Cyber-Security-Presentation_Bistro_Group_ppt
- 1. Cyber Security Threats 2017
- 2. Cybersecurity Outlook 2017 Almost one in five small business owners say their company has had a loss of data in the past year. Small business owners are particularly hurt by cyberattacks. According to recent data 63 percent of small business owners view data as their new currency, and that a single data hack could have associated costs ranging from $82,200 to $256,000. - Norman Guadango, Carbonite
- 3. Hackers: Breaches Headlines Ashley Madison 2015: Many use same passwords, spear phishing campaigns, blackmail targets Twitter: 32 Million Yahoo: 500 Million (LinkedIn, Amazon, Facebook, Credit Cards, ) Security cameras, breachable appliances, access control systems Malware found on all platforms including Apple 2 million new signatures of malware in July 2016
- 4. Cyber Security Threats for 2017 Ransomware and Extortion will increase (Stephen Gates, NSFocus) Industrial IoT attacks will increase (Adam Meyer, SurfWatch) Internal Threats will increase (James Maude, Avetco) Physical Security Investments (Ed Solis, CommScope) Hackers are in the Long Game
- 5. Attack Vectors Hacking (Data theft, corporate espionage, identity theft) Social Engineering (Spear Phishing, Phishing, traditional SE) Internal attacks: Unauthorized access and access control Cloud Attacks and Breaches (Dropbox, iCloud, OneDrive, Etc.) Virus/Malware/Botnet Ransomware and Extortion
- 6. Legacy Gateway Security Implementation
- 8. Cyber Security Focus Keeping the Bad Guys out Protecting your Internal Network Recovering from an Attack
- 9. Business Security: Keep the bad guys out Tools Modern firewall Security Event Manager Spam Filter Policy Monitor 24x7 Security Event and Log Review No local Admins! Patch Management and Passwords (2 Form Factor)
- 10. External Threat Strategy Raise the bar higher than the next guy Weigh what you automate with what you control through policy and procedure Constant education on the latest threats must be a priority. The best defense is intelligence.
- 11. Business Security: Protect from the Inside Tools Anti-virus, Anti-Malware Security Event Manager Modern Firewall Reverse Spam Filter Policy Employee Training Data Retention, Email Security, Data Access and Access Control policies Employee Turnover Device Management
- 12. Business Security: Attack Recovery Tools Backup, Disaster Recovery and Business Continuity Cyber Security Insurance Policy Communication Plan Recovery Time Objective Recovery Point Objective Incident Source Identification and Quarantine Test, Test, Test
- 13. Recovery Considerations Attack Source Discovery: 5 minutes to 8 hours Systems Restoration: 20 minutes to 2 weeks Data Loss: 15 minutes to 24 hours Put a real cost to the business loss to truly understand the impact Salary Missed sales Lost data Project delays and associated opportunity cost
- 14. Firewall Evolution Packet Inspection: Traffic cop: Can see car, color, plate, make and model and which direction it is coming from but cant see who is driving, what is in the trunk, what is underneath the car Deep Packet Inspection: X-ray vision. Much better than Packet Inspections but even Superman can’t see through lead Encrypted traffic: https traffic is major cause of most breaches. Google prioritizes search results to list https. Ransomware Cryptolocker uses this to explode on a network via webmail Firewall purchased in the past 18-36 months may not be able to inspect https traffic
- 15. Security Quick Tips Move DNS to trusted DNS source only Restrict outbound VPN connection to trusted users (Ransomeware Call Home) Block outbound SMTP (Botnet Zombies) Restrict outbound SSH connectivity (Remote access Trojan) Restrict download of executable files to admins and trusted users Inspect encrypted traffic Two factor authentication for remote users Block illicit applications (proxy bypass, peer to peer, tor, etc.) Automate alerts and review network traffic frequently
Editor's Notes
- #5: As more devices become internet-enabled and accessible and the security measures in place continue to lag behind, the associated risks are on the rise. Aside from the obvious risks for attacks on consumer IoT devices, there is a growing threat against industrial and municipal IoT as well. As leading manufacturers and grid power producers transition to Industry 4.0, sufficient safeguards are lacking. Not only do these IoT devices run the risk of being used to attack others, but their vulnerabilities leave them open to being used against the industrial organizations operating critical infrastructure themselves. This can lead to theft of intellectual property, collecting competitive intelligence, and even the disruption or destruction of critical infrastructure. Not only is the potential scale of these attacks larger, most of these industrial firms do not have the skills in place to deal with web attacks in real-time, which can cause long-lasting, damaging results. This alone will become one of the greatest threats that countries and corporations need to brace themselves for in 2017 and beyond. There are plenty of "As-A- Service" attack capabilities on the Dark Web for hire now and we should expect creative new IoT hack services to pop up in the near future. As organizations adopt more effective strategies to defeat malware, attackers will shift their approach and start to use legitimate credentials and software - think physical insiders, credential theft, man-in-the-app. The increased targeting of social media and personal email bypasses many network defenses, like email scans and URL filters. The most dangerous aspect is how attackers manipulate victims with offers or threats that they would not want to present to an employer, like employment offers or illicit content. Defenders will begin to appreciate that inconsistent user behaviors are the most effective way to differentiate malware and insider threats from safe and acceptable content.