in Seattle you can also attend the Seattle AWS Architects & Engineers Meetup: https://www.meetup.com/Seattle-AWS-Architects-Engineers/
- Ponemon Institute 2016 State of SMB Cybersecurity https://signup.keepersecurity.com/state-of-smb-cybersecurity-report/
- For more information about the latest threats and how to protection your resources and your network follow me on twitter @teriradichel I also write blog posts on current threats and defenses at Secplicity.org. You can find my articles here on things like protecting cloud resources, configuring networks, and mitigating the latest threats here: https://www.secplicity.org/author/teriradichel/