ronald l merriman cyber security discussion...what will it take to resume operations? ‣put your...
TRANSCRIPT
CYBER SECURITY DISCUSSION Dubai 2016
Ronald L Merriman Paul Samadani Henry Wu
USE AT YOUR OWN RISK!IS FOR ENTERTAINMENT PURPOSES ONLY
This Presentation
OUR AGENDA
‣ Defining Cyber Security‣ How Do Hackers Find & Compromise Systems ‣ 5 Steps to Avoid becoming an Easy Target‣ In Real Life…‣ Group Discussion
WHAT IS AT RISK?
Brand Reputation Consumer Trust Intellectual Property Bank Fees, Penalties & Credit Company Fines
Loss of Revenue
WE ARE CREATING A CYBER SECURITY NIGHTMARE
WE ARE CREATING A CYBER SECURITY NIGHTMARE
HACKERS CAN:
▸ Take Control of Your Car
▸ Add Virtual Airplanes to Radar
▸ Control a Rollercoaster
▸ Shut Down the Power
▸ Know Where You Are
▸ Who You Are Talking to
▸ Share Your Deepest Secrets
COMMON WAYS HACKERS FIND YOU?
‣Google to Find Un-Patched PCs‣Embedded Link on an Email‣USB Stick‣Supplier / Vendor Backdoors‣Social Engineering
COMMON WAYS HACKERS FIND YOU?
‣ Google to Find Un-Patched PCs‣ Embedded Link on an Email‣ USB Stick‣ Supplier / Vendor Backdoors‣ Social Engineering
IDENTIFY PROTECT DETECT
RESPOND RECOVER
YOU CAN’T PROTECT IT IF YOU DON’T KNOW ABOUT IT
‣ Credit Card – Parking, Gift Shop… ‣ Back Door Vendor System Access ‣ Internet Connected Devices ‣ Rogue Access Points
IDENTIFY
YOU CAN’T PROTECT IT IF YOU DON’T KNOW ABOUT IT
‣ Credit Card – Parking, Gift Shop… ‣ Back Door Vendor System Access ‣ Internet Connected Devices ‣ Rogue Access Points
AUTOMATED TOOLS FOR DISCOVERING DEVICES
‣The Dude by Mikro Tik http://www.mikrotik.com/thedude
‣GFI LanGuard http://www.gfi.com
‣KALI Linux https://www.kali.org/
IF YOU WANT TO KEEP IT - PROTECT IT
‣Provide Training for Your Staff ‣SPAM & Web Filtering ‣Remove Admin Access ‣Patch Your Systems ‣Segment Your Network
PROTECT
IF YOU WANT TO KEEP IT - PROTECT IT
‣Provide Training for Your Staff ‣SPAM & Web Filtering ‣Remove Admin Access ‣Patch Your Systems ‣Segment Your Network
AUTOMATED PATCHING TOOLS
‣GFI LanGuardhttp://www.gfi.com
‣ Windows Server Update Services (WSUS) www.Microsoft.com
‣Hire Experts for Network Segmentation
TRUST BUT VERIFY
‣Hack Yourselfhttps://www.shodan.io
http://routersecurity.org/testrouter.php
‣KALI Linux https://www.kali.org/
‣Offer Bug Bounty
DETECT
TRUST BUT VERIFY
‣Hack Yourselfhttps://www.shodan.io
http://routersecurity.org/testrouter.php
‣KALI Linux https://www.kali.org/
‣Offer Bug Bounty
“A GOAL WITHOUT A PLAN IS JUST A WISH”
‣ Actionable Response Plan ‣ Test Your Plan ‣ FCC Cyber Planner
https://www.fcc.gov/cyberplanner
‣ Explore Insurance Options ‣ Not Just IT Related…Should Include Disasters ‣ Know Your Law Enforcement Agencies
RESPOND
“A GOAL WITHOUT A PLAN IS JUST A WISH”
‣ Actionable Response Plan ‣ Test Your Plan ‣ FCC Cyber Planner
https://www.fcc.gov/cyberplanner
‣ Explore Insurance Options ‣ Not Just IT Related…Should Include Disasters ‣ Know Your Law Enforcement Agencies
WHAT WILL IT TAKE TO RESUME OPERATIONS?
‣Put Your Plan in Action ‣Consider All Dependencies ‣It is All About Minimizing the Loss ‣Set Aside Cash Reserves ‣It Usually Happens at the Worse Possible Time ‣Work Closely with Attorneys & PR Firms
RECOVER
WHAT WILL IT TAKE TO RESUME OPERATIONS?
‣Put Your Plan in Action ‣Consider All Dependencies ‣It is All About Minimizing the Loss ‣Set Aside Cash Reserves ‣It Usually Happens at the Worse Possible Time ‣Work Closely with Attorneys & PR Firms
ANYONE CAN BE A VICTIM OF A MAJOR CYBER ATTACK
IT CAN HAPPEN TO YOU
‣ More than just Financially & Operationally Costly‣ Incredibly Consuming ‣ Further Breaches Inevitable
What Can We Do About it?
LAX CYBER SECURITY RESULTS IN CRIPPLING ECONOMIC & REPUTATIONAL PENALTIES
LESSONS LEARNED
‣ Stay Up-to-Date with Credit Card Transaction Technology
‣ Limit Exposure‣ Segregated and Secure Network & Critical Computers‣ Backup, Then Backup Again‣ Protect High-Volume Email Accounts
Paul Samadani [email protected]
Henry Wu [email protected]
Ronald L Merriman [email protected]
For Cyber Security Links Email: