Kristin Judge Executive Director Trusted Purchasing Alliance Center for Internet Security

Transcription

1 National Council of County Association Executives Kristin Judge Executive Director Trusted Purchasing Alliance Center for Internet Security William F. Pelgrin CIS President & CEO Chair

2 Center for Internet Security CIS Security Benchmarks Trusted Purchasing Alliance

3 We Are All Digitally Connected!

4

5 Cyber Security Challenges Hacktivism Mobile Devices Social Networking Insider Threats & Human Error Phishing Old infrastructure

6 Hacktivism

7 Hacktivism Attacking corporations, governments, organizations and individuals to make a point Sophos 2012 Hacktivist groups have attacked: Private corporations Federal Government City.gov sites Law enforcement groups

8 Mobile Devices

9 Mobile Device Deployment Will Continue to Increase Smart phones will surpass computers as web users' preferred vehicle for surfing the Internet

10 Smartphones -- Blackberries Security Risks -- Too Many Individuals Still don t use encryption, passwords, time-out settings or any other security protection store their sensitive corporate information on smartphones lose one of these devices at some point

11 Leaving your laptop or PDA unattended can lead to big problems More than 10,000 laptops are reported lost every week at 36 of the largest U.S. airports, and 65 percent of those laptops are not reclaimed. Ponemon Institute

12 Social Networks

13 30,000 new malicious URLs every day approximatel y one every three seconds Sophos Security Threat Report 2012 Threats 95% of comments to blogs, chat rooms and message boards are spam or contain malicious links. Websense

14 Danger In TinyURL Links...

15 Risk is growing Cyber attacks on social networks are up 70% Sophos, 2010 Just 19% of government agencies ban social media sites at work, down from 55% in 2010 Sophos, 2012

16 Insider Threat and Human Error

17 Insider Threats are Real Can be intentional or accidental WikiLeaks Hundreds of thousands of confidential documents leaked by military employee Inadvertent posting of the Social Security numbers and birth dates of 22,000 government retirees on a state procurement website Disgruntled city employee tampers with city network to deny access to top administrators

18 Human Error example bad passwords! tomshardware.com

19 Phishing

20 Phishing scams entice recipients into clicking on a link or attachment which is malicious. WELL WRITTEN APPEARS CREDIBLE ENTICING OR SHOCKING SUBJECT APPARENT TRUSTED SOURCE

21 Old Infrastructure

22 Old hardware and software that is beyond the end of its support life No longer supported by the vendors Using them after end of life places your organization at great risk since any security vulnerability will NOT be fixed, making it easy for hackers to launch a successful cyber attack

23 How Can You Be More Secure? Create and follow organizational information security policies Use strong passwords (minimum 8 characters and include upper and lower case, numbers and special characters) Don t click on links in s Don t open attachments from unknown sources Protect your mobile devices

24 The is here to help!

25 AK American Samoa HI A Trusted Model for Collaboration and Cooperation across All States, Local Governments and Several U.S. Territories Built on over 8 years of Centralized Outreach, Awareness and Bidirectional Information Sharing.

26 Security Operations Center 24x7x365 Operations Monitoring Situational Awareness Incident Response Advisory & Analysis Services

27 Multi-State Information Sharing and Analysis Center Products and Services 24/7 Cyber Security Analysis Center Cyber Security Alerts and Advisories Public and Secure Websites Participation in cyber exercises National Webcast Initiative National Cyber Security Awareness Month Monthly Conference Calls; Annual Meeting Ensuring collaboration with all necessary parties Common cyber alert level map

28 Public Website

29 Advisories & Daily Tips

30 The distributes the newsletters in a template form so they can be rebranded and distributed broadly throughout states and local governments Monthly Newsletters

31

32 Cyber Security Guides

33 Cyber Security Awareness Toolkit

34 Multi-State Information Sharing and Analysis Center We re Here To Help!! Kristin Judge Cyber Security is our Shared Responsibility