powerpoint presentation · 6/13/2018 4 june 19th, 2018 san antonio, tx attacks: mostly present...

6/13/2018

1

June 19th, 2018 San Antonio, TX

Accidents, Attacks, & LiabilityA survey of risks and a workshop on cybersecurity designed for internet connected business.

Bret Piatt, CEO of Jungle Disk


Today’s Speaker: Bret Piatt20 years of internet security, hands on through leadership

[Bullet points about Bret]

CEO of Jungle Disk, a data security software company for 2-250 employee businesses

Host of Cyber Talk Radio, a weekly program on

News Radio 1200 WOAI & iHeart Media

Author of Data Security Download, a contributor column published by CSO Online (IDG Communications)

Founder of OpenStack, member of the core team creating the project between Rackspace and NASA


About Jungle DiskSoftware-as-a-Service Cybersecurity for 2-250 Employee Businesses

Cloud backup, network security, & password management.

Trusted by 25,000+ firms for a decade.

6/13/2018

2


Accidents: Not Quite in the Past

They still happen, just less frequently.


“43% of companies who experienced major loss of data never

reopened and only 6% survived in the long term.” – Dr. Stephen Haag,

University of Denver

Fire, Flood, and Other Accidents Still OccurOnce physical or digital books and records are lost, they’re lost


Component failure isn’t just

hardware. Software changes

break systems that cause

downtime. An IT component is

any piece of technology used

in a business process. In an

era of software-as-a-service

(SaaS) + interconnected

systems you can’t control all

the changes or fix all of the

failures on your schedule.

Component Failure: More than HardwareSome items are in your control, others are not, plan ahead

6/13/2018

3


Hardware Failure: More than Hard DrivesAge, environment, and initial quality are the biggest factors

Server Failure Rate by Device Age, data from 2010-2014

Source: Brendan Murphy, Microsoft Research

Server Component Failure Rates


Software Failures Follow “Bathtub Curve”Older and newly released applications fail more frequently

Refresh is not just for Hardware

While the code of your custom application may not

change, the World changes around it. This creates

failures and requires updates. In turn, updates

must introduce new code resulting in “infant

mortality” risk increases.

Example: PCI-DSS requires update from TLS 1.0

to TLS 1.1/1.2 (deadline June 30th, 2018)

Example: MD5, SHA-1 deprecated by OS

updates, requiring new hashes, ex. SHA-256

(2014-16).


Software relies on Hardware

Software-as-a-Service (SaaS)

providers often operate in

multiple Tier 4 data centers

with geographic redundancy

to prevent outages from

accidents or natural disasters.

Ask your providers today for

their 2017 uptime reports.

SaaS is More Affordable & ReliableEven with flawless software operations you’re not at 99.999%

6/13/2018

4


Attacks: Mostly Present & Future

For cyber criminals everyone is now fair game.


Spear Phishing is a highly targeted and context aware social engineering attack.

Set your mail client to show full address!

Spear Fishing

Why does the attacker put, “Sent from my iPad”?

It provides the person reading it a reason why the

signature doesn’t exactly match your normal one.

Phishing Attack Sophistication IncreasesWe’ll talk more about AI recon helping hackers spear phish

They tried Jungle Disk in December 2016!


58% of businesses rely on users to come up with their own passwords. Bad idea.

Pa$$w0rds Are Still A ProblemNot solved by biometrics; can be w/ MFA & password manager

Source: Software Advice by Daniel Humphries, 2015

6/13/2018

5


Increasing Rate of Automatic Attacks Frequent drive-by downloads & in-session JavaScript malware

Definition from Wikipedia:

• Drive-by download means two things, each concerning the unintended download of computersoftware from the Internet:

• Downloads which a person authorized but without understanding the consequences (e.g. downloads which install an unknown or counterfeit executable program, ActiveX component, or Java applet) automatically.

• Any download that happens without a person's knowledge, often a computer virus, spyware, malware, or crimeware.[1]

Example from ExtremeTech Article


Hackers No Longer “Wasting Their Time”Artificial intelligence & automation is getting them in

Time consuming pre-ownership

activities now “outsourced”:

• Network/Application Scanning

• Social Engineering

• Exploit Discovery

Average attack discovery time > 180 days.


Cryptocurrency Powers New AttacksRansomware & coin mining malware are impacting everyone

Atlanta Spent $2.6M to Recover from Ransomware

Coin mining

malware 2017(Data from TrendMicro)

Bitcoin Chart ($) 2017

2014-17

Bitcoin (BTC) is less than $3,000

2017-18

Mining now more profitable than ransom

https://en.wikipedia.org/wiki/Download

https://en.wikipedia.org/wiki/Computer

https://en.wikipedia.org/wiki/Software

https://en.wikipedia.org/wiki/Internet

https://en.wikipedia.org/wiki/Executable_program

https://en.wikipedia.org/wiki/ActiveX

https://en.wikipedia.org/wiki/Java_(software_platform)

https://en.wikipedia.org/wiki/Download

https://en.wikipedia.org/wiki/Computer_virus

https://en.wikipedia.org/wiki/Spyware

https://en.wikipedia.org/wiki/Malware

https://en.wikipedia.org/wiki/Crimeware

https://en.wikipedia.org/wiki/Drive-by_download#cite_note-1

6/13/2018

6


Are AI, ML, and DL All the Same?No for researchers, yes for business people


Chess, Go, now DOTA2: AI Wins at GamesAI is now winning at games and developing new strategies

The International DOTA2 League

$18M USD Prize Pool!


