SlideShare a Scribd company logo

Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security

Download as PPTX, PDF
Stephen Cobb
Stephen Cobb

I created "Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security" for the federal IT conference known as FOSE.

Government & NonprofitTechnologyEducation
1 of 36
Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security Stephen Cobb, CISSP Senior Security Researcher, ESET NA
Protecting federal data systems • Requires: – technical and human elements – properly synchronized
We have the technology • Anti-malware • Firewalls • 2-factor authentication • Encryption • Network monitoring • Filtering
And the technology is getting smarter • Cloud-based reputation, signatures, big data • But technology is undermined when your workforce is not trained to play defense
Waiting for technology alone to solve the data security problem? Dream on…
Techno-people • Not everyone needs to be technical, but: • We are all computer users • Data security is everyone’s responsibility • Everyone needs to understand the threats • And the defensive strategies
Today’s agenda • Scale of the problem • Nature of our adversaries • Information security’s 9 patterns • Patterns applied to federal agencies • How to improve the coordination of people and technology to address those patterns
April 2014 GAO report • Information Security – Federal Agencies Need to Enhance Responses to Data Breaches • (GAO-14-487T) • A lot of work still to be done, across numerous agencies – Improve security – Improve breach response
29,999 41,776 42,854 48,562 61,214 2009 2010 2011 2012 2013 The scale of the problem • Information security incidents reported to US-CERT by all agencies • Number of incidents up • More data to defend? • Improved reporting?
Exposure of PII is growing • More incidents involving Personally Identifiable Information (PII) • Why? – Thriving black market for PII • Impact – Seriously impacts individuals – Growing public displeasure – Heads may roll 10,481 13,028 15,584 22,156 25,566 2009 2010 2011 2012 2013
A federal PII breach example • July 2013, hackers get PII of 104,000+ people – From a DOE system • Social Security numbers, birth dates and locations, bank account numbers – Plus security questions and answers • DOE Inspector General: cost = $3.7 million – Assisting affected individuals and lost productivity
What happens to the stolen data? • Sold to criminal enterprises – For identity theft, raiding bank accounts, buying luxury goods, laundering money • Lucrative scams like tax identity fraud
The market for stolen data has matured
All driven by proven business strategies
An overwhelming problem? • Not if we analyze security incidents • 2014 Verizon Data Breach Investigation Report • 92% of incidents categorized into 9 patterns – True for 100,000 incidents over 10 year period – True for 95% of breaches in the last 3 years
The Big 9 • Point-of-sale intrusions • Web app attacks • Insider/privilege misuse • Physical theft and loss • Miscellaneous errors • Crimeware • Payment card skimmers • Denial of service • Cyber-espionage • Everything else
Industry sectors not affected equally 34% 24% 21% 19% 2% Miscellaneous Insider Misuse Crimeware Theft/Loss Everything Else Just 4 main patterns where victim industry = Public 2014 Verizon Data Breach Investigation Report
Let’s count down the top 4 • Miscellaneous • Insider and privilege misuse • Crimeware • Physical theft/loss • Everything else
Pattern #4: Physical theft and loss • Cause of 19% of public sector security incidents • It’s people! • Screen, educate, supervise • Reduce impact by using encryption 11 36 39 102 108 140 308 892 Database Tapes Other Flash drive Desktop Documents Laptop Other 2014 Verizon Data Breach Investigation Report
Pattern #3: Crimeware • Accounts for 21% • It’s people abusing technology • Can be solved with the right anti- malware strategy • Endpoint AND server scanning 1% 1% 1% 2% 2% 4% 5% 6% 38% 43% Removable media Unknown Remote injection Other Download by malware Email link Email attachment Network propogation Web download Web drive-by 2014 Verizon Data Breach Investigation Report
Pattern #2: Insider and privilege misuse • 24% of incidents • Again it’s people! • Can be fixed! – Education – Awareness – Screening 1% 6% 6% 7% 7% 9% 13% 13% 17% 23% Auditor System admin Developer Other Executive Call center Manager Finance End-user Cashier 2014 Verizon Data Breach Investigation Report
Pattern #1: Miscellaneous Errors • 34% of incidents • Human error! • Can be fixed! – Training – Awareness – Oversight 0.5% 1% 1% 1% 3% 3% 6% 20% 22% 44% Maintenance error Other Omission Gaffe Programming error Malfunction Misconfiguration Disposal error Publishing error Misdelivery 2014 Verizon Data Breach Investigation Report
Strategy for doing better • Technologies and people working together • If they don’t you get: Target – Malware was detected – Exfiltration detected – But nobody reacted – Training and awareness? – Clearly lacking
Security training and awareness • You need both, but what’s the difference? • Training – Ensure people at different levels of IT engagement have the knowledge they need • Awareness – Ensure all people at all levels know the threats and the defensive measures they must use
Who gets trained? • Everyone, but not in the same way: – All-hands training – IT staff training – Security staff training
How to deliver training • In person • Online • On paper • In house • Outside contractor • Mix and match • Be creative
Incentives? • They work! – Drive engagement – Encourage compliance • But need reinforcement – Security in job descriptions – Evaluations – Rewards
Use your internal organs • Of communication! • Newsletter • Internal social media • Physical posters • Add to meeting agendas • Email blasts
How to do awareness • Make it fun • Make it relevant • Leverage the news • Remember: – Everyone now has a vested interested in staying current on threats to their/your data
Awareness example: phish traps • Train on phishing • Send out a phishing message • Track responses • Report card and re- education – No naming & shaming
Awareness example: flash phish • Train on media scanning • Sprinkle USB/flash drives – Sample file/autorun • Track results – Inserted? Scanned? Reported? • Rewards or re-education – Again, avoid name+shame
Resources to tap • CompTIA • ISSA • SANS • (ISC)2 • Vendors • Websites
Thank you! • Stephen Cobb • Stephen.cobb@eset.com • We Live Security • www.welivesecurity.com • Webinars • www.brighttalk.com/channel/1718 • Booth Number 826

