IT Security @ UNBHow UNB is using policy, practice and technology to enhance cyber security

What are we here to talk about?

uUNB’s titanic cyber security struggle

uUse threat intelligence for both tactical and strategic decisions

uMoving away from playing a losing game

My backgroundu Bachelor of Arts in Information and Communications

Studies (‘05) u Former Canadian Army reservist (armoured vehicle driver

& gunner) u Former reporter for the provincial newspaper u Former web content strategist for UNB Communications

& Marketing u Accidental IT Security professional and fortunate member

of an amazing team u Master of Business Administration (‘15)

The Security Action Team (SAT)

uProvides IT security leadership uFormulates, implements and

coordinates polices, plans and projects uIncident Response uAdvises IT security resourcing,

technologies, and community education.

About UNB

u North America’s oldest English public university (Est. 1785)

u 11,000 students

u 2,000 FTE Faculty and Staff

u Hybrid IT environment (centralized and decentralized)

In defence of “cybersecurity”

Officially, ISO/IEC 27032 addresses “Cybersecurity” or “Cyberspace security”, defined as the “preservation of confidentiality, integrity and availability of information in the Cyberspace”. 

In turn “the Cyberspace” (complete with definite article) is defined as “the complex environment resulting from the interaction of people, software and services on the Internet by means of technology devices and networks connected to it, which does not exist in any physical form”.

What I think we do:

What clients think we do….

Why are universities a target?

uWe we’re designed to be open (we’re easy)

uWe have a treasure trove of PII uWe have valuable intellectual property uWe have others valuable intellectual

property uWe are a route into more secure orgs

Our challenges

u We average between 83 and 55 attempts per second to breach our network (massively automated threats)

u We have more than 2.2 million security events daily on our network

u We have more than 500 offences weekly

u We have as many as 120 compromised endpoints a month (half of which are students)

u We are the ultimate BYOD environment

The cost of a breach

u$184 dollars on average per record in education, based on figures from a 2014 Ponemon Institute Study

Threat Intelligence Sources

uQRadar Security Inteligence Event Management (SIEM)

u Trend Micro Deep Discovery Malware detection tool

uKaspersky Anti-Virus Reporting System uGovernment, industry contacts and listservs u InfoSec News Sources and Social Media

Malware CNC CallBacks (30 days)

Affected Hosts

Threat Patterns

Remote Intrusion Attempts Source

Remote Intrusion Attempts Destination

Security Offences

Moving beyond tactical response

UNB’s move to IT Risk Management

Day-to-day IT Operations

IT Security Operations

Threat Analysis, Policy & Procedure Development

IT Risk Management

Maturity

Iterative improvement model

Risk Management

IT Operations

Security Operations

Threat AnalysisPolicy &

Procedure Development

The Security Building Blocks

Operations Service Desk

Security Action Team

Communications:

Risk Management, Quality Assurance and Standards Development

Service Desk

uHelp Desk escalates threats to SAT

uAssists with user education

uDesktop Group helps harden end points and triage compromises

Operations

uSystems and Network monitoring, reporting of threats, ensuring patching and reporting policy or procedure compliance issues. Participates in incident response.

Communications

uAssists with development and execution of user awareness and culture change campaigns.

uAssists with developing and executing incident communications

Security and Operationsu Operations: Trying to keep the lights on

u IT Security: ensuring compliance with protective measures

u Critical to avoid ineffective communications. Security and Operations groups in IT have different goals and in some cases cultures. Critical to ensure alignment with overall IT Strategy

The cross-functional workflow

Client provides username and

password in phishing attempt

Help Desk or Level One advises + assists client

with safe password reset

IT Security initiates incident investigation

Operations staff engaged to assist with

log review / access checks

UNB Privacy Officer engaged in event of a potential data breach

Client advised of investigation,

encouraged to take awareness course

What fighter jets in the Korean War can teach us about cybersecurity

A harsh truth:

uSimply buying the latest and greatest big shiny security technology will not make your organization safer

Security Strategy Pillars

Security Strategy

IT Security PolicyData Governance

Security Architecture:Tools, People, Process

Culture Change:User Awareness +

Behaviour Change

Translating Cyber Security-ese to Business-ese

Making the case

Where cybersecurity fits in Porter’s Value Chain

The disconnect between threat awareness and concern about threats

Do you believe your organization has an accurate picture on the threats it faces on a daily basis?

61% weren’t sure or weren’t confident

How concerned are you about an attack leading to a data breach?

65% very concerned

We need to change the cybersecurity story.

Questions?