los angeles dgs 16 presentation - the future of cybersecurity - timothy lee
Post on 15-Apr-2017
69 Views
Preview:
TRANSCRIPT
The Future of CybersecurityLos Angeles Digital Government Summit 2016
Timothy Lee
Scope – Known Knowns
Known Knowns
Unknown Unknowns
Known
Unknowns
I. Human Factor Is Key To Cybersecurity
In 2015
• Social Engineering is #1 attack technique (Proofpoint)
• More than 2 billion mobile apps that steal personal data were downloaded (Proofpoint)
• 52% of the root cause of the security breaches are due to human error (CompTIA)
Human Behaviors vs Attack Methods
Human Behaviors
• Trust
• Desire to be helpful
• Fear (unknown, loss, authority)
• Curiosity
• Carelessness
Attack Methods
• Social Engineering (Targeted/Untargeted)
• Water holing
• Trojan / Ransomware
• Social Media / Rogue Apps marketplaces
Recommendation
•User Education and Awareness
•Security Policy and Standards
•Endpoint Security
• Identity and Access Management (IAM)
•Threat Intelligence Service
II. Collaboration Is Key To Cybersecurity
• On-line, Off-line and Real-time coordination
• Information sharing (one-way / two way)
• Command & Control (C&C)
• Centralized or Distributed
Collaborative Attack vs Collaborative Defense
Recommendation
• Promote Cybersecurity collaboration
• Internal Partners ( SOCs/NOCs; IT Departments)
• External Partners (FBI CyberhoodWatch, NCCIC, ISACs)
• Enhance Situational Awareness (SA) capability (Perception, Comprehension and Projection)
• Establish Threat Intelligence Program (information gathering, analyzing and dissemination)
III. Digital /Physical Security Convergence
• Stuxnet launched against Nuclear Control Systems, 2007
• Oil Pipeline in turkey explodes in 2008
• Hacking medical devices in 2011
• Blast Furnance in German Steelworks Attacked, 2014
• Blackouts in Ukraine, 2016
Digital Security Model (CIAS)
Digital Security
Confidentiality
Integrity Availability
Safety
• Data (Confidentiality, Integrity and Availability)
• People / Environments (Safety)
Source: Cybersecurity Scenario 2020 Phase 2 – Gartner G00279414
Recommendation
• Identify critical assets and develop a protection strategy
•Promote collaborative culture
•Establish Threat Intelligence progrma
Summary
•User Education and Awareness
•Cybersecurity Program based on Risk Management Framework
•Cybersecurity Collaboration
Thank you!
top related