Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Current State of Cyber Security and How to Defend Your Data.

Published byPolly Chapman Modified over 8 years ago

Similar presentations

Presentation on theme: "The Current State of Cyber Security and How to Defend Your Data."— Presentation transcript:

1 The Current State of Cyber Security and How to Defend Your Data

2  Jacob Kelley  Sam Morales  Our History  Our Services & Solutions

3  The act of manipulating people to accomplish goals that may or may not be in the “target’s” best interest  Example – Your child uses social engineering to get you to buy a toy they want  Or – A hacker gets you to plug a USB device into your PC  Social Engineering is a tactic that is widely used by hackers/attackers to gain access to systems  By exploiting our inherent proclivity for kindness, attackers use our own nature against our best interests  Imagine you find a thumb drive laying around in the office or parking lot – What do you do?

4  Common hacker tools now have infrastructure exploits  Secure infrastructure devices exist – but are they patched?  Brazil blackouts spur hacking fears  Anchorage traffic signs hacked  Stuxnet/Natanz disruption

5  Hacktivism is politically motivated hacking  Recently, hacktivism has seen a drastic increase in volume and visibility  Conduct a Google search for “Anonymous HB Gary” to see how damaging hacktivism can become  Gary McKinnon “hacked” NASA by logging on with default (read:no) password

6  President Obama confirmed Stuxnet was developed by US and Israel  Iran claims USAF drone rootkit/keylogger was theirs  Plan X – DARPA’s cyber warfare project

7  Most organizations opt to use “BYOD” without considering the implications  89% of corporations have mobile devices connecting to their networks  65% allow personal devices to connect to corporate networks  Android platform widely viewed as most risky and least secure  Android growth outpacing Apple – corporate risk rising  Almost 3 out of 4 IT Professionals ranked careless employees as a greater security risk than hackers

8  FBI ranks Cyber Attacks as third greatest threat to the U.S. behind nuclear war and WMDs (weapons of mass destruction)  Over 10 Million Cyber Attacks daily  Cyber Attacks up 93% in 2011  Due to Cyber Criminals using “attack Kits”  Cyber Attacks could paralyze the nation – 2012 Leon Panetta Secretary of Defense report

9  “An ounce of prevention is worth a pound of cure”  Australian government has provided excellent free advice  See Australia’s 35 Strategies to Mitigate Cyber Intrusions  4 Basic strategies prevent over 90% of intrusions  Application Whitelisting, Patching OS, Patching 3 rd Party Software, Limiting Admin Privileges  Free Security Websites - NIST, US-CERT, SANS, etc…  NSA Manageable Network Plan  SANS – Free security resources  20 Critical Security Controls  Free Security Templates

10  Follow basic security best practices  Routine penetration testing, vulnerability assessment and review  Social Engineering – training, policies, procedures, and prevention/protection  Critical Infrastructure – one-way data flow, disaster recovery, backup configurations  Hacktivism – SQL injection prevention/code review, DDoS prevention, network infrastructure planning, user education  Cyber Warfare – see social engineering above

11 *Social Engineer Toolkit: https://www.trustedsec.com/downloads/social-engineer-toolkit/https://www.trustedsec.com/downloads/social-engineer-toolkit/ *More Information about social engineering: http://www.social-engineer.org/http://www.social-engineer.org/ *Iron key product available: https://www.ironkey.com/https://www.ironkey.com/ *CNN Report on Cyber Warfare: http://www.cbsnews.com/2100-18560_162-5555565.htmlhttp://www.cbsnews.com/2100-18560_162-5555565.html *McAfee predicts high profile attacks: http://www.zdnet.com/blog/btl/mcafee-predicts-more-high-profile-targeted-attacks-in-2012/65883http://www.zdnet.com/blog/btl/mcafee-predicts-more-high-profile-targeted-attacks-in-2012/65883 *Anchorage signs hacked: http://community.adn.com/adn/node/161662http://community.adn.com/adn/node/161662 *Hacker tools to attack infrastructure: http://blog.alexanderhiggins.com/2012/04/05/critical-infrastructure-exploits-packaged-hacker-tools-113881http://blog.alexanderhiggins.com/2012/04/05/critical-infrastructure-exploits-packaged-hacker-tools-113881 *Anonymous attacks against HB Gary: http://www.thetechherald.com/articles/After-dealing-with-Anonymous-HBGary-Federals-CEO-resignshttp://www.thetechherald.com/articles/After-dealing-with-Anonymous-HBGary-Federals-CEO-resigns *Gary McKinnon hacks: http://www.guardian.co.uk/law/2012/sep/16/britain-us-extradition-menzies-cambpellhttp://www.guardian.co.uk/law/2012/sep/16/britain-us-extradition-menzies-cambpell *USAF Drone Gets Hacked: http://www.wired.com/dangerroom/2011/12/iran-drone-hack-gps/http://www.wired.com/dangerroom/2011/12/iran-drone-hack-gps/ *Obama Confirms Stuxnet: http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against- iran.html?pagewanted=allhttp://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against- iran.html?pagewanted=all *Cyber Attacks FBI Ranks Third Behind Nuclear War and WMD’s: http://www.tgdaily.com/security-features/40861-fbi-ranks-cyber-attacks-third-most-dangerous-behind-nuclear-war-and-wmds *Cyber Attacks Nearly Double in 2010: http://techzwn.com/2011/04/cyberattacks-nearly-doubled-in-2010-symantc-report *10 Million Daily Cyber Attacks: http://www.forbes.com/2010/08/06/internet-government-security-technology-cio-network-cyber-attacks.htmlhttp://www.forbes.com/2010/08/06/internet-government-security-technology-cio-network-cyber-attacks.html *5.5 Billion Cyber Attacks in 2011: http://www.information-management.com/news/cyber-attack-Symantec-spam-malware-10022411-1.htmlhttp://www.information-management.com/news/cyber-attack-Symantec-spam-malware-10022411-1.html *Panetta Report: http://www.businessweek.com/news/2012-10-12/cyberattacks-could-become-as-destructive-as-9-11-panettahttp://www.businessweek.com/news/2012-10-12/cyberattacks-could-become-as-destructive-as-9-11-panetta *35 Strategies to Mitigate Cyber Intrusions: http://www.dsd.gov.au/infosec/top-mitigations/top35mitigationstrategies-list.htmhttp://www.dsd.gov.au/infosec/top-mitigations/top35mitigationstrategies-list.htm *NSA Manageable Network Plan: http://www.nsa.gov/ia/_files/vtechrep/ManageableNetworkPlan.pdfhttp://www.nsa.gov/ia/_files/vtechrep/ManageableNetworkPlan.pdf *SANS Templates: http://www.sans.org/security-resources/policies/http://www.sans.org/security-resources/policies/ *SANS Critical Security Controls: http://www.sans.org/critical-security-controls/http://www.sans.org/critical-security-controls/ *Social Engineering paper: http://essay.utwente.nl/59233/1/scriptie_B_Oosterloo.pdfhttp://essay.utwente.nl/59233/1/scriptie_B_Oosterloo.pdf *Checkpoint study on mobile devices: http://www.checkpoint.com/downloads/products/check-point-mobile-security-survey-report.pdfhttp://www.checkpoint.com/downloads/products/check-point-mobile-security-survey-report.pdf

12 *Android growth outpacing Apple in 2012: http://www.insidemobileapps.com/2012/09/06/android-surges-as-ios-slows-comparing-the-growth-of-android-to-ios/ *Iran set to take legal action in response to Stuxnet: http://www.haaretz.com/news/diplomacy-defense/iran-threatens-to-counter-cyber-warfare-with-legal-action-1.458486 *TED talk about Stuxnet: http://www.youtube.com/watch?v=CS01Hmjv1pQhttp://www.youtube.com/watch?v=CS01Hmjv1pQ *Slide 3 image credit: https://www.trustedsec.com/downloads/social-engineer-toolkit/https://www.trustedsec.com/downloads/social-engineer-toolkit/ *Slide 4 image credit: http://www.flickr.com/photos/thewildernesssociety/216020173/http://www.flickr.com/photos/thewildernesssociety/216020173/ *Slide 5 image credit: http://bringingforthworldequality.wordpress.com/2011/09/28/anonymous-what-do-they-actually-support-who-are-they-really-working-for/ *Slide 8 image Credit: http://edmahoney.wordpress.com/2010/01/13/cyber-war-home-theater/http://edmahoney.wordpress.com/2010/01/13/cyber-war-home-theater/ *Slide 10 image Credit: http://www.eci.com/blog/237-network-security-threats--best-practices-for-hedge-funds.htmlhttp://www.eci.com/blog/237-network-security-threats--best-practices-for-hedge-funds.html *Brazillian blackouts: http://www.foreignpolicyjournal.com/2009/11/15/brazils-next-battlefield-cyberspace/http://www.foreignpolicyjournal.com/2009/11/15/brazils-next-battlefield-cyberspace/ *Hacktivism statistics: http://money.cnn.com/2012/03/22/technology/hacktivists-verizon-data-breach-report/http://money.cnn.com/2012/03/22/technology/hacktivists-verizon-data-breach-report/ *Smartphone sales outpace PCs: http://mashable.com/2012/02/03/smartphone-sales-overtake-pcs/http://mashable.com/2012/02/03/smartphone-sales-overtake-pcs/

13

Download ppt "The Current State of Cyber Security and How to Defend Your Data."

Similar presentations

By Kathryn DuFresne. WHAT are computer ethics? Computer Ethics is a branch of practical philosophy which deals with how computing professionals should.

By Kathryn DuFresne. WHAT are computer ethics? Computer Ethics is a branch of practical philosophy which deals with how computing professionals should.
The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
Travelers CyberRisk for Insurance Companies

Travelers CyberRisk for Insurance Companies
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC

1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
DoD and Cyber-Terrorism Eric Fritch CPSC 620. What is cyber-terrorism? The premeditated, politically motivated attack against information, computer systems,

DoD and Cyber-Terrorism Eric Fritch CPSC 620. What is cyber-terrorism? "The premeditated, politically motivated attack against information, computer systems,
A Cyber Security Company June 16, 2009 Cyber Security: Current Events and White House Cyberspace Policy Review.

A Cyber Security Company June 16, 2009 Cyber Security: Current Events and White House Cyberspace Policy Review.
Hacking and Network Defense. Introduction  With the media attention covering security breaches at even the most tightly controlled organization, it is.

Hacking and Network Defense. Introduction  With the media attention covering security breaches at even the most tightly controlled organization, it is.
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
Sam Cook April 18, 2013. Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.

Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.
K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.

K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Maritime Cyber Risks – What is real, what is fiction?

Maritime Cyber Risks – What is real, what is fiction?
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.

Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
 Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements.

 Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements.
1 We’ve been p0wn’d? Review of 2015 Surface Transportation Cybersecurity Incidents 2015 TRB Session 850 Edward Fok USDOT/FHWA – Resource Center.

1 We’ve been p0wn’d? Review of 2015 Surface Transportation Cybersecurity Incidents 2015 TRB Session 850 Edward Fok USDOT/FHWA – Resource Center.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Computer & Network Security

Computer & Network Security

Similar presentations

Ads by Google