the cyber pandemic - jay bavisi
TRANSCRIPT
Unravel the Enigma of Insecurity
The Cyber Pandemic Jay Bavisi , President – EC-‐Council
Unravel the Enigma of Insecurity CATEGORY A BIO TERRORISM AGENT
Unravel the Enigma of Insecurity
Unravel the Enigma of Insecurity
Unravel the Enigma of Insecurity
Total: 8 445 cases, 790 deaths
SARS
2003 2004
JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC
Feb. 15, 2003 SARS First iden;fied in China
March 5, 2003 First fatality recorded in Toronto
March 12, 2003 World Health Organiza;on warns against all unnecessary travel to Toronto, Beijing, and China’s Shanxi Province
April 30, 2003 World Health Organiza;on liJs its travel advisory against Toronto
June 12, 2003 Tourism in Toronto losses $190M
May 1, 2003 SARS deaths peak in Honk Kong, Toronto & Vietnam
December 2, 2003 Scien;sts with the SARS Accelerated Vaccine Ini;a;ve (SAVI) report tests are going well
July 30, 2003 SARS Stock Concert, Rolling Stones, AC/DC, Jus;n Timberlake, Rush…
September 29, 2003 Ontario’s SARS enquiry opens
October 7, 2003 University of Toronto releases a report commissioned by Health Canada
August 13, 2003 Toronto physician becomes the last fatality in the city
China - 349
Hong Kong - 299
Canada - 44
Unravel the Enigma of Insecurity
Isolate pa;ents; find and monitor pa;ent contacts
PATIENT ISOLATION PATIENT INTERVIEW FOR CONTACTS
MEDICAL AIDS
Unravel the Enigma of Insecurity
Maintain Hygiene
Unravel the Enigma of Insecurity
Unravel the Enigma of Insecurity
Epidemiology is the science that studies the pa^erns, causes, and effects of health and disease
condi;ons in defined popula;ons
Unravel the Enigma of Insecurity
Epidemiology : Cholera @ 1854
Epidemiology : Ebola -‐ Bats
Epidemiology : Swine Flu -‐ Birds
Unravel the Enigma of Insecurity Time
Disease Prevalen
ce
First successful vaccine for diphtheria in 1913, Diphtheria has largely been eradicated in industrialized naXons
Polio is now on the verge of eradicaXon due to a vaccine developed in the 1950s
Smallpox was officially eradicated in 1977
Measles was declared to have been eliminated in North, Central, and South America
Surgery, radiotherapy, and chemotherapy, Cancer have higher cure rates
Highly acXve anX-‐retroviral therapy (HAART) has made AIDS a tractable disease, discovery of post-‐exposure prophylaxis or PEP
Ebola is contained
No outbreak of SARS is reported in last few years
Unravel the Enigma of Insecurity
Timeline of Targeted Attacks
Aug
Sep Oct
Nov Dec
Jan Feb
Mar Apr
May June
July
h"p://www.bankinfosecurity.in
UPS Store 105,ooo
records exposed
The Home Depot 56M people affected
Sony $15 M financial loss
Anthem 80M records exposed
OPM 22M Social
security numbers affected AshleyMadison
37M personal records exposed
2014 2015
Premera Blue Cross Medical Informa;on Of 11 Million Customers Exposed
AdultFriendFinder 4 million records
IRS hacked 100K records stolen
Orange Spain 10 million user records exposed
DDoS on PlaystaXon 110 million users
Dropbox 6,937K creden;als compromised
Unravel the Enigma of Insecurity
An Analogy: WE ARE LOSING THE FIGHT !
Spread of Diseases
Spread of Cyber Threats
Time
Prevalen
ce
Unravel the Enigma of Insecurity Years 2011
Cost (in $b
n)
2012 2013 2014 2015 2019 2021
0 15
0 30
0 45
0 60
0 .
. .
75
0 21
00
2900
114 110
375 400
575
2.9 Trillion
An Analogy: WE ARE LOSING THE FIGHT ! Cost of Cybercrimes
2.9 Trillion
Unravel the Enigma of Insecurity
There were over 3,007,682,404 data records lost or stolen since 2013 Xll Mar-‐2015
3,221,670 records lost every day in Jan-‐15
134,236 records
every hour
2,237 records
every minute
37 records
every second
55.28% 24.08%
16.07%
3.44% 1.13%
Breach by Source
Malicious Outsider
Accidental Loss
Malicious Insider
State Sponsored
Hack;vist
9.63%
56.59%
5.13%
4.23%
20.55%
3.87%
Data Records Lost/Stolen by Industry
Technology
Retail
Educa;on
Government
Financial
Healthcare
Source: h"p://breachlevelindex.com (Jan 2014 – Dec 2014)
Cyber Hazard
Unravel the Enigma of Insecurity
Cyber Pandemic You are in IT !!!!!!! Large Giants being taken out with hacks invented a long time ago
Unravel the Enigma of Insecurity
The Facts…
“When we look at these risks in pandemic scenarios, the whole supply chain starts to suffer”
Unravel the Enigma of Insecurity
United States
World bank
United Kingdom
InternaXonal Monetary Fund
Germany
France
Canada
Gates FoundaXon
Japan
China
$750m
$400m
$201m
$150m
$140m
$130m
$89m
$57
$50
$40
$33m
$26.5
$25m
$12m
African Development Bank
Paul G. Allen Family FoundaXon
Mark Zuckerberg
India
Collateral Damage…
Funds pledged to fight the 2014 Ebola outbreak (in million U.S. dollars)
Unravel the Enigma of Insecurity
HONG KONG
CHINA
TAIWAN
SOUTH KOREA
INDONASIA
THAILAND
PHILIPPINES
The cost of SARS* (% of GDP)
1.5%
0.8%
The Cost of SARS: Initial estimates, Asian Development Bank
$bn
4%
1.9%
0.5%
1.4%
23%
1.6%
0.5%
SOURCE : ADB
SINGAPORE
MALAYSIA
Collateral Damage…
Unravel the Enigma of Insecurity
Cyber Pandemic Collateral Damage… Who would feel the impact the most, and how?
