wi dgs 15 presentation - cyber security - social engineering and hacktivism- reader
TRANSCRIPT
-
7/23/2019 WI DGS 15 Presentation - Cyber Security - Social Engineering and Hacktivism- Reader
1/22
How are Cybercriminals Threatening Security?
Robert Myles, CISSP, CISM
National Practice Manager, S&L Government
-
7/23/2019 WI DGS 15 Presentation - Cyber Security - Social Engineering and Hacktivism- Reader
2/22
Robert Myles, CISSP, CISM
USCG Retired
Recovering CISO with 15 years in Health Care, Academia & Financial servic
Public Safety Practice Manager, National responsibility for Federal, State, Government
25 Years in Information Security
28 years in Health Care
35 years in IT
CISSP (2001), CISM (2004)
IACP, APCO, AAMVA, NFCA, NCJA, NASCIO, IJIS, MS-ISAC CyberSecurity Tas
-
7/23/2019 WI DGS 15 Presentation - Cyber Security - Social Engineering and Hacktivism- Reader
3/22
Social Me
-
7/23/2019 WI DGS 15 Presentation - Cyber Security - Social Engineering and Hacktivism- Reader
4/22
Changing Landscape and Market Trends
Internet of Things
Mobility
Digital & Social Life Computing Ecos
-
7/23/2019 WI DGS 15 Presentation - Cyber Security - Social Engineering and Hacktivism- Reader
5/22
1. IDC, Digital Universe study, December 2012
2. IDC, Worldwide Disk-Based Data Protection and Recovery 2012-2016 Forecast, December 2012
1.2ZB7.9ZB
40
61.8%
THE WORLDS DATA IN 2010
THE WORLDS DATA BY
THE WORLDS DATA BY 2020
UNSTRUCTUREDGROWTH RATE TO
-
7/23/2019 WI DGS 15 Presentation - Cyber Security - Social Engineering and Hacktivism- Reader
6/22
Where
http://thedatamap.org/
http://thedatamap.org/http://thedatamap.org/ -
7/23/2019 WI DGS 15 Presentation - Cyber Security - Social Engineering and Hacktivism- Reader
7/22
Hacking
Old Motivation
Threat LandscapeA fundamental shift
Cyber CrimeCyber Espionage
Cyber Wa
-
7/23/2019 WI DGS 15 Presentation - Cyber Security - Social Engineering and Hacktivism- Reader
8/22
CYBERCRIME TO CYBERWAR
FBI reports th
Anonymous hav
government compinformation in a ca
a
In March 2012, Chinese hackers reportedly
gained access to designs of more than twodozen major U.S. weapons systems and stole
data from 100 companies
In 2010 Computer Worm Attacks Irans
Nuclear Facilities
-
7/23/2019 WI DGS 15 Presentation - Cyber Security - Social Engineering and Hacktivism- Reader
9/22
Specialization of Skill In The Attack Chain
Reconnaissance: Know your Targets
Incursion: Gain Access
Discovery: Create a Map to the Asset
Capture: Take Control of the Asset
Exfiltration: Steal or Destroy Asset
-
7/23/2019 WI DGS 15 Presentation - Cyber Security - Social Engineering and Hacktivism- Reader
10/22
The statistics arent surprising
OF ORGANIZATIONS HAVE >25 INCIDENTS EACH M60%
HAVE ROGUE CLOUD DEPLOYMENTS277%
INCREASE IN MOBILE MALWARE LAST YEAR3
6XAVERAGE # OF DAYS TO DISCOVER A BREACH 4243
-
7/23/2019 WI DGS 15 Presentation - Cyber Security - Social Engineering and Hacktivism- Reader
11/22
INTERNET OF THINGS
-
7/23/2019 WI DGS 15 Presentation - Cyber Security - Social Engineering and Hacktivism- Reader
12/22
123
BPM
23 56 KM
15 8
RISKRISK
RISK RISK
IoT: Architecture of Risk
INTERNET SECURITY THREAT REPORT 2015, VOLUME 20
Whether you consider smartphones part of IoT or not, they are part ofarchitecture of risks, with apps often being the user interface to IoT
-
7/23/2019 WI DGS 15 Presentation - Cyber Security - Social Engineering and Hacktivism- Reader
13/22
PII/LOGIN
CLEAR TEXT
20%*
NO PRIVACY
POLICY
52%
*Services that required a login
Security and Public Safety Apps : Example
INTERNET SECURITY THREAT REPORT 2015, VOLUME 20
How many other apps and websites is the same password usedon?
-
7/23/2019 WI DGS 15 Presentation - Cyber Security - Social Engineering and Hacktivism- Reader
14/22
APP ANALYTICS
AD NETWORKS
APP PROVIDER
SOCIAL MEDIA
APP FRAMEWORKS
CRM/MARKETING
UTILITY API
OS PROVIDER
MAX DOMAINS
CONTACTED
14
AVG DOMAINS
CONTACTED
5
How is Public Safety App Data Shared?
INTERNET SECURITY THREAT REPORT 2015, VOLUME 20
Each of these vendors could share your daagain
-
7/23/2019 WI DGS 15 Presentation - Cyber Security - Social Engineering and Hacktivism- Reader
15/22
Internet of Things and Privacy
INTERNET SECURITY THREAT REPORT 2015, VOLUME 20
1 in 4
68%
end users admitto not know what access they
when agreeing to terms of the app
were willing to trade privacy for a free app
Source: 2014 Norton Global S
-
7/23/2019 WI DGS 15 Presentation - Cyber Security - Social Engineering and Hacktivism- Reader
16/22
Password Attacks
October 6th, 2014
-
7/23/2019 WI DGS 15 Presentation - Cyber Security - Social Engineering and Hacktivism- Reader
17/22
The statistics arent surprising
OF ORGANIZATIONS HAVE >25 INCIDENTS EACH M60%
HAVE ROGUE CLOUD DEPLOYMENTS277%
INCREASE IN MOBILE MALWARE LAST YEAR3
6XAVERAGE # OF DAYS TO DISCOVER A BREACH 4243
-
7/23/2019 WI DGS 15 Presentation - Cyber Security - Social Engineering and Hacktivism- Reader
18/22
Copyright 2014 Symantec Corporation
The strategies of the past
support the infrastructure
and for the future
FERPA
GLBA
SOX
FISMA
HIPAA Privacy
HIPAA SecurityPCI
ARRA/HITECH
HIPAA Omnibus Rule
CJIS IRS 1075Auditing &Accountability
Physical Se
Personnel Security
Information Integrity
Media ProtectionConfiguratio
Manageme
Security AwarenessTraining
Acces
Incident ResponseIdentification &Authentication
Forma
Information Exchange
Agreements
Mobile Devices
FACTA
-
7/23/2019 WI DGS 15 Presentation - Cyber Security - Social Engineering and Hacktivism- Reader
19/22
Best Practices Implement UNIFIED SECURITY
INTERNET SECURITY THREAT REPORT 2015, VOLUME 20
Dont get caught flat-
footed
Use advanced threat intelligence solutions to help you find indicators of c
respond faster to incidents.
Employ a strong
security posture
Implement multi-layered endpoint security, network security, encryption
and reputation-based technologies. Partner with a managed security serv
your IT team.
Prepare for the worstIncident management ensures your security framework is optimized, mea
repeatable, and that lessons learned improve your security posture. Cons
with a third-party expert to help manage crises.
Provide ongoing
education and training
Establish guidelines and company policies and procedures for protecting
personal and corporate devices. Regularly assess internal investigation te
drillsto ensure you have the skills necessary to effectively combat cybe
-
7/23/2019 WI DGS 15 Presentation - Cyber Security - Social Engineering and Hacktivism- Reader
20/22
If it's Connected,
it's Vulnerable
Know the risks.
-
7/23/2019 WI DGS 15 Presentation - Cyber Security - Social Engineering and Hacktivism- Reader
21/22
Stay Informed
symantec.com/threatreport
Security Response Website
Twitter.com/threatintel
http://www.symantec.com/threatreporthttp://www.symantec.com/security_response/http://www.twitter.com/threatintelhttp://www.twitter.com/threatintelhttp://www.symantec.com/security_response/http://www.symantec.com/threatreport -
7/23/2019 WI DGS 15 Presentation - Cyber Security - Social Engineering and Hacktivism- Reader
22/22
Thank You
Robert Myles, CISSP, CISM
National Practice Manager, State & Local Government
@RobertMyles [email protected]
http://www.linkedin.com/in/robertmyles/