three things we know · • keylogger ‐a keylogger is a kind of spyware. it is a computer program...
TRANSCRIPT
10/4/2013
1
Cyber Security Risk in the Global Organization:
Trends, Challenges and Strategies for Effective Management
David Childers, CIPP, OCEG FellowCEO, Compli
Scott JohnsonCEO Trailblazer International
Former Deputy Assistant Director, Office of Investigations US Secret Service
Three Things We Know
10/4/2013
2
Three Things We Know…
There is no data security
There is no data security
Every enterprise, regardless of size, is a
target for cybercriminal activity. Today’s
cybercriminals are smarter, better organized
and developing sophisticated tools and
malware code that is making it difficult if
not impossible to defend your data.
10/4/2013
3
Glossary of Terms• Adware – Although generally harmless, adware is considered Malware it offends our ideas of informed consent. For
example, you are invited to download a handy toolbar for your browser: it is also a mechanism for serving advertising to your browser or desktop but this is not explained to you.
• Blind Drop – A drop that is well hidden and is designed to run while unattended, until an attacker comes to collect the data. In the case of remote access Trojans, can also refer to file hidden locally.
• Bot – A computer infected with software that allows it to be controlled by a remote attacker. Also used to refer to the malware itself which allows that control.
• Downloader – A small piece of code, usually a single instruction, used in the payload of an exploit to silently fetch a malicious EXE file from the attacker's server.
• Drop – A clandestine computer or service [such as e‐mail account] that collects data stolen by a Trojan.
• Exploit – Code used to take advantage vulnerabilities in software code and configuration, usually to install malware.
• Form‐grabber – A program that steals information submitted by a user to a web site. (Originally forms were the only way to submit user input to a web server, but now the meaning has changed to encompass any HTTP communication using a POST request.)
• iFrame – A special tag used to load one web page into a part of another webpage. Used by iFramers to load malicious code, often JavaScript, onto an otherwise trusted page.
• Keylogger ‐ A Keylogger is a kind of Spyware. It is a computer program or piece of code that collects a record of all the keys you type on your keyboard.
• Malware – Any executable code that uses a computer in a way not authorized by it's owner. Includes Trojans that install backdoors, spyware, bot clients, keyloggers, worms, viruses, or other malicious code.
• Packer – A tool used to compress and scramble an EXE file. Used to hide the malicious nature of malware and thwart analysis by researchers.
• Phising ‐ attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.
Glossary of Terms• RAT ‐ Remote Access Trojan, malware that allows an attacker to remotely control a infected PC or "bot".
• Redirect – A feature of HTTP used to automatically forward someone from one web site to another. In the case of malware, redirects are done invisibly, sometimes inside iFrames.
• Rootkit – Code that plugs into and changes the low‐level functions of an operating system. Used by malware to hide itself from users and even the operating system itself.
• Spyware ‐ Refers to programs that run without asking and invade your privacy. The intent is identity theft, including attempts to discover personal information such as your credit card details and passwords
• Torpig – A relatively new family of Trojans representing the latest in malware capabilities, including the ability to hide itself and provide backdoor access for installing other configurations, components, or even other Trojans.
• Trojan – A program that attempts to hide its malicious code by masquerading as an innocuous program most commonly through the use of a "packer."
• Variant – Malware that is produced from the same code base (or "family") as a previous version but is different enough to require new signatures for detection by anti‐virus and anti‐malware products.
• Virus ‐ A virus is a computer program or piece of code that can copy itself – and spread to more computers by making copies of itself. A virus is very likely to be malware, i.e. part of an attempt at vandalism, theft, spying or extortion.
• VXer – Originally, a virus writer. Now refers to anyone involved in the production or use of malware.
• Worm ‐ A worm is a program or piece of code that copies and spreads itself to many computers. Unlike a virus, a worm does not rely on infecting a host file. The term 'worm' is used to identify programs that aim to spread through a network, by whatever means possible (including email and SMS), without users knowing about it.
• Zombie – Following the infection of your computer with a virus or a worm the Malware code can employ your machine to do things such as spread spam or attack other computers or networks.
10/4/2013
4
There is no data securityMalware-as-a-Service• Carberp Trojan or Syscron goes
for $40K for full version
• SpyEye Trojan sold for $10K in 2011 is now $600
• Zeus Trojan sold for $10K is now $380
• Malware injection scripts are as little as $5 each and can be done as a MaaS subscription for $50 per month
The Industrialization of Fraud Demands a Dynamic Intelligence‐Driven Response,
EMA and RSA, March 2012
There is no data security
10/4/2013
5
No Secret in the Underground
Also Trafficked
“ Western university databases for sale USA, CA - also hack for hire ”
“Verified vendor” provides list of hacked databases for sale: universities, a bank, payment systems, job sites, e-shops, etc.