Recommended

How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber riskStephen Cobb
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityStephen Cobb
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarIntergen
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackMekhi Da ‘Quay Daniels
 
IT & Network Security Awareness
IT & Network Security AwarenessIT & Network Security Awareness
IT & Network Security AwarenessThe Network Support Company
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threatzhihaochen
 
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09Tammy Clark
 

Recommended

How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber riskStephen Cobb
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityStephen Cobb
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarIntergen
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackMekhi Da ‘Quay Daniels
 
IT & Network Security Awareness
IT & Network Security AwarenessIT & Network Security Awareness
IT & Network Security AwarenessThe Network Support Company
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threatzhihaochen
 
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09Tammy Clark
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider ThreatMurray Security Services
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider ThreatPECB
 
Cybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersCybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersSarah K Miller
 
The need for effective information security awareness practices.
The need for effective information security awareness practices.The need for effective information security awareness practices.
The need for effective information security awareness practices.CAS
 
Cyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCapri Insurance
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider ThreatsLancope, Inc.
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecuritycentralohioissa
 
Insider threats and countermeasures
Insider threats and countermeasuresInsider threats and countermeasures
Insider threats and countermeasuresKAMRAN KHALID
 
Mitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security AttacksMitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security AttacksTripwire
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingKimberly Hood
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)BPalmer13
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness Net at Work
 
Incident Response: How To Prepare
Incident Response: How To PrepareIncident Response: How To Prepare
Incident Response: How To PrepareResilient Systems
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessNicholas Davis
 
IT Security and Risk Mitigation
IT Security and Risk MitigationIT Security and Risk Mitigation
IT Security and Risk MitigationMukalele Rogers
 
Mayur Rele - How to become a Cyber Security Expert
Mayur Rele - How to become a Cyber Security ExpertMayur Rele - How to become a Cyber Security Expert
Mayur Rele - How to become a Cyber Security ExpertMayur Rele
 
Insider threats
Insider threatsInsider threats
Insider threatsizoologic
 
2015 Cyber Security
2015 Cyber Security2015 Cyber Security
2015 Cyber SecurityAllen Zhang
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Paul C. Van Slyke
 
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the BattlefieldPhil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefieldcentralohioissa
 
Global threat landscape
Global threat landscapeGlobal threat landscape
Global threat landscapeJynette Reed
 
A Career in Cybersecurity
A Career in CybersecurityA Career in Cybersecurity
A Career in Cybersecuritylfh663
 

More Related Content

What's hot

The Insider Threat
The Insider ThreatThe Insider Threat
The Insider ThreatPECB
 
Cybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersCybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersSarah K Miller
 
The need for effective information security awareness practices.
The need for effective information security awareness practices.The need for effective information security awareness practices.
The need for effective information security awareness practices.CAS
 
Cyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCapri Insurance
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider ThreatsLancope, Inc.
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecuritycentralohioissa
 
Insider threats and countermeasures
Insider threats and countermeasuresInsider threats and countermeasures
Insider threats and countermeasuresKAMRAN KHALID
 
Mitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security AttacksMitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security AttacksTripwire
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingKimberly Hood
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)BPalmer13
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness Net at Work
 
Incident Response: How To Prepare
Incident Response: How To PrepareIncident Response: How To Prepare
Incident Response: How To PrepareResilient Systems
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessNicholas Davis
 
IT Security and Risk Mitigation
IT Security and Risk MitigationIT Security and Risk Mitigation
IT Security and Risk MitigationMukalele Rogers
 
