sholove cyber security 101 28 june 2015
TRANSCRIPT
Sholove International LLC. “Extend Your Reach!”
Youth Renewal www.sholove.comResume Services www.sholove.netCloud & Mobile Services www.sholove.org
Your Logo
About Us
Offerings
Technology Partners
Platform
Offering Features
5
4
3
2
1
June 2015
2www.sholove.com / www.sholove.net / www.sholove.org
Our purpose at Sholove is to leverage our business
platform to provide leadership and direction to young
adults who have lost parents. Having lost my parents as a
teen, I realize the challenge of discovering one’s identity
and moving forward in the face of this great loss.
June 2015
3 www.sholove.com / www.sholove.net / www.sholove.org
Since founding Sholove International in April 2011, it has
been my goal to share my experiences, good and bad,
with struggling teens and offer support through Youth
Renewal Initiatives by providing technology training and
employment assistance.
It is our purpose to reinvigorate the lives of these young
adults through Sholove.
James Love
Founder & President
Sholove International, LLC.
About UsPlatform
June 2015
4 www.sholove.com / www.sholove.net / www.sholove.org
“Layered” Cyber Security
Between 2013 and 2017,
Smartphone
Sales are projected to grow by 71%
Mobile Device Protection
Data traffic in 2016
expected to be
delivered over Wi-Fi is 78%
Wi-Fi Protection
Adoption of BYOD
projected to reach
65% by 2016
3
Enterprise Mobile Protection
SHOLOVE Cyber Security
Three Questions
We Must Ask Ourselves:
1. Do you own one or more mobile
devices?
2. Do you connect these devices to
public or private WiFi networks?
3. Do you leave your device on at night
while charging?
2
1
www.sholove.com / www.sholove.net / www.sholove.orgJune 2015
5
Layered Cyber Security
• The ability to combine multiple security controls to protect
infrastructure and data.
– The term “Layered Defense” was first established by the Armed Forces as a
strategy to resist rapid penetration
• The information assurance use of the term "defense in depth"
assumes more than merely technical security tools deployment - it
also implies:
– Policy and operations planning
– User training
– Physical access security measures and
– Direct information assurance personnel involvement in dealing with attempts to
gain unauthorized access to information resources.
What Is Layered Security
Otherwise Known As “Layered Defense”
June 2015
6 www.sholove.com / www.sholove.net / www.sholove.org
U.S. Nuclear Regulatory Commission (NRC)
Unknown hackers, including foreign hackers, used phishing, targeted e-mails, and
malware in a portable document format (pdf) file in the attacks on the NRC computers.
Fannie Mae
Fannie Mae Website, Aug 2013–early 2014.
A former Fannie Mae information technology contractor used his credentials to hack a
government website operated by Fannie Mae and disable features on the website.
Internal Revenue Service (IRS)
• IRS, April 2014. An April 2014 Government Accountability Office (GAO) report found
the IRS had “not always effectively implemented access and other controls to protect
the confidentiality, integrity, and availability of its financial systems and information.”
– The GAO concluded that financial and taxpayer information remained vulnerable to
unauthorized access or threat.
– The IRS failed to install and update security patches, monitor database controls, and restrict
mainframe access.
Why Is Layered Security Important Examples Of Events Over The Past 24 Months
www.sholove.com / www.sholove.net / www.sholove.orgJune 2015
7
DOD Systems, October 2012–January 2013
Connected to the hacker group Anonymous infiltrated multiple Army systems by exploiting a flaw in
Adobe’s ColdFusion software, which had not been updated with the latest security patches. The
targets included:
• The Army Network Enterprise Technology Command Center where hackers gained access to the personal
information of over 1,000 individuals.
• The Army Materiel Command in which they accessed non-public data including competitive acquisition bids.
• The Army Corps of Engineers server from which the hackers stole non-public information on natural resource
management and the personal information of thousands of individuals from the Corps in Vicksburg,
Mississippi.
• The Plans and Analysis Integration Office in which the hackers accessed defense program budgeting data, among
other materials.
• The Fort Monmouth Army Corps Engineer Research and Development Center where the hackers obtained
classified Army Corps documents, including plans for the demolition and disposal of military facilities. The center
was attacked again two months later by the same hackers who used the same vulnerabilities to access massive
amounts of personal, command, control, and intelligence data.
• The Army War College’s Strategic Studies Institute in which the hackers accessed unspecified data multiple times
over several months.
• The Missile Defense Agency from which the hackers stole the personal information of over 4,000 individuals.
Why Is Layered Security Important Examples Of Events Over The Past 24 Months
www.sholove.com / www.sholove.net / www.sholove.orgJune 2015
8
Defense Industries - Su Bin, a 49-year-old Chinese national, was indicted for
hacking defense companies such as Boeing.
