1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.

Slides:

Advertisements

Similar presentations

1 MIS 2000 Class 22 System Security Update: Winter 2015.

Advertisements

COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Internet, Intranet and Extranets

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Appendix B: Designing Policies for Managing Networks.

7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.

McGraw-Hill © 2008 The McGraw-Hill Companies, Inc. All rights reserved. Chapter 8 Threats and Safeguards Chapter 8 PROTECTING PEOPLE AND INFORMATION Threats.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Threats and Attacks Principles of Information Security, 2nd Edition

Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

INFORMATION SECURITY AWARENESS PRESENTED BY KAMRON NELSON AND ROYCE WILKERSON.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

SiteLock Internet Security: Big Threats for Small Business.

Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Norman SecureSurf Protect your users when surfing the Internet.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

Threats and vulnerabilities

Computer Security Fundamentals Chuck Easttom Chapter 1 Introduction to to Computer Security.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

Keeping Information Safe Task 4. Basic security measures Passwords Change password on regular basis Do not use names or words easily linked to yourself.

Did You Hear That Alarm? The impacts of hitting the information security snooze button.

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

Security Squad Keeping your Equipment and Information Safe Security Squad Keeping your Equipment and Information Safe Security Squad Video Series, Part.

Hacking and International Investigations Presented By: Nenette Day Harvard University Extension School.

Privacy & Security Online Ivy, Kris & Neil Privacy Threat - Ivy Is Big Brother Watching You? - Kris Identity Theft - Kris Medical Privacy - Neil Children’s.

Database Vulnerability And Encryption Presented By: Priti Talukder.

© 2010 Verizon. All Rights Reserved. PTE / DBIR.

INGOTs Computer Security Name: Elliot Haran. Introduction  Staying safe on the internet  Learning to deal with Cyber Bullying, Stalking and grooming.

Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.

Communications & Networks National 4 & 5 Computing Science.

Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.

Computer Security By Duncan Hall.

Safe’n’Sec IT security solutions for enterprises of any size.

Chapter 6 Discovering the Scope of the Incident Spring Incident Response & Computer Forensics.

Cybersecurity Test Review Introduction to Digital Technology.

E-business.   E-business is doing business online.  Doing business on the Web allows even small companies to reach international customers.  To sell.

Mr C Johnston ICT Teacher BTEC IT Unit 09 - Lesson 11 Network Security.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.

18-1 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein.

October 28, 2015 Cyber Security Awareness Update.

CDW — Proprietary and Confidential. Copying Restricted. For internal use only. About Mark Lachniet ► Mark Lachniet, Security Engineer at CDW ► Current.

E&O Risk Management: Meeting the Challenge of Change

Internet, Intranet and Extranets

WEL-COME Norton Internet Security Service Number Norton Internet Security Service Number

Unit 32 – Networked Systems Security

Secure Software Confidentiality Integrity Data Security Authentication

Authentication 2.0: User Generated Security

Internet, Intranet and Extranets

Recommending a Security Strategy

E-commerce Application Security

Forensics Week 11.

BOMGAR REMOTE SUPPORT Karl Lankford

Cybersecurity Awareness

Internet, Intranet and Extranets

Unit 1.6 Systems security Lesson 3

“CYBER SPACE” - THE UNDERGROUND ECONOMY

Risk of the Internet At Home

Digital Forensics in the Corporation

About Mark Lachniet Mark Lachniet, Security Engineer at CDW

How to keep the bad guys out and your data safe

WJEC GCSE Computer Science

Security in mobile technologies

Cloud and Database Security

AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.

Presentation transcript:

1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors

2 Title Who is Doing it?  70% of breaches involved External agents  48% of breaches involved Internalagents  11% of breaches involved Partner agents  Any breach can involve multiple individuals  E.g. An employee of a subcontractors steals Credit Card numbers and delivers the Credit Card Numbers to an external 3 rd party

3 Title Who is Doing it?  External Agents (70% breaches, 98% of lost data)  24%Organized Criminal Group  21%Unaffiliated Person(s)  3%External Systems or Sites  5%Others (Former Employee, Partner, Competitor, Customer)  45% Unknown

4 Title Who is Doing it? Internal Agents (48% of Breaches, 3% of records) Demographics (90% Deliberate )  51% Regular Employees / end user  12% Finance / Accounting  12% System Admin  7%Upper management  8%Other ( Help desk, Software Dev, Auditor)  9% Unknown

5 Title Who is Doing it?  Partner Agent (11% of Breaches, 1% of records)  3 rd party “hijack” Partner,  Deliberate act of Partner “Organization that outsource their IT management and support also outsource a great deal of trust to these partners. … poor governance, lax security, and too much trust is often the rule “ Verizon Data Breach Investigation Report (p. 19)

6 Title How Are They Doing it?

7 Title How did insiders do it?  Inter-connected factors and events  48% of breaches included Misuse of privilege  40% of breaches were by Hackers  38% of breaches used of Malware  28% of breaches used Social Engineering  15% of breaches were Physical attacks A single attack can may combine multiple vulnerabilities.

8 Title How did Outsiders do it?  Hackers methods  Web Applications 54%  Remote Access 34%  Backdoors 23%  Network file sharing 4%  Others (physical access, Wireless Network, unk)

9 Title Top 5 Methods of Attack  Webpage Access  Un / Improperly Secured Access  Trusted network connections  Trojans / Malware / Spyware  Employee Malfeasance

10 Title Top 5 Methods of Attack  Web Pages Unsecured web pages access SQL Injection Improperly designed website Oops - errors

11 Title Top 5 Methods of Attack  Un / Improperly Secured Access  Abandoned / Unguarded computers.  Computers with too many connections  Brute Force  Backdoors

12 Title Top 5 Methods of Attack  Trusted network connections  Sub contractor / Sister company or agency

13 Title Top 5 Methods of Attack  Trojans / Malware / Spyware  of a Trojan  Social Engineering Telephone Contact Contact Internet contact (Chat, IM, etc)  Customized Malware (Largest attacks)  Back doors

14 Title Top 5 Methods of Attack  Employee Malfeasance  Abuse of system access  Use of un-approved hardware / device Rogue networks  Improperly handled data

15 Title Timelines facts  How long To Compromise Data  Most took days to months  31% took only Minutes  Time to Discovery  Most took weeks or months  5% took minutes  Time to Containment  Most took days to weeks *some even months

16 Title Some thoughts  98% came from servers (duh)  85% an not very difficult  61% Discovered by a 3 rd party  86% had evidence in log files about attack