using technology and techno-people to improve your threat resistance and cyber security
TRANSCRIPT
![Page 1: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/1.jpg)
Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security
Stephen Cobb, CISSPSenior Security Researcher, ESET NA
![Page 2: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/2.jpg)
Protecting federal data systems• Requires: – technical and human elements– properly synchronized
![Page 3: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/3.jpg)
We have the technology• Anti-malware• Firewalls• 2-factor authentication• Encryption• Network monitoring• Filtering
![Page 4: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/4.jpg)
And the technology is getting smarter • Cloud-based reputation, signatures, big
data• But technology is undermined when your
workforce is not trained to play defense
![Page 5: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/5.jpg)
Waiting for technology alone to solve the data security problem? Dream
on…
![Page 6: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/6.jpg)
Techno-people• Not everyone needs to be technical,
but:• We are all computer users• Data security is everyone’s
responsibility• Everyone needs to understand the
threats• And the defensive strategies
![Page 7: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/7.jpg)
Today’s agenda• Scale of the problem • Nature of our adversaries• Information security’s 9 patterns• Patterns applied to federal agencies• How to improve the coordination of
people and technology to address those patterns
![Page 8: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/8.jpg)
April 2014 GAO report• Information Security
– Federal Agencies Need to Enhance Responses to Data Breaches
• (GAO-14-487T)
• A lot of work still to be done, across numerous agencies– Improve security– Improve breach response
![Page 9: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/9.jpg)
2009 2010 2011 2012 2013
29,999
41,776 42,85448,562
61,214
The scale of the problem• Information security
incidents reported to US-CERT by all agencies
• Number of incidents up• More data to defend?• Improved reporting?
![Page 10: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/10.jpg)
Exposure of PII is growing• More incidents involving
Personally Identifiable Information (PII)
• Why?– Thriving black market for
PII• Impact
– Seriously impacts individuals
– Growing public displeasure– Heads may roll
2009 2010 2011 2012 2013
10,48113,028
15,584
22,156
25,566
![Page 11: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/11.jpg)
A federal PII breach example• July 2013, hackers get PII of 104,000+
people– From a DOE system
• Social Security numbers, birth dates and locations, bank account numbers– Plus security questions and answers
• DOE Inspector General: cost = $3.7 million– Assisting affected individuals and lost productivity
![Page 12: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/12.jpg)
What happens to the stolen data?• Sold to criminal enterprises
– For identity theft, raiding bank accounts, buying luxury goods, laundering money
• Lucrative scams like tax identity fraud
![Page 13: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/13.jpg)
The market for stolen data has matured
![Page 14: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/14.jpg)
![Page 15: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/15.jpg)
![Page 16: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/16.jpg)
All driven by proven business strategies
Specialization Modularity
Division of labor Standards
Markets
![Page 17: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/17.jpg)
An overwhelming problem?• Not if we analyze security incidents• 2014 Verizon Data Breach Investigation
Report• 92% of incidents categorized into 9
patterns– True for 100,000 incidents over 10 year period– True for 95% of breaches in the last 3 years
![Page 18: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/18.jpg)
The Big 9• Point-of-sale intrusions• Web app attacks• Insider/privilege misuse• Physical theft and loss• Miscellaneous errors• Crimeware• Payment card skimmers• Denial of service• Cyber-espionage• Everything else
![Page 19: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/19.jpg)
Industry sectors not affected equally
34%
24%
21%
19%
2%
MiscellaneousInsider MisuseCrimewareTheft/LossEverything Else
Just 4 main patterns where victim industry = Public
2014 Verizon Data Breach Investigation Report
![Page 20: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/20.jpg)
Let’s count down the top 4• Miscellaneous• Insider and privilege misuse• Crimeware• Physical theft/loss• Everything else
![Page 21: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/21.jpg)
Pattern #4: Physical theft and loss• Cause of 19% of
public sector security incidents
• It’s people!• Screen, educate,
supervise• Reduce impact by
using encryptionDatabase
Tapes
Other
Flash drive
Desktop
Documents
Laptop
Other
11
36
39
102
108
140
308
892
2014 Verizon Data Breach Investigation Report
![Page 22: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/22.jpg)
Pattern #3: Crimeware• Accounts for 21%• It’s people
abusing technology
• Can be solved with the right anti-malware strategy
• Endpoint AND server scanning Removable media
Unknown
Remote injection
Other
Download by malware
Email link
Email attachment
Network propogation
Web download
Web drive-by
1%
1%
1%
2%
2%
4%
5%
6%
38%
43%
2014 Verizon Data Breach Investigation Report
![Page 23: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/23.jpg)
Pattern #2: Insider and privilege misuse• 24% of incidents• Again it’s people!• Can be fixed!– Education– Awareness– Screening
Auditor
System admin
Developer
Other
Executive
Call center
Manager
Finance
End-user
Cashier
1%
6%
6%
7%
7%
9%
13%
13%
17%
23%
2014 Verizon Data Breach Investigation Report
![Page 24: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/24.jpg)
Pattern #1: Miscellaneous Errors• 34% of incidents• Human error!• Can be fixed!– Training– Awareness– Oversight
Maintenance error
Other
Omission
Gaffe
Programming error
Malfunction
Misconfiguration
Disposal error
Publishing error
Misdelivery
1%
1%
1%
1%
3%
3%
6%
20%
22%
44%
2014 Verizon Data Breach Investigation Report
![Page 25: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/25.jpg)
Strategy for doing better• Technologies and people working together• If they don’t you get: Target
– Malware was detected– Exfiltration detected– But nobody reacted– Training and awareness?– Clearly lacking
![Page 26: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/26.jpg)
Security training and awareness• You need both, but what’s the difference?• Training
– Ensure people at different levels of IT engagement have the knowledge they need
• Awareness – Ensure all people at all levels know the threats
and the defensive measures they must use
![Page 27: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/27.jpg)
Who gets trained?• Everyone, but not in the same way:
– All-hands training– IT staff training– Security staff training
![Page 28: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/28.jpg)
How to deliver training• In person• Online• On paper• In house• Outside contractor• Mix and match• Be creative
![Page 29: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/29.jpg)
Incentives?• They work!
– Drive engagement– Encourage compliance
• But need reinforcement– Security in job descriptions– Evaluations– Rewards
![Page 30: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/30.jpg)
Use your internal organs• Of communication!• Newsletter• Internal social media• Physical posters• Add to meeting agendas• Email blasts
![Page 31: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/31.jpg)
How to do awareness• Make it fun• Make it relevant• Leverage the news• Remember:
– Everyone now has a vested interested in staying current on threats to their/your data
![Page 32: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/32.jpg)
Awareness example: phish traps• Train on phishing• Send out a phishing
message• Track responses• Report card and re-
education– No naming &
shaming
![Page 33: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/33.jpg)
Awareness example: flash phish• Train on media scanning• Sprinkle USB/flash drives
– Sample file/autorun• Track results
– Inserted? Scanned? Reported?• Rewards or re-education
– Again, avoid name+shame
![Page 34: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/34.jpg)
Resources to tap• CompTIA• ISSA • SANS• (ISC)2
• Vendors• Websites
![Page 35: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/35.jpg)
![Page 36: Using Technology and Techno-People to Improve your Threat Resistance and Cyber Security](https://reader036.vdocument.in/reader036/viewer/2022081521/54275d0f8d7f7264408b599d/html5/thumbnails/36.jpg)
Thank you!• Stephen Cobb• [email protected]
• We Live Security• www.welivesecurity.com
• Webinars• www.brighttalk.com/channel/1718
• Booth Number 826