Mayur Rele - How to become a Cyber Security Expert
Mayur Rele - How to become a Cyber Security ExpertMayur Rele - How to become a Cyber Security Expert
Mayur Rele - How to become a Cyber Security ExpertMayur Rele
 
Insider threats
Insider threatsInsider threats
Insider threatsizoologic
 
2015 Cyber Security
2015 Cyber Security2015 Cyber Security
2015 Cyber SecurityAllen Zhang
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Paul C. Van Slyke
 
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the BattlefieldPhil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefieldcentralohioissa
 

What's hot (20)

The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
 
Cybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersCybersecurity for Emergency Managers
Cybersecurity for Emergency Managers
 
The need for effective information security awareness practices.
The need for effective information security awareness practices.The need for effective information security awareness practices.
The need for effective information security awareness practices.
 
Cyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutions
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider Threats
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
 
Insider threats and countermeasures
Insider threats and countermeasuresInsider threats and countermeasures
Insider threats and countermeasures
 
Mitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security AttacksMitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security Attacks
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and Training
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
 
Incident Response: How To Prepare
Incident Response: How To PrepareIncident Response: How To Prepare
Incident Response: How To Prepare
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your Business
 
IT Security and Risk Mitigation
IT Security and Risk MitigationIT Security and Risk Mitigation
IT Security and Risk Mitigation
 
Mayur Rele - How to become a Cyber Security Expert
Mayur Rele - How to become a Cyber Security ExpertMayur Rele - How to become a Cyber Security Expert
Mayur Rele - How to become a Cyber Security Expert
 
Insider threats
Insider threatsInsider threats
Insider threats
 
2015 Cyber Security
2015 Cyber Security2015 Cyber Security
2015 Cyber Security
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
 
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the BattlefieldPhil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefield
 

Viewers also liked

Global threat landscape
Global threat landscapeGlobal threat landscape
Global threat landscapeJynette Reed
 
A Career in Cybersecurity
A Career in CybersecurityA Career in Cybersecurity
A Career in Cybersecuritylfh663
 
The Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 editionThe Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 editionStephen Cobb
 
Malware is Called Malicious for a Reason: The Risks of Weaponizing Code
Malware is Called Malicious for a Reason: The Risks of Weaponizing CodeMalware is Called Malicious for a Reason: The Risks of Weaponizing Code
Malware is Called Malicious for a Reason: The Risks of Weaponizing CodeStephen Cobb
 
Cybercrime and the Hidden Perils of Patient Data
Cybercrime and the Hidden Perils of Patient DataCybercrime and the Hidden Perils of Patient Data
Cybercrime and the Hidden Perils of Patient DataStephen Cobb
 
HIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessHIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessStephen Cobb
 
The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?Stephen Cobb
 
Getting Started with Business Continuity
Getting Started with Business ContinuityGetting Started with Business Continuity
Getting Started with Business ContinuityStephen Cobb
 
Malware and the risks of weaponizing code
Malware and the risks of weaponizing codeMalware and the risks of weaponizing code
Malware and the risks of weaponizing codeStephen Cobb
 
Using Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityUsing Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityStephen Cobb
 
Enjoy Safer Technology and Defeat Cyber Criminals
Enjoy Safer Technology and Defeat Cyber CriminalsEnjoy Safer Technology and Defeat Cyber Criminals
Enjoy Safer Technology and Defeat Cyber CriminalsStephen Cobb
 
Cybersecurity for the non-technical
Cybersecurity for the non-technicalCybersecurity for the non-technical
Cybersecurity for the non-technicalStephen Cobb
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-securityStephen Cobb
 
NCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesNCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesStephen Cobb
 
Future of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistFuture of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistMatthew Rosenquist
 
Skills For Career In Security
Skills For Career In SecuritySkills For Career In Security
Skills For Career In SecurityPrasanna V
 
Cyber Security Career Advice
Cyber Security Career AdviceCyber Security Career Advice
Cyber Security Career AdviceDonald E. Hester
 
Navigating Your Career in Cyber Security - Steve Santini & Drew Fearson
Navigating Your Career in Cyber Security - Steve Santini & Drew FearsonNavigating Your Career in Cyber Security - Steve Santini & Drew Fearson
Navigating Your Career in Cyber Security - Steve Santini & Drew FearsonChristopher Clark
 
Operation Buhtrap - AVAR 2015
Operation Buhtrap - AVAR 2015Operation Buhtrap - AVAR 2015
Operation Buhtrap - AVAR 2015ESET
 

Viewers also liked (20)

Global threat landscape
Global threat landscapeGlobal threat landscape
Global threat landscape
 
A Career in Cybersecurity
A Career in CybersecurityA Career in Cybersecurity
A Career in Cybersecurity
 
The Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 editionThe Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 edition
 
Malware is Called Malicious for a Reason: The Risks of Weaponizing Code
Malware is Called Malicious for a Reason: The Risks of Weaponizing CodeMalware is Called Malicious for a Reason: The Risks of Weaponizing Code
Malware is Called Malicious for a Reason: The Risks of Weaponizing Code
 
Cybercrime and the Hidden Perils of Patient Data
Cybercrime and the Hidden Perils of Patient DataCybercrime and the Hidden Perils of Patient Data
Cybercrime and the Hidden Perils of Patient Data
 
HIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessHIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good Business
 
Cyber security
Cyber securityCyber security
Cyber security
 
The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?
 
