1 Using Social Engineering Tactics For Big Data Espionage Branden R. Williams Jason Rader RSA Session ID: DAS-301 Session Classification: General Interest
2 What Is This Session About? Big Data Analytics They are the future! How do we deal with them in the security world? Adopting techniques from Social Engineering How can we learn from other security issues? What snakes may be lurking in the grass? Application What to do?
3 Predictive Analytics The Future of BI Big Data Not LOTS of data But many disparate sources with mixed structure Industry trends driving Big Data & analytics Storage is cheap Anywhere computing Hardware over-engineering (or distributed computing) Math is pretty awesome
4 What are Predictive Analytics? Simply, deriving value from big data! Complexly (is that a word?) Organizing the unorganized Heavy math use The search for leading indicators How do we use it? Business strategy Public safety (CDC,NOAA) Predict the future 4
5 Who does this well today? Investors! Massive historical data Lots of math Sometimes bad math The search for trends Execute trades! The next step? Implications of social media See through the corporate veil Now we can focus on the individual! 5
6 DATA TYPE A Big Data Framework Non-Transactional Data Social Analytics Decision Science Transactional Data Performance Management Data Exploration Measurement Experimentation BUSINESS OBJECTIVE Parise, S., Iyer, B., & Vesset, D. (2012). Four strategies to capture and create value from big data. Ivey Business Journal, 76(4), 1-5.
7 Predictive Analytics The Why Businesses have data coming out of their ears SO DO THE BAD GUYS! Huge shift from the past Forensics example Unused data Can we find value? Business leaders must innovate 1 But focus on business model innovation PA can drive this! 1 Amit, R., & Zott, C. (2012). Creating value through business model innovation. MIT Sloan Management Review, 53(3),
8 Derived Data & Analytics (more sensitive than original data!) Analytics automate data crunching Could become the new IP! Businesses act on output What about deriving sensitive info? PII Privacy issues! If I accurately guess your info, do I need to protect it?
9 Problem of derived sensitive data If I derive your PII, must I protect it? Law is WAY behind Compliance might be farther HUGE IMPACT TO BUSINESS In EU, no question How to apply EU Privacy Updates?
10 Practical Applications How Target knew a teenager was pregnant before her own father did: Pause for story time! Implications: Target can predict due dates/sex Aggregations of data can accurately predict the future Better placement (upside?) Not Singular pieces of data! It s the CORRELATION that matters
11 Payoff The Relevance of Data Mass Amount of data 11
12 The Compartmentalization problem Big data requires big flexibility But that impacts security Think about SQL features: Views Complex Queries (with aggregates) Column-level RBAC Classic approaches (where have we solved this problem before) DBAs still a risk (so is the Data Scientist) Operators may not know what they are looking at
13 Attack Scenarios for BI Hacking the Coca Cola formula Can you derive the formula? YES YOU CAN! Shipping/Receiving/Production data Think Crypto plaintext attack KFC would be harder, but possible! IP/Strategy Derivation Attackers can figure out your IP by looking at data sets you don t necessarily protect Macro trends repeat themselves over multiple sets of data, can I fill the gaps from missing data sets?
14 How Does This Fit Into Social Engineering? Social engineers rarely blatantly ask for all of the information Patchwork over time Desired outcomes are known Surprises happen to change outcome Given 20 sources of input data: If a criminal has access to say 15 Can he replicate analytics & results? Can he fill in the gaps? Eeek.
