Patrick Gray Principal Security Strategist DATA SECURITY CHALLENGES IN THE ALL TOO PUBLIC AND NOT SO PRIVATE SECTORS

Similar documents
10 Quick Tips to Mobile Security

NATIONAL CYBER SECURITY AWARENESS MONTH

National Cyber Security Month 2015: Daily Security Awareness Tips

Cyber Security Awareness. Internet Safety Intro.

Malware & Botnets. Botnets

Roger s Cyber Security and Compliance Mini-Guide

Top 10 Tips to Keep Your Small Business Safe

Top tips for improved network security

BE SAFE ONLINE: Lesson Plan

Internet threats: steps to security for your small business

Protect Yourself. Who is asking? What information are they asking for? Why do they need it?

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO p f

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

The Impact of Wireless LAN Technology on Compliance to the PCI Data Security Standard

TMCEC CYBER SECURITY TRAINING

Cyber Security: Beginners Guide to Firewalls

Are You A Sitting Duck?

CSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks Date: 16/

ITAR Compliance Best Practices Guide

Computer Network and Internet Security Awareness and Responsible Use. Indian River County School District

References NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household

October Is National Cyber Security Awareness Month!

The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015.

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.

2010 AICPA Top Technology Initiatives. About the Presenter. Agenda. Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP

Cyber Security. Securing Your Mobile and Online Banking Transactions

Cyber Security Beginners Guide to Firewalls A Non-Technical Guide

Applying the 80/20 approach for Operational Excellence. How to combat new age threats, optimize investments and increase security.

The 2014 Bitglass Healthcare Breach Report

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

Security & SMEs. An Introduction by Jan Gessin. Introduction to the problem

+GAMES. Information Security Advisor. Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains

AB 1149 Compliance: Data Security Best Practices

What are the common online dangers?

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

CSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks - 5 month later Date: 19 th October 2007

2012 Bit9 Cyber Security Research Report

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

Fraud Detection and Prevention. Timothy P. Minahan Vice President Government Banking TD Bank

Why is a strong password important?

A Small Business Approach to Big Business Cyber Security. Brent Bettis, CISSP 23 September, 2014

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

Combatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation

IT TRENDS AND FUTURE CONSIDERATIONS. Paul Rainbow CPA, CISA, CIA, CISSP, CTGA

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

16 CLOUD APPS YOU NEED TO KNOW IF EMPLOYEES ARE USING

Learn to protect yourself from Identity Theft. First National Bank can help.

High Speed Internet - User Guide. Welcome to. your world.

10 Smart Ideas for. Keeping Data Safe. From Hackers

Christos Douligeris cdoulig at unipi dot gr. Department of Informatics University of Piraeus

How To Protect Yourself From Cyber Threats

CYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts

Corporate Account Takeover & Information Security Awareness. Customer Training

white paper Malware Security and the Bottom Line

SECURITY THREATS: A GUIDE FOR SMALL AND MEDIUM BUSINESSES

Top five strategies for combating modern threats Is anti-virus dead?

Network Security and the Small Business

2009 Antispyware Coalition Public Workshop

Defense Media Activity Guide To Keeping Your Social Media Accounts Secure

Scott Lucas: I m Scott Lucas. I m the Director of Product Marketing for the Branch Solutions Business Unit.

It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions

Advanced Biometric Technology

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

Corporate Account Takeover & Information Security Awareness

1. Any requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.

Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series

Statistical Analysis of Internet Security Threats. Daniel G. James

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

Don t Fall Victim to Cybercrime:

The Cloud App Visibility Blindspot

of firms with remote users say Web-borne attacks impacted company financials.

The Case for a New Approach to Network Security

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

Personal Safety Tips For Public Information Technology

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Cyber Security Awareness

Perception and knowledge of IT threats: the consumer s point of view

Protecting your business from fraud

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014

Mifflinburg Bank & Trust. Corporate Account Takeover & Information Security Awareness

How To Help Protect Yourself From Identity Theft

3 day Workshop on Cyber Security & Ethical Hacking

Defending Against Data Beaches: Internal Controls for Cybersecurity

Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually.

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams. May TrustInAds.org. Keeping people safe from bad online ads

Society for Information Management

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover

STOP. THINK. CONNECT. Online Safety Quiz

Promoting Network Security (A Service Provider Perspective)

Digital Barracuda Information Security Reports that the Risk from Viruses and Worms is Only the Tip of the Iceberg FACT SHEET

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Almost 400 million people 1 fall victim to cybercrime every year.

Transcription:

Patrick Gray Principal Security Strategist DATA SECURITY CHALLENGES IN THE ALL TOO PUBLIC AND NOT SO PRIVATE SECTORS

I want you to take home four points Understand Educate Collaborate Prepare

It s a great to be here today, but uh, do you know where your data is right now? It s all about data, your data The confidentiality The integrity The availability

It s hard to protect data when we really don t even know where it is! So, where is your data today? In the cloud On any device Any place Any time of day or night When aren t we working anymore? When do we call it a day?

Cisco SIO to Go Great App

Today, it s about mobility In the past few years we shifted our lives to the PC and the Internet Now, it s all about being mobile A PC in your pocket Our mobile work force is growing and expanding

Where? Where does work happen?

