centurylink and cyber security -...
TRANSCRIPT
© 2015 CenturyLink. All Rights Reserved. The CenturyLink mark, pathways logo and certain CenturyLink product names are the property of CenturyLink. All other marks are the property of their respective owners. Services not available everywhere. Business customers only. CenturyLink may change or cancel services or substitute similar services at its sole discretion without notice.
CenturyLink and Cyber Security
Chris WallaceLead Intelligence Analyst
2014: The Year of the Data Breach783 US. data breaches tracked in 2014, with a
261% increase in size over 2013!
Source: http://www.idtheftcenter.org/ITRC-Surveys-Studies/2014databreaches.htmlaccording to a recent report released by the Identity Theft Resource Center.
70 M credit cards compromised due to vendor leak.
$200 Million+
56 M credit cards leaked after security turnover & software
issues. $200 Million
Digital business assets exploited, damaging the brand, and taking
down parts of the network for months. $15 Million+
Five Primary Sources of Threats INSIDE AND OUTSIDE THE NETWORK
Source: “enisa Threat Landscape 2014
GOVERNMENT FUNDED
ESPIONAGETarget governments and private industry
to further political change
STATE SPONSORED
WELL FUNDED CRIMINALS
Seek companies with customers and money to lose
CYBER CRIMINALS
ZEALOTS W/ STRONG VIEWS
Seek revenge, damage, change
TERRORISTS
PROTESTERS WITH AN AXE TO
GRIND
Promote political ends by targeting
specific companies
HACKTIVISTS
EMPLOYEES
Malicious or not, represent up to 40%
of data breaches
INSIDER THREATS
Where is the danger? Top threats in 2014: 1. Malicious Code 2. Web-based attacks3. Web application attacks 4. Botnets5. DDoS
6. Spam7. Phishing8. Exploit Kits9. Data Breaches10. Physical damage / threat / loss
11. Insider threats12. Information Leakage13. Identity Theft / Fraud14. Cyber espionage15. Ransomware
3
Cyber Kill Chain
5
Source: Michael Yip, The University of Southhampton, Oct 2012
EXAMPLECriminal Activity: How The Underground Economy Works
An Expansive View of Cyber Threats
• “Hackers”/Traditional Information Security• Supply Chain/Vendors/Partners• International Operations • International Travel• Insider Threat• Physical Infrastructure
6
Collaborating on NIST Cyber Security Framework
CenturyLink CEO on committee
Active contributor/participant
CenturyLink Works with Many Government and Private Entities for National Security and Customer Protection
Permanent seat on NCCIC floor
Member ofCyber UnifiedCoordinationGroup
Defense Homeland Security Justice
FCC
White House, State, Commerce,
and State Governments
Private Sector
Network Service Provider (NSP) Security (NSP-SEC)
Network Information Sharing Exchange (NSIE)
Defense Industrial Base Information Sharing Exchange (DSIE)
OPS-Trust
24/7 presence within DHS
CSRIC Working Groups
DIB Cyber Security / Information Assurance
Botnet TakedownsAPT Mitigations
Global Infrastructure Alliance for Internet Safety
77
NIST Framework • Voluntary Framework to
develop a comprehensive cybersecurity program
• Based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure.
• US-based collaboration between government and industry, becoming a best practice.
• NIST website: http://www.nist.gov/cyberframework/
Download the framework overview:: http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf
8