cyber og sundhed - kiropraktorernes videnscenter · 6. er vores it-sikkerhedes politik up to date...
TRANSCRIPT
Cyber og Sundhed
Hvad sker der og hvordan?
Morten von Seelen, Cyber Ops
2
“The bomber will always get through”
“I think it is well also for the man in the street to realise that there is no power on earth that can protect him from being bombed. Whatever people may tell him, the bomber will always get through…”
“The only defence is in offence, which means that you have to kill more women and children more quickly than the enemy if you want to save yourselves...If the conscience of the young men should ever come to feel, with regard to this one instrument [bombing] that it is evil and should go, the thing will be done; but if they do not feel like that – well, as I say, the future is in their hands. But when the next war comes, and European civilisation is wiped out, as it will be, and by no force more than that force, then do not let them lay blame on the old men. Let them remember that they, principally, or they alone, are responsible for the terrors that have fallen upon the earth”.[2][3][4]
33
Meget aktuelt
44
Truslen kommer udefra. Punktum.
Kilde: Verizon/Deloitte Data Breach Investigations Report 2015
5 | Deloitte Copyright © 2016 Deloitte & Touche Oy. All rights reserved.
6 | Deloitte Copyright © 2016 Deloitte & Touche Oy. All rights reserved.
77
1. Mangel på tid, budget og ekspertise til at gennemføre omfattende sikkerhedsfunktioner.
2. Ingen dedikeret IT-sikkerhed folk på lønningslisten.
3. Manglende kendskab til risiko.
4. Fravær af systemoverblik og dokumentation
5. Mangel på medarbejderuddannelse.
6. Manglende opdatering af systemer.
7. Outsourcing af sikkerhed til ukvalificeret 3. part eller systemadministratorer
8. Manglende hardning af ”endpoints”
8 | Deloitte Copyright © 2016 Deloitte & Touche Oy. All rights reserved.
Organization
Physical
Locations
Human
Elements
Cyber
Third
Parties
Fourth Party
Infra-
structure
(Web)-
applications
High Risk
Locations
Building
Access
Inadvertent
Damage
Malicious
Exfiltration
Vendors
Client specific
biz.
Client
specific
Industry
specific
Off-the-shelf
Applications
Internally
hosted
Mobile
Applications
Third party hosted
Cloud/SaaS
Connections
Personal
Computers
Databases
B2B
ConnectionsRemote
connections
(VPN, File
transfer)
Security
Measure
s
Security &
Monitoring
Access
Control
Geographic
core
location
99
1. Phishing (ransomware etc.)
2. Social Engineering
3. CEO/ BEC Fraud
4. Network hacking (including wifi)
5. Website hacking
6. Social Media Hacking
Fælles MO
Sådan angribes virksomhederne anno 2016
1010
Ransomware
Moderne landevejsrøveri
11 | Deloitte Copyright © 2016 Deloitte & Touche Oy. All rights reserved.
12 | Deloitte Copyright © 2016 Deloitte & Touche Oy. All rights reserved.
1313
PhishingPhishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.[1][2]
14© 2016 Deloitte 14
Deloitte Phishing test
15© 2016 Deloitte 15
Results of the simulation are summarized on the chart:
1616
Social Engineering Phishing
1717
Social Engineering Phishing
18 | Deloitte Copyright © 2016 Deloitte & Touche Oy. All rights reserved.
1919
CEO Fraud / BEC Fraud
2020
Social Media Hacking
2121
Network Attack
Sårbarheder giver adgang længere ind I virksomheden
2222
Network Attack - Wifi
23© 2016 Deloitte 23
Man kan komme ind på Netværket på flere måder
2424
Webhacking
25© 2016 Deloitte AS
IT Cyber Attack
Simulations
Business-Wide
Cyber Attack Exercises
Sector-Wide & Supply Chain
Cyber Attack Exercises
Enterprise-Wide Infrastructure
& Application Protection
Global Cross-Sector Threat
Intelligence Sharing
Identity-Aware
Information Protection
IT BC & DR
Exercises
Ad Hoc Infrastructure &
Application Protection
Adaptive & Automated
Security Control Updates
IT Service Desk
& Whistleblowing
Security Log Collection
& Ad Hoc Reporting
External & Internal Threat
Intelligence Correlation
Cross-Channel Malicious
Activity Detection
24x7 Technology Centric
Security Event Reporting
Automated IT Asset
Vulnerability Monitoring
Targeted Cross-Platform
User Activity Monitoring
Tailored & Integrated
Business Process Monitoring
Traditional Signature-Based
Security Controls
Periodic IT Asset
Vulnerability Assessments
Pro
ac
tiv
e T
hre
at
Ma
na
ge
me
nt
Level 1 Level 2 Level 3 Level 4 Level 5
Automated Electronic
Discovery & Forensics
Situational Awareness of
Cyber Threats
Basic Online
Brand Monitoring
Automated Malware
Forensics & Manual
Electronic Discovery
Government / Sector Threat
Intelligence Collaboration
Ad-hoc Threat
Intelligence Sharing
with Peers
Baiting & Counter-Threat
Intelligence
Criminal / Hacker
Surveillance
Commercial & Open Source
Threat Intelligence Feeds
Real-time Business Risk
Analytics & Decision Support
Workforce / Customer
Behaviour Profiling
Network & System Centric
Activity Profiling
Business Partner Cyber
Security Awareness
Targeted Intelligence-Based
Cyber Security Awareness
General Information Security
Training & Awareness
Internal Threat
Intelligence
Security Event
Monitoring
Asset
Protection
Cyber Attack
Preparation
Training &
Awareness
Behavioural
Analytics
External Threat
Intelligence
Intelligence
Collaboration
E-Discovery &
Forensics
Brand
Monitoring
Cyber Security Maturity Levels
Basic Network Protection
Acceptable
Usage Policy
Transf
ormat
ion
Operational Excellence
Blissful Ignorance
Online Brand &
Social Media Policing
Ad Hoc System /
Malware Forensics
Consumer Business &Life Sciences
Military & Defence
25
Hvor vil I ligge? Snak om det!
2626
Stil krav om overblik!
Vores (forsøg på en) løsning:
Overblik! Kend jeres svagheder og trusler
27
1. Er vores SPF1 record opsat korrekt?
2. Hvor længe må vi højest være nede pga. IT-nedbrud?
3. Er ansvaret for sikkerheden defineret?
4. Har vi 2. factor autentificering på adgang udefra?
5. Beskytter vores ansatte, virksomhedens oplysninger med password som: [virksomhedsnavn][årstal] ?
6. Er vores IT-sikkerhedes politik up to date med modern trusler?
7. Er vores netværk VLAN segmenteret?
8. Overlever vores backup selvom det er en IT-medarbejder som bliver ramt af ransomware?
9. Har vi procedure på plads for overførsel af penge?
10.Opsamler vi logfiler et central sted?
11.Dækker vores beredskabsplaner cyber terror?
12.Er vores lokale maskiner sikret med andet end Antivirus?
13.Har vi styr på Databehandleraftalerne?
14.Gemmer medarbejdere følsomme dokumenter på deres bærbare – hvis ja, er der så kryptering på denne?
15.Er vi klar til GDPR?
16.Er adgangen til de finansielle systemer tilpas sikre?
17.Ved ledelsen rent faktisk, hvordan tilstanden er I virksomheden på IT-sikkerheds området?
18.Kan vores IT ansatte løfte opgaven ved et rigtigt hackerangreb?
19.Har I selv kommunikeret kravene til sikkerhed tydeligt nok?
Spørg jer selv…