Top 5 Data Breaches in 2014

Transcription

1 Top 5 Data Breaches in 2014 Retrieved on 24 February from CNBC Calls it the year of the hack

2

3 Counter Productive and Non-Collaborative Behavior Vulnerabilities Announced Before Patches Are Ready Google gave Microsoft 90 days to fix a flaw. MS asked Google. Google instead published code that could assist malicious hackers Sony, U.S. Agencies Fumbled After Cyberattack The Wall Street Journal Target Breach Home Depot Breach

4 Danger from the Net retrieved on 24 February, 2015 from

5 Entry Into The Internet Internet Retrieved on 22 February, 2015 from

6 The Internet Connecting The World Retrieved on 22 February, 2015 from 1FC350A8B8FBE9C151591F038FB792611E18&selectedIndex=0

7 Your PC Retrieved on 22 February, 2015 from

8

9 Can a creative mind defeat a criminal mind in Cyber Warfare? The answer depends on our position, our perspective and ultimately our agenda Focus our attention on the process and the resources required Security professionals need assistance from experts in other fields, such as psychology, sociology, law, and human resources

10

11 21 st Century Challenges and Changes Internet complexity and interconnectedness Always On technology and culture Mobile technology challenges and shortcomings BYOx Communication Not speaking the same language Arrogance from executives and from techies Fear No trust Silo mentality

12 21 st Century Challenges and Changes Think out-of-the-box and come up with a solution not considered before Security professionals must out think and out maneuver cyber attackers Not criminally inclined, professionals vs. criminal minds Catch 22 - understand the criminal mind, Security professionals should not face alone Enlist the assistance of psychologists and sociologists Design incentives that would not produce counterproductive results

13 21 st Century Challenges and Changes Zero-day attacks, Trojan horses, and persistent threats, Security environment moves faster than the computer environment Organizations face many threats, including internal and external A zero day attack leaves organizations with mere hours to respond Every day we are bombarded with countless stories of malware, virus,

14 Scope Definition - Simplification How we keep the bad guys away from our information assets? How do we keep our information assets away from the bad guys? Identify Locate Read the signs Remove the noise Careful of consequences

15 Scope Definition Who are the bad guys? Where are the bad guys? How can they attack us? Are our defenses adequate? Are we asking the right questions?

16 Scope Definition Although information and security professionals contribute tremendous value, the field as a whole is not strongly based in theory and research. (Weaver, R., Weaver, D, & Farwood, D., 2012) Security and information technology overlap in so many ways Behaviors and attitudes of those involved Attitude, or arrogance

17 Scope Definition The focus is on the individuals involved in computer and security operations as well as the actors orchestrating and deploying the threats. Only by understanding an individual s motivation s that a better approach can be created to identify, counter and preempt future threats. (Salguero, J., 2014).

18 The Other Part of the Question In War Collateral damage Cyber warfare will almost certainly have very real consequences. (Shimeall, 2001).

19 Everything is Interconnected As computer technology has become increasingly integrated into modern military organizations, military planners have come to see it as both a target and a weapon, exactly like other components and forces. (Shimeall, 2001). Countries that are not as dependent on high technology, within their military establishment consider such dependence a potential Achilles heel for their enemies. (Shimeall, 2001).

20 Motivations From a Civilian Standpoint External/internal International/domestic Part of a nation state Part of an organized effort Students experimenting with their new found knowledge Part of commercial espionage

21 Levels of Cyber War: Motivations From a Military Standpoint Cyber war as an adjunct to military operations Limited cyber war Unrestricted cyber war

22 Motivations from a Civilian Standpoint Types of Hackers (Actors) White Hat Hackers Black Hat Hackers Hacktivists State Sponsored Hackers Spy Hackers Cyber Terrorists

23 Organized criminal groups in the cyber space While many types of cyber crime require a high degree of organization and specialization, there is insufficient empirical evidence to ascertain if cyber crime is now dominated by organized crime groups and what form or structure such groups may take. (Lusthaus, 2013). Digital technology has empowered individuals as never before. Teenagers acting alone have succeeded in disabling air traffic control systems, shutting down major e-retailers, and manipulating trades on the NASDAQ stock exchange (US Securities and Exchange Commission, 2000).

24 Examples of Cyber Crimes and Cyber Offenders 1. Ryan Cleary: DDoS on SOCA 2. Andrew Auernheimer: Apple ipad Snoop 3. Aaron Swartz: Content Downloader 4. Christopher Chaney: Celebrity Hackerazzi 5. Sam Yin: Gucci Hacker 6. Edward Pearson: Identity Theft

25 Examples of Groups Involved in Cyber Crime 1. LulzSec and Sony Hackers 2. Dreamboard 3. DrinkOrDie 4. DarkMarket 5. DNS Changer 6. Carberp 7. Unlimited Operation 8. Koobface

26 Psychological Motivating Factors Only when we understand the individual can we start to make assumptions Make predictions as the criminal profilers do Uncover the methodology of the attacker Psychological factors that make up an individual s personality It is essential to understand the psychology of the attacker if effective controls are to be developed and deployed. (Wright, C.S. 2011).

27 The Manager s Role Understand and to motivate the individual performance appraisal professional and personal plan A manager has a responsibility to his/her employees providing their team members with the right tools and training

28 Identifying the Personality Profiles of Team Members The Myers and Briggs personality inventory categorize people into 16 different personality types result from the interaction based on people preferences the behavior is actually quite orderly and consistent There are no right or wrong preferences. Reading is not better than watching movies; each has its strengths and its problems. Most people have the ability to do both, even if they don t like one or the other. Personality preferences, sometimes called psychological preference, are like many other preferences. (The Myers and Briggs Foundation, 2014).

29 Right Brain or Left Brain Dominance a left-brain dominant person prefers things to be in a logical order and likes identifying details instead of concepts Analytical Right brain dominant people are considered artists, musicians, and dreamers type of profession a person chooses and the types of decisions a person makes

30 Incentives and Motivation what types of incentives work the best not everyone is motivated by money Mentoring and coaching are qualities of a good leader Good leadership motivates some people Respect and loyalty are earned and a leader is better at achieving both

31 Recommendations Cyber Security Risk Management Cyber Security Incident & Insider Threat Management Cyber Security Leadership Best Practices Formalize and Communicate Enterprise Security Organizational Policy Train, Mentor, Coach everyone in the organization about the potential threats Security solution must have a holistic/enterprise wide approach to be successful Scope Definition and Scope Management Relationships, Relationships, Relationships

32 Questions???