Getting Started with Business Continuity
Getting Started with Business ContinuityGetting Started with Business Continuity
Getting Started with Business Continuity
 
Malware and the risks of weaponizing code
Malware and the risks of weaponizing codeMalware and the risks of weaponizing code
Malware and the risks of weaponizing code
 
Using Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityUsing Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber Security
 
Enjoy Safer Technology and Defeat Cyber Criminals
Enjoy Safer Technology and Defeat Cyber CriminalsEnjoy Safer Technology and Defeat Cyber Criminals
Enjoy Safer Technology and Defeat Cyber Criminals
 
Cybersecurity for the non-technical
Cybersecurity for the non-technicalCybersecurity for the non-technical
Cybersecurity for the non-technical
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security
 
NCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesNCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and Resources
 
Future of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistFuture of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.Rosenquist
 
Skills For Career In Security
Skills For Career In SecuritySkills For Career In Security
Skills For Career In Security
 
Cyber Security Career Advice
Cyber Security Career AdviceCyber Security Career Advice
Cyber Security Career Advice
 
Navigating Your Career in Cyber Security - Steve Santini & Drew Fearson
Navigating Your Career in Cyber Security - Steve Santini & Drew FearsonNavigating Your Career in Cyber Security - Steve Santini & Drew Fearson
Navigating Your Career in Cyber Security - Steve Santini & Drew Fearson
 
Operation Buhtrap - AVAR 2015
Operation Buhtrap - AVAR 2015Operation Buhtrap - AVAR 2015
Operation Buhtrap - AVAR 2015
 

Similar to Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security

Risk Factory Information Security Coordination Challenges & Best Practice
Risk Factory Information Security Coordination Challenges & Best PracticeRisk Factory Information Security Coordination Challenges & Best Practice
Risk Factory Information Security Coordination Challenges & Best PracticeRisk Crew
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Cyber Attacks aren't going away - including Cyber Security in your risk strategy
Cyber Attacks aren't going away - including Cyber Security in your risk strategyCyber Attacks aren't going away - including Cyber Security in your risk strategy
Cyber Attacks aren't going away - including Cyber Security in your risk strategyJames Mulhern
 
The Evolution of Cybercrime
The Evolution of CybercrimeThe Evolution of Cybercrime
The Evolution of CybercrimeStephen Cobb
 
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Joe Bartolo
 
Trending it security threats in the public sector
Trending it security threats in the public sectorTrending it security threats in the public sector
Trending it security threats in the public sectorCore Security
 
Building a Mobile Security Model
Building a Mobile Security Model Building a Mobile Security Model
Building a Mobile Security Model tmbainjr131
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk GovernanceDan Michaluk
 
Data Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify ItData Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify ItMarc Crudgington, MBA
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
KnowBe4-Presentation-Overview.pdf
KnowBe4-Presentation-Overview.pdfKnowBe4-Presentation-Overview.pdf
KnowBe4-Presentation-Overview.pdfahmad661583
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective amarukanda
 
Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and HealthcareJonathon Coulter
 
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptxC4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptxbakhtinasiriav
 
Kaseya Kaspersky Breaches
Kaseya Kaspersky BreachesKaseya Kaspersky Breaches
Kaseya Kaspersky BreachesKaseya
 
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at RiskClearDATACloud
 

Similar to Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security (20)

Risk Factory Information Security Coordination Challenges & Best Practice
Risk Factory Information Security Coordination Challenges & Best PracticeRisk Factory Information Security Coordination Challenges & Best Practice
Risk Factory Information Security Coordination Challenges & Best Practice
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
Top 12 Threats to Enterprise
Top 12 Threats to EnterpriseTop 12 Threats to Enterprise
Top 12 Threats to Enterprise
 
Cyber Attacks aren't going away - including Cyber Security in your risk strategy
Cyber Attacks aren't going away - including Cyber Security in your risk strategyCyber Attacks aren't going away - including Cyber Security in your risk strategy
Cyber Attacks aren't going away - including Cyber Security in your risk strategy
 
The Evolution of Cybercrime
The Evolution of CybercrimeThe Evolution of Cybercrime
The Evolution of Cybercrime
 
13734729.ppt
13734729.ppt13734729.ppt
13734729.ppt
 
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
 
Trending it security threats in the public sector
Trending it security threats in the public sectorTrending it security threats in the public sector
Trending it security threats in the public sector
 
