Surviving the Ever Changing Threat Landscape

Transcription

1 Surviving the Ever Changing Threat Landscape Kevin Jordan Cyber Security Specialist Dell

2 GLBA FFIEC NCUA PCI HIPAA NERC CIP FISMA 700+ Percentage of U.S. adults who Federal named online and banking state as their security-related preferred banking method in 2011 laws 50 U.S. states with varying data breach laws billion records stolen The Internet is where the bad guys will go because that s where our lives are, and our money, our secrets and our intellectual property, Classification: //Dell /Confidential - Limited External Distribution: James Comey, FBI Director

3 Target is the same; Methods are evolving Why not? Community banks have assets, customers and PII too Larger banks are fortifying their defenses Smaller IT teams Defenses are down Path of least resistance Tunnel to ultimate target Less than 3% of overall IT budget 3 is spent on cyber security Community Banks are more likely to be targeted by cyberattacks because hackers believe these smaller organizations have their guard down. Classification: //Dell /Confidential - Limited External Distribution:

4 Cyber attacks edging out terrorism as No. 1 threat to U.S. In the not too distant future, we anticipate that the cyberthreat will pose the No. 1 threat to our country. No company is immune, from the Fortune 500 corporation to the neighborhood mom and pop business. I am convinced there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again. Source: FBI Director Robert Mueller Speaking at 2012 RSA Conference 4 Classification: //Dell /Confidential - Limited External Distribution:

5 According to top cyber security experts Companies need to do more than just react to intrusions Companies, from major multinationals to small start-ups, fail to recognize the financial and legal risks they are taking or the costs they may have already suffered. He doesn t believe there is a single secure, unclassified computer network in the U.S. FBI agents are increasingly coming across data stolen from companies whose executives had no idea their systems had been accessed. In cases handled by one computer security firm where intrusions were traced back to China, 94% of the targeted companies didn t realize they had been breached until someone else told them. In many cases, the skills of the adversaries are so substantial that they just leap right over the fence and you don t even hear an alarm go off. Source: U.S. Outgunned in Hacker War The Wall Street Journal, March 28, Classification: //Dell /Confidential - Limited External Distribution:

6 Incidents by Source August % of incidents originate outside your 4 walls 6 Source: OSF DataLossDB Classification: //Dell /Confidential - Limited External Distribution:

7 The Impact of Cyber Crime 500 #1 - Hacker s Inc. Would be the largest company in the world Translate costs into hacker revenue Global costs of cyber crime is $500B * - Center for Strategic and International Studies (CSIS) Classification: //Dell /Confidential - Limited External Distribution:

8 Motivations behind cyber crime Gain financial advantage Intelligence gathering Gain competitive advantage Damage organizations brand, reputation and systems Obtain indirect access to a targeted business partner Prepare the field of battle for cyber warfare 8 Classification: //Dell /Confidential - Limited External Distribution:

9 5.8 million average cost of breach to midsize companies 31% of breaches result of human factor 25% of customers leave post breach 9 ~$417,000 post breach clean up costs $3,200,000 in lost business costs 113% increase in ransomware attacks in 2014* Classification: //Dell /Confidential - Limited External Distribution:

10 The evolving threat landscape Opportunistic Threats Mature black market for digital records Recent breaches point to breakdowns in people and process Employees as a threat vector of choice Risk from partners, affiliates and suppliers Evasive Threats Endpoints, including POS, still largely unprotected Ransomware High impact, systemic threats such as Heartbleed and Shellshock Security is no longer an IT issue. It s a business issue. 10 Classification: //Dell /Confidential - Limited External Distribution:

11 Recent Breaches Failure in People/Process Observed commonalities: Targeted strategies Employees as a threat vector Third parties as threat vectors Lack of expertise and/or process to interpret or act on threat alerting World s Biggest Data Breaches (30K+ records) Visualization: InformationisBeautiful.net 11 Classification: //Dell /Confidential - Limited External Distribution:

12 Mature Black Market for Digital Records A robust marketplace 12 Classification: //Dell /Confidential - Limited External Distribution:

