Cybersecurity: Navigating a Changing Landscape

Transcription

1 Cybersecurity: Navigating a Changing Landscape

2 Cybersecurity: Navigating a Changing Landscape The Privacy & Security Forum 2015 Karl J. West, AVP and CISO

3

4

5

6 LA County 350,000 Advocate Medical Group 4,000,000 Ebay 145,000,000 Adobe 152,000,000 Wallgreens 100,000 CHS 45,000,000 SnapChat 4,700,000 Korea Credit Bureau 20,000,000 Florida Courts 100,000 South Africa Police 16,000 WA State Courts 160,000 Texas DHHS 2,000,000 Hudson Gas 110,000 Target 70,000,000 Macrumors.com 800,000 NASDAQ unknown Montana DDHS 1,300,000 Touchstone 300,000 AOL 24,000,000 Drupal 1,000,000 Sony 145,000,000 Nieman Marcus unknown LexisNexis 1,000,000 Boston Children s unknown Nintendo 240,000 Anthem BC & BS 80,000,000 Cross-industry Breaches

7 $400 billion Estimated annual cost to the global economy. McAfee/Center for Strategic and International Studies, June 2014 $60 Going rate for medical records on the black market. Wall Street Journal, February 2014

8 Your medical record is worth more to hackers than your credit card. Reuters, 2014

9 Today s Threats Global attacks on Intermountain **NOTE: This is a 5 minute view of external authentication attempts

10 SANS Health SANS Health Care Cyberthreat Care Cyberthreat Report Report BARBARA FILKINS, SENIOR SANS ANALYST AND HEALTHCARE SPECIALIST BARBARA FILKINS, SENIOR SANS ANALYST AND HEALTHCARE SPECIALIST This level of compromise and control could easily lead to a wide range of criminal activities that are currently not being detected. For example, hackers can engage in widespread theft of patient information that includes everything from medical conditions to social security numbers to home addresses, and they can even manipulate medical devices used to administer critical care." This level of compromise and control could easily lead to a wide range of criminal activities that are currently not being detected. For example, hackers can engage in widespread theft of patient information that includes everything from medical conditions to social security numbers to home addresses, and they can even manipulate medical devices used to administer critical care."

11 moving from protecting the perimeter to anticipating the attack Security Architectures Old architectures no longer work! Can t simply tell customers no There are no more perimeters to defend Can t just throw money and employees at the problem Old practices can t keep up with threat levels Secure development lifecycle (SDLC) Security Review

12 Emerging threats Black Hat 2014 Google Glass password snatching Anonymous VDI screen scraping AD compromise through Kerberos Remote attacks against vehicles Memory scraping for credit cards USB Controller chips compromised Cellular compromise through control code Free cloud botnets for malware Mobile compromises through MDM flaws Cryptographic flaws and Rosetta Stone

13 Sources: Radiate Media, McKinsey Global, Twitter, Cisco, Gartner, EMC, SAS, IBM, MEPTEC, QAS Lose Assets, Not Data 1 in 4 houses is burglarized B&E occurs every 9 minutes > 20,000 laptops left in airports each year Typical asset inventories off by 60% 138% in records exposed in % in large breaches that involve theft 6-10% average shrinkage of mobile devices

14 Sources: Ponemon, Radiate Media, McKinsey Global, Twitter, Cisco, Gartner, EMC, SAS, IBM, MEPTEC, QAS Trust, but Verify ~2/3 of data breaches in 2012 could be attributed to negligence or human error > 70% of identity theft and fraud is committed by knowledgeable insiders. In 2013, medical identity theft increased 20% Traditional audit methods & manual auditing is completely inadequate Behavior modeling, pattern analysis, and anomaly detection are needed.

15 SOCIAL The Security Challenge MOBILE Regulatory Compliance ANALYTICS CLOUD Data Protection Sources: Radiate Media, McKinsey Global, Twitter, Cisco, Gartner, EMC, SAS, IBM, MEPTEC, QAS

16 SOCIAL 500+ million users billion users 500+ million users 235+ million users Sources: Radiate Media, McKinsey Global, Twitter, Cisco, Gartner, EMC, SAS, IBM, MEPTEC, QAS

17 MOBILE 76% of mobile users review on their phones 60% of social media users access these services on their phones 54% of mobile phones are smartphones 52% of breaches occur on personal devices including desktops, laptops, and portables. Sources: US Dept. Health and Human Services/Radiate Media, McKinsey Global, Twitter, Cisco, Gartner, EMC, SAS, IBM, MEPTEC, QAS

18 ANALYTICS Volume Where Is the data stored 43 trillion GB of data by 2020 Variety When Healthcare data ~150 Is the data moved exabytes in 2011 Veracity Who Poor data Moved quality the costs data the U.S. ~$3.1 Audit trillion Trails a year Encryption Velocity 18.8 Across billion the network lifespan connections and spectrum by 2016 Sources: US Dept. Health and Human Services/Radiate Media, McKinsey Global, Twitter, Cisco, Gartner, EMC, SAS, IBM, MEPTEC, QAS

19 CLOUD % Cloud Traffic 55% Users online 380% Storage needs 150% Devices Sources: Radiate Media, McKinsey Global, Twitter, Cisco, Gartner, EMC, SAS, IBM, MEPTEC, QAS

20 Regulatory Compliance HIPAA Sarbanes Oxley (SOX) Federal Information Security Management Act (FISMA) Data Protection Monitoring, Analysis, and Response (MARS)

21 Wearables & Fitness Trackers Removable Media Connected Medical Devices Laptops Smart Phones Tablets Source:

22 Sources: Radiate Media, McKinsey Global, Twitter, Cisco, Gartner, EMC, SAS, IBM, MEPTEC, QAS Embrace Securing Mobility Enforce and monitor device Care can be improved through access to real-time patient data encryption & passwords which an increasing number of patients Detect are Geo collecting presence of They devices want to share clinical data, locate one another, update attending doctors on patient conditions, minutes lost order, and transmit information Screen savers/auto-locking and images Security Asset inventories priority should and be on life data and device cycle management from Restrict access based on location and acquisition encrypt data to in disposition transmission and storage Force remote wipe after 30 Enforce a Secure Development Lifecycle (SDLC)

23 Security Operations Center 24x7 oversight to detect and respond to threats

24 Security Operations Center Builds intelligence dynamically Aligns processes with Business Operations Defines best practices (internally, globally) Continuously improves protection and monitoring Analyses business activity, network traffic, and actionable events Optimizes playbooks and use cases Detecting an event is one thing; knowing what to do with it is another

25 Strategies Develop a risk inventory and mitigation plan Develop a mobile/byod security strategy Develop a set of common security controls Develop asset management strategies Develop an ephi inventory Develop a Risk Management framework and prioritization guidelines

26 Karl J. West, CISO Intermountain