Top 5 Data Breaches in 2014

Similar documents
Analytic and Predictive Modeling of Cyber Threat Entities J. Wesley Regian, Ph.D.

Cybersecurity Awareness. Part 1

Cyber Security Threats

National Cybersecurity Awareness Campaign

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015

Endpoint & Server Protection. Brent Biernat First Vice President Network Services May 13, 2014

Breakthrough Cyber Security Strategies. Introducing Honeywell Risk Manager

Gregg Gerber. Strategic Engagement, Emerging Markets

2012 Bit9 Cyber Security Research Report

Security and Privacy

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

A Detailed Strategy for Managing Corporation Cyber War Security

Feeling safe? Try attending Internet security conference 22 April 2015, by By Brandon Bailey

Persistence Mechanisms as Indicators of Compromise

Advanced & Persistent Threat Analysis - I

FBI CHALLENGES IN A CYBER-BASED WORLD

The Onslaught of Cyber Security Threats and What that Means to You

Information Security. CS526 Topic 1

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

Combatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation

Today s Cybersecurity Technology: Is Your Business Getting Full Protection?


The Mile High Denver Chapter of ARMA welcomes you to our virtual meeting!

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord

Enterprise Cybersecurity: Building an Effective Defense

Surviving the Ever Changing Threat Landscape

Why is this National Cyber Security Month? Stephen G. Austin, CPA, MBA Swenson Advisors, LLP

90% of health insurers surveyed have had a data breach 3. 72% increase in cyberattacks against healthcare companies occurred between 2013 and

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

Promoting a cyber security culture and demand compliance with minimum security standards;

Hackers: Detection and Prevention

July 11, 2012 STATS-DC. Mike Tassey. Security Advisor PTAC

CHAPTER 10: COMPUTER SECURITY AND RISKS

Zak Khan Director, Advanced Cyber Defence

Attackers are highly skilled, persistent, and very motivated at finding and exploiting new vectors. Microsoft Confidential for internal use only

Internet security: Shutting the doors to keep hackers off your network

September 20, 2013 Senior IT Examiner Gene Lilienthal

Recognize Nefarious Cyber Activity and Catch Those Responsible with IBM InfoSphere Entity Analytic Solutions

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Too Critical To Fail Cyber-Attacks on ERP, CRM, SCM and HR Systems

Business Continuity for Cyber Threat

Presented By: Corporate Security Information Security Treasury Management

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

Beyond the Hype: Advanced Persistent Threats

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Internet Safety and Security: Strategies for Building an Internet Safety Wall

Evolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance

FERPA: Data & Transport Security Best Practices

A Primer on Cyber Threat Intelligence

GUIDE TO IMPROVING INFORMATION SECURITY IDENTIFYING WEAKNESSES & STRENGTHENING SECURITY

Cyber Intelligence Workforce

EY Cyber Security Hacktics Center of Excellence

CYBERSECURITY HOT TOPICS

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives

Digital Evidence and Threat Intelligence

A Case for Managed Security

Christos Douligeris cdoulig at unipi dot gr. Department of Informatics University of Piraeus

Combating a new generation of cybercriminal with in-depth security monitoring

Promoting Network Security (A Service Provider Perspective)

Cedric Leighton, Colonel, USAF (Ret) Founder & President, Cedric Leighton Associates

Penetration Testing Service. By Comsec Information Security Consulting

Cyber Adversary Characterization. Know thy enemy!

Defending Against Data Beaches: Internal Controls for Cybersecurity

NATO & Cyber Conflict: Background & Challenges

Achieving Information Security

I ve been breached! Now what?

Defending Against Cyber Attacks with SessionLevel Network Security

TYPES, PREVALENCE, AND PREVENTION OF CYBERCRIME. Haya Fetais & Mohammed Shabana. Saint Leo University COM- 510

United States Cyber Security in the 21st Century

WEB APPLICATION FIREWALLS: DO WE NEED THEM?

