The Current State of Cyber Security and How to Defend Your Data
Jacob Kelley Sam Morales Our History Our Services & Solutions
The act of manipulating people to accomplish goals that may or may not be in the “target’s” best interest Example – Your child uses social engineering to get you to buy a toy they want Or – A hacker gets you to plug a USB device into your PC Social Engineering is a tactic that is widely used by hackers/attackers to gain access to systems By exploiting our inherent proclivity for kindness, attackers use our own nature against our best interests Imagine you find a thumb drive laying around in the office or parking lot – What do you do?
Common hacker tools now have infrastructure exploits Secure infrastructure devices exist – but are they patched? Brazil blackouts spur hacking fears Anchorage traffic signs hacked Stuxnet/Natanz disruption
Hacktivism is politically motivated hacking Recently, hacktivism has seen a drastic increase in volume and visibility Conduct a Google search for “Anonymous HB Gary” to see how damaging hacktivism can become Gary McKinnon “hacked” NASA by logging on with default (read:no) password
President Obama confirmed Stuxnet was developed by US and Israel Iran claims USAF drone rootkit/keylogger was theirs Plan X – DARPA’s cyber warfare project
Most organizations opt to use “BYOD” without considering the implications 89% of corporations have mobile devices connecting to their networks 65% allow personal devices to connect to corporate networks Android platform widely viewed as most risky and least secure Android growth outpacing Apple – corporate risk rising Almost 3 out of 4 IT Professionals ranked careless employees as a greater security risk than hackers
FBI ranks Cyber Attacks as third greatest threat to the U.S. behind nuclear war and WMDs (weapons of mass destruction) Over 10 Million Cyber Attacks daily Cyber Attacks up 93% in 2011 Due to Cyber Criminals using “attack Kits” Cyber Attacks could paralyze the nation – 2012 Leon Panetta Secretary of Defense report
“An ounce of prevention is worth a pound of cure” Australian government has provided excellent free advice See Australia’s 35 Strategies to Mitigate Cyber Intrusions 4 Basic strategies prevent over 90% of intrusions Application Whitelisting, Patching OS, Patching 3 rd Party Software, Limiting Admin Privileges Free Security Websites - NIST, US-CERT, SANS, etc… NSA Manageable Network Plan SANS – Free security resources 20 Critical Security Controls Free Security Templates
Follow basic security best practices Routine penetration testing, vulnerability assessment and review Social Engineering – training, policies, procedures, and prevention/protection Critical Infrastructure – one-way data flow, disaster recovery, backup configurations Hacktivism – SQL injection prevention/code review, DDoS prevention, network infrastructure planning, user education Cyber Warfare – see social engineering above
*Social Engineer Toolkit: *More Information about social engineering: *Iron key product available: *CNN Report on Cyber Warfare: *McAfee predicts high profile attacks: *Anchorage signs hacked: *Hacker tools to attack infrastructure: *Anonymous attacks against HB Gary: *Gary McKinnon hacks: *USAF Drone Gets Hacked: *Obama Confirms Stuxnet: iran.html?pagewanted=allhttp:// iran.html?pagewanted=all *Cyber Attacks FBI Ranks Third Behind Nuclear War and WMD’s: *Cyber Attacks Nearly Double in 2010: *10 Million Daily Cyber Attacks: *5.5 Billion Cyber Attacks in 2011: *Panetta Report: *35 Strategies to Mitigate Cyber Intrusions: *NSA Manageable Network Plan: *SANS Templates: *SANS Critical Security Controls: *Social Engineering paper: *Checkpoint study on mobile devices:
*Android growth outpacing Apple in 2012: *Iran set to take legal action in response to Stuxnet: *TED talk about Stuxnet: *Slide 3 image credit: *Slide 4 image credit: *Slide 5 image credit: *Slide 8 image Credit: *Slide 10 image Credit: *Brazillian blackouts: *Hacktivism statistics: *Smartphone sales outpace PCs: