Caribbean Cyber Security Be Aware Be Proactive as the Caribbean Is Under Cyber Attack

Transcription

1 Caribbean Cyber Security Be Aware Be Proactive as the Caribbean Is Under Cyber Attack THE TIME FOR AWARENESS AND VIGILANCE IS NOW

2 Caribbean Cyber Security Center Who We Are Computer Forensics Vulnerability Assessment Penetration Testing Security Operational Assessment Incident Response ICT Governance Support Information Security Program Development & Support Computer Security Incident Response Team (CSIRT) Support Cyber Security Awareness Training (THINKCLICKSURF)

3 Cyber Scams & Security - The Law Enforcement Perspective U.S FBI Director There are only (4) Types of Companies: (1) Those that have not been hacked and have an opportunity to protect themselves. (2) Those that have been hacked and have done nothing to implement effective technical, management and operations security controls (360 view). (3) Those have been hacked and will be hacked again (4) Those that have been hacked and don t even know it (Advance Persistent Threats) The Time for ACTION is NOW

4 What's Happening

5 Caribbean Cyber Security - Shocking Scale of Victims

6 UNDERSTANDING THE CYBER CRIMINAL 7 Billion People in the World 1 Billion of them have information worth selling Bank Accounts Credit Cards Social Media Accounts Data Stored In Databases The Approach of Cyber Criminals Individuals Takes More Time To Attack Criminal Networks Targeting businesses for large data harvesting

7 TOP (9) ATTACKER NATIONS United States China Ukraine Spain Vietnam Germany Indonesia Romania Unknown Based on: Source IP Destination IP Malware Creation UNKNOWN NATION

8 THE CYBER CRIMINAL PROFILE Common Personality Profile Educated Greedy Motivated Well Financed by Crime Organizations Advanced Degree in Engineering and Computer Science Live in placed with depressed economies Not able to get jobs in the areas they have degrees in THEY COMMUNICATE BETTER AND FASTER

9 UNDERSTANING THE CYBER CRIMINAL Cyber Criminals are NOW Targeting Business\Organizations 25 Million Businesses Worldwide Target Businesses\Org s that: Store Information Process Information Transmit Information Maintain Information

10 TOP METHODS OF ATTACK REMOTE ACCESS SQL INJECTION LEGITIMATE ACCOUNT USAGE REMOTE FILE INCLUSION MALICIOUS FILES WEB-BASED ATTACKS REMOTE CODE EXECUTION AUTHORIZATION FLAW PHYSICAL THEFT

11 THE CYBER CRIME PROCESS GREED KEY MOTIVATOR VICTIM ID INFILTRATION PROPAGATION AGGREGATION EXFILTRATION BUYER ID DATA LIQUIDATION RECYCLING

12 Caribbean Cyber Security Posture 2014 Events Across Our Region Just a Few Barbados Government Network Hacked. ATM scam (2013) The Parliamentary website of the government of Trinidad and Tobago was breached by a hacker. (2012) LIME broadband network came under a DOS attack. (2012) Cayman Island Banks Attacked (2013) The Evolving Cyber Threat and Our Current Posture Spike in Caribbean network and website attacks & compromises. Rapid improvements in hacking tool & techniques. We are one of the world's fastest growing regions for Internet access & usage. None adherence to International Cyber Security Best Practices & Standards Cyber criminals seeking Caribbean as a Soft Target. Significant lag in regional Cyber Laws & Legislation Low overall regional Cyber Security Awareness. Lagging implementation of national CSIRT. WHO S NEXT? Lots of TALK little or no real ACTION. Lack of Corporate & Leadership on Cyber Security.

13 The Statistics

14 The Statistics

15 Cyber Security Online Dangers to Caribbean Children Online Dangers To Caribbean Children Cyberbullying Disturbing content Viruses and spyware Sexual predators Crime Beyond Biz We Must Protect Our Most Valuable Asset Our Children

16 Cyber Security Online Dangers to Caribbean Children 1 in 5 children under 17 years has received unwanted sexual solicitation. 1 in 33 children has received an aggressive solicitation to meet somewhere. 1 in 4 children ages has been exposed to pornography. Over 750,000 known sexual predators in the U.S alone that cross borders 60% of online teens have received or instant messages from a perfect stranger. 63% of those have responded. There are over 3,000 hate sites on the Internet. There are over 100,000 sites that sell child pornography. There are a growing number of sites that provide instructions on how to produce destructive items.

17 Our Response

18 10 TOP Reasons Caribbean Businesses & Organizations Are Vulnerability To Cyber Attack

19 Why Are Caribbean Businesses & Organizations Vulnerable A Belief That Hackers Are Not Interested In What We Have

20 Why Are Caribbean Businesses & Organizations Vulnerable Old School View of the Role of ICT to Business Operations

21 Why Are Caribbean Businesses & Organizations Vulnerable Overdependence on Internal ICT Staff

22 Why Are Caribbean Businesses & Organizations Vulnerable Not Adhering to IT Security Best Practices and Standards

23 Why Are Caribbean Businesses & Organizations Vulnerable Business & Government Leaders Not Investing in IT security adequately or proactively

24 Why Are Caribbean Businesses & Organizations Vulnerable Tunnel Vision Which Is Focused on Technology Only

25 Why Are Barbados Businesses Vulnerable You Can t Manage What You Can t Measure Nor Don t Know

26 Why Are Caribbean Businesses & Organizations Vulnerable No Annual Independent IT Vulnerability Assessments

27 Why Are Caribbean Businesses & Organizations Vulnerable Cyber Criminals Know The Region Has a Significant Lack In Cyber Laws and Legislation

28 Why Are Caribbean Businesses & Organizations Vulnerable No Roles Based Annual Cyber Security Awareness Training Program

29 Caribbean Cyber Security What We Must Do Regionally A Caribbean Cultural and Mental shift to exercise vigilance with respect to cyber scams and overall cyber security is essential. We must establish a Caribbean centric framework for cross border collaboration to fight Cyber Crime. We must address false pride as it pertains to network security. We must navigate bureaucratic roadblocks and strengthen cyber crime laws and legislation regionally. We must actively defend our personal and professional cyber borders (work, home, school, mobile, physical) We must raise the overall level of Cyber Security Awareness regionally and develop local cyber security expertise

30 Recommended Action Plan (Public & Private Sectors) Cyber Security Recommended Roadmap for the Caribbean (Public & Private Sectors) Step Action A Assess your Assets, Risks, Resources B Build Your Policy Framework(Leveraging International Best Practices) C Choose your Controls (Technical, Management, Operational) D Deploy and Validate Your Security Controls E F Educate All Employees & Management Annual Cyber Security Awareness Training Further Assess, Audit and Test (independent assessment is KEY)

31 Implications for the Caribbean in Staying The Current Vulnerable Course Loss of Investor & Visitor Confidence Public Is Placed At Risk Inability to attract New Investors & Visitors Loss in Revenue, Customers and Productivity Losses of Confidential Data Negative Reputation - Non-Compliance with Standards Increase in Operational Costs Unplanned / Unbudgeted System Outage\Recovery Wide Reaching Stress / Uncertainty / Job losses Caribbean Cyber Security: The Time for ACTION is NOW

32 contact Information James Bynoe THANK YOU!!