Working with the FBI

Corporate Spying An Overview

Evolving Uses of Technology: Mobility and Cybersecurity

Cyber Security Management

Cybersecurity Global status update. Dr. Hamadoun I. Touré Secretary-General, ITU

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

Next-Generation Penetration Testing. Benjamin Mossé, MD, Mossé Security

Incident Response. Six Best Practices for Managing Cyber Breaches.

Keeping Systems Current. How Can I Tell That My System Is Patched?

WHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management.

Session 57 L, Cyber Risks: Risk Management and Insurance. Moderator: Mike Porier. Presenters: Elisabeth Case, ARM Ray Farmer Mike Porier

Who s Doing the Hacking?

TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY. Mark

Cybersecurity Workshop

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

Advanced Persistent Threats

A B S T R A C T. Index Terms : Framework, threats, skill, social engineering, risks, insider. I. INTRODUCTION

Computer Networks & Computer Security

IDS or IPS? Pocket E-Guide

Network security policy issues. Ilias Chantzos, Director EMEA & APJ NIS Summer School 2008, Crete, Greece

Information Security Addressing Your Advanced Threats

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

SentinelOne Labs. Advanced Threat Intelligence Report Predictions

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco.

TUSKEGEE CYBER SECURITY PATH FORWARD

Cloak and Secure Your Critical Infrastructure, ICS and SCADA Systems

Transcription:

Top 5 Data Breaches in 2014 Retrieved on 24 February from http://www.cnbc.com/id/102420088 CNBC Calls it the year of the hack

Counter Productive and Non-Collaborative Behavior Vulnerabilities Announced Before Patches Are Ready Google gave Microsoft 90 days to fix a flaw. MS asked Google. Google instead published code that could assist malicious hackers Sony, U.S. Agencies Fumbled After Cyberattack The Wall Street Journal Target Breach Home Depot Breach

Danger from the Net retrieved on 24 February, 2015 from http://www.cnbc.com/id/102420088

Entry Into The Internet Internet Retrieved on 22 February, 2015 from http://techhive.com

The Internet Connecting The World Retrieved on 22 February, 2015 from http://www.bing.com/images/search?q=internet%2c+images&id=58751fc350a8b8fbe9c151591f038fb792611e18&form=iqfrba#view=detail&id=5875 1FC350A8B8FBE9C151591F038FB792611E18&selectedIndex=0

Your PC Retrieved on 22 February, 2015 from http://yourpcparamedic.com/internet.html

Can a creative mind defeat a criminal mind in Cyber Warfare? The answer depends on our position, our perspective and ultimately our agenda Focus our attention on the process and the resources required Security professionals need assistance from experts in other fields, such as psychology, sociology, law, and human resources

21 st Century Challenges and Changes Internet complexity and interconnectedness Always On technology and culture Mobile technology challenges and shortcomings BYOx Communication Not speaking the same language Arrogance from executives and from techies Fear No trust Silo mentality

21 st Century Challenges and Changes Think out-of-the-box and come up with a solution not considered before Security professionals must out think and out maneuver cyber attackers Not criminally inclined, professionals vs. criminal minds Catch 22 - understand the criminal mind, Security professionals should not face alone Enlist the assistance of psychologists and sociologists Design incentives that would not produce counterproductive results

21 st Century Challenges and Changes Zero-day attacks, Trojan horses, and persistent threats, Security environment moves faster than the computer environment Organizations face many threats, including internal and external A zero day attack leaves organizations with mere hours to respond Every day we are bombarded with countless stories of malware, virus,

Scope Definition - Simplification How we keep the bad guys away from our information assets? How do we keep our information assets away from the bad guys? Identify Locate Read the signs Remove the noise Careful of consequences

Scope Definition Who are the bad guys? Where are the bad guys? How can they attack us? Are our defenses adequate? Are we asking the right questions?