Building a Mobile Security Model
Building a Mobile Security Model Building a Mobile Security Model
Building a Mobile Security Model
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk Governance
 
Data Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify ItData Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify It
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
 
KnowBe4-Presentation-Overview.pdf
KnowBe4-Presentation-Overview.pdfKnowBe4-Presentation-Overview.pdf
KnowBe4-Presentation-Overview.pdf
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
 
Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and Healthcare
 
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptxC4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
 
Kaseya Kaspersky Breaches
Kaseya Kaspersky BreachesKaseya Kaspersky Breaches
Kaseya Kaspersky Breaches
 
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
 
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon MurphyNTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
 

More from Stephen Cobb

Cybercrime-as-health-crisis-shared.pptx
Cybercrime-as-health-crisis-shared.pptxCybercrime-as-health-crisis-shared.pptx
Cybercrime-as-health-crisis-shared.pptxStephen Cobb
 
Cybersecurity Risk Perception and Communication
Cybersecurity Risk Perception and CommunicationCybersecurity Risk Perception and Communication
Cybersecurity Risk Perception and CommunicationStephen Cobb
 
What Makes a Good CISO
What Makes a Good CISOWhat Makes a Good CISO
What Makes a Good CISOStephen Cobb
 
Sizing the Cyber Skills Gap
Sizing the Cyber Skills GapSizing the Cyber Skills Gap
Sizing the Cyber Skills GapStephen Cobb
 
Security and Wearables: Success starts with security
Security and Wearables: Success starts with securitySecurity and Wearables: Success starts with security
Security and Wearables: Success starts with securityStephen Cobb
 
Safer Technology Through Threat Awareness and Response
Safer Technology Through Threat Awareness and ResponseSafer Technology Through Threat Awareness and Response
Safer Technology Through Threat Awareness and ResponseStephen Cobb
 
Endpoint and Server: The belt and braces anti-malware strategy
Endpoint and Server: The belt and braces anti-malware strategyEndpoint and Server: The belt and braces anti-malware strategy
Endpoint and Server: The belt and braces anti-malware strategyStephen Cobb
 
Cyberskills shortage: Where is the cyber workforce of tomorrow
Cyberskills shortage: Where is the cyber workforce of tomorrowCyberskills shortage: Where is the cyber workforce of tomorrow
Cyberskills shortage: Where is the cyber workforce of tomorrowStephen Cobb
 

More from Stephen Cobb (8)

Cybercrime-as-health-crisis-shared.pptx
Cybercrime-as-health-crisis-shared.pptxCybercrime-as-health-crisis-shared.pptx
Cybercrime-as-health-crisis-shared.pptx
 
Cybersecurity Risk Perception and Communication
Cybersecurity Risk Perception and CommunicationCybersecurity Risk Perception and Communication
Cybersecurity Risk Perception and Communication
 
What Makes a Good CISO
What Makes a Good CISOWhat Makes a Good CISO
What Makes a Good CISO
 
Sizing the Cyber Skills Gap
Sizing the Cyber Skills GapSizing the Cyber Skills Gap
Sizing the Cyber Skills Gap
 
Security and Wearables: Success starts with security
Security and Wearables: Success starts with securitySecurity and Wearables: Success starts with security
Security and Wearables: Success starts with security
 
Safer Technology Through Threat Awareness and Response
Safer Technology Through Threat Awareness and ResponseSafer Technology Through Threat Awareness and Response
Safer Technology Through Threat Awareness and Response
 
Endpoint and Server: The belt and braces anti-malware strategy
Endpoint and Server: The belt and braces anti-malware strategyEndpoint and Server: The belt and braces anti-malware strategy
Endpoint and Server: The belt and braces anti-malware strategy
 
Cyberskills shortage: Where is the cyber workforce of tomorrow
Cyberskills shortage: Where is the cyber workforce of tomorrowCyberskills shortage: Where is the cyber workforce of tomorrow
Cyberskills shortage: Where is the cyber workforce of tomorrow
 

Recently uploaded

Panet vs.Plastics - Earth Day 2024 - 22 APRIL
Panet vs.Plastics - Earth Day 2024 - 22 APRILPanet vs.Plastics - Earth Day 2024 - 22 APRIL
Panet vs.Plastics - Earth Day 2024 - 22 APRILChristina Parmionova
 
Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...
Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...
Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...narwatsonia7
 
“Exploring the world: One page turn at a time.” World Book and Copyright Day ...
“Exploring the world: One page turn at a time.” World Book and Copyright Day ...“Exploring the world: One page turn at a time.” World Book and Copyright Day ...
“Exploring the world: One page turn at a time.” World Book and Copyright Day ...Christina Parmionova
 