It happens wherever we are! No longer does business take place solely behind network walls The critical work is happening increasingly on social networks, on handheld devices, in the field, and at local cafes

Diminishing Border The traditional IT perimeter, with clearly identifiable boundaries, has diminished In its place, a network with limitless potential is rising One where agencies, school, teachers, businesses, students and employees demand access to information whenever and wherever they need it

New Considerations It is information technology s role to ensure that the appropriate people, using the correct devices, are accessing the proper resources while having a highly secure yet positive user experience within your networks

A blurring of activities In addition, it is common for workers to blend business and personal communications on these social networks, further blurring the network perimeter

I just have to check Just last month, 57 million Americans visited social networking sites from a work computer Checking your Facebook account has become the default Water Cooler It's the most commonly visited website at the workplace, twice as popular as Google and three times as popular as Yahoo

The keypad is mightier than the sword

Cisco on Facebook

Cisco on Twitter

Cisco on be

This is viral Overall, 54 percent of Americans said they keep in touch via social networking websites such as Facebook and LinkedIn

It s no longer just close relationships Employees are going places they ve never gone before and are touching technology daily That which they are touching is touching your networks as well

That being said There are things we really need to be aware of The bad guys know what we re doing, where we re going and want to make the trip a wee bit more difficult

With Web 2.0 A new breed of malware is evolving Google Mashups, RSS feeds, search, all of these can be misused by hackers to distribute malware, attack Web surfers and communicate with botnets

Risk it's everywhere And no one knows that better than IT security professionals Disgruntled employees, students, fired employees, clueless employees who succumb to social engineering, passwords left on Post-it notes, wideopen instant messaging and increasingly powerful hacker tools in the hands of teenagers, Web Mobs and Organized Crime targeting Social Media sites

Objective? The key objective, of course, is to recognize risk, safeguard your reputation and not reveal sensitive or confidential information that may prove quite harmful to the school system, teachers or students

Feel better now? It is estimated that 55,000 new viruses, worms, spyware and other threats hit the Internet daily Congress and the Executive Branch get about 1.8 billion cyber attacks each month

Malware Historically, malware has plagued email, hidden in malicious attachments While that s still happening, more malware developers are putting their efforts into malicious websites 1 in every 1,000 web pages is infected with malicious drive-by downloadable software

Constant Mutation The goal in developing malware is not to simply infect as many systems as possible but to specifically steal usage information and other data from compromised systems Use of polymorphic code that constantly mutates

Mobil Malware Few mobile users realize that their smart phones are actual computers, and contain lots of sensitive data ranging from passwords, to data found in work emails

Mobil Malware Yet cell phones have seen a dramatic rise in "smishing," where attackers send SMS messages with a link attached, urging a user to check out a website, picture or a game When clicked, the link downloads malware on the phone and hackers can steal any information residing on your phone

Jeez! What else??? Wardriving lock down those wireless access points at work and at home Spam is huge! Don t become a victim And the phishing is so elegant and is targeting banks as well as retail stores looking for your login credentials

Two biggest vectors for Malware Email Web-based

The Human Firewall an invaluable tool A good human firewall employee is one who filters good security practices and rejects any others much like a network firewall only allows authorized traffic and rejects any other The only way to build a good human firewall is to raise employee s awareness; to teach them good habits, to make them recognize bad practices and change them into good practices Your cyber security is only as good as the people who manage it and those who use it

So Patrick, why do we really need that Human Firewall?

Because, Friend has become a verb Social media users believe there is protection in being part of a community of people they know Criminals are happy to prove this notion wrong

Causation The threats and security issues that come with social media aren t usually caused by vulnerabilities in software More commonly, these threats originate from individuals who place an unwarranted amount of transitive trust in the safety of these communities

Remember On social sites Your privacy is history They don't have your best interests in mind Social engineering attacks are getting more targeted

Trust? Users will trust something or someone because a user they know has also expressed trust in that person or subject We trust because we are curious and curiosity

Okay to trust but please verify So, have fun! But monitor Be a bit more vigilant And manage appropriately

But what does all this mean? I am just a user and am not an engineer or a technician or a programmer or a geek! I m just sitting at my desk, talking to friends and all sorts of people How in the world am I threatening our network???

2 Reasons You probably do not understand policies, procedures, best practices and standards If you do understand them, they are violated because there are no consequences the policies are not enforced Who, me?

Education is Critical Few executives grasp the case for investing in safeguards against hackers, malware, and the like Education starts at the top and works its way down the food chain throughout the entire business Before any employee puts their fingers on the keyboard they must understand that it is not their computer

The Seven Deadly Sins of Network Security 1. Not measuring risk 2. Thinking compliance equals security 3. Overlooking the people 4. Lax patching procedures 5. Lax logging, monitoring 6. Spurning the K.I.S.S. 7. Too much access for too many

The Hackers Disgruntled Insiders Clueless employees Foreign Governments Terror organizations The Opposing Team

Biggest Players in the Global Black Market Russia China Brazil Israel U.S.

Krews HangUp Team CNHonker Russian Business Network Rock Phish 76Service MAAS Hoff is Thirsty

Top 8 Perceived Threats System penetration Sabotage of data Theft of proprietary information Denial of service Viruses and Worms Unauthorized insider access Laptop theft Insider abuse of the Internet

System Penetration It is an unfortunate reality that you will suffer a breach of security at some point To bypass security, an attacker only has to find one vulnerable system within the entire network But to guarantee security, you have to make sure that 100 percent of your systems are invulnerable -- 100 percent of the time

Data Leakage: How many instances in 2011? 557 30,678,619 records exposed How were you impacted?

Not good But Patrick! It won t happen to us!

Whether you get hacked depends Do you assume the posture of, It can t happen here. Do you hear, We haven t heard of any worm outbreaks and all seems quiet. Why upgrade those devices? We have no budget. We re just hanging out in the Rockies! They re only going after the US Government. Then my question is, Can you really afford to give up data today?

You can t afford to give up data, so be prepared and alert Every man has a plan, until he gets hit!

So, what are they really after? Business data Customer data Confidential data Your personal data Your paycheck Your friends Your family

You are the last line of Defense! Step up! Understand Educate Collaborate Prepare

Thank You! pagray@cisco.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information