cyber security - sentinel benefits...cyber security todd larson chief information officer . doug...
TRANSCRIPT
Cyber Security Todd Larson
Chief Information Officer
Doug Walker Assistant Vice President, Director of Software Engineering Services
Agenda
IV. A view into cyber security at Sentinel
III. Day in the life of a hacker
II. Defensive measures
I. Cyber Security today
V. The future landscape
I. Cyber Security Today • What it is: a definition
• Cyber Security in the news
• Attack vectors
• Trends and targets
Cybersecurity noun | cy∙ber∙se∙cu∙ri∙ty : measures taken to protect a computer or computer system (as on the internet) against unauthorized access or attack
What is Cyber Security? Cyber security is the practice of defending computers and servers, mobile devices, electronic systems, networks and data from malicious attacks. It is also known as information technology security or electronic information security. The term is broad-ranging and applies to everything from computer security to disaster recovery and end-user education.
In the News
Ransomware’s Aftershocks Feared as U.S. Warns of Complexity
In the News
In the News
Attack vectors
*Non-threat nation-states of the U.S. and its allies represent the high-water mark for top-tier nation-state cyber capabilities. Risk assessments should measure adversarial nation-states against these top-tier actors when estimating cyber security. **Although assessed as a Tier 4 actor, North Korea is a unique case, as the state is able to marshal state resources as necessary, which may enable capabilities which are generally ascribed to higher tier actors. North Korea in particular is likely capable of using destructive and highly disruptive attacks in kinetic conflict scenarios to support military objectives—a key differentiator of Tier 6 actors.
Business Risk Intelligence – Decision Report, January 11, 2017
Around the world trends and targets • Russian “Troll Army”
– State-sponsored “Fake News” in front of and behind the curtain
– State mandated “restrictions and controls” – 2016 Law gives state control of data located on
servers inside the country
• China, looking out for itself – Reorganizing cyber offensive resources – Decline in U.S. state-sponsored attacks – Increasingly hostile private sector stance (source
code inspection, data retention)
Trends and targets
$4M The average price of a data breach
Most Important Assets to Protect Against a Security Breach
Source: Forbes/BMC Enterprise Re-engineer Securityin the Age of Digital Transformation
Trends and targets Sampling of security incidents by attack type, time and impact, 2014 through 2016 Size of circle estimates relative impact of incident in terms of cost to business, based on publicly disclosed information regarding leaked records and financial losses.
Source: Forbes/BMC Enterprise Re-engineer Securityin the Age of Digital Transformation
Trends and Targets Internet Email
Source: IBM X-Force Threat Intelligence Index 2017
Trends and Targets - Inside Man
•Trade Secrets •Account Numbers •Social Security Numbers • Intellectual Property •Personal/Health Records
Information
•Stored on the network or shared drives •Copied on external removable media devices •Transmitted electronically; email, IM, online, etc.
can leak •Competitors •Regulators •Unauthorized Internal Users •Press or Media
to an outsider
•Company Defamation •Monetary Expense for each record lost •Legal Liabilities •Loss of Assets •Breach of Customer Trust •Close of the Business
causing impact
II. Defensive measures • Risk assessment • Cyber Security “posture” and planning • Knowing your data exposure • Knowing your vendors • Using a framework – make it your own
Risk assessment • Systems, software and hardware inventory • Patching strategy • 3rd Party vendors and data exposure • On/Offshore and Safe Harbor concerns
(local data processing jurisdiction) • Internal controls (access, logging on,
incident triage and management) • Security stack • Testing
Cyber security posture and planning • Create policies and procedures that
work for you • Security is part of the culture • Focus on detection and remediation • Consider risk often
• Use a framework that can evolve • Ownership and “One Throat to Choke” • Know the top threat vectors for your
organization
Knowing your data exposure • Itemizing systems, sensitive data, (PII and HIPPA) • Formalizing access controls • Analyzing data movement strategy, “at rest” and “in flight” • Tying in a mobile device policy • Finding the “SpreadMarts” of data that live in every company
Knowing your vendors • Vendor Management Process and Procedure
Using a framework and making it your own • Multiple Cyber Security Frameworks
– NIST National Institute of Standards and Technology (US Govt)
• Identify • Protect • Detect • Respond • Recover
– ETSI Cyber Security Technical Committee (Global) – BSA Business Software Alliance (Software Focused) – ISO/EIC Adding Cyber Security to Growing Standards – RFC 2196 Internet Engineering Task Force
III. Day in the life of a hacker
• Spear Phishing and doing your homework
• Zero Day Attack
This is a story about…an unsuspecting victim
The unsuspecting victim…
“Publical ly” available information
Low Effort Education, Associates, Personal Habits, Employment, Interests, Locale, Digital Hangouts
Medium to High Effort Financial Records, Address, Identity Related Information, Public Information and Court Records
Illegal-Illicit Identity and financial information
Spear-phishing
Zero Day Attack (initiated by phishing) 1. Commercial software contains
weaknesses and imperfections
2. Hackers discover these weaknesses and find ways to exploit
3. Vulnerabilities are shared
4. The time it takes to create a patch/fix (and it’s actually usable) is always greater than “Day 0” when the vulnerability is discovered.
The perpetrators (they are out there)
Gary McKinnon Alias: Solo
Owen Thor Walker Alias: AKILL
C ounter-terrorism
IV. A view into Sentinel • Cyber Security – It’s a Lifestyle Choice
• Notes From the Sentinel Playbook
9 Steps To Cyber Security
Information Risk Management
Regime
User Education & Awareness Produce user security policies covering acceptable and secure use of the organization’s systems. Establish a staff training program. Maintain user awareness of cyber risks.
Home and Mobile Working Develop a mobile working policy and train staff to adhere to it. Apply the secure baseline build to all devices. Protect data both in transit and at rest.
Secure Configuration Apply security patches and ensure that secure configuration of all systems is maintained. Create a system inventory and define a baseline build for all devices.
Removable Media Controls Produce a policy to control all access to removable media. Limit media types and usage. Scan all media for malware before importing on to the corporate system.
Managing User Privileges Establish account management processes and limit the number of privileged accounts. Limit user privileges and monitor user activity. Control access to activity and audit logs.
Monitoring Establish a monitoring strategy and
produce supporting policies. Continuously monitor all systems and
networks. Analyze logs for unusual activity that could indicate an attack.
Incident Management Establish an incident response and disaster
recovery capability. Produce and test incident management plans. Provide specialist training
to the incident management team. Report criminal incidents to law enforcement.
Malware Protection Produce relevant policy and
establish anti-malware defenses that are applicable and relevant to
business areas. Scan for malware across the organization.
Network Security Protect your networks against external
and internal attack. Manage the network perimeter. Filter out unauthorized
access and malicious content. Monitor and test security Controls.
9 Steps to Cyber Security
Cyber Security as a Lifestyle • AWARENESS and training
• Complimentary defensive strategy
• Response and recovery
• Disaster recovery and testing
Notes From Sentinel P laybook • Know threats • Know data (where it lives and sleeps) • Know your vendors • Know the technical landscape • Process and procedures (access control) • Inform the people • Know your capabilities • Create a culture where data is respected
and protected
1. IDENTITY Asset Management Governance Risk Assessment and Risk Management Strategy
2. PROTECT Access Control Awareness and Training Data Security Protective Technology
Logging Monitoring Detection
3. DETECT
Response Planning Communication Strategy Analysis, Mitigation, and Continuous Improvement
4. RESPOND
Recovery Planning and Improvement Process Enhancement 4. RECOVER
V. The future
Questions ???
Mind what you have learned…. Save you it can…