Everybody
And How?
Unravel the Enigma of Insecurity
Least Expensive Data Breach Costs $750,000 to Resolve
h^p://www.ponemon.org/
According to the Ponemon Report of 2014 the average global loss that businesses incurred due to security breaches was $3.5 million. While the costliest data breach cost $31 million to resolve, the least expensive one set them back by at least $750,000
Unravel the Enigma of Insecurity
Quarantine
Vaccine
Cyberpandemic Timeline
IDS
IPS
Firewall
Policy
Education
Cyber Hygiene
Unravel the Enigma of Insecurity
1: <configuration>
2: <system.web>
3: <sessionState mode = <"inproc" | "sqlserver" | "stateserver">
4: cookieless=“true">
5: </system.web>
6: </configuration>
Vulnerable Code Secure Code 1: <configuration>
2: <system.web>
3: <sessionState mode = <"inproc" | "sqlserver" | "stateserver">
4: cookieless=“false">
5: </system.web>
6: </configuration>
If cookieless is set to true, then the URL is used to transfer session tokens, which are vulnerable to Session Hijacking and MITM ahack
If cookieless is set to false, then cookies are used to transfer the session token, which secures the session tokens
Wrong Code vs. Correct Attack
Unravel the Enigma of Insecurity
Types of Vaccine
ACTIVE IMMUNIZATION Measles, Mumps, Yellow Fever, Rotavirus Ethical Hacker (AnXgen and AnXbody)
PASSIVE IMMUNIZATION Tetanus
Secure Code (AnXbody) Immunological Memory
Unravel the Enigma of Insecurity
The Point
001000101110001010110010 010001001110001010110010 010111001000001010110010 010111000001011010110010 010111000101110010110010 010111000101011000010010
The Vaccine Secure Coding
Unravel the Enigma of Insecurity
Making of the Perfect Storm
BUT IS THAT ENOUGH ?
Unravel the Enigma of Insecurity
But with Social Media – Social Distancing is Dead
Social distancing is a strategy for SARS, Ebola etc.
Unravel the Enigma of Insecurity
4400 Death Per Annum
14% Consider Suicide
7% Attempt Suicide
Unravel the Enigma of Insecurity
Ronan Hughes, a 17-‐year-‐old from Co Tyrone, Northern Ireland killed himself ajer being blackmailed into posXng pictures of himself online.
At his funeral, parish priest Fr Benny Fee told mourners "He did not take his own life. His life was taken by these faceless people who put the child into a burning building that he felt he could not escape".
Ronan, a talented goalkeeper with the Clonoe O'Rahilly's gaelic football club, and a student at St Joseph's Grammar in Donaghmorehad, told his parents about the bullying and they went to the police, but unfortunately that did not help.
Ronan Hughes 1998-2015
CYBERBULLYING: CASE STUDIES
Hannah Smith, a 14-‐year-‐old girl from Lu^erworth, Leicestershire, England, hanged herself in her bedroom on August 3rd, 2013. Her body was discovered by her older sister.
In the weeks leading up to her death, Smith had been subjected to cruel taunts and insults about her weight and a family death on Ask.fm, a quesXon-‐and-‐answer social networking site that allows anonymous parXcipaXon. Bullies on Ask.fm urged her to drink bleach and cut herself. According to Hannah’s father, she went to Ask.fm to look for advice on the skin condi;on eczema.
Following the suicide, Hannah’s older sister, Jo, described how, just days aJer discovering her younger sister’s body, she started receiving abusive messages on Facebook mocking her loss and blaming her grieving father’s paren;ng skills for the tragic death.
Hannah Smith 1999-2013
Unravel the Enigma of Insecurity
EXA
MPL
E O
F TH
E PA
ND
EMIC
1:
CY
BER
BULL
YIN
G
Unravel the Enigma of Insecurity
EXAMPLE OF THE PANDEMIC 2: CYBER BULLYING
h"p://www.lavasoF.com
Unravel the Enigma of Insecurity
What Can We Do To Keep Children Safe?
Educate your children about cyberbullying
Keep home computer in a busy part of the house
Report abuse to the website administrators
Block or delete the Cyber-‐Bully
Don’t let your children include personal informaXon in online profiles
Unravel the Enigma of Insecurity
Unravel the Enigma of Insecurity
Hygiene is the Best Prevention
Cyber Hygiene Cyber Knowledge =
Unravel the Enigma of Insecurity
Creating Hygiene
Courses Gamification
Awareness Academia
Unravel the Enigma of Insecurity
Supporting Wounded Warriors
Unravel the Enigma of Insecurity
Thank You
Unravel the Enigma of Insecurity
Making of the Perfect Storm
If a hostile group was to terminate emergency communications during a powerful hurricane OR if cyber terrorists takes over your defense systems.