isaca uae - importance of human-centric approaches to cyber security
TRANSCRIPT
![Page 1: ISACA UAE - Importance of Human-Centric Approaches to Cyber Security](https://reader034.vdocuments.us/reader034/viewer/2022051520/588a09f91a28ab132f8b4977/html5/thumbnails/1.jpg)
Innovation in a Borderless WorldISACCA – ISAFE 2015 - Dubai, UAE
Importance of
Human-Centric Approaches
to Cyber Security
Lydia Kostopoulos, PhD@LKCYBER
![Page 2: ISACA UAE - Importance of Human-Centric Approaches to Cyber Security](https://reader034.vdocuments.us/reader034/viewer/2022051520/588a09f91a28ab132f8b4977/html5/thumbnails/2.jpg)
Social Engineering
Human-CentricApproach
AttackVectors
Accessibility
![Page 3: ISACA UAE - Importance of Human-Centric Approaches to Cyber Security](https://reader034.vdocuments.us/reader034/viewer/2022051520/588a09f91a28ab132f8b4977/html5/thumbnails/3.jpg)
Social Engineering
Human-CentricApproach
AttackVectors
Accessibility
![Page 4: ISACA UAE - Importance of Human-Centric Approaches to Cyber Security](https://reader034.vdocuments.us/reader034/viewer/2022051520/588a09f91a28ab132f8b4977/html5/thumbnails/4.jpg)
Social Engineering
Human-CentricApproach
AttackVectors
Accessibility
- Criminals- Hacktivists & Terrorists- Industry- Nation State Actors
- Operations Sabotage- Data Manipulation- Intellectual Property Theft- Industrial Espionage
- Money- Reputation (Both Ways)- Political- Security
Actors
Interests
Motivations
“The clever manipulation of the natural human tendency to trust.”
Social Engineering:
![Page 5: ISACA UAE - Importance of Human-Centric Approaches to Cyber Security](https://reader034.vdocuments.us/reader034/viewer/2022051520/588a09f91a28ab132f8b4977/html5/thumbnails/5.jpg)
![Page 6: ISACA UAE - Importance of Human-Centric Approaches to Cyber Security](https://reader034.vdocuments.us/reader034/viewer/2022051520/588a09f91a28ab132f8b4977/html5/thumbnails/6.jpg)
Social Engineering
Human-CentricApproach
AttackVectors
Accessibility
Humans are the weakest link in Information Security.
![Page 7: ISACA UAE - Importance of Human-Centric Approaches to Cyber Security](https://reader034.vdocuments.us/reader034/viewer/2022051520/588a09f91a28ab132f8b4977/html5/thumbnails/7.jpg)
Admiral Rogers Director of US Cyber Command/NSA
Social Engineering
Human-CentricApproach
AttackVectors
Accessibility
"Never underestimate the impact of user
behavior on a defensive strategy"
![Page 8: ISACA UAE - Importance of Human-Centric Approaches to Cyber Security](https://reader034.vdocuments.us/reader034/viewer/2022051520/588a09f91a28ab132f8b4977/html5/thumbnails/8.jpg)
Social Engineering
Human-CentricApproach
AttackVectors
Accessibility
Attacks: Human Factor & Intellectual Property (IP)
91% of cyberattacks begin with spear phishing email – TrendMicro Research
Intellectual Property and the U.S. Economy: Industries in Focus –by the Economics and Statistics Administration and the United States Patent and Trademark Office
IP Intensive Businesses in the US• Support at least 40 million jobs
• $5 trillion to US GDP 28%
$445 billion – annual cost of cybercrime and economic espionage to the world economy - 2014 CSIS & McAfee report
How much does it cost the world?
What’s the most common attack vector?