15 Side By Side Comparison Gather Intelligence Go after willing targets (sheeple) Gather innocuous information in bits Piece together bits Exploit Social Engineering Big Data Attacks Source Data Go after IP rich companies Go after underprotected information Find and fill gaps Exploit 15
16 How To Apply Content From This Session In the first three months: Understand the sausage factory operation How does your business use analytics/data to operate or make strategic decisions? What happens in real-time? Catalogue data sources and uses Where are those inputs and how are they protected? Within six months you should: Identify data where inference leads to espionage Unused business data or seemingly mundane data Build sourcing plans (in or out!) 16
BIG DATA CALLS FOR BIG SECURITY! Jason Rader - Chief Security Strategist, RSA Global Services RSA, The Security Division of EMC Session ID: DAS-W02 Session Classification: General Interest Agenda Why Big
IBM Software Thought Leadership White Paper June 2013 The top five ways to get started with big data 2 The top five ways to get started with big data Big data: A high-stakes opportunity Remember what life
Navigating the big data challenge Do you have lots of data but few insights? By Rasmus Wegener and Velu Sinha Rasmus Wegener is a partner with Bain & Company in Atlanta. Velu Sinha is a partner in Bain
State of Privacy Report 2015 SYMANTEC / STATE OF PRIVACY REPORT 2015 01 Contents Introduction 02 01 The Depth of Security Concern 05 02 The Data Trust Gap 19 03 Where Does The Responsibility Lie? 27 04
Introduction.... 1 Emerging Trends and Technologies... 3 The Changing Landscape... 4 The Impact of New Technologies... 8 Cloud... 9 Mobile... 10 Social Media... 13 Big Data... 16 Technology Challenges...
Compliments of 2nd IBM Limited Edition Business Analytics in Retail Learn to: Put knowledge into action to drive higher sales Use advanced analytics for better response Tailor consumer shopping experiences
Big Data Management and Predictive Analytics as-a-service for the Retail Industry Serendio Predictive Analytics for the Retail Industry 2 Executive Summary The biggest and most successful retailers today,
Italian Enterprises Adopt Big Data Solutions Forrester Consulting About Forrester Consulting Forrester Consulting provides independent and objective research-based consulting to help leaders succeed in
Rob Davis Everyone wants a good process. Our businesses would be more profitable if we had them. But do we know what a good process is? Would we recognized one if we saw it? And how do we ensure we can
IBM Global Business Services IBM Institute for Business Value Business Analytics and Optimization for the Intelligent Enterprise Business Analytics and Optimization IBM Institute for Business Value IBM
Implementing An Issue Management Solution Issue management means a lot of things to a lot of people. A quick search on Google will invoke definitions, descriptions, tips, software tools, and organizations
SAP BusinessObjects Business Intelligence SAP BusinessObjects Business Intelligence 4.0 Solutions Empowering the Real-Time, Mobile, Social, and Global Enterprise SAP BusinessObjects Business Intelligence
Cyber-Security Essentials for State and Local Government Best Practices in Policy and Governance Operational Best Practices Planning for the Worst Case Produced by with content expertise provided by For
How to embrace Big Data A methodology to look at the new technology Contents 2 Big Data in a nutshell 3 Big data in Italy 3 Data volume is not an issue 4 Italian firms embrace Big Data 4 Big Data strategies
Big Data Getting Value from Big Data: Focus on the Opportunities, Not the Obstacles Table of Contents 2 Embark on Your Big Data Journey with Confidence Getting Started, Keeping Moving 3 Big Data Hype Versus
Exploring Strategic Risk 300 executives around the world say their view of strategic risk is changing Contents 3 Executive summary 5 Strategic risk emerges as a key focus for businesses around the world
The Right Stuff: How to Find Good Information David D. Thornburg, PhD Executive Director, Thornburg Center for Space Exploration firstname.lastname@example.org One of the most frustrating tasks you can have as a student
April 2013 Operational Intelligence: What It Is and Why You Need It Now Sponsored by Splunk Contents Introduction 1 What Is Operational Intelligence? 1 Trends Driving the Need for Operational Intelligence
www.pwc.com PwC Advisory Oracle practice 2012 How to drive innovation and business growth Leveraging emerging technology for sustainable growth 1 Heart of the matter Top growth driver today is innovation
CHAPTER 1.5 Managing the Risks and Rewards of Big Data MATT QUINN CHRIS TAYLOR TIBCO One of the biggest challenges of the term big data is deciding on a standard definition of what those words really mean.
We ve never told our in-depth story like this before: looking at the history, lessons learnt and the challenges faced on our Big Data journey. Lorraine Stone EXCLUSIVE INTERVIEW A BEHIND THE SCENES LOOK
RIS Thought Leadership Series Cloud-Based Technology: Identifying Key Opportunities for Retail Cloud-based solutions are already being used by a growing number of retailers to support their most important