© 2015 CenturyLink. All Rights Reserved. The CenturyLink mark, pathways logo and certain CenturyLink product names are the property of CenturyLink. All other marks are the property of their respective owners. Services not available everywhere. Business customers only. CenturyLink may change or cancel services or substitute similar services at its sole discretion without notice.

CenturyLink and Cyber Security

Chris WallaceLead Intelligence Analyst

2014: The Year of the Data Breach783 US. data breaches tracked in 2014, with a

261% increase in size over 2013!

Source: http://www.idtheftcenter.org/ITRC-Surveys-Studies/2014databreaches.htmlaccording to a recent report released by the Identity Theft Resource Center.

70 M credit cards compromised due to vendor leak.

$200 Million+

56 M credit cards leaked after security turnover & software

issues. $200 Million

Digital business assets exploited, damaging the brand, and taking

down parts of the network for months. $15 Million+

Five Primary Sources of Threats INSIDE AND OUTSIDE THE NETWORK

Source: “enisa Threat Landscape 2014

GOVERNMENT FUNDED

ESPIONAGETarget governments and private industry

to further political change

STATE SPONSORED

WELL FUNDED CRIMINALS

Seek companies with customers and money to lose

CYBER CRIMINALS

ZEALOTS W/ STRONG VIEWS

Seek revenge, damage, change

TERRORISTS

PROTESTERS WITH AN AXE TO

GRIND

Promote political ends by targeting

specific companies

HACKTIVISTS

EMPLOYEES

Malicious or not, represent up to 40%

of data breaches

INSIDER THREATS

Where is the danger? Top threats in 2014: 1. Malicious Code 2. Web-based attacks3. Web application attacks 4. Botnets5. DDoS

6. Spam7. Phishing8. Exploit Kits9. Data Breaches10. Physical damage / threat / loss

11. Insider threats12. Information Leakage13. Identity Theft / Fraud14. Cyber espionage15. Ransomware

3

Cyber Kill Chain

5

Source: Michael Yip, The University of Southhampton, Oct 2012

EXAMPLECriminal Activity: How The Underground Economy Works

An Expansive View of Cyber Threats

• “Hackers”/Traditional Information Security• Supply Chain/Vendors/Partners• International Operations • International Travel• Insider Threat• Physical Infrastructure

6

Collaborating on NIST Cyber Security Framework

CenturyLink CEO on committee

Active contributor/participant

CenturyLink Works with Many Government and Private Entities for National Security and Customer Protection

Permanent seat on NCCIC floor

Member ofCyber UnifiedCoordinationGroup

Defense Homeland Security Justice

FCC

White House, State, Commerce,

and State Governments

Private Sector

Network Service Provider (NSP) Security (NSP-SEC)

Network Information Sharing Exchange (NSIE)

Defense Industrial Base Information Sharing Exchange (DSIE)

OPS-Trust

24/7 presence within DHS

CSRIC Working Groups

DIB Cyber Security / Information Assurance

Botnet TakedownsAPT Mitigations

Global Infrastructure Alliance for Internet Safety

77

NIST Framework • Voluntary Framework to

develop a comprehensive cybersecurity program

• Based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure.

• US-based collaboration between government and industry, becoming a best practice.

• NIST website: http://www.nist.gov/cyberframework/

Download the framework overview:: http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf

8