![Page 9: ISACA UAE - Importance of Human-Centric Approaches to Cyber Security](https://reader034.vdocuments.us/reader034/viewer/2022051520/588a09f91a28ab132f8b4977/html5/thumbnails/9.jpg)
Social Engineering
Human-CentricApproach
AttackVectors
Accessibility
Source: Get Cyber Safe
![Page 10: ISACA UAE - Importance of Human-Centric Approaches to Cyber Security](https://reader034.vdocuments.us/reader034/viewer/2022051520/588a09f91a28ab132f8b4977/html5/thumbnails/10.jpg)
Social Engineering
Human-CentricApproach
AttackVectors
Accessibility
Social Media UseHave a policy
• Promote Collaboration• Maintain Vigilance• Protect Information
![Page 11: ISACA UAE - Importance of Human-Centric Approaches to Cyber Security](https://reader034.vdocuments.us/reader034/viewer/2022051520/588a09f91a28ab132f8b4977/html5/thumbnails/11.jpg)
Social Engineering
Human-CentricApproach
AttackVectors
Accessibility
Social Media UseHave a policy for sharing
• Intellectual Property Theft• Inside Information• Organization Intentions• Internal Leaks
![Page 12: ISACA UAE - Importance of Human-Centric Approaches to Cyber Security](https://reader034.vdocuments.us/reader034/viewer/2022051520/588a09f91a28ab132f8b4977/html5/thumbnails/12.jpg)
Social Engineering
Human-CentricApproach
AttackVectors
Accessibility
Accessibility: Tools have been democratized
Malware comes in all shapes and sizesTools
![Page 13: ISACA UAE - Importance of Human-Centric Approaches to Cyber Security](https://reader034.vdocuments.us/reader034/viewer/2022051520/588a09f91a28ab132f8b4977/html5/thumbnails/13.jpg)
We set up network defenses…
Intrusion Detection System
Defense in Depth
Firewall
We set up data defenses…
Destruction
What about human defenses?
Encryption
Data in Use
At Rest
In Motion
Classification
Internal Use
Public
Confidential
Secret
We set up malware defenses…
Anti-Virus Spam Filter?
Identity & Access Management
Social Engineering
Human-CentricApproach
AttackVectors
Accessibility
Phishing
![Page 14: ISACA UAE - Importance of Human-Centric Approaches to Cyber Security](https://reader034.vdocuments.us/reader034/viewer/2022051520/588a09f91a28ab132f8b4977/html5/thumbnails/14.jpg)
You don’t know what you don’t know…
![Page 15: ISACA UAE - Importance of Human-Centric Approaches to Cyber Security](https://reader034.vdocuments.us/reader034/viewer/2022051520/588a09f91a28ab132f8b4977/html5/thumbnails/15.jpg)
Data Leakage Prevention Plan: Don’t forget Business Continuity
Social Engineering
Human-CentricApproach
AttackVectors
Accessibility
Followed by End-User Awareness
![Page 16: ISACA UAE - Importance of Human-Centric Approaches to Cyber Security](https://reader034.vdocuments.us/reader034/viewer/2022051520/588a09f91a28ab132f8b4977/html5/thumbnails/16.jpg)
The process of elevating security awareness of a human asset in efforts to reduce and
eliminate as many risks as possible.
Hardening of Human Assets (HHA)
Social Engineering
Human-CentricApproach
AttackVectors
Accessibility
![Page 17: ISACA UAE - Importance of Human-Centric Approaches to Cyber Security](https://reader034.vdocuments.us/reader034/viewer/2022051520/588a09f91a28ab132f8b4977/html5/thumbnails/17.jpg)
OPSEC Awareness
Social Engineering Awareness
Specialized SIEM Settings(Cross-departmental collaboration)
Espionage Threat Awareness
Data Protection Awareness
Social Media Use Awareness
Travel Security Awareness
Hardening Human Assets (HHA) Have a Plan
Social Engineering
Human-CentricApproach
AttackVectors
Accessibility
![Page 18: ISACA UAE - Importance of Human-Centric Approaches to Cyber Security](https://reader034.vdocuments.us/reader034/viewer/2022051520/588a09f91a28ab132f8b4977/html5/thumbnails/18.jpg)
Social Engineering
Human-CentricApproach
AttackVectors
Accessibility
Be proactive not reactive!
Cross departmental teamwork
Whole of Enterprise Approach
Security Culture: Have one!
![Page 19: ISACA UAE - Importance of Human-Centric Approaches to Cyber Security](https://reader034.vdocuments.us/reader034/viewer/2022051520/588a09f91a28ab132f8b4977/html5/thumbnails/19.jpg)
Social Engineering
Human-CentricApproach
AttackVectors
Accessibility
Incorporate a culture of cyber professionalism- Clearly communicate acceptable and unacceptable cyber practices
- Create channels for communication about incidents
- Foster an open environment to discuss cyber practices, concerns, questions and doubt
Cyber Professionalism: Set the example!
Leaders should lead through example- Practice cyber hygiene
- Follow best practices
- Report incidents, phishing attempts, potentially malicious files
- Communicate cyber expectations
![Page 20: ISACA UAE - Importance of Human-Centric Approaches to Cyber Security](https://reader034.vdocuments.us/reader034/viewer/2022051520/588a09f91a28ab132f8b4977/html5/thumbnails/20.jpg)
Lydia Kostopoulos, PhD
@LKCYBER
Questions?