cyber security the latest threats p romness
TRANSCRIPT
-
7/27/2019 Cyber Security the Latest Threats P Romness
1/18
Peter Romness
Business Development Manager
Public Sector Cybersecurity
Cisco Systems Inc.
Cybersecurity The Latest ThreatDefend. Discover. Remediate.
mailto:[email protected]:[email protected] -
7/27/2019 Cyber Security the Latest Threats P Romness
2/18
What do the bad guys want?
Money/Financial
DisruptionStrategic Advantage
-
7/27/2019 Cyber Security the Latest Threats P Romness
3/18
The Threat Evolution
EnterpriseResponse
Threats
Reputation(global)
& Sandboxing
2010
APTs
CYBERWARE
Anti-virus(Host based)
2000
WORMS
IDS/IPS(Network
Perimeter)
2005
SPYWARE /
ROOTKITS
T
AT(M
In
-
7/27/2019 Cyber Security the Latest Threats P Romness
4/18
Stuxnet
Nitro
DuQuAurora
Shady Rat
Buckshot Zeus (Zitmo)
Cita
SpyEye (S
Examples of Cyber Threats in the News
ThreatCharacteristics:
Custom-written for target
Bypass the perimeter
Spread laterally on internal networkwhere detection abilities were limited
Evade traditional detection techniquesFlame
Sykipot
Night Dragon
Shamoon
-
7/27/2019 Cyber Security the Latest Threats P Romness
5/18
Cyber ThreatsEffectiveness of Phishing
- Verizon Data Breach Report
More than 95% of all attackstied to State-Affiliated
espionage employed
Phishing as a means of
establishing a foothold in
their intended victims
systems.
-
7/27/2019 Cyber Security the Latest Threats P Romness
6/18
How Long Until Threats are Found
How Malware is Found
*416 Average number of days an Advanced Persistent Threat sits on your network before de
49% External PartyLE, Fraud Detection Org., Customer etc
1
28% Self Detection PassiveEmployee, Slow Network etc1
16% Self Detection Active Security Devices1
Cyber Threat Detection Current Status
1Verizon Data Breach Report; 2US House Intelligence; 3NSA; 4Bloomberg; 5GAO; 6 ESG 7Mandiant
Compromise Is Not If, But When
59% of organizations believe they have been cyber threat targets5
46% believe they are still highly vulnerable despite increasedprevention investments5
-
7/27/2019 Cyber Security the Latest Threats P Romness
7/18
Cost of Cyber Breach
$1T/year private sector revenue loss from cyber espionage2
$100B/year Cost of Cybercrime in US6
$1B/year in Cyber Bank Robberies4
$43M/year for traditional bank robberies
$? State data record breaches + indirect costs
25% of stolen PII records = victims of Identity Fraud
1Verizon Data Breach Report; 2US House Intelligence; 3NSA; 4Bloomberg; 5GAO; 6 McAfee / CSIS
Loss of Revenue
Cost of a Cyber Breach - South Carolina
3.8M tax records stolen
$20M for notification and credit checks + $25M for remediation
$11.84 per record so far
Taxpayer confidence lost added costs due to paper tax filing
-
7/27/2019 Cyber Security the Latest Threats P Romness
8/18
Top 10 Government Breaches 20121. South Caro l ina
Department of Revenue - 3.8 million tax returns phishing attack2 . Cal if o rn i a Depar tmen t o f Soc ial Se rv i ces
Sensitive payroll information - 700,000 individuals - mail en route between IT contractors and the DepartServices
3. Ut ah Depar tmen t o f Heal thHealth information and PII - 780,000 Utah cit
izens - Eastern European hackers taking advantage of poorconfiguration following database migration to a new server.
4 . Cal if o rn i a Depar tmen t o f Ch i ld Suppor t Se rv i ces
Sensitive health and financial records- 800,000 records - lost FedEx shipment5. United States Bureau of Justice Statistics
Embarrassed - 1.7 GB of sensitive data leaked, emails / data dump6. Cit y o f Sp rin gf iel d, MO
City claims 2,100 records Anonymous claims more than 1,000 vehicle descriptions from online police r
from more than 280,000 summons filed in city digital data stores.7. United States Navy & DHSUsernames, passwords, email IDs, and security questions and answers for all users on Dep. Websites -attacks.