Monastic-Supremacy-in-the-Philippines-_20240328_092725_0000.pdf
Monastic-Supremacy-in-the-Philippines-_20240328_092725_0000.pdfMonastic-Supremacy-in-the-Philippines-_20240328_092725_0000.pdf
Monastic-Supremacy-in-the-Philippines-_20240328_092725_0000.pdfCharlynTorres1
 
Call Girls Bangalore Saanvi 7001305949 Independent Escort Service Bangalore
Call Girls Bangalore Saanvi 7001305949 Independent Escort Service BangaloreCall Girls Bangalore Saanvi 7001305949 Independent Escort Service Bangalore
Call Girls Bangalore Saanvi 7001305949 Independent Escort Service Bangalorenarwatsonia7
 
call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️saminamagar
 
Powering Britain: Can we decarbonise electricity without disadvantaging poore...
Powering Britain: Can we decarbonise electricity without disadvantaging poore...Powering Britain: Can we decarbonise electricity without disadvantaging poore...
Powering Britain: Can we decarbonise electricity without disadvantaging poore...ResolutionFoundation
 
2024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 272024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 27JSchaus & Associates
 
Call Girls Service AECS Layout Just Call 7001305949 Enjoy College Girls Service
Call Girls Service AECS Layout Just Call 7001305949 Enjoy College Girls ServiceCall Girls Service AECS Layout Just Call 7001305949 Enjoy College Girls Service
Call Girls Service AECS Layout Just Call 7001305949 Enjoy College Girls Servicenarwatsonia7
 
Disciplines-and-Ideas-in-the-Applied-Social-Sciences-DLP-.pdf
Disciplines-and-Ideas-in-the-Applied-Social-Sciences-DLP-.pdfDisciplines-and-Ideas-in-the-Applied-Social-Sciences-DLP-.pdf
Disciplines-and-Ideas-in-the-Applied-Social-Sciences-DLP-.pdfDeLeon9
 
WORLD CREATIVITY AND INNOVATION DAY 2024.
WORLD CREATIVITY AND INNOVATION DAY 2024.WORLD CREATIVITY AND INNOVATION DAY 2024.
WORLD CREATIVITY AND INNOVATION DAY 2024.Christina Parmionova
 
call girls in DLF Phase 1 gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝...
call girls in DLF Phase 1 gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝...call girls in DLF Phase 1 gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝...
call girls in DLF Phase 1 gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝...saminamagar
 
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...narwatsonia7
 
How to design healthy team dynamics to deliver successful digital projects.pptx
How to design healthy team dynamics to deliver successful digital projects.pptxHow to design healthy team dynamics to deliver successful digital projects.pptx
How to design healthy team dynamics to deliver successful digital projects.pptxTechSoupConnectLondo
 
Call Girls Near Surya International Hotel New Delhi 9873777170
Call Girls Near Surya International Hotel New Delhi 9873777170Call Girls Near Surya International Hotel New Delhi 9873777170
Call Girls Near Surya International Hotel New Delhi 9873777170Sonam Pathan
 
Action Toolkit - Earth Day 2024 - April 22nd.
Action Toolkit - Earth Day 2024 - April 22nd.Action Toolkit - Earth Day 2024 - April 22nd.
Action Toolkit - Earth Day 2024 - April 22nd.Christina Parmionova
 
productionpost-productiondiary-240320114322-5004daf6.pptx
productionpost-productiondiary-240320114322-5004daf6.pptxproductionpost-productiondiary-240320114322-5004daf6.pptx
productionpost-productiondiary-240320114322-5004daf6.pptxHenryBriggs2
 
2024: The FAR, Federal Acquisition Regulations - Part 26
2024: The FAR, Federal Acquisition Regulations - Part 262024: The FAR, Federal Acquisition Regulations - Part 26
2024: The FAR, Federal Acquisition Regulations - Part 26JSchaus & Associates
 
(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证mbetknu
 

Recently uploaded (20)

Panet vs.Plastics - Earth Day 2024 - 22 APRIL
Panet vs.Plastics - Earth Day 2024 - 22 APRILPanet vs.Plastics - Earth Day 2024 - 22 APRIL
Panet vs.Plastics - Earth Day 2024 - 22 APRIL
 
Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...
Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...
Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...
 
“Exploring the world: One page turn at a time.” World Book and Copyright Day ...
“Exploring the world: One page turn at a time.” World Book and Copyright Day ...“Exploring the world: One page turn at a time.” World Book and Copyright Day ...
“Exploring the world: One page turn at a time.” World Book and Copyright Day ...
 