Scope Definition Although information and security professionals contribute tremendous value, the field as a whole is not strongly based in theory and research. (Weaver, R., Weaver, D, & Farwood, D., 2012) Security and information technology overlap in so many ways Behaviors and attitudes of those involved Attitude, or arrogance

Scope Definition The focus is on the individuals involved in computer and security operations as well as the actors orchestrating and deploying the threats. Only by understanding an individual s motivation s that a better approach can be created to identify, counter and preempt future threats. (Salguero, J., 2014).

The Other Part of the Question In War Collateral damage Cyber warfare will almost certainly have very real consequences. (Shimeall, 2001).

Everything is Interconnected As computer technology has become increasingly integrated into modern military organizations, military planners have come to see it as both a target and a weapon, exactly like other components and forces. (Shimeall, 2001). Countries that are not as dependent on high technology, within their military establishment consider such dependence a potential Achilles heel for their enemies. (Shimeall, 2001).

Motivations From a Civilian Standpoint External/internal International/domestic Part of a nation state Part of an organized effort Students experimenting with their new found knowledge Part of commercial espionage

Levels of Cyber War: Motivations From a Military Standpoint Cyber war as an adjunct to military operations Limited cyber war Unrestricted cyber war

Motivations from a Civilian Standpoint Types of Hackers (Actors) White Hat Hackers Black Hat Hackers Hacktivists State Sponsored Hackers Spy Hackers Cyber Terrorists

Organized criminal groups in the cyber space While many types of cyber crime require a high degree of organization and specialization, there is insufficient empirical evidence to ascertain if cyber crime is now dominated by organized crime groups and what form or structure such groups may take. (Lusthaus, 2013). Digital technology has empowered individuals as never before. Teenagers acting alone have succeeded in disabling air traffic control systems, shutting down major e-retailers, and manipulating trades on the NASDAQ stock exchange (US Securities and Exchange Commission, 2000).

Examples of Cyber Crimes and Cyber Offenders 1. Ryan Cleary: DDoS on SOCA 2. Andrew Auernheimer: Apple ipad Snoop 3. Aaron Swartz: Content Downloader 4. Christopher Chaney: Celebrity Hackerazzi 5. Sam Yin: Gucci Hacker 6. Edward Pearson: Identity Theft

Examples of Groups Involved in Cyber Crime 1. LulzSec and Sony Hackers 2. Dreamboard 3. DrinkOrDie 4. DarkMarket 5. DNS Changer 6. Carberp 7. Unlimited Operation 8. Koobface

Psychological Motivating Factors Only when we understand the individual can we start to make assumptions Make predictions as the criminal profilers do Uncover the methodology of the attacker Psychological factors that make up an individual s personality It is essential to understand the psychology of the attacker if effective controls are to be developed and deployed. (Wright, C.S. 2011).

The Manager s Role Understand and to motivate the individual performance appraisal professional and personal plan A manager has a responsibility to his/her employees providing their team members with the right tools and training

Identifying the Personality Profiles of Team Members The Myers and Briggs personality inventory categorize people into 16 different personality types result from the interaction based on people preferences the behavior is actually quite orderly and consistent There are no right or wrong preferences. Reading is not better than watching movies; each has its strengths and its problems. Most people have the ability to do both, even if they don t like one or the other. Personality preferences, sometimes called psychological preference, are like many other preferences. (The Myers and Briggs Foundation, 2014).

Right Brain or Left Brain Dominance a left-brain dominant person prefers things to be in a logical order and likes identifying details instead of concepts Analytical Right brain dominant people are considered artists, musicians, and dreamers type of profession a person chooses and the types of decisions a person makes

Incentives and Motivation what types of incentives work the best not everyone is motivated by money Mentoring and coaching are qualities of a good leader Good leadership motivates some people Respect and loyalty are earned and a leader is better at achieving both

Recommendations Cyber Security Risk Management Cyber Security Incident & Insider Threat Management Cyber Security Leadership Best Practices Formalize and Communicate Enterprise Security Organizational Policy Train, Mentor, Coach everyone in the organization about the potential threats Security solution must have a holistic/enterprise wide approach to be successful Scope Definition and Scope Management Relationships, Relationships, Relationships

Questions???

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information