Always Worry About Cyber Security. Always. Track 4 Session 8

Transcription

1 Always Worry About Cyber Security. Always. Track 4 Session 8

2 Mark Stevens SVP, Global Services and Support Digital Guardian

3 Abstract If you don't think information security is a concern for the Supply Chain, you are at the wrong conference. Think about the customer, payment, product, costing and employee data that resides on your network. Then think about what 8 hours of inactivity would cost your facility, This preparedness session will help you measure your current level of vulnerability, help you establish a structured security program and develop an incident response plan in the event... 3

4 Agenda Threats to the Supply Chain & Intellectual Property Costs of Attacks/Data Breaches Direct & Indirect Damages of a Data Breach Supply Chain Security Incidents Case Studies Key Takeaways Conference Cloud Questions 4

5 Threats to Intellectual Property Intellectual Property (IP) is the Most Valuable and Most Targeted Data in the Supply Chain - Who wants your IP? Competitors (Industrial Espionage) Foreign Governments (Economic Espionage) Politically-Motivated Threat Actors (Hacktivists) Disgruntled Current/Former Employees Cybercriminals Accidents/User Error by Employees/Partners 5

6 Attacks are Costly COMPROMISE TO DISCOVERY 12% 4% Years 9% Hours Months 11% Days DISCOVERY TO CONTAINMENT 2% 64% Weeks 23% Months Minutes 19% Hours 14% Weeks 42% Days $8,769 / Incident $3,840,988 / Year 1.2 incidents / Day 6

7 Direct & Indirect Damages DOWNTIME BRAND IMPACT DATA LOSS PRICELESS Downtime Brand Impact Data Loss Priceless DATA LEAKAGE DATA LEAKAGE 7

8 Supply Chain Incidents: Example 1 Malicious Insiders - NOT always employees Business partners, vendors, customers, and contractors 8

9 Supply Chain Incidents: Example 2 External Attackers Targeting Innocent Users in the Supply Chain to Gain Access to Key Customers. - Contractors, Service Works, Third Party Suppliers, etc. 9

10 Supply Chain Incidents: Example 3 Intellectual Property Theft Resulting from a Breach in the Supply Chain - Most commonly nation-state sponsored campaigns - Targets third-party contractors, suppliers and service providers 10

11 Case Studies Real World Examples Enabling IP & Supply Chain Protection, While Driving Business 11

12 Case Studies Agenda Secure Outsourcing & Third Party Collaboration IP Theft & Secure Collaboration Proactive IP Protection & Knowledge Sharing Protecting Customer s IP Utilizing Data Protection in a Global Environment Protecting IP Throughout the Supply Chain 12

13 Secure Outsourcing & Third Party Collaboration Global Electronics Manufacturer Foreign Nationals Denied Access per ITAR regulations Export Control Business Need: - ITAR/EAR Regulations - Outsource chip manufacturing to China - Partner with Foreign Nationals while complying with ITAR Regulations CAD Drawing Use Case Description: - People: U.S Nationals and Foreign Nationals - Data: ITAR/EAR documents - Usage: Allow full access to US Nationals, but only access to non-national security data for Foreign Nationals 13

14 Secure Outsourcing & Third Party Collaboration Foreign Nationals Denied Access per ITAR regulations The Solution: - Monitor access to export controlled data (ITAR) Export Control - Block access to export controlled data while allowing free exchange of unregulated data. CAD Drawing The Results: - Compliance with ITAR regulations - Eliminates the need for physical segmentation and duplicate infrastructures - Discovery of export controlled information enterprise wide - Broad platform support including Linux and Cadence Software compatibility. 14

15 IP Protection & Secure Collaboration Global Chemical Manufacturer Business Need: - IP Protection (Following a $400 Million Breach) - Make IP freely available to foster innovation - Prevent IP from being accidentally or purposely shared with unauthorized users Use Case Description: - People: Employees; Researchers; Scientists - Data: Intellectual Property - Usage: Enable researchers to freely access vast quantities of research data to drive new innovation while ensuring that this intellectual property is always under the company s control. 15

16 IP Protection & Secure Collaboration The Solution: - Restrict access to machines that you can monitor and regulate with a Data Protection Agent - Encrypt files as they are checked out of the document management system (Documentum) - Control the flow of files that have been classified as highly sensitive to ensure that they are not distributed to unauthorized users The Results: - Enhance competitiveness by providing ready access to vast quantities of research data - Reduce risk of data loss - Provides additional control of data as it gets checked out of the document management system 16

17 Proactive IP Protection & Knowledge Sharing Global Manufacturing Conglomerate Business Need: - Protect sensitive IP and trade secrets valued at over $30 billion dollars - Improving data sharing by knowledge workers across 5 continents Use Case Scenario: - Data: R&D plans, designs and test results in - CAD, 3-D Design, Custom Applications - Users: Scientists, Engineers, Technicians, - Researchers, IT administrators, Executives 17

18 Proactive IP Protection & Knowledge Sharing The Solution: - Prompt User to Justify and Record Classified files copied to USB devices, CD/DVD Classified files printed in hard copy or to PDF Classified files attached to SMTP/Outlook - Block, Record Files to Webmail, DropBox Black-list applications Social media, Facebook 18

