cyber security the latest threats p romness

7/27/2019 Cyber Security the Latest Threats P Romness

1/18

Peter Romness

Business Development Manager

Public Sector Cybersecurity

Cisco Systems Inc.

[email protected]

Cybersecurity The Latest ThreatDefend. Discover. Remediate.
mailto:[email protected]:[email protected]


2/18

What do the bad guys want?

Money/Financial

DisruptionStrategic Advantage


3/18

The Threat Evolution

EnterpriseResponse

Threats

Reputation(global)

& Sandboxing

2010

APTs

CYBERWARE

Anti-virus(Host based)

2000

WORMS

IDS/IPS(Network

Perimeter)

2005

SPYWARE /

ROOTKITS

T

AT(M

In


4/18

Stuxnet

Nitro

DuQuAurora

Shady Rat

Buckshot Zeus (Zitmo)

Cita

SpyEye (S

Examples of Cyber Threats in the News

ThreatCharacteristics:

Custom-written for target

Bypass the perimeter

Spread laterally on internal networkwhere detection abilities were limited

Evade traditional detection techniquesFlame

Sykipot

Night Dragon

Shamoon


5/18

Cyber ThreatsEffectiveness of Phishing

- Verizon Data Breach Report

More than 95% of all attackstied to State-Affiliated

espionage employed

Phishing as a means of

establishing a foothold in

their intended victims

systems.


6/18

How Long Until Threats are Found

How Malware is Found

*416 Average number of days an Advanced Persistent Threat sits on your network before de

49% External PartyLE, Fraud Detection Org., Customer etc

1

28% Self Detection PassiveEmployee, Slow Network etc1

16% Self Detection Active Security Devices1

Cyber Threat Detection Current Status

1Verizon Data Breach Report; 2US House Intelligence; 3NSA; 4Bloomberg; 5GAO; 6 ESG 7Mandiant

Compromise Is Not If, But When

59% of organizations believe they have been cyber threat targets5

46% believe they are still highly vulnerable despite increasedprevention investments5


7/18

Cost of Cyber Breach

$1T/year private sector revenue loss from cyber espionage2

$100B/year Cost of Cybercrime in US6

$1B/year in Cyber Bank Robberies4

$43M/year for traditional bank robberies

$? State data record breaches + indirect costs

25% of stolen PII records = victims of Identity Fraud

1Verizon Data Breach Report; 2US House Intelligence; 3NSA; 4Bloomberg; 5GAO; 6 McAfee / CSIS

Loss of Revenue

Cost of a Cyber Breach - South Carolina

3.8M tax records stolen

$20M for notification and credit checks + $25M for remediation

$11.84 per record so far

Taxpayer confidence lost added costs due to paper tax filing


8/18

Top 10 Government Breaches 20121. South Caro l ina

Department of Revenue - 3.8 million tax returns phishing attack2 . Cal if o rn i a Depar tmen t o f Soc ial Se rv i ces

Sensitive payroll information - 700,000 individuals - mail en route between IT contractors and the DepartServices

3. Ut ah Depar tmen t o f Heal thHealth information and PII - 780,000 Utah cit

izens - Eastern European hackers taking advantage of poorconfiguration following database migration to a new server.

4 . Cal if o rn i a Depar tmen t o f Ch i ld Suppor t Se rv i ces

Sensitive health and financial records- 800,000 records - lost FedEx shipment5. United States Bureau of Justice Statistics

Embarrassed - 1.7 GB of sensitive data leaked, emails / data dump6. Cit y o f Sp rin gf iel d, MO

City claims 2,100 records Anonymous claims more than 1,000 vehicle descriptions from online police r

from more than 280,000 summons filed in city digital data stores.7. United States Navy & DHSUsernames, passwords, email IDs, and security questions and answers for all users on Dep. Websites -attacks.

8. W is c ons in Depar tmen t o f Revenue

Sensitive seller information - 110,000 people and businesses who sold property in 2011 -embedded file file

9. NASAPII 10,000 employees - unencrypted agency laptop, stolen from employees car

10. New Hampsh i re Depar tment of Cor rec tions

Unauthorized Access inmates accessed the main offender management database system.


9/18

Cybersecurity Your View?

InternalPolicies

Partners

Education

DOD8570

GovernmentRegulations

NISTPolicy

MS-

NERCCIP

IntellectualProperty

Theft Embarrassment

MoneyTheft

ProtectingNationalSecurity

PII Theft

PropertyDestruction

Revenue

Loss

InsiderThreat

Malware

Hackers

NationStates

Allies

EDISASTIG


10/18

Cybersecurity Scope

Cybersecur

Transport

Session

Data Link

Application

Physical

Network

Presentation

UserNetworkSystem

s

Con

ten

t

Securi

ty

Ne

twork

Securi

ty

Supply Chain

Counterfeit

Standards

Regulations

Trus

ted

Sys

tems

Po

licy

Education

Channels

Cisco

PartnerAdvance

d

Serv

ices

Secure

Network

Fabric

Governance

Distribution

Delivery


11/18


12/18

SubjectsTrained

Guards atGate & Walls

Wall, Moat &Bridge

InternalPatrols

SafeSupplies

Protecting the Enterprise

PeopleTrained

Guards atGate & Walls

Wall, Moat &Bridge

InternalPatrols

SafeSupplies

PerimeterProtection

AccessControl

PersonnelTraining

ContinuousMonitoring

SecureSupply Chain


13/18

Network Visibility

and Security Intelli

Detect and Resolve

Threats

Accelerate Inciden

and Forensic Inves

Reduce Operationa

Enterprise Risks

Impactto

theOrganization

Time

data compromised

*

attack identified

*

vulnerability

closed

*

CRISIS REGION

*attackthwarted

*early warning*attack

identified

*vulnerability

closed

attackonset

*

Mean Time To

Know

Goal Identify Attacks Early


14/18

IT Management & Workforce

Promote Formal Education and Training

SANS Institute / MS-ISAC / University

Certifications

Certified Cybersecurity Analyst

CCNA CCNP- CCIE

CISSP

Education, Training & Testing

Testing

Security AssessmentNetwork Penetration Testing Etc

Cyber Exercises

User

Cyber Threats

Compromise Instructions DOD Model


15/18

There is no Silver Bullet

Take aways

There is no Silver Bullet -

Good News You already have much of what you need



It is manageable



It is manageable

Train you People



It is manageable

Train you People

Look into Internal Network monitoring



It is manageable

Train you People

Look into Internal Network monitoring Try to Sleep well

Silver Buckshot


16/18

Pepromness
mailto:[email protected]:[email protected]


17/18

How Malware WorksProgression into the network

Gets InReceives

Instructions Spreads

Hacking Email Web Flash Media

Initial Infection

Vector

Web P-2-P DNS

Command

and Control

User InteractionAutorun

USB Network

Browser Plug-ins

Propagation

Mechanism

Reg Ker Dev

P

M


18/18

Implications for SecurityFunctions need to work as a system

Policy & Access Control

Blocking

Quarantine

Re-routing Traffic

Assess

&

Advanc

C

Increased Content

Inspection

Behavior Anomaly Detection

Advanced Threats

Inside the Network

Discover RemDefend

cyber security the latest threats p romness

Documents