Download - Building Human Intelligence – Pun Intended
![Page 1: Building Human Intelligence – Pun Intended](https://reader034.vdocuments.net/reader034/viewer/2022042601/54c687934a7959a2128b4635/html5/thumbnails/1.jpg)
Building Human Intelligence – Pun Intended
Rohyt Belani
Co-founder & CEO, PhishMe
@rohytbelani @PhishMe
![Page 2: Building Human Intelligence – Pun Intended](https://reader034.vdocuments.net/reader034/viewer/2022042601/54c687934a7959a2128b4635/html5/thumbnails/2.jpg)
Nature of Advanced Cyber Attacks
Disruption
Cybercrime
Cyber-Espionage
and Cybercrime
Dam
ages
2005 2005 2009 2011 2013
Worms Viruse
s
Spyware/ Bots
Advanced Persistent Threats
Zero-Day Targeted Attacks Dynamic Trojans
Stealth Bots
Changing cyber
attacks
Evolving cyber
actors
Shrinking barriers to
entry
New Threat Landscape
![Page 3: Building Human Intelligence – Pun Intended](https://reader034.vdocuments.net/reader034/viewer/2022042601/54c687934a7959a2128b4635/html5/thumbnails/3.jpg)
Some Statistics
• Massive-scale phishing attacks loom as new threat, USA Today • Ponemon Institute: 2012 Cost of Cyber Crime Study • 2012 Verizon Data Breach Investigations Report • 'Spear phishing' the main email attachment threat, ComputerWorld UK
In a single campaign,
![Page 4: Building Human Intelligence – Pun Intended](https://reader034.vdocuments.net/reader034/viewer/2022042601/54c687934a7959a2128b4635/html5/thumbnails/4.jpg)
..and technical controls are failing
Did these companies
not have the best
defensive and
detective technologies
in place?
![Page 5: Building Human Intelligence – Pun Intended](https://reader034.vdocuments.net/reader034/viewer/2022042601/54c687934a7959a2128b4635/html5/thumbnails/5.jpg)
We need to change the way we defend
![Page 6: Building Human Intelligence – Pun Intended](https://reader034.vdocuments.net/reader034/viewer/2022042601/54c687934a7959a2128b4635/html5/thumbnails/6.jpg)
“But security awareness doesn’t work”
It didn’t, because we were:
• Boring
• De-focused
• Compliance oriented
• Passive
and..
We didn’t have metrics to prove
otherwise
![Page 7: Building Human Intelligence – Pun Intended](https://reader034.vdocuments.net/reader034/viewer/2022042601/54c687934a7959a2128b4635/html5/thumbnails/7.jpg)
Understanding the Hu Element
Memories associated with emotional events are stored here
![Page 8: Building Human Intelligence – Pun Intended](https://reader034.vdocuments.net/reader034/viewer/2022042601/54c687934a7959a2128b4635/html5/thumbnails/8.jpg)
Learning Theory
• For memories to last, we need long term potentiation (LTP)
• LTP – “ long-lasting enhancement in signal transmission between two neurons that results from stimulating them synchronously”
• Persistence or repetition of an activity tends to induce lasting cellular changes that add to stability in signal transmission between neurons
![Page 9: Building Human Intelligence – Pun Intended](https://reader034.vdocuments.net/reader034/viewer/2022042601/54c687934a7959a2128b4635/html5/thumbnails/9.jpg)
Human Psyche Hacked
• To change behavior, we need:
– Emotional triggers
– Repetition
– Feedback loops
– Focused information
– Develop intuition
![Page 10: Building Human Intelligence – Pun Intended](https://reader034.vdocuments.net/reader034/viewer/2022042601/54c687934a7959a2128b4635/html5/thumbnails/10.jpg)
Making It Work: It Needs to be Continuous
What happened here?
![Page 11: Building Human Intelligence – Pun Intended](https://reader034.vdocuments.net/reader034/viewer/2022042601/54c687934a7959a2128b4635/html5/thumbnails/11.jpg)
Making It Work: Focus on the Real Threats
Before you spend time and money on training ask yourself – can I fix this issue with a technical control? Example, Password complexity – do I really need my users to know what makes a strong password? USB sticks – can’t I just disable them?
![Page 12: Building Human Intelligence – Pun Intended](https://reader034.vdocuments.net/reader034/viewer/2022042601/54c687934a7959a2128b4635/html5/thumbnails/12.jpg)
Making It Work: Think “Marketing”
![Page 13: Building Human Intelligence – Pun Intended](https://reader034.vdocuments.net/reader034/viewer/2022042601/54c687934a7959a2128b4635/html5/thumbnails/13.jpg)
Making It Work: Immerse in the Experience
![Page 14: Building Human Intelligence – Pun Intended](https://reader034.vdocuments.net/reader034/viewer/2022042601/54c687934a7959a2128b4635/html5/thumbnails/14.jpg)
Knives At A Gunfight
2012 Verizon Data Breach Investigations Report: Time windows for financial and PCI breaches.
Time from compromise
to discovery:
Days - Months
Time from compromise
to exfiltration:
Minutes - Days
Effective threat protection demands discovery in minutes, not months
Time from discovery to
containment:
Days - Months
![Page 15: Building Human Intelligence – Pun Intended](https://reader034.vdocuments.net/reader034/viewer/2022042601/54c687934a7959a2128b4635/html5/thumbnails/15.jpg)
We Have a Detection Problem!
• Median number of days that attackers were present on a victim network before detection?
2431
• Percentage of breaches that went undetected for “months or more”?
66%2
1 www.mandiant.com/library/M-Trends_2013.pdf
2 http://www.verizonenterprise.com/DBIR/2013/
![Page 16: Building Human Intelligence – Pun Intended](https://reader034.vdocuments.net/reader034/viewer/2022042601/54c687934a7959a2128b4635/html5/thumbnails/16.jpg)
Can We Think Outside the Shiny Box?
Most people respond to emails within the first few hours of receiving them – if they are trained to report we get relevant, near time threat intelligence Users who learn to not fall for phishing attacks also learn to report them
Threat intelligence opportunity
![Page 17: Building Human Intelligence – Pun Intended](https://reader034.vdocuments.net/reader034/viewer/2022042601/54c687934a7959a2128b4635/html5/thumbnails/17.jpg)
Control cost by incident phase D
iffi
cult
y to
Det
ect
Cost to Control $5.5MM, Average cost to remediate a breach in 2012
Compromise Exfiltration Propagation Persistence
With a thriving user reporting ecosystem
![Page 18: Building Human Intelligence – Pun Intended](https://reader034.vdocuments.net/reader034/viewer/2022042601/54c687934a7959a2128b4635/html5/thumbnails/18.jpg)
Improve Incident Response
• Users provide new source of near-time threat data
• Early detection drives down key cost factors such as time from incident to response
• Response can start Day 1 – Redirect and capture C&C traffic
– Remove same/similar emails from other inboxes
– Block additional inbound/outbound
– Increase monitoring at targeted entities
– If a successful compromise containment may be limited
![Page 19: Building Human Intelligence – Pun Intended](https://reader034.vdocuments.net/reader034/viewer/2022042601/54c687934a7959a2128b4635/html5/thumbnails/19.jpg)
This is the end goal…