Cyber Sec Update Secure World Seattle Nov 13, 2014
Download as PPTX, PDF1 like369 views
This document summarizes a presentation on cyber threats given by Kevin J. Murphy. The presentation covered recent cyber crimes like retail data breaches at Target and Home Depot, vulnerabilities like Heartbleed, and geopolitical cyber attacks from groups like the Syrian Electronic Army. Murphy emphasized practicing defense in depth, defending identities, networks and data, training security teams, and thinking like attackers to prevent unexpected threats. Audience members discussed lessons from their industries and ways to anticipate new attack vectors.
Cyber Sec Update Secure World Seattle Nov 13, 2014
- 1. Kevin J. Murphy, CISSP, CISM, CGEIT Cyber Security Defense Update Director, Windows Security Architecture
- 2. Agenda Cyber Crime Vulnerabilities Cyber attacks Cross-industry discussion Expectations Interactive dialogue Learn from other industries Think outside the box What are the attackers goals? What would you do if you were the attacker? What can you do that the attacker won’t be expecting? 2/24/2015 2
- 3. Cyber Threats - Definitions Cyber Crime = $$$ Motivated Credit cards, bank accounts APT = Nation State Espionage Steal your Intellectual Property Cyber war = Destructive Geopolitical Conflict Economic Attack Element of modern warfare Iran, Syria, N Korea, Al Qaeda, Russia, etc. 2/24/2015 3
- 4. 2/24/2015 4
- 5. 2014 Cyber Crime Attacks Retail Data Breaches Point of Sale (POS) system vulnerabilities Reporting requirements under GLB Act Some of the victims Target, Home Depot, Michaels, Neiman Marcus, Jimmy Johns, Staples, Dairy Queen, PF Chang’s, etc. etc. Analysis? Look at your 3rd Party attack vectors Understand your POS vendors security Plans2/24/2015 5
- 6. 2014 Cyber Crime Attacks Home Depot – a different nuance Credit card’s were offered for sale on a website that traffics in stolen card data Cards presented as: "American Sanctions” "European Sanctions” Analysis? Cyber Crime is now Geopolitical Adapt the Chip and Pin technology 2/24/2015 6
- 7. 2014 Cyber Crime Attacks Banking Data Breaches 2014 Verizon Data Breach Investigations Report analyzed 1,367 data-loss incidents last year, they found that 465 were financial institutions Data Breach Losses Top More Than 78 Million Records to Date in 2014 Analysis? Ideas? 2/24/2015 7
- 8. 2014 Vulnerabilities 3rd Party Vulnerabilities 2/24/2015 8
- 9. 2014 Vulnerabilities Heartbleed (Open SSL) SSL 3.0 How many of you thought you had to monitor your 3rd party appliances for vulnerabilities? And Patching! Analysis? Heartbleed’s lesson – “If you own SSL you own the internet” 2/24/2015 9
- 10. 3rd world Cyber attacks Syrian Electronic Army 2/24/2015 10 What did they learn by this reaction?
- 11. Cyber warfare is dangerous Potential for huge economic impact Geopolitically motivated No cold-war type “rules” No international agreement Anonymous attacks have no limits and pose little risk to the attacker 2/24/2015 11
- 12. Geopolitical attacks Critical Infrastructure 2/24/2015 12
- 13. Cross-industry Discussion What have you observed in your industry? Lessons learned? Preventions to share with the room? 2/24/2015 13
- 14. 2/24/2015 14
- 15. Prevention Defense in Depth Defend your identity systems Harden your AD Office hours for auth changes Get rid of passwords- use 2 factor auth Application level attack Delete forwarding rules after you reset our password Make sure your account saves sent mail in your sent file 2/24/2015 15
- 16. Prevention Defense in Depth Defend your perimeter - Next Gen Firewalls Defend your network Segment your network Monitor, IDS, IPS Remove remote admin where possible 2/24/2015 16
- 17. Prevention Defend your data Encrypt, monitoring, HIDS, SIEM Stay current in patching, A/V scanning Offline back ups Train your security team Learn from other industries Stay current on the threats Stay current on the vendor response to the threats Stay current on secure systems configurations2/24/2015 17
- 18. Prevention Business Continuity Cyber war Scenario Train it - Test it Cold back up systems Remember a cyber war attack can infect any system connected to the network Primary and fail-over sites could be infected all at once 2/24/2015 18
- 19. Prevention Get ahead of the attacker by anticipating the new vectors of attack Threat assessments and models for your IT Infrastructure and apps. 2/24/2015 19
- 20. Prevention Constantly reevaluate AD for new threats Pen test Code sign your internal apps and applets Security scan 3rd party vendor apps. 2/24/2015 20
- 21. Prevention Your turn – What else do you recommend? What can you do that is not in that the attacker won’t expect? 2/24/2015 21
- 22. Resources Books Economics & Strategies of Data Security, Daniel Geer Jr. http://www.amazon.com/Economics-Strategies-Data-Security- DANIEL/dp/B001LZM1BY Papers 2014 Data Breach Investigations Report http://www.verizonenterprise.com/DBIR/2014/ The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments, Peter A. Loscocco, Stephen D. Smalley, Patrick A. Muckelbauer, Ruth C. Taylor, S. Jeff Turner, John F. Farrell; National Security Agency http://www.windowsecurity.com/whitepapers/The_Inevitability_of_Failure _The_Flawed_Assumption_of_Security_in_Modern_Computing_Environ ments_.html Contact Me: http://www.linkedin.com/pub/kevin-murphy/5/256/863 2/24/2015 22