10/4/2013
6
Breaches of Service (ID Theft)
Accounts for researching SSN/DOB
Three Things I know…
We are living in a world with unprecedented
data risk
10/4/2013
7
Unprecedented Data Risk
• Social Media
• Global Threats
– Espionage
– Cyber Crime
– Activists
• Third-Parties
• BYOD
Unprecedented Data Risk• Two-thirds (67%) of the working professionals surveyed had worked
outside their offices within the past year with some type of sensitive data – customer credit card numbers (26%) – customer Social Security numbers (24%)– patient medical information (15%)– internal corporate financial information (42%)
• Convenience is more important than privacy and security for employees working outside the office. – One in four (26%) users said they accessed corporate e-mail on an
unprotected network in a high-traffic public area
• 70% of those surveyed said their companies had no explicit policies on working in public places
The Visual Data Breach Risk Assessment Study, conducted by People Security and commissioned by 3M
10/4/2013
8
Volumes in the Headlines
Not Just Financial Data
10/4/2013
9
Three Things I know…
In terms of a data breach or data loss, it is not a matter of if but when
Global Data Breach Statistics
• Cyber crime is the fastest growing economic crime – up more than 2300% since 2009
– More lucrative than selling drugs!
– Stolen Data has a long “shelf life”
• 68% of those surveyed globally had experienced a breach event– 22% had 10 or more!
– Malicious breaches are the most expensive and damaging
– 63% of breaches nationally are human error, negligence or system errorPonemon Institute global survey for CIO, CSO and PwC, Global State of Information Security 2013
• 60% of HCCA/SCCE responding organizations had suffered an incident in the last year, and 20% had suffered four or more
– Human error and electronic exploitation split 50-50Data Breach Incidents & Responses - A 2012 Survey by SCCE and HCCA
10/4/2013
10
Who are the Victims?
How do Data Breaches Occur?
10/4/2013
11
What Commonalities Exist?
Where help is available
• Atlanta • Baltimore • Birmingham • Boston • Oklahoma • Buffalo • Charlotte • Chicago • Cleveland • Dallas• Houston • Las Vegas
• Los Angeles • Louisville• Miami • Minneapolis• New York/New Jersey• Orlando• Philadelphia• Phoenix• Pittsburgh• San Francisco• Seattle• South Carolina• Washington DC
U.S. Secret Service Electronic Crimes Task Forces
10/4/2013
12
Data Breach Costs
$188 per record lost*Prevention Pays:
• Pre-Prepared Data Breach Response Plan saves $42 per record
• Strong Security Posture saves $34 per record
• Having a CISO or CPO saves $13 per record *US Average
2013 Cost of Data Breach Study: Global Analysis Benchmark research sponsored by Symantec, Independently Conducted by Ponemon Institute LLC. May 2013
Data Breach Costs
Collateral Damage
– Brand Reputation
– Share Price
– Employee Morale
– Business Relations
*US Average2013 Cost of Data Breach Study: Global Analysis Benchmark research sponsored by Symantec,
Independently Conducted by Ponemon Institute LLC. May 2013
Brand Value
Diminished 21%
Post a Breach
Event
10/4/2013
13
Compliance Time-Bomb
Data Privacy and Data Protection• Alphabet Soup…
HIPAA GLBA COPPA
FISMA FCRA CAN-SPAM
FACTA FTCA FERPA
PPA PIC ECPA
• 3rd Party Contractual Agreements
• NGO and CSR “requirements”
Data Security is a PICNIC
Problem
In
Chair
Not
In
Computer
10/4/2013
14
Creating the Human Firewall• Train employees about
the data risks in your organization– Physical– Psychological
• Monitor risks and keep training and awareness up to date
• “Think like the bad guys"
• Build from “Teachable Moments”
Creating the Human Firewall
• Recognize that this is a cultural shift– Think Harassment or Workplace Safety– Expect and promote secondary benefits for employees
• Start the change process with people who have disproportionate influence in the organization
• Look for ways to get people to experience the harsh realities that make change necessary
• Look for ways to redistribute resources toward “hot spots” – activities that require few resources but result in large change
10/4/2013
15
IT Integration Checklist
• Use Strong Passwords and Change them Regularly
• Keep your desktop anti-virus software up-to-date
• Control access to sensitive data– Physical
– Limit network access
• Know which BYOD are being used and understand their unique vulnerably
Questions?
[email protected]@trailblazerintnational.com