.  Informa*on  .  Sen*nels  .  

Insider  Threats  Fayyaz  Ayoub  

1

“The enemy within has been a threat to data security for decades and is nothing

new”    

Jason  Hart  (VP)  -­‐  Cloud  Solu4ons  

Insider  Threats  

Agenda  

2

•  Introduction

•  Insider Threats

•  Mitigating Controls

•  Make It Real

•  Questions

Insider  Threats  

Introduc8ons…  

•  Fayyaz  Ayoub  –  15+  years  in  Informa8on  Technology  –  10+  years  in  Informa8on  Security  –  Now:  InfoSents  Ltd  –  Past:  UN,  Ernst  &  Young  East  Africa,  Security  Risk  Solu8ons  Ltd  –  Cer8fied  Informa8on  Systems  Auditor  (CISA)  –  Bachelor  of  Engineering  (Electronics  &  Comms)  –  10  years  experience  in  Eastern  and  Southern  Africa  

3 Insider  Threats  

4

Introduction

Insider  Threats  

5  Insider  Threats  

The  ‘Cyber  Fraudster’  of  Yesteryears  

6 Insider  Threats  

The  ‘Cyber  Fraudster’  of  Today  

7 Insider  Threats  

8

Insider Threats

Insider  Threats  

9

Kinds Compromised

Actors

Tech Savvy Actors

Negligent Actors

Malicious Insiders

Insider  Threats  

10

Fraud Triangle

Insider  Threats  

Statistics

Source:  2015  Vormetric  Insider  Threat  Report  

11 Insider  Threats  

Vulnerability  of  organiza4ons  

 to  insider  threats  

Statistics

Source:  2015  Vormetric  Insider  Threat  Report  

12 Insider  Threats  

The  global  posi4on  for  insiders  who  pose  the  largest  risk  to  an  organiza4on    

Statistics

Source:  2015  Vormetric  Insider  Threat  Report  

13 Insider  Threats  

“Only 11% report that their organizations are safe from insider threats.”

14

Year  2014  (Kenya)  

12  Months  ≈  KShs  4  Billion  

Financial  Industry  

Reported  &  Not  Reported  

Statistics

Insider  Threats  

Factors  –  Broken  Trust  Model  –  Use  of  Generic  Creden8als  –  Unsegregated  network  –  Lack  of  adherence  to  IT  and  IS  Policies  –  Default  or  easily  guessable  creden8als  –  Inadequate  password  controls  –  Presence  of  administra8ve  shares  on  the  network  –  Unpatched  exploitable  vulnerabili8es  –  Unrelented  access  to  the  Internet  –  Users  being  local  administrators  on  worksta8ons  –  Use  of  remote  assistance  u8li8es  from  the  Internet  –  Lack  of  Central  Logging  and  Log  Reten8on  

15 Insider  Threats  

16

Mitigating Controls

Insider  Threats  

17

Mi8ga8on  Control  1  -­‐  Background  Checks  

Insider  Threats  

18

Mi8ga8on  Control  2  –  Anonymous  Informa8on  Sharing  

Insider  Threats  

19

Mi8ga8on  Control  3  -­‐    Zero  Trust  “Verify  but  do  not  Trust!”  

Insider  Threats  

20

Mi8ga8on  Control  4  -­‐    Know  Your  Assets  

Insider  Threats  

21

Mi8ga8on  Control  5  -­‐    Secure  Sofware  Development  Lifecycle  

Insider  Threats  

22

Mi8ga8on  Control  6  -­‐    Gap  Assessment  Penetra8on  Tes8ng  

Vulnerability  Assessment  

Insider  Threats  

23

Mi8ga8on  Control  7  -­‐    Non  Signature  Based  Technology  (An8loggers,  IPS)  

Insider  Threats  

24

Mi8ga8on  Control  8  -­‐    Bridges  for  Access  to  Cri8cal  Servers/Systems    

Insider  Threats  

25

Mi8ga8on  Control  9  -­‐    Inspect  &  Log  Everything  (Security  Incident  &  Event    

Management  [SIEM])  

Insider  Threats  

26

“Despite   the   fact   that   that   we   invested  hundreds   of   millions   of   dollars   in   data  security,   had   a   robust   system   in   place,   and  had  recently  been  cer8fied  as  PCI  compliant,  the   unfortunate   real i ty   is   that   we  experienced  a  data  breach.”  

Target  Statement  Nov  2013  

Insider  Threats  

27

Make It Real

Insider  Threats  

The  Next  90  Days  

– Eliminate  “Trust”  from  your  Vocabulary  

– Find  cri*cal  data  and  map  data  flows  

– Tell  people  and/or  staff  that  their  data  ac*vity  will  be  watched  

– Review  who  should  be  allowed  specific  data  access  

28 Insider  Threats  

Longer  Term  

– Create  a  Data  Acquisi*on  Network  (DAN)  

– Segment  Network  to  ease  Security  and  Compliance  

– Rebuild  network  to  reflect  Zero  Trust  Concept  

29 Insider  Threats  

30 Insider  Threats  

“He who is prudent and lies in wait for an enemy who is not, will be victorious.”    

Art  of  War  -­‐  Sun  Tzu  

•  Fayyaz Ayoub (254) 720-637200 CEO & Director fayoub@infosents.net

•  Sammy Njeru (254) 720-729971 Director snjeru@infosents.net

Use  of  this  Informa8on  •  This  presenta8on  pack  necessarily  represents  only  part  of  the  informa8on  

which  we  considered  in  carrying  out  our  work,  being  that  which  we  considered  to  be  most  relevant  to  our  understanding  of  your  needs,  in  the  light  of  this  engagement.  

•  The  informa8on  in  this  presenta8on  pack  will  have  been  supplemented  by  maqers  arising  from  any  oral  presenta8on  by  us,  and  should  be  considered  in  the  light  of  this  addi8onal  informa8on.  

•  If  you  require  any  further  informa8on  or  explana8ons  of  our  underlying  work,  you  should  contact  us.  

•  The  informa8on  in  this  presenta8on  pack  is  confiden8al  and  contains  proprietary  informa8on  of  Security  Risk  Solu8ons  Ltd.    It  should  not  be  provided  to  anyone  other  than  the  intended  recipients  without  our  wriqen  consent.  

•  Anyone  who  receives  a  copy  of  this  presenta8on  pack  other  than  in  the  context  of  our  oral  presenta8on  of  its  contents  should  note  the  first  two  points  above,  and  that  we  shall  not  have  any  responsibility  to  anyone  other  than  our  client  in  respect  of  the  informa8on  contained  in  this  document.  

31 Insider  Threats