19 Safeguarding Customer IP F100 Global Manufacturer Business Need: - Grow the business by ensuring prospective customers their IP was safe at Jabil. Use Case Scenario: - Security review revealed Jabil had 52,000 workstations that were secured, but not at levels appropriate given the risks - Needed to identify and locate intellectual property, but IP could be anything defined by the customer - At risk of financial penalties if customer NDAs were violated in a security incident - Believed that security could be a competitive advantage, but didn t have headcount to accelerate security maturity 19

20 Safeguarding Customer IP The Solution: - Successful four-week test deployment of 3,000 endpoint agents in a development environment - Deployed 49,000 agents to monitor machines worldwide in less than 90 days from initial engagement - Application conflicts were resolved quickly using incident response procedures The Results: - Within 30 days of full deployment, Jabil s security team gained visibility into data access & usage across business units - Sped implementation cycles, time to value to less than 4 months - Dramatic increase in efficiency of data classification - Developed foundation for mature security model as competitive advantage 20

21 Utilizing Data Protection in Global Environment Global Plant Engineering Group Business Need: - Implement a global data protection program across all five business units - Protect all intellectual property that was shared for collaboration and across supply chains - Control risk operations of users on every workstation worldwide The Solution: - Increasing user awareness (prompts) - Improving data protection on laptop computers and mobile devices (encryption) - Detecting data leakage (reports and investigation) 21

22 Utilizing Data Protection in Global Environment Recommended Controls: Coverage of all workstations with agents (server agents on demand) Implementation of a set of standard reports per country: - Management Dashboards - Copy & burn activities - s, Prints, Uploads - Individual reports (e.g. for classified files; alerts; forensic) Definition of basic classification per country using: - File types, file locations, applications Implementation of individual policies per country: - Prevent SAP Exports from being copied to local machines - Prevent highly confidential file leaving specific folder - Encryption policies (Laptop HDD, USB devices) - Warn on sending classified information to external 22

23 Protecting IP Throughout the Supply Chain Global Provider of Engineering, Technology and Staffing Services Business Need: - Implement customized IP protection security requirements for its Fortune 25 customer s trade secrets - Meet ITAR and EAR regulations for its customer - Ensure secure global sharing of clients IP across multiple offices and development teams Use Case Description: - Users: Mechanical Engineers, Analysts, Technical Support Services - Data: Client s Intellectual Property - Usage: Enable third party organization to securely access clients sensitive IP to provide engineering and technology services while meeting ITAR and EAR regulations. 23

24 Overview Accomplishments: Data Discovery Risk Identification Business Value Selling the Message Control Define Improve Measure Analyze Strategy: Risk based DMAIC approach to protecting Intellectual Property and Export Controlled data once it leaves the control of an application o Education o Enforcement Cross-functional engagement including HR, Legal, Security, Engineering, IT and IT Risk 24

25 Data Identification Trends Where we started What we learned Next Step 4 Measuring Data Quality Monitor Context Content Reporting Data Discovery TB to 4TB of Data copied to USB daily 2. ~100,000 USB Plug-in events per month 3. ~2,400 unique devices plugged into PC s External Document Identification 1. ~ 40% files were false positives 2. Added second layer to the requirements and rate dropped to ~11-15% false positives Internal Document Identification 1. Use Adaptive Content Inspection (ACI) 2. The upper spec limit for classification is 3% for false positives 3. Not compatible with encryption based security technologies 802 Audits 25% Data Egressed 23% Critical IP 95% Recovered 25

26 Use Case Definition Categorizations 1. Vault: Design Practices (DP) 2a. DWB: Specifications 2b. DWB: Drawings 2c. DWB: Other 3. Templates 4. Design Record Book Controls 1. Print (Alert) 2. to a Non-Corporate address (Block) 3. Copy to USB (Justification) 4. Upload to a Corporate library or Support Central (Block) 5. Print Screen (Block) Results Weekly Reports User Notification Discipline Recovery Actions Legal Recourse Data Identification & Classification 26

27 Use Case Definition Phase1 Enterprise Forensic Report for All Activity (within Defined Parameters) Sat thru Sun Naming Convention Export Raw Data; Filter through RegEx REPORTING Phase 2 Enterprise Forensic Report by defined source classification No Additional Filters Output details all files categorized Phase 3 Alerts Report No Additional Filters Output details events in violation of controls 27

28 Use Case Summary All Events All Events in Enterprise Forensic Report following specified naming convention Categorizations Only categorized files (DP, Specs & Drawings, Other) Alert Report Only contains categorized file movement that triggers alert 28

29 Securing Unstructured Data Unstructured Data Security File Share Controllership Identity Management User Based Categorization Data Loss Prevention Data Security in the Cloud 29

30 Key Takeaways Securing your Supply Chain: Exercise Privileged User Management Control How Data is Shared Implement Application Controls Perform Security Awareness Training Classify and Categorize Confidential Data Ensure a Proper Data Protection Program is in Place Consider a Managed Service if Lacking IT Staffing/Resources 30 30

31 Conference Cloud Additional Resources Securing Your Supply Chain Case Study: IP Protection, Secure Outsourcing Case Study: IP Protection, Incident Response & Forensics E-book: 5 Practical Tips to Protect Manufacturing Trade Secrets A Managed Security Program for Data Protection IP Protecting in Manufacturing Data Protection Vendor Evaluation Toolkit 31

32 Questions 32

33 Win an iwatch! Evaluate this session online! Every evaluation provides us with valuable insight for future conference sessions. Each submission increases your chances of winning an iwatch. 33