Monastic-Supremacy-in-the-Philippines-_20240328_092725_0000.pdf
Monastic-Supremacy-in-the-Philippines-_20240328_092725_0000.pdfMonastic-Supremacy-in-the-Philippines-_20240328_092725_0000.pdf
Monastic-Supremacy-in-the-Philippines-_20240328_092725_0000.pdf
 
Call Girls Bangalore Saanvi 7001305949 Independent Escort Service Bangalore
Call Girls Bangalore Saanvi 7001305949 Independent Escort Service BangaloreCall Girls Bangalore Saanvi 7001305949 Independent Escort Service Bangalore
Call Girls Bangalore Saanvi 7001305949 Independent Escort Service Bangalore
 
call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
 
Powering Britain: Can we decarbonise electricity without disadvantaging poore...
Powering Britain: Can we decarbonise electricity without disadvantaging poore...Powering Britain: Can we decarbonise electricity without disadvantaging poore...
Powering Britain: Can we decarbonise electricity without disadvantaging poore...
 
2024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 272024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 27
 
Call Girls Service AECS Layout Just Call 7001305949 Enjoy College Girls Service
Call Girls Service AECS Layout Just Call 7001305949 Enjoy College Girls ServiceCall Girls Service AECS Layout Just Call 7001305949 Enjoy College Girls Service
Call Girls Service AECS Layout Just Call 7001305949 Enjoy College Girls Service
 
Disciplines-and-Ideas-in-the-Applied-Social-Sciences-DLP-.pdf
Disciplines-and-Ideas-in-the-Applied-Social-Sciences-DLP-.pdfDisciplines-and-Ideas-in-the-Applied-Social-Sciences-DLP-.pdf
Disciplines-and-Ideas-in-the-Applied-Social-Sciences-DLP-.pdf
 
WORLD CREATIVITY AND INNOVATION DAY 2024.
WORLD CREATIVITY AND INNOVATION DAY 2024.WORLD CREATIVITY AND INNOVATION DAY 2024.
WORLD CREATIVITY AND INNOVATION DAY 2024.
 
call girls in DLF Phase 1 gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝...
call girls in DLF Phase 1 gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝...call girls in DLF Phase 1 gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝...
call girls in DLF Phase 1 gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝...
 
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...
 
How to design healthy team dynamics to deliver successful digital projects.pptx
How to design healthy team dynamics to deliver successful digital projects.pptxHow to design healthy team dynamics to deliver successful digital projects.pptx
How to design healthy team dynamics to deliver successful digital projects.pptx
 
Call Girls Near Surya International Hotel New Delhi 9873777170
Call Girls Near Surya International Hotel New Delhi 9873777170Call Girls Near Surya International Hotel New Delhi 9873777170
Call Girls Near Surya International Hotel New Delhi 9873777170
 
Hot Sexy call girls in Palam Vihar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Palam Vihar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Palam Vihar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Palam Vihar🔝 9953056974 🔝 escort Service
 
Action Toolkit - Earth Day 2024 - April 22nd.
Action Toolkit - Earth Day 2024 - April 22nd.Action Toolkit - Earth Day 2024 - April 22nd.
Action Toolkit - Earth Day 2024 - April 22nd.
 
productionpost-productiondiary-240320114322-5004daf6.pptx
productionpost-productiondiary-240320114322-5004daf6.pptxproductionpost-productiondiary-240320114322-5004daf6.pptx
productionpost-productiondiary-240320114322-5004daf6.pptx
 
2024: The FAR, Federal Acquisition Regulations - Part 26
2024: The FAR, Federal Acquisition Regulations - Part 262024: The FAR, Federal Acquisition Regulations - Part 26
2024: The FAR, Federal Acquisition Regulations - Part 26
 
