150715 insider frauds - isaca kenya chapter · “the enemy within has been a threat to data...
TRANSCRIPT
. Informa*on . Sen*nels .
Insider Threats Fayyaz Ayoub
1
“The enemy within has been a threat to data security for decades and is nothing
new”
Jason Hart (VP) -‐ Cloud Solu4ons
Insider Threats
Agenda
2
• Introduction
• Insider Threats
• Mitigating Controls
• Make It Real
• Questions
Insider Threats
Introduc8ons…
• Fayyaz Ayoub – 15+ years in Informa8on Technology – 10+ years in Informa8on Security – Now: InfoSents Ltd – Past: UN, Ernst & Young East Africa, Security Risk Solu8ons Ltd – Cer8fied Informa8on Systems Auditor (CISA) – Bachelor of Engineering (Electronics & Comms) – 10 years experience in Eastern and Southern Africa
3 Insider Threats
4
Introduction
Insider Threats
5 Insider Threats
The ‘Cyber Fraudster’ of Yesteryears
6 Insider Threats
The ‘Cyber Fraudster’ of Today
7 Insider Threats
8
Insider Threats
Insider Threats
9
Kinds Compromised
Actors
Tech Savvy Actors
Negligent Actors
Malicious Insiders
Insider Threats
10
Fraud Triangle
Insider Threats
Statistics
Source: 2015 Vormetric Insider Threat Report
11 Insider Threats
Vulnerability of organiza4ons
to insider threats
Statistics
Source: 2015 Vormetric Insider Threat Report
12 Insider Threats
The global posi4on for insiders who pose the largest risk to an organiza4on
Statistics
Source: 2015 Vormetric Insider Threat Report
13 Insider Threats
“Only 11% report that their organizations are safe from insider threats.”
14
Year 2014 (Kenya)
12 Months ≈ KShs 4 Billion
Financial Industry
Reported & Not Reported
Statistics
Insider Threats
Factors – Broken Trust Model – Use of Generic Creden8als – Unsegregated network – Lack of adherence to IT and IS Policies – Default or easily guessable creden8als – Inadequate password controls – Presence of administra8ve shares on the network – Unpatched exploitable vulnerabili8es – Unrelented access to the Internet – Users being local administrators on worksta8ons – Use of remote assistance u8li8es from the Internet – Lack of Central Logging and Log Reten8on
15 Insider Threats
16
Mitigating Controls
Insider Threats
17
Mi8ga8on Control 1 -‐ Background Checks
Insider Threats
18
Mi8ga8on Control 2 – Anonymous Informa8on Sharing
Insider Threats
19
Mi8ga8on Control 3 -‐ Zero Trust “Verify but do not Trust!”
Insider Threats
20
Mi8ga8on Control 4 -‐ Know Your Assets
Insider Threats
21
Mi8ga8on Control 5 -‐ Secure Sofware Development Lifecycle
Insider Threats
22
Mi8ga8on Control 6 -‐ Gap Assessment Penetra8on Tes8ng
Vulnerability Assessment
Insider Threats
23
Mi8ga8on Control 7 -‐ Non Signature Based Technology (An8loggers, IPS)
Insider Threats
24
Mi8ga8on Control 8 -‐ Bridges for Access to Cri8cal Servers/Systems
Insider Threats
25
Mi8ga8on Control 9 -‐ Inspect & Log Everything (Security Incident & Event
Management [SIEM])
Insider Threats
26
“Despite the fact that that we invested hundreds of millions of dollars in data security, had a robust system in place, and had recently been cer8fied as PCI compliant, the unfortunate real i ty is that we experienced a data breach.”
Target Statement Nov 2013
Insider Threats
27
Make It Real
Insider Threats
The Next 90 Days
– Eliminate “Trust” from your Vocabulary
– Find cri*cal data and map data flows
– Tell people and/or staff that their data ac*vity will be watched
– Review who should be allowed specific data access
28 Insider Threats
Longer Term
– Create a Data Acquisi*on Network (DAN)
– Segment Network to ease Security and Compliance
– Rebuild network to reflect Zero Trust Concept
29 Insider Threats
30 Insider Threats
“He who is prudent and lies in wait for an enemy who is not, will be victorious.”
Art of War -‐ Sun Tzu
• Fayyaz Ayoub (254) 720-637200 CEO & Director [email protected]
• Sammy Njeru (254) 720-729971 Director [email protected]
Use of this Informa8on • This presenta8on pack necessarily represents only part of the informa8on
which we considered in carrying out our work, being that which we considered to be most relevant to our understanding of your needs, in the light of this engagement.
• The informa8on in this presenta8on pack will have been supplemented by maqers arising from any oral presenta8on by us, and should be considered in the light of this addi8onal informa8on.
• If you require any further informa8on or explana8ons of our underlying work, you should contact us.
• The informa8on in this presenta8on pack is confiden8al and contains proprietary informa8on of Security Risk Solu8ons Ltd. It should not be provided to anyone other than the intended recipients without our wriqen consent.
• Anyone who receives a copy of this presenta8on pack other than in the context of our oral presenta8on of its contents should note the first two points above, and that we shall not have any responsibility to anyone other than our client in respect of the informa8on contained in this document.
31 Insider Threats