8. W is c ons in Depar tmen t o f Revenue
Sensitive seller information - 110,000 people and businesses who sold property in 2011 -embedded file file
9. NASAPII 10,000 employees - unencrypted agency laptop, stolen from employees car
10. New Hampsh i re Depar tment of Cor rec tions
Unauthorized Access inmates accessed the main offender management database system.
-
7/27/2019 Cyber Security the Latest Threats P Romness
9/18
Cybersecurity Your View?
InternalPolicies
Partners
Education
DOD8570
GovernmentRegulations
NISTPolicy
MS-
NERCCIP
IntellectualProperty
Theft Embarrassment
MoneyTheft
ProtectingNationalSecurity
PII Theft
PropertyDestruction
Revenue
Loss
InsiderThreat
Malware
Hackers
NationStates
Allies
EDISASTIG
-
7/27/2019 Cyber Security the Latest Threats P Romness
10/18
Cybersecurity Scope
Cybersecur
Transport
Session
Data Link
Application
Physical
Network
Presentation
UserNetworkSystem
s
Con
ten
t
Securi
ty
Ne
twork
Securi
ty
Supply Chain
Counterfeit
Standards
Regulations
Trus
ted
Sys
tems
Po
licy
Education
Channels
Cisco
PartnerAdvance
d
Serv
ices
Secure
Network
Fabric
Governance
Distribution
Delivery
-
7/27/2019 Cyber Security the Latest Threats P Romness
11/18
-
7/27/2019 Cyber Security the Latest Threats P Romness
12/18
SubjectsTrained
Guards atGate & Walls
Wall, Moat &Bridge
InternalPatrols
SafeSupplies
Protecting the Enterprise
PeopleTrained
Guards atGate & Walls
Wall, Moat &Bridge
InternalPatrols
SafeSupplies
PerimeterProtection
AccessControl
PersonnelTraining
ContinuousMonitoring
SecureSupply Chain
-
7/27/2019 Cyber Security the Latest Threats P Romness
13/18
Network Visibility
and Security Intelli
Detect and Resolve
Threats
Accelerate Inciden
and Forensic Inves
Reduce Operationa
Enterprise Risks
Impactto
theOrganization
Time
data compromised
*
attack identified
*
vulnerability
closed
*
CRISIS REGION
*attackthwarted
*early warning*attack
identified
*vulnerability
closed
attackonset
*
Mean Time To
Know
Goal Identify Attacks Early
-
7/27/2019 Cyber Security the Latest Threats P Romness
14/18
IT Management & Workforce
Promote Formal Education and Training
SANS Institute / MS-ISAC / University
Certifications
Certified Cybersecurity Analyst
CCNA CCNP- CCIE
CISSP
Education, Training & Testing
Testing
Security AssessmentNetwork Penetration Testing Etc
Cyber Exercises
User
Cyber Threats
Compromise Instructions DOD Model
-
7/27/2019 Cyber Security the Latest Threats P Romness
15/18
There is no Silver Bullet
Take aways
There is no Silver Bullet -
Good News You already have much of what you need
There is no Silver Bullet -
Good News You already have much of what you need
It is manageable
There is no Silver Bullet -
Good News You already have much of what you need
It is manageable
Train you People
There is no Silver Bullet -
Good News You already have much of what you need
It is manageable
Train you People
Look into Internal Network monitoring
There is no Silver Bullet -
Good News You already have much of what you need
It is manageable
Train you People
Look into Internal Network monitoring Try to Sleep well
Silver Buckshot
-
7/27/2019 Cyber Security the Latest Threats P Romness
16/18
Pepromness
mailto:[email protected]:[email protected] -
7/27/2019 Cyber Security the Latest Threats P Romness
17/18
How Malware WorksProgression into the network
Gets InReceives
Instructions Spreads
Hacking Email Web Flash Media
Initial Infection
Vector
Web P-2-P DNS
Command
and Control
User InteractionAutorun
USB Network
Browser Plug-ins
Propagation
Mechanism
Reg Ker Dev
P
M
-
7/27/2019 Cyber Security the Latest Threats P Romness
18/18
Implications for SecurityFunctions need to work as a system
Policy & Access Control
Blocking
Quarantine
Re-routing Traffic
Assess
&
Advanc
C
Increased Content
Inspection
Behavior Anomaly Detection
Advanced Threats
Inside the Network
Discover RemDefend