Between 2009 and 2013, Bin reportedly worked with two other hackers in an
attempt to steal manufacturing plans for defense programs, such as the F-35
and F-22 fighter jets.
Healthcare.gov
August 2014 - An unknown hacker breached the HHS server and placed
malicious software on it in July 2014. The breach was discovered in August
2014.
Damage…. An original underestimate of information has resulted in a minimum
(recent) estimate of more than 32 million people affected!
Why Is Layered Security ImportantExamples Continued:
www.sholove.com / www.sholove.net / www.sholove.orgJune 2015
9
Cyber Attacks on U.S. Companies in 2014
• The spate of recent data breaches at big-name companies such as
JPMorgan Chase, Home Depot, and Target raises questions about the
effectiveness of the private sector’s information security
• According to FBI Director James Comey, “There are two kinds of big
companies in the United States --- those who’ve been hacked…and those
who don’t know they’ve been hacked.”
• Average cost of cyber-crime for U.S. retail stores more than doubled from
2013 to an annual average of $8.6M per company in 2014.
• Annual average cost per company of successful cyber-attacks increased to
– $20.8M in financial services
– $14.5M in the technology sector
– $12.7M in communications industries.
Why Is Layered Security ImportantCyber Hacking – Public and Private
www.sholove.com / www.sholove.net / www.sholove.orgJune 2015
10
• This includes only cyber-attacks that have been made known to the public.
• Most companies encounter multiple cyber-attacks every day, many
unknown to the public and many unknown to the companies themselves.
• January 2014
– Target (retail). In January 2014, Target announced an additional 70 million
individuals’ contact information was taken during the December 2013 breach, in
which 40 million customer’s credit and debit card information was stolen.
– Yahoo! Mail The e-mail service for 273 million users was reportedly hacked in
January, although the specific number of accounts affected was not released.
• April 2014
– AT&T (communications). For two weeks AT&T was hacked from the inside by
personnel who accessed user information, including social security
information.
Why Is Layered Security ImportantCyber Hacking – Public and Private
www.sholove.com / www.sholove.net / www.sholove.orgJune 2015
11
• May 2014
– eBay (retail). Cyber-attacks in late Feb and early March led to the
compromise of eBay employee log-ins, allowing access to the contact
and log-in information for 233 million eBay customers.
• eBay issued a statement asking all users to change their passwords.
– Five Chinese Nationals were indicted for computer hacking and
economic espionage of U.S. companies between 2006 and 2014.
• Targeted companies included: Westinghouse Electric (energy & utilities),
U.S. subsidiaries of SolarWorld AG (industrial), United States Steel
(industrial), Allegheny Technologies (technology), United Steel Workers
Union (services), Alcoa (industrial)
– Unnamed public works (energy and utilities). According to DHS, an
unnamed public utility’s control systems were accessed by hackers
through a brute-force attack on employee’s log-in passwords.
Why is Layered Security ImportantCyber Hacking – Public and Private
www.sholove.com / www.sholove.net / www.sholove.orgJune 2015
12
• June 2014– Feedly (communications). 15 million users were temporarily affected by three
distributed denial-of-service attacks.
– P.F. Chang’s China Bistro (restaurant). Between Sep 2013 and Jun 2014, credit and debit
card information from 33 restaurants was compromised and reportedly sold online.
• August 2014
– U.S. Investigations Services (services), a subcontractor for federal employee
background checks, suffered a data breach in Aug, which led to the theft of
employee personnel information. Although no specific origin of attack was
reported, the company believes the attack was state-sponsored.
• September 2014
– Home Depot (retail). Cyber criminals reportedly used malware to compromise
the credit card information for 56 million shoppers in 2,000 U.S. & Canadian
outlets.
– Google (communications). Reportedly, 5 million Gmail usernames and
passwords were compromised; ~100,000 released on a Russian forum site.
Why is Layered Security ImportantCyber Hacking – Public and Private
www.sholove.com / www.sholove.net / www.sholove.org
June 2015
13
• September 2014 continued– Apple iCloud (technology). Hackers reportedly used passwords hacked with brute-force
tactics and third-party applications to access Apple user’s online data storage, leading to
the subsequent posting of celebrities’ private photos online.
• It is uncertain whether users or Apple were at fault for the attack.
– Goodwill Industries International (retail). Between Feb 2013 and Aug 2014,
information for roughly 868,000 credit and debit cards was reportedly stolen
from 330 Goodwill stores.
• Malware infected the chain store through infected third-party vendors.
• October 2014
– J.P. Morgan Chase (financial). An attack in June was not noticed until August.
The contact information for 76 million households and 7 million small
businesses was compromised.
• The hackers may have originated in Russia and may have ties to the
Russian government.
