cybersecurity trends - 2017 & beyond · cybersecurity trends - 2017 & beyond presented by:...

32
Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran Joint ISACA & IIA Chapter Meeting | December 12, 2017 1

Upload: others

Post on 22-May-2020

8 views

Category:

Documents


1 download

TRANSCRIPT

Page 1: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

Cybersecurity Trends - 2017 & BeyondPresented by: Mike Lipinski - Principal, Plante & Moran

Joint ISACA & IIA Chapter Meeting | December 12, 20171

Page 2: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

Data Breach Statistics

2

How long does it take an attacker to compromise your systems?

11% of cases: seconds

82% of cases: minutesSource:2016 Verizon Data Breach Report

Page 3: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

Trends in Information Security

3

Targets — victims of opportunity:Some will be a target regardless of what they do, but

most become a target because of whatthey don’t do related to security.

Page 4: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

Trends in Information Security

4

ABOUT PLANTE MORAN AND OUR ITC AND CYBERSECURITY SERVICES 8

Most common attack — social:

Most attacks begin socially. Employees are

your greatest asset, but often your weakest link to security.

Hackers know this, and have developed social scams by

the thousands, hoping but one will fall victim

Page 5: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

is software designed to disrupt or damage your computer system

Malware

5

Page 6: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

Common Threats - Ransomware

6

Page 7: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

Our #1 defense is our weakest link

PASSWORDS

7

Page 8: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

Risk Trends

R = p(t * v i)

8

Risk

Time

p = probability

• Impact is inevitable• Probability - getting worse• How do we mitigate Risk?

Page 9: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

Vulnerability Trends• We still suffer from hygiene issues

• Patching• Mis-configurations• Segmentation• Knowing where sensitive data resides

• Lines of code growing• 1 vulnerability per 1800 lines of code

• Still only as strong as our weakest link• People will continue to make mistakes

9

Page 10: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

Threat Trends• Over the first 3 quarters - ransomware modifications increased

by a factor of 11, from 2,900 to 32,091• One in five small and medium-sized businesses that paid a ransom never got its data back• 4 new malware samples per second……

• 4th Party attacks will increase• attacker trends continue to move outwards in the supply chain to include fourth parties such as

subcontractors, outsourcers, cloud service providers and device manufacturers

• Mobility and Cloud• By 2020 – 70% or workforce will be mobile Source = IDC

• Sensitive information on easily lost or stolen devices• OAuth Phishing and Delegation

• An adversarial machine learning “arms race” will develop between defenders and attackers

• Skilled talent• Need to improve process to leverage people we have• Leverage technologies that can help decision quickly

• Human judgement and decision making• AI, automation, orchestration threaten to remove

human decision making

10

Page 11: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

Obstacles to Stronger Cybersecurity

11

Page 12: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

Top Challenges for SOC’s

12

Page 13: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

How confident are you?

13

Page 14: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

Data Breach Facts the Numbers

14

200

81%

$6T

1.9B

The median number of days that attackers stay dormant within a network before detection Verizon 2017 DBIR

918 breaches led to 1.9 Billion records compromised – 1st

half of 2017 – Does not include Equifax, SEC breach or updated Yahoo numbers Source: CSO

Percent of breaches leveraged either stolen and/or weak passwords Source: Verizon 2017 DBIR

Cybercrime damage annually by 2021 Source: CSO

Page 15: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

Will it get better?

15

• More than 209,000 cybersecurity jobs in the U.S. are unfilled Source = Forbes

• 2017 Will See 8.4 Billion Connected Things Sorrce =

https://campustechnology.com/articles/

• Perimeters are porous - Networks Un-defendable

We must defend the data – but

do we know where it is?

Page 16: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

Can’t the government help?

No regulation or standard alone will keep your Company safe!

16

PCIFISMA NISTISO 2700x

FFIEC Cyber-

security

State Privacy

GLBAHIPAASarbanes

Oxley

Page 17: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

Who’s responsible for cybersecurity?

7%CISO

19%Other

38%CFO

36%CIO

Page 18: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

Who’s responsible for cybersecurity?

• Information security is not an IT issue: it is a business issue

• Security organization needs to become standalone

18

Page 19: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

Cybersecurity: Let’s just start with this

Build your cyber and risk program around people, process and technology…..

