2017dv.himsschapter.org/sites/himsschapter/files...honeypots breach detection sensato-isao 38%...
TRANSCRIPT
![Page 1: 2017dv.himsschapter.org/sites/himsschapter/files...Honeypots Breach Detection Sensato-ISAO 38% Increase in Cyberattacks PWC Global State of Information Security Survey 2016 20% Increase](https://reader036.vdocuments.net/reader036/viewer/2022080722/5f7b912e3675187f264806a7/html5/thumbnails/1.jpg)
![Page 2: 2017dv.himsschapter.org/sites/himsschapter/files...Honeypots Breach Detection Sensato-ISAO 38% Increase in Cyberattacks PWC Global State of Information Security Survey 2016 20% Increase](https://reader036.vdocuments.net/reader036/viewer/2022080722/5f7b912e3675187f264806a7/html5/thumbnails/2.jpg)
Founded to SafeguardHealthcare & Critical
Systems
Introduced NIST 800-53/HIPAA Rapid
Assessment Program
Named Top-500 MostInnovative Cybersecurity
Firm
Founded HackingHealthcare Conference
Introduced first SecurityOperations Center forHealthcare Sensato-
CTOC
Formed non-profitMedical Device
Cybersecurity Task Force
Named 2016 Frost &Sullivan Visionary
Leader in Cybersecurity
Introduced theCybersecurity Tactical
Training Center
2017
2014
2015
2016
2013
![Page 3: 2017dv.himsschapter.org/sites/himsschapter/files...Honeypots Breach Detection Sensato-ISAO 38% Increase in Cyberattacks PWC Global State of Information Security Survey 2016 20% Increase](https://reader036.vdocuments.net/reader036/viewer/2022080722/5f7b912e3675187f264806a7/html5/thumbnails/3.jpg)
Advisory Services
Managed Services
Software
IncidentResponsePlanning
PenetrationTesting
VulnerabilityAssessments
IncidentResponsePlanning
Cyber RangeMedical Device
Security
SecurityOperations
Center
HoneypotsBreach
Detection
Sensato-ISAO
![Page 4: 2017dv.himsschapter.org/sites/himsschapter/files...Honeypots Breach Detection Sensato-ISAO 38% Increase in Cyberattacks PWC Global State of Information Security Survey 2016 20% Increase](https://reader036.vdocuments.net/reader036/viewer/2022080722/5f7b912e3675187f264806a7/html5/thumbnails/4.jpg)
38% Increase inCyberattacks
PWC Global State of Information SecuritySurvey 2016
20% Increase onCybersecurity
SpendingPWC Global State of Information Security Survey 2016
23% Increase in Costof Attack [$4M]
2016 Cost of Data Breach Study – Poneman &IBM
$1,367 average costof exploit kit [44%decrease over 2015]2016 Cost of Data Breach Study – Poneman &
IBM
40% decreaseaverage cost
executing an attackHelpNet Security – The Economics of Hacking
4/26/2016
<24 hours time forattack to breach a
target [72% decreaseover 2015]
Verizon 2016 - DIBR
“Simply stated, for the most part, as an industrywe are applying 2010 solutions to 2020 problems.”
![Page 5: 2017dv.himsschapter.org/sites/himsschapter/files...Honeypots Breach Detection Sensato-ISAO 38% Increase in Cyberattacks PWC Global State of Information Security Survey 2016 20% Increase](https://reader036.vdocuments.net/reader036/viewer/2022080722/5f7b912e3675187f264806a7/html5/thumbnails/5.jpg)
Mission
Ideology
Financial
Attacker Motivations
![Page 6: 2017dv.himsschapter.org/sites/himsschapter/files...Honeypots Breach Detection Sensato-ISAO 38% Increase in Cyberattacks PWC Global State of Information Security Survey 2016 20% Increase](https://reader036.vdocuments.net/reader036/viewer/2022080722/5f7b912e3675187f264806a7/html5/thumbnails/6.jpg)
Motivation Attacker Type Sophistication Level
Mission Nation State High
Ideology Terrorist/Activist Medium
Financial Criminal High
![Page 7: 2017dv.himsschapter.org/sites/himsschapter/files...Honeypots Breach Detection Sensato-ISAO 38% Increase in Cyberattacks PWC Global State of Information Security Survey 2016 20% Increase](https://reader036.vdocuments.net/reader036/viewer/2022080722/5f7b912e3675187f264806a7/html5/thumbnails/7.jpg)
June 27 – 07:00AM EST: A cyberattack is launched againstNuance at a Ukraine office.
June 27 – 07:14AM EST: The attack is successful and hasthe following impact:
• 14,800 servers are impacted
• 7,600 will be destroyed beyond repair.
• 26,000 workstations are impacted.
• 9,000 will be destroyed beyond repair.
![Page 8: 2017dv.himsschapter.org/sites/himsschapter/files...Honeypots Breach Detection Sensato-ISAO 38% Increase in Cyberattacks PWC Global State of Information Security Survey 2016 20% Increase](https://reader036.vdocuments.net/reader036/viewer/2022080722/5f7b912e3675187f264806a7/html5/thumbnails/8.jpg)
Recovery efforts will cost over $60M
Nuance team members will work 24x7 for six weeksbefore getting a day off.
The company realizes about $125M in potential businesslosses and impact.
