turning your cybersecurity toddlers…into warriors! · top 5 causes of data breaches in healthcare...
TRANSCRIPT
0
Into Warriors!
Simple lessons to fill the knowledge gap within your staff
Turning Your Cybersecurity Toddlers…
@shambanIT
Shira ShambanDome9 Security
1
2
3
4
5
You and your staffAre NOT going to
keep up with Technology
@shambanIT
Today, Enterprises Average…
ZDNet – “Security landscape plagued by too many. Nov. 2016
different security vendors installed in their company to solve problems
@shambanIT
ALERT!!!!ALERT!!!!
ALERT!!!!ALERT!!!!
ALERT!!!!ALERT!!!!
ALERT!!!!ALERT!!!!ALERT!!!!
ALERT!!!!
You and your staffAre NOT going to
keep up with Technology
@shambanIT
11 @shambanIT
Top 5 Causes of Data Breaches in Healthcare
The elephant in the figures is the number of incidents where the
discovery was measured in months or years….
12
Protected HealthInformation DataBreach ReportVerizon – March 2018
#1. Human Error: 33.5%
#2. Misuse: 29.5%
#3. Physical (mostly theft): 16.3%
#4. Hacking: 14.8%
#5. Malware: 10.8%
@shambanIT
Top Three Causes – JDL Group – January 2018
#3. Human ErrorReuters reports 73% of data breaches happen because of the people operating machines
14
#2. Ransomware & Malware
#1. Password Problems 63% of investigated breaches involved weak, stolen or default password
Verizon recently reported ransomware is the fifth most common type of malware.
@shambanIT
15
Why So Much Phishing? It Works...
@shambanIT
16
We All Have a Dave…
@shambanIT
Understanding the Basics of CD/CR Security
17 @shambanIT
We Don’t Need Faster Horses
“If I had asked people what they wanted, they would have said faster horses.”
19
― Henry Ford
@shambanIT
So, what is the secret ingredient?
Understanding the Basics of CD/CR Security
21
• Don’t monitor the logs, monitor the unusual findings“I don’t need logs, I have an AV”“I keep all of my logs…“I use the default AWS configuration”• 80% of the problems repeat themselves
• Whatever it is that you’re doing with your logs – It’s not working – time for a change
21
I think”
@shambanIT
Logs Provide…
Your Logs are the Secret Ingredient● How Long to Keep?
● Sources and Variety?
● Scalability
○ Easily add new (future) sources
● Detection Algorithms Used
○ How detailed/granularity
● Supporting User Interface
The Secret Recipe…
@shambanIT
Phishing email User clicked link
Username and password stolen
Criminal hacker has privileged
access to AWS
Criminal hacker deployed bitcoin
mining assets
Awareness program
URL scanning for email Enforce 2FA Least privilege
principleGive very specific policies to users regarding assetsprevent
Detection tool Detection tool Monitor login patterns
detectMonitor activity patterns and unusual events, like
creating of new keys, users etc
Monitor activity patterns and unusual events like
new assets, unusual billing, CPU, DNS requests
Money loss!
Typical Attack Vector
A Complete 360 Degree View Is Impossible…
Without Logs!
@shambanIT
PII breach, including emails and passwords
User re-used password for AWS account
Criminal hacker has privileged
access to AWS
Criminal hacker moves around the VPC, looking for
sensitive DB
Criminal hacker encrypted DB,
asking for ransom
Enforce strong password policy awareness
Enforce 2FA, least privilege least privilege Backup!
haveibeenpwnedMonitor login
patternsMonitor Internal port scan, failed login attempts
Monitor activity patterns and unusual events, like
creating of new keys, users etc
Monitor unusual account activity
prevent
detect
Money loss, reputation, compliance
Remember! Logging is For EVERYONE
Typical Attack Vector
@shambanIT
Love Your Logs!
30
Focus On The Big Rocks First
Automate Remediation
31
Repetitive problems are easier to remediate
Hire Expert(s) to Create Cluster- Address the Top 10 Recurring Problems
Hire Expert(s) to Prepare Appropriate Solutions
Allow Machine to Label Each ProblemIf Yes – Auto RemediateIf No – Escalate to Human
@shambanIT
33
I have a problem Other people have that problem (or similar)
I wonder how they solved it
I will share my solution with the community
ow they solved it
Others will share their own solutions, we exchange
knowledge
Security is improved!
Remediation – What’s The Future…Crowdsourcing
@shambanIT
Free Your Warriors!
34 @shambanIT
35
Thank YouAny Questions? I Dare You!
Shira ShambanHead of Security Research
@shambanIT