2014: the year so far in cyber security

Slides:

Advertisements

Similar presentations

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.

Advertisements

Protecting Your Identity: What to Know, What to Do.

Windows 7 Project and Heartbleed Update Sian Shumway Director, IT Customer Service.

By Ashlee Parton, Kimmy McCoy, & Labdhi Shah

Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center.

Trojan Horse Program Presented by : Lori Agrawal.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

The Heartbleed Bug A vulnerability in the OpenSSL Cryptographic Library.

What is Wordpress?  WordPress has a web template processor. Users can re-arrange widgets without editing PHP of HTML code; they can also install and.

Website Hardening HUIT IT Security | Sep

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.

Protecting Customer Websites and Web Applications Web Application Security.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

8/1/2015. Please Ask Questions! 2 Hacks In The News Office of Personnel Management (OPN) Flash vulnerabilities Sony Heartbleed iCloud Leaked Pictures.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Did You Hear That Alarm? The impacts of hitting the information security snooze button.

PCI: As complicated as it sounds? Gerry Lawrence CTO

Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Cyber Security: Now and.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

Data Center Firewall. 2 Common IT Security Challenges Does my network security protect my IT environment and sensitive data and meet the regulatory compliances?

Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.

TECHNOLOGY GUIDE THREE Protecting Your Information Assets.

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Presenter: Le Quoc Thanh SPYWARE ANALYSIS AND DETECTION.

MANAGED SECURITY TESTING PROACTIVELY MANAGING VULNERABILITIES.

Data Security at Duke DECEMBER What happened: “At this time, we have no indication that research data or personal data managed by Harvard systems.

MORE MONEY FOR CYBER- SECURITY?. CYBER SECURITY: A TICKING TIME BOMB? Richie Sabu G/T Independent Research Howard High School Mr. Brian Price, Advisor.

15 years of Web Security © 2015 WhiteHat Security, Inc. Jeremiah Grossman Founder WhiteHat Security, Inc. The Rebellious Teenage Years.

ONLINE SAFETY AND SECURITY Computer Basics 1.5. INFAMOUS CYBER ATTACKS IN 2014 Sony Pictures: Attackers stole just about everything in the corporate network,

Security Mindset Lesson Introduction Why is cyber security important?

CYBER SECURITY PRACTICES: AN EXPERT PANEL DISCUSSION February 12, 2015 Harvard Business School Association of Boston.

Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.

ShapeShifter Jennifer Nguyen, Jordan Travis, Cian Connor, Rebecca Miller.

© 2015 IBM Corporation John Guidone Account Executive IBM Security IBM MaaS360.

External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.

Safe Computing Practices. What is behind a cyber attack? 1.

DEPARTMENT OF COMPUTER SCIENCE INTRODUCTION TO CYBER AND SECURITY.

Defining your requirements for a successful security (and compliance

EAST AFRICAN DATA HANDLERS DATA SECURITY/MOBILITY

IBM 2016 Cyber Security Intelligence Index

Cloud Firewall.

Team 1 – Incident Response

Domain | Cloud Hosting | VPS Hosting Providers

Common Methods Used to Commit Computer Crimes

Data Center Firewall.

TECHNOLOGY GUIDE THREE

Protecting Your Identity:

Cyber Security: State of the Nation

Hot Topics:Mobility in the Cloud

Javad Jahdi Master: M.M.Nematollahi

DEFCON TORONTO #4 Covering everything you need to know about the latest cyber attacks, zero days, data leaks, vulnerabilities and hacker lulz Presenter:

Pertemuan 16 Security Policies

E-commerce Application Security

Or how to learn to love the bomb

Today’s Risk. Today’s Solutions. Cyber security and

Cybersecurity Awareness

Myths About Web Application Security That You Need To Ignore.

I have many checklists: how do I get started with cyber security?

What is a CMS. CMS is content management system CMS is a software that stores content.

Protecting Your Company’s Most Valuable Asset

Windows 10 Enterprise subscriptions in CSP – Messaging Summary

Challenges and Successes in the Zambian ICT Security Sector

Convergence IT Services Pvt. Ltd

SHELLSHOCK ATTACK.

Presentation transcript:

2014: the year so far in cyber security Brian Markham, Director Compliance and Risk Services Division of IT 10/8/2014

2013: What a year Snowden/NSA Revelations Target/Neiman Marcus breaches Security in the news!

Some things to keep in mind Clicks are king Consider the source Hack vs. breach vs. something else Hat color

Nothing is ever 100% secure!

Home Depot

What happened? April 2014 - September 2014 Malware was variant of BlackPOS used in Target attack

What was the impact? 56M credit and debit cards compromised Largest credit card breach in history Credit monitoring for all customers between April and September!

What did we learn? Home Depot’s security program could have been better Compliance ≠ Security Data breaches have a material impact on a company’s finances and reputation

iCloud Photo “Hack”

What happened? Apple’s iCloud service was exploitable through a common access control flaw Credentials were guessed, accounts accessed Personal photos and videos were leaked Apple corrected the flaw, improved overall iCloud security

What was the impact? Discussion of cloud security Discussion of cloud privacy Victim shaming Apple publicly defends their commitment to security and piracy

What did we learn? Use two-factor authentication Security questions = Insecurity questions Victims are victims

Heartbleed

What happened? A vulnerability was found in the OpenSSL cryptographic software library Exploited the heartbeat extension of OpenSSL’s TLS/DTLS Exploitation was not detectable CVE-2014-0160

What was the impact?

What was the impact?

What was the impact? Websites using OpenSSL 1.0.1 - 1.0.1f are vulnerable and needed to be upgraded to 1.0.1g Up to 66% of the web sites exposed (Apache and nginx) New certificates issued Panic!

What did we learn? Open source software has many benefits; perfect security not one of them! OSS needs support and resources, especially when widely used Asset management is important

Shellshock

What happened Bash is the default shell for Linux and Mac OS X CVE-2014-6271

What was the impact?

What did we learn?

University of Maryland

What happened? Attacker used pivot points to explore the UMD network Found something good Reset user credentials for administrators Smash and grab

What was the impact? 287,580 records of faculty, staff, students and affiliated personnel Five years of free credit monitoring 100,000 X $20 = $2M Total costs ~$10M

What did we learn? Educational institutions will continue to be a “soft” target for attackers Rapid response is key Know your data!

Content Management Systems (CMS)

What happened Vulnerabilities in popular content management systems Drupal, Joomla, and Wordpress

What was the impact?

What did we learn?

Summary Security is in the news now more than ever These are complicated, difficult problems; very different from traditional crime and security

Any Questions?