cybersecurity matters: the human factor · cybersecurity matters: the human factor james stanger...
Post on 02-Jun-2020
12 Views
Preview:
TRANSCRIPT
Seth RobinsonSr. Director Technology Analysis@sethdrobinson
Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
CyberSecurityMatters: The Human Factor
James StangerSr. Director Product Management@stangernet
www.NetComLearning.com
New Era of Enterprise Technology
Mainframe
Technology not widely accessible
Technology use highly restricted
Technology management highly centralized
PC/Internet
Technology moderately accessible
Technology use becoming pervasive
Technology management mostly centralized
Cloud/Mobile
Technology widely accessible
Technology use very open
Technology management decentralized
New Era Defined by New Behavior
Companies are Focused on Security…
4% 12%
50%
34%
2%13%
44% 41%
Lower No change ModeratelyHigher
SignificantlyHigher
Today
Two Years From Now
Source: CompTIA’s Trends in Information Security study | Base: 400 U.S. end users
But Are They Focused on the Right Things?Security Concern Change in Trend
Security ThreatsModerate Concern
SeriousConcern
No Change / Less Critical Today
MoreCritical Today
Malware (e.g. viruses, worms, trojans, botnets, etc.) 37% 50% 51% 49%
Hacking (e.g. DoS attack, APT, etc.) 38% 49% 54% 46%
Privacy concerns 36% 45% 62% 38%
Data loss/leakage 42% 40% 66% 34%
Social engineering/Phishing 41% 38% 58% 42%
Understanding security risks of emerging areas 43% 36% 61% 39%
Lack of budget/support for investing in security 34% 34% 72% 28%
Physical security threats (e.g. theft of a device) 42% 33% 71% 29%
Regulatory compliance 37% 32% 75% 25%
Intentional abuse by insiders, i.e. staff, contractors 35% 31% 75% 25%
Human error among general staff 51% 30% 74% 26%
Enforcement of company security policy 38% 29% 74% 26%
Formal risk assessment 46% 28% 73% 27%
Human error among IT staff 41% 27% 80% 20%
Source: CompTIA’s Trends in Information Security study | Base: 400 U.S. end users
Drivers for Changing Security Approach
Source: CompTIA’s Trends in Information Security study | Base: 400 U.S. end users
22%
26%
26%
29%
29%
34%
43%
47%
Focus on a new industry vertical
Change in management
Change in operations or client base
Internal security breach or incident
Vulnerability discovered by audit
Knowledge gained from training
Reports of security breaches
Change in IT operations
monkey
letmein
mustang
access
shadow
qwerty
baseball
dragon
football
master
michael
superman
batman
The Human Element
52% 48%
Human error Technology error
Factors in Security Breaches
Source: CompTIA’s Trends in Information Security study | Base: 400 U.S. end users
Top Human Error Sources
42% End user failure to follow policies and procedures
Source: CompTIA’s Trends in Information Security study | Base: 400 U.S. end users
42% General carelessness
31% Failure to get up to speed on new threats
29% Lack of expertise with websites/applications
26% IT staff failure to follow policies and procedures
42%
42%
31%
29%
26%
Planning for the Unknowns
Reports that say...that something hasn't happened are always interesting to me, because as we know,
there are known knowns;
there are things that we know that we know.
We also know there are known unknowns;
that is to say we know there are some things we do not know.
But there are also unknown unknowns,
the ones we don't know we don't know.
—Donald Rumsfeld, Former United States Secretary of Defense
“
”
Criteria Needed for Better Training
Source: CompTIA’s Trends in Information Security study | Base: 160 U.S. end users providing security training
27%
30%
35%
36%
40%
40%
53%
More dynamic (e.g. gamification elements,"pop quizzes," etc.)
More mobile
More real-world examples / case studies
More engaging / interesting
More user friendly / better interface
Better administrative tools
Better content
Best Practices for Managing End Users
Build a corporate policy
Simulate common attacks
Don’t forget physical security
Today’s vulnerabilities and threats
What you don’t see . . .
Attacks below the threshold
Stealth attackers• Insiders
• Outside attackers who are now lurking and waiting in silence . . .
Technology not mapped to a
company’s real needs
Advanced Persistent Threats (APT)
Complacency
Difficult to track
Thresholds not properly set
Unseen factors that lead to disruptions
Losing sight of the real business need
• Security technology serves a business need
• Unmapped technology
Let’s talk about the security issues that go bump in the night . . .
Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Today’s threats
• Social engineering• Phishing / spear phishing
• “False flag”
• Zero-day attacks• Retail industry has
experienced a surge
in point-of-sale (POS)
malware and attacks
• Web-based attacks• SSL/TLS
• SQL injection
• Malware
• SCADA / industrial systems
• Mobile
The most common attack vectors in 2015
Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
How attacks have changed through the decades
Defense: Anti-Virus, Firewalls
Viruses (1990s)
Defense: Intrusion Detection & Prevention
Worms (2000s)
Defense: Reputation, DLP, App.-aware Firewalls
Botnets (late 2000s to current)
Strategy: Visibility and Context
Directed Attacks (APTs) (today)
ILOVEYOUMelissaAnna Kournikova
NimdaSQL SlammerConficker
TedrooRustockConficker
AuroraShady RatDuqu
Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
The Advanced Persistent Threat (APT)
Characteristics:
Highly coordinated Embedded Often state sponsored
PlanningMalware
Introduction
Command
&
Control
Lateral Movement
Target Identification
Exfiltration
(Attack Event)Retreat
today’s targets
Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
What specific technologies are targeted?
62%
22%
10%
4% 2%
Weak Passwords
Missing Patches
Web ManagementConsole
File Upload
Social Engineering
Often waged by a single individual or by a group
Can be devastating
Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Data loss statistics
Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Primary security concerns in the enterprise
Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Where does data loss occur?
You name it, but here are the “big 3”
1. Data at rest
2. Data in motion
3. End users
The skills needed to counter vulnerabilities and mitigate threats
An essential realization . . .
Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Attackers have realized that
simple, powerful tools are available
Very effective malware is available as
well
All they need to do is find
that one user
There are also additional attacks and trends that
the public usually doesn’t see
Vendor or service
provider impersonation
Insider attacks
Maturing overall operations
DMV
Corrections
CourtsMunicipalCountyStateFederalLaw Enforcement
Message Switch
Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.orgCopyright (c) 2015 Target
The key is to create a matrix thathelps you focus your activities.
It’s vital to focus on identifying the hacker cycle
Mitigation involves inhibiting the hacker as well as detection and
response
Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Essential skills overview
Perimeter device
configuration
Router
Firewall
VPN
Re-assignment of resources
Policy-based security
Data analysis
Project management
Coordination
Custom framework
creation
End user
Workstation
ServerIDSVoice and
video systems
“Dwell time:” The amount of elapsed time between an initial
breach to containment
Questions to ask whencreating a custom framework
1. How do we detect that initial footprint?
2. How do we detect lateral movement?
3. How do we detect that initial prevention failure?
4. How do you cut down on “dwell time?”
• Taking dwell time from 14 days to 3 days.
• What framework and technology can you put in place?
The 80/20 rule: In many cases, organizations are already at the 80% threshold; getting to 90% and above
requires hard work and smart allocation of resources.
Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Validating the workforce
73% “It’s important to test after training to confirm knowledge gains”
64% “Teams of staff with IT certifications benefit from having a common foundation of knowledge”
62% “Staff with IT certifications have proven expertise”
58% “Staff holding IT certifications are more valuable to the organization”
54% “The organization is more secure from malware and hackers due to staff with IT certifications”
NET Agreement* to Statements
*Strongly Agree + AgreeBase: 1,246 business and IT executives from Brazil, Canada, France, Germany, India, Japan, Mexico, Middle East, Thailand and the UK
IT Certifications expected to increase in importance
Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
28%
43%
24%
Significant Increase in Importance
Increasein Importance
NET Decrease
NET Increase in Importance
No Change
Expectations for change in importance of IT certifications over next 2 Years
Source: CompTIA International Technology Adoption and Workforce Issues study
Importance (cont’d)
combined = 67%
Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Vendor-neutral certification benefits
Vendor-neutral security training is in demand in regards to security.
The right mix of skills
Provides a perspective concerning the entire network, not one particular vendor’s approach
Provides confidence
For the technical worker
Management
Partners who use company services
Advanced certification and vendor-specific training is a great next step.
International technology adoption &workforce issues study 2013
35
Key Strategic Priorities for Businesses
Reach new customers Reduce costs / overhead Improve staff productivity/capabilities
Key IT Priorities for Businesses
Security Data Storage / backup Web/online presence/e-commerce Network Infrastructure Mobility related initiatives
61% of executivesbelieve the security threat is increasing.
85% indicate IT skills gaps in their business exist.
86% of businesses engaged in training over
the last 12 months.
41% believed IT certifications will become
more important.
54% believed their importance would remain
unchanged.
Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Source: CompTIA Market Research 2012
Better able to understand new technologies
More productive
More insightful problem solving
Better project management skills
1
2
3
4
5 Better communication skills
Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Top 5 benefits of certified IT staff
1 CompTIA A+ 2 PMP 3 CCNA4 CompTIA
Security+
5 MCSE6 CompTIA
Network+7 MCP 8 CISSP
9 ITIL 10 MCITP
Source: The Dice Report, February 2012
Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Hiring and certification
Thank You
Seth Robinsonsrobinson@comptia.org@sethdrobinson
James Stangerjstanger@comptia.org@stangernet
top related