![Page 9: 2017dv.himsschapter.org/sites/himsschapter/files...Honeypots Breach Detection Sensato-ISAO 38% Increase in Cyberattacks PWC Global State of Information Security Survey 2016 20% Increase](https://reader036.vdocuments.net/reader036/viewer/2022080722/5f7b912e3675187f264806a7/html5/thumbnails/9.jpg)
Nuance was the victim of NotPetya – a very violent strainof the Petya virus:
Not Petya is not ransomware.
There was no exfiltration of data.
There was no command & control.
The only mission of this attack was to destroy systemsusing a highly effective cybermunition.
![Page 10: 2017dv.himsschapter.org/sites/himsschapter/files...Honeypots Breach Detection Sensato-ISAO 38% Increase in Cyberattacks PWC Global State of Information Security Survey 2016 20% Increase](https://reader036.vdocuments.net/reader036/viewer/2022080722/5f7b912e3675187f264806a7/html5/thumbnails/10.jpg)
Cyber Spies• FBI reports at least 108 nations have active cyber spy
groups.
• The nation state typically appoints a proxy.
• Chinese Unit 61398 has a 130,000 square foot/12 story facilitythat employs thousands of operatives.
• Highly Sophisticated
• Cross Over to Cyber Criminal Groups
• Providing Testing Services
• Beta Programs
![Page 11: 2017dv.himsschapter.org/sites/himsschapter/files...Honeypots Breach Detection Sensato-ISAO 38% Increase in Cyberattacks PWC Global State of Information Security Survey 2016 20% Increase](https://reader036.vdocuments.net/reader036/viewer/2022080722/5f7b912e3675187f264806a7/html5/thumbnails/11.jpg)
Established profiles on LinkedIn and Facebook
Friended CIO at NSA, Congressman, Northrop and LockheedExecutives
Started to get requests to interview and sponsorship forsecret clearance.
Befriended Army Ranger deployed to Afghanistan, who sentphotos to her with embedded GPS information.
Received confidential documents and invitation to speak oncyber war and security at the Pentagon
![Page 12: 2017dv.himsschapter.org/sites/himsschapter/files...Honeypots Breach Detection Sensato-ISAO 38% Increase in Cyberattacks PWC Global State of Information Security Survey 2016 20% Increase](https://reader036.vdocuments.net/reader036/viewer/2022080722/5f7b912e3675187f264806a7/html5/thumbnails/12.jpg)
Cyber Criminals
• Highly Organized
• Collaborate Deeply
• Extreme Incentives
• Contests
• Recognition
• Full Time Positions with Benefits
• Crime-as-a-Service
• RaaS
• Multilingual Call Centers
• Support Scams
• “Yes” Scam
• Disaster Scams
• Utilization of Big Data Analytics to value data and createhostage situations.
![Page 13: 2017dv.himsschapter.org/sites/himsschapter/files...Honeypots Breach Detection Sensato-ISAO 38% Increase in Cyberattacks PWC Global State of Information Security Survey 2016 20% Increase](https://reader036.vdocuments.net/reader036/viewer/2022080722/5f7b912e3675187f264806a7/html5/thumbnails/13.jpg)
![Page 14: 2017dv.himsschapter.org/sites/himsschapter/files...Honeypots Breach Detection Sensato-ISAO 38% Increase in Cyberattacks PWC Global State of Information Security Survey 2016 20% Increase](https://reader036.vdocuments.net/reader036/viewer/2022080722/5f7b912e3675187f264806a7/html5/thumbnails/14.jpg)
The Attacker’s Perspective
IntelligenceGathering
VulnerabilityAssessment Infiltration Exploitation ExfiltrationMission
Planning
Attack Modeling
MissionReview
![Page 15: 2017dv.himsschapter.org/sites/himsschapter/files...Honeypots Breach Detection Sensato-ISAO 38% Increase in Cyberattacks PWC Global State of Information Security Survey 2016 20% Increase](https://reader036.vdocuments.net/reader036/viewer/2022080722/5f7b912e3675187f264806a7/html5/thumbnails/15.jpg)
NIST Top-10
Addresses 80% of NIST 800-53
Addresses HIPAA
Qualifies as a risk assessment for HIPAA
Provides a manageable foundation for ultimatelyachieving 800-53
Allows flexibility in prioritization and projectmanagement.
1. Business Associate Management
2. Qualification & Training
3. Education
4. Executive Intimacy
5. Incident Response
6. Monitoring
7. Old Technology
8. Patch Management
9. Relevant Practices
10.Single Authority
![Page 16: 2017dv.himsschapter.org/sites/himsschapter/files...Honeypots Breach Detection Sensato-ISAO 38% Increase in Cyberattacks PWC Global State of Information Security Survey 2016 20% Increase](https://reader036.vdocuments.net/reader036/viewer/2022080722/5f7b912e3675187f264806a7/html5/thumbnails/16.jpg)
Dirty dozen phases
Phase IRelevant Practices
Patch Management
Old Technology
Education & Awareness
Phase IIQualification
Executive Intimacy
Monitoring
Incident Response
Phase IIIBusiness Associate Management
Single Authority
Medical Device Security
Operational Systems Security
Strategic Roadmap & Plan
![Page 17: 2017dv.himsschapter.org/sites/himsschapter/files...Honeypots Breach Detection Sensato-ISAO 38% Increase in Cyberattacks PWC Global State of Information Security Survey 2016 20% Increase](https://reader036.vdocuments.net/reader036/viewer/2022080722/5f7b912e3675187f264806a7/html5/thumbnails/17.jpg)
Attacker Innovation
Eliminate the Rules
Dare To Try
Failure Becomes a Known Entity
No Political Correctness
Audacity
They Do Not Believe What Everyone Believes
They Believe in Wonderment