13 Great deals and customer service! Products Cost Identity $100 - $250 Passports $200 - $500 Fake SSNs $250 - $400 Fake drivers licenses $100 - $200 Premium Credit Cards Fake SSN#s $250 - $400 Training Tutorials $1 - $30 Hacker for Hire $1 - $600 Malware Remote Access Trojan $20 - $50 $13 ea. for 10; $10 each for 1000 Exploit Kit Lease Rates $600 - $1800 Crypters $50 - $ Classification: //Dell /Confidential - Limited External Distribution:

14 Who s out there? Hacktivists Targeted Nation State Commodity Advanced APT Script Kiddies Broad Organized Cyber Criminals Organized Cyber Criminals 14 Classification: //Dell /Confidential - Limited External Distribution:

15 What unpaid bank fees? Ransomware

16 Ransomware. It s easier to steal funds via ransom than from a bank Hijacks a user's computer by taking control of its monitor or screen, locking the system and then displaying a ransom message Adversaries can create spoofs your website and templates. Send s to your bank customers (information stolen) asking for payment of unpaid fees usually by credit card or files will be locked You might not know about this until a customer calls you 16 Classification: //Dell /Confidential - Limited External Distribution:

17 You won t look for me. You re too busy. DDoS Smokescreens

18 Camoflaged Attacks DDoS Smokescreen Highest number of attacks in financial industry Adversary paralyzes website by redirecting web traffic Customers, employees, vendors can t access site for undetermined time 62% of DDoS attacks last longer than 24 hours Mostly utilized by organized groups Growing in number Toolkits are available for purchase, Dirt Jumper or Drive Adversaries launch DDoS to jam system resources IT staff must mitigation surprise attack Adversaries exfiltrate funds, intellectual property, trade secrets, customer and employee PII and credit cards Sony August 2014 DDoS attacks a suspected smokescreen. No data was exfiltrated. 18 Classification: //Dell /Confidential - Limited External Distribution:

19 Adjacency Attack Cyberheist + Smokescreen Adversary hacks into construction company network overnite Adversary takes control of company network Next day accountant can t access browser to check account online Adversary steals 900K from victim s bank Adversary launches DDoS attack to distract bank officials FBI called in to investigate Bank reclaims 50% of funds 19 Cyberheist + DDoS smokescreen approach is common with cyber gangs using Gameover Trojan, a Zeus variant. Classification: //Dell /Confidential - Limited External Distribution:

20 Mitigating Information Security Risk

21 In Internet of Things (IoT)ternet of Things (IoT) The Internet of Things (IoT), is the network of physical objects or "things" embedded with electronics, software, sensors, and connectivity to enable objects to collect and exchange data. 21 Classification: //Dell /Confidential - Limited External Distribution:

22 Going it alone is most risky - DIY Information about what is happening around your perimeter is critical and most businesses don t have access to it. 22 Confidential Services Classification: //Dell /Confidential - Limited External Distribution:

23 Two in one MSSP as Responder Security data is paramount Helps solve the how and why of a breach MSSP is also incident responder Security data at their fingertips Immediate access to data helps responders control the breach faster. Offers better threat protection than DIY Intelligence gained feeds protection Around the clock monitoring Cybercriminals constantly changing Tools, Techniques, and Tactics 23 Confidential Services Classification: //Dell /Confidential - Limited External Distribution:

24 Risk-based approach Direct loss risk Risk to reputation Lost revenue, data Lose market share Litigation, civil damages Liability risk Fines, penalties Compliance risk Confidential 10/5/2015 Classification: //Dell /Confidential - Limited External Distribution:

25 First, connect security to the business (Your to do list) Security is not just a IT problem Collateral damage is at an all time high Keep lines of communication open on both ends Manage risk Create a security aware culture Invest early Investment in security is far less than cost of mitigation, eradication and remediation Incident response plan Collaboration is paramount Documented and tested (table top exercises) Include communications plan Who is watching the fort 24/7/365?! 25 Classification: //Dell /Confidential - Limited External Distribution:

26 Good Guys vs Bad Guys VS Classification: //Dell /Confidential - Limited External Distribution:

27 Thank you. Kevin Jordan Cyber Security Specialist Dell