(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证
 

Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security

  • 1. Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security Stephen Cobb, CISSP Senior Security Researcher, ESET NA
  • 2. Protecting federal data systems • Requires: – technical and human elements – properly synchronized
  • 3. We have the technology • Anti-malware • Firewalls • 2-factor authentication • Encryption • Network monitoring • Filtering
  • 4. And the technology is getting smarter • Cloud-based reputation, signatures, big data • But technology is undermined when your workforce is not trained to play defense
  • 5. Waiting for technology alone to solve the data security problem? Dream on…
  • 6. Techno-people • Not everyone needs to be technical, but: • We are all computer users • Data security is everyone’s responsibility • Everyone needs to understand the threats • And the defensive strategies
  • 7. Today’s agenda • Scale of the problem • Nature of our adversaries • Information security’s 9 patterns • Patterns applied to federal agencies • How to improve the coordination of people and technology to address those patterns
  • 8. April 2014 GAO report • Information Security – Federal Agencies Need to Enhance Responses to Data Breaches • (GAO-14-487T) • A lot of work still to be done, across numerous agencies – Improve security – Improve breach response
  • 9. 29,999 41,776 42,854 48,562 61,214 2009 2010 2011 2012 2013 The scale of the problem • Information security incidents reported to US-CERT by all agencies • Number of incidents up • More data to defend? • Improved reporting?
  • 10. Exposure of PII is growing • More incidents involving Personally Identifiable Information (PII) • Why? – Thriving black market for PII • Impact – Seriously impacts individuals – Growing public displeasure – Heads may roll 10,481 13,028 15,584 22,156 25,566 2009 2010 2011 2012 2013
  • 11. A federal PII breach example • July 2013, hackers get PII of 104,000+ people – From a DOE system • Social Security numbers, birth dates and locations, bank account numbers – Plus security questions and answers • DOE Inspector General: cost = $3.7 million – Assisting affected individuals and lost productivity
  • 12. What happens to the stolen data? • Sold to criminal enterprises – For identity theft, raiding bank accounts, buying luxury goods, laundering money • Lucrative scams like tax identity fraud
  • 13. The market for stolen data has matured
  • 14.
  • 15.
  • 16. All driven by proven business strategies
  • 17. An overwhelming problem? • Not if we analyze security incidents • 2014 Verizon Data Breach Investigation Report • 92% of incidents categorized into 9 patterns – True for 100,000 incidents over 10 year period – True for 95% of breaches in the last 3 years
  • 18. The Big 9 • Point-of-sale intrusions • Web app attacks • Insider/privilege misuse • Physical theft and loss • Miscellaneous errors • Crimeware • Payment card skimmers • Denial of service • Cyber-espionage • Everything else
  • 19. Industry sectors not affected equally 34% 24% 21% 19% 2% Miscellaneous Insider Misuse Crimeware Theft/Loss Everything Else Just 4 main patterns where victim industry = Public 2014 Verizon Data Breach Investigation Report
  • 20. Let’s count down the top 4 • Miscellaneous • Insider and privilege misuse • Crimeware • Physical theft/loss • Everything else
  • 21. Pattern #4: Physical theft and loss • Cause of 19% of public sector security incidents • It’s people! • Screen, educate, supervise • Reduce impact by using encryption 11 36 39 102 108 140 308 892 Database Tapes Other Flash drive Desktop Documents Laptop Other 2014 Verizon Data Breach Investigation Report
  • 22. Pattern #3: Crimeware • Accounts for 21% • It’s people abusing technology • Can be solved with the right anti- malware strategy • Endpoint AND server scanning 1% 1% 1% 2% 2% 4% 5% 6% 38% 43% Removable media Unknown Remote injection Other Download by malware Email link Email attachment Network propogation Web download Web drive-by 2014 Verizon Data Breach Investigation Report
  • 23. Pattern #2: Insider and privilege misuse • 24% of incidents • Again it’s people! • Can be fixed! – Education – Awareness – Screening 1% 6% 6% 7% 7% 9% 13% 13% 17% 23% Auditor System admin Developer Other Executive Call center Manager Finance End-user Cashier 2014 Verizon Data Breach Investigation Report
  • 24. Pattern #1: Miscellaneous Errors • 34% of incidents • Human error! • Can be fixed! – Training – Awareness – Oversight 0.5% 1% 1% 1% 3% 3% 6% 20% 22% 44% Maintenance error Other Omission Gaffe Programming error Malfunction Misconfiguration Disposal error Publishing error Misdelivery 2014 Verizon Data Breach Investigation Report
  • 25. Strategy for doing better • Technologies and people working together • If they don’t you get: Target – Malware was detected – Exfiltration detected – But nobody reacted – Training and awareness? – Clearly lacking
  • 26. Security training and awareness • You need both, but what’s the difference? • Training – Ensure people at different levels of IT engagement have the knowledge they need • Awareness – Ensure all people at all levels know the threats and the defensive measures they must use
  • 27. Who gets trained? • Everyone, but not in the same way: – All-hands training – IT staff training – Security staff training
  • 28. How to deliver training • In person • Online • On paper • In house • Outside contractor • Mix and match • Be creative
  • 29. Incentives? • They work! – Drive engagement – Encourage compliance • But need reinforcement – Security in job descriptions – Evaluations – Rewards
  • 30. Use your internal organs • Of communication! • Newsletter • Internal social media • Physical posters • Add to meeting agendas • Email blasts
  • 31. How to do awareness • Make it fun • Make it relevant • Leverage the news • Remember: – Everyone now has a vested interested in staying current on threats to their/your data
  • 32. Awareness example: phish traps • Train on phishing • Send out a phishing message • Track responses • Report card and re- education – No naming & shaming
  • 33. Awareness example: flash phish • Train on media scanning • Sprinkle USB/flash drives – Sample file/autorun • Track results – Inserted? Scanned? Reported? • Rewards or re-education – Again, avoid name+shame
  • 34. Resources to tap • CompTIA • ISSA • SANS • (ISC)2 • Vendors • Websites
  • 35.
  • 36. Thank you! • Stephen Cobb • Stephen.cobb@eset.com • We Live Security • www.welivesecurity.com • Webinars • www.brighttalk.com/channel/1718 • Booth Number 826