Why is Layered Security ImportantCyber Attacks – Public and Private
www.sholove.com / www.sholove.net / www.sholove.orgJune 2015
14
• As cyber-attacks on retail, technology, industrial companies, and
personal security increase, so does the importance of cybersecurity.
• Companies and their customers need to secure their data from
– Brute-force attacks on networks
– Malware compromising credit card information
– Disgruntled employees sabotaging their companies’ networks from the
inside
• To improve the private sector’s ability to defend itself, we need to:
– Create a safe legal environment for sharing information.
– Work with International partners.
– Encourage cyber protective “Layers.”
Why is Layered Security ImportantSecuring Information
www.sholove.com / www.sholove.net / www.sholove.org
June 2015
15
• The recent increases in the rate and the severity of cyber-attacks on
U.S. companies indicate a clear threat to businesses and
customers.
• As businesses and consumers come to terms with the increasing
threat of hackers, instituting the right policies is critical to harnessing
the power of the private sector.
• In a cyber-environment with ever-changing risks and threats, the
government needs to do more to support the private sector in
establishing sound cybersecurity while not creating regulations that
hinder businesses more than help them.
Why is Layered Security ImportantConclusion
www.sholove.com / www.sholove.net / www.sholove.orgJune 2015
16
• “Most companies don’t fully understand or address their security
risks,” per the 2014 U.S. State of Cybercrime Survey.
– A mere 38 percent of the companies polled are capable of prioritizing security
spending based on the risk it presents to businesses and customers.
– “Most US organizations’ cybersecurity capabilities do not rival the persistence
and technological skills of their cyber adversaries.”
• Online computer hackers have infiltrated and exposed the personal
information of 110 million Americans – nearly half of the US adult
population - over the last year alone, according to an alarming
new report.
• The study, by researchers at the Ponemon Institute which measures
data collection and information security in the public and private
sectors – determined the number of hacked accounts belonging to
those individuals was ~432 million.
Cyber Criminals… “Winning!”The Layer That Matters Most
www.sholove.com / www.sholove.net / www.sholove.orgJune 2015
17
• Many of the people victimized may have inadvertently made
available to hackers their names, debit or credit card
information, email addresses, phone numbers, birthdates,
passwords, security questions, and possibly their physical
home addresses, according to CNN Money.
• Snapchat admitted five million user accounts were hacked
– 33 million Adobe users' credentials also taken along with
more than three million stolen debit and credit card details
Cyber Criminals… “Winning!”The Layer That Matters Most
Half of All U.S. Adults Hacked in the Last 12 Months
www.sholove.com / www.sholove.net / www.sholove.orgJune 2015
18
Sholove
Layered Security
A ”Shift” in focus must occur with
our increase of adoption of Wi-Fi
Networks.
Our protection of these networks
must include:
• Social Media Applications –
FB, Twitter, Linked In
• Production Based
Applications – Office 365,
Google Apps, SF
• Collaboration Applications –
WebEx, Skype, Google Talk
• File Sharing Applications –
Box, DropBox, SkyDrive
• Streaming Media
Applications – Youtube,
Vimeo, Google Video
Layered ProtectionWi-Fi
• With the increase in both
personal adoption and
connectivity points, it has
become the most compelling
reason to focus on device
protection both personal and
business!
• Whether traveling across
town, to and from work or
across country...our ability to
have every device covered
with a ”Layer” of protection will
decrease our chance of having
our data compromised.
• All traffic should have rules to
route internet traffic through a
secured VPN or we allow
personal hackers to consider
you as an ”Easy Hack!”
Layered Protection Mobile
Corporate owned devices present
a tough enough challenge in the
Marketplace, now consider a
change in strategy...The
increasing growth of BYOD. BYOD more than ever drives an
additional need for ”Layered” control
of the company data shared onto
someone’s personal device. The
challenge includes the ability to:
• Control the amount of protected
info to be shared with an employee
• Increase security and compliance
• Reduce costs related to sharing
company information
• Increase productivity while
maintaining employee satisfaction
• Provide ”Clean Wipe” tools to
protect company info when devices
are lost or stolen
Layered Protection Enterprise
321
June 2015
19 www.sholove.com / www.sholove.net / www.sholove.org
Phone: 844.880.LOVE (5683)
877.572.8971
480.553.9709
Email: [email protected]
Youth Renewal Programs
Employment Services
Cloud & Mobile Cloud Technology
Sholove International LLC.How We Can Be Reach
www.sholove.com / www.sholove.net / www.sholove.orgJune 2015
20
THANK YOU!
877.572.8971 Youth Renewal / Resumes
866.357.8417 Cloud & Mobile Services
www.sholove.com / www.sholove.net / www.sholove.orgJune 2015
21