19

what you have what you identify

direct and indirect attacks

accordingly (IRP)

appropriately (BCP/DRP)

Identify Protect Detect Respond Recover

Page 20: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

Let’s focus on solving:

20

Data Silos

• Teams silo’ed• Information silos

Alert Fatigue

• Rule based solutions• Too many false positives

No Hunting Capabilities

• Weak visualization• Inefficient investigation• Skilled talent shortage

Scalability • Serious scale issues • People and Technology

Page 21: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

A Traditional Insider Threat Solution

A traditional insider threat solution includes all of the individual tools needed to perform analysis……

……Administration, analysis and event workflow however occur in silo’s

21

DLP solution Proxy solution SIEM solution Identity & AccessManagement solution

Data

Admins / Analysts Admins / Analysts Admins / Analysts Admins / Analysts

Data Data Data

Page 22: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

Example - How Do We Find Threats and Risky Insiders?

22

Network Activity• A/V, Malware• Access Request denials• Flow Data• Large Downloads

Endpoint / Data Exfiltration• Email traffic• Attachments to suspicious recipients• Print anomalies• DLP alerts

Access• Identity• Access levels• Security clearance• Privilege user rights

Physical Security• Access requests and denials• Physical access anomalies• Access control systems• VPN logs

Compliance• Audit remediation progress• Policy violations• Training gaps

Fraudulent Activity• Expense violations• Time entry violations• Unauthorized access • Abnormal behavior

Identity Context• HR data• Performance ratings• Notice / terminations• Reprimand• Groups - Peers

External data• Social• Census• Credit data• Criminal / Civil• Travel to High risk countries• Financial stressors

Page 23: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

Industry Predictions

23

Page 24: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

Industry predictions:

• Crime-as-a-service (CaaS) will expand available tools and services

• The internet of things (IoT) will further add unmanaged risks

• The supply chain will remain the weakest link in risk management

• Regulation will add to the complexity of critical asset management

• Unmet board expectations will be exposed by major incidents

• The ability to protect is progressively compromised• Cyber insurance safety net is pulled awaySource = Information Security Forum

24

Page 25: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

Biggest security threats through 2018

• The IoT leaks sensitive information

• IoT lead to greater DDoS attacks

• Opaque algorithms compromise integrity

• Increase in rogue government terrorist cyber attacks

• Lack of vulnerability disclosure

• Governments become more involved

• Regulations will impact the cloud

• Criminal capabilities expanding

25

Source – ISF – Information Security Forum

Page 26: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

Gartner 2018+ predictions

26

Page 27: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

Gartner continued…• Through 2020, 99% of vulnerabilities exploited will

continue to be ones known by security and IT professionals for at least one year

• By 2020, a third of successful attacks experienced by enterprises will be on their shadow IT resources

• By 2018, the need to prevent data breaches from public clouds will drive 20% of organizations to develop data security governance programs

• By 2020, 40% of enterprises engaged in DevOps will secure developed applications by adopting application security self-testing, self-diagnosing and self-protection technologies

27

Page 28: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

Gartner Continued…• By 2020, IT sponsored information security

programs will suffer 3 times as many significant breaches as those sponsored by the business

• By 2019, use of passwords and tokens in medium-risk use cases will drop 55%, due to the introduction of recognition technologies.

• Through 2018, more than 50% of Internet of Things (IoT) device manufacturers will not be able to address threats….

• By 2020, more than 25% of identified enterprise attacks will involve IoT, though IoT will account for only 10% of IT security budgets.

28

Page 29: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

29

“…US companies will struggle with GDPR.”

…continued increase in ransomware and DDoS attacks.”

…more effective, harder to detect phishing campaigns.”

…continued high profile attacks across all industries.”

…a significant IoT event – maybe critical infrastructure

…Security by design will catch on

…AI will be weaponized and used to attack us

…blockchain technologies will disrupt

…Fewer rouge email servers at political organizations.”

2018 – Mike’s predictions

Page 30: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

Best Practice Tips

3030

Formal security program Don’t forget cloud…

Security by design Access Control Zero Trust Model for Partners

Review of vendor service contract terms for security and data protection

Periodic testing of network and infrastructure

User awareness training Focus on Hygiene:

Passwords, patching, segmentation IR, BCP

NextGen SOC Leverage technology to drive process

and maximize people

Page 31: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

31

Page 32: Cybersecurity Trends - 2017 & Beyond · Cybersecurity Trends - 2017 & Beyond Presented by: Mike Lipinski - Principal, Plante & Moran. Joint ISACA & IIA Chapter Meeting | December

Thank you.

32

Contact: Mike Lipinski, Cybersecurity, [email protected]