Sunway Taihu• #1 in Top 500• 10,649,600 Cores• 15,371kW/hr• 93,014 TFlops/s

Is AI Going to Take Over?Not by out thinking the human brain anytime soon…

~1/11th of a human brain!

6/13/2018

7


Beyond Games, Where is AI going?Autonomous vehicles, tumor identification, and exploitation


Liability: Past, Present, FutureIt’s always here, with data gone digital, most is now online.


Downtime & Data LossHow much can your business afford?

Pressures to Deploy a Business Continuity and Disaster Recovery Initiative

Source: Aberdeen Group http://www.aberdeen.com

“Downtime for small business

costs $8,581 average per hour.” -Aberdeen Group

“Of all businesses that close

down following a disaster more

than 25% never open their doors

again.” -Insurance Information Institute

http://www.aberdeen.com/

6/13/2018

8


Data Breach Costs Continue for YearsIncreased customer churn hits revenue and growth prospects

Root Cause of Data Breaches Cost per Customer Record (by Industry)Increased Churn Rates (by Industry)

$250,000+ to remediate a breach for a 1,500 client financial firm!


You Are Not Alone – The Struggle is RealSolo-practitioners & small firms cannot secure systems alone

Why are SMBs struggling with cybersecurity?• Most cannot afford their own dedicated IT security staff• Busy IT staff doesn’t have time beyond basic system updates• New rules and regulations difficult to implement

Yet, every firm has valuable data to steal:• Personal identifiable information (PII)

• Name, address, phone, SSN• Credit cards and bank information

• Intellectual property & work product

“Small firms cut security spending by 20%, in 2014, while medium & large firms increased security investments by 5%”– PwC Global State of Information Security Survey ‘15


A Cybersecurity Plan in 3 Steps

Accidents, attacks, and liability will always be here, how do we reduce the impact?

6/13/2018

9


3 questions you need to answer for your business to have continuity through a disaster:

1. Where is my safe second copy of all books and

records (including both digital IT data and physical

papers)?

2. How will I operate while my primary office location is

being rebuilt (or while I pick a new one)?

3. What types of losses does my insurance cover

(hardware replacement, IT services, data loss)?

What’s a disaster recovery plan?Set of steps you’ll take to get back online from a tragic event


Cybersecurity Plan in 3 steps:1. Separation of Control: 2 People, 2 Passwords

2. Data: Classify & Understand What to Protect

3. Risk Reduction: Process & Technology

What will I learn in this Workshop?Everyone can build a cybersecurity plan – we will today!

Most businesses make the mistake of tech = cybersecurity.

Technology is the final step after you know what to protect!


Cybersecurity Plan Step #2:

Separation of Control

6/13/2018

10


Risk All Figured Out?What about a hacker getting administrative access?


Critical Data = 2 Copies, 2 PeopleBusiness cannot afford one person having a bad day



Data Classification & Protection

6/13/2018

11


Step Outside – Look at the DataSome information is very difficult to replace and some is not

On a scale of 1 to 10….

…how sad would you be if your laptop was stolen?

..how sad would you be if your email was deleted?


Understanding the Data is FundamentalLearn to allocate risk and implement protection appropriately

Workshop Time:1. What are your 3 most

critical unique business data?

2. Where are those 3 data stored?


A Safe Second Copy of Critical DataOff-site with separation of control & custody from the primary

Source: https://online-backup.choosewhat.com/

Important: A separate admin from the primary data.

Considerations:

1. Which types of computers?

2. How long on retention period?

3. Do you have cloud storage?

4. Do you have SaaS

applications?

5. Do you have network storage?

6/13/2018

12



Risk Reduction: Process & Technology


Real Security Awareness TrainingIt can be as easy as sending an email to see how staff reacts

Stop using obvious tests to show false success.

9 out of 10 believe

training is worthwhile.

Only 1 in 3 have

received it (ever),

and only 1 in 10 over

the past 12 months!ESET poll (Conducted by Harris)


Automate Patching & System UpdatesThe days of 90 day patch tests in QA/QC are over to stay safe

Responsible vendors provide free security updates.

Vulnerability Timeline:

1 day from disclosure to POC

3 days to exploit in wild

8 days to kit plugin

10 days to .gov attacks

35 days to aerospace

6/13/2018

13


Dual-channel Verification of RequestMost attacks are still single channel today, this stops them

Ideally, verify major transactions or highly confidential data exchanges in person.


Closing / Q&A


1. Know what you need to protect & why.

2. Ensure dual-control for unique and critical information

.

3. Apply technology & process where needed for #1 &

#2.“It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness..” – Charles Dickens, a Tale of Two Cities

Three Steps to a Cybersecurity PlanEvery business can take these 3 steps towards a safer future

6/13/2018

14


Bret Piatt: [email protected]

www.jungledisk.com

Questions?

powerpoint presentation · 6/13/2018 4 june 19th, 2018 san antonio, tx attacks: mostly present...

Documents