Top Banner
Organisational Security
37
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Data security   brian honan

Organisational Security

Page 2: Data security   brian honan

“Total Global Impact of

CyberCrime US$ 3 Trillion, making

it more profitable than the global

trade in marijuana, cocaine and

heroin combined.”Europol Serious & Organised Threat

Assessment 2013

Page 3: Data security   brian honan
Page 4: Data security   brian honan
Page 5: Data security   brian honan
Page 6: Data security   brian honan

Why Would Someone Want to Hack Me?

Page 7: Data security   brian honan

“Because that's

wherethe money is.”

Willie Sutton

Courtesy Dermot Casey

Page 8: Data security   brian honan

Cybercrime Marketplace

$1-$6 US Credit card number

$2-$12 UK Credit card number

$5-$50 Medical ID card

$6-$18 Basic identity information

$7 PayPal account with credentials

$50-$500 PayPal verified with balance

$20 DDoS attack from bot army (per hour)

$30 Passwords to consumer credit reports

$50 to $60 Health/medical record

$140 10 million email addresses

$200 Malicious Software Toolkit

$500 20 million SPAMs sent from bot army

$100-$2000 Malware as a Service (MaaS)

$1000-$5000 Online banking accounts with a balance

$10000 0-Day Exploit

Page 9: Data security   brian honan

SpyWare

Malicious Code That

Resides on PC

Monitors All Keystrokes

and Mouse Clicks

Periodically Take Screen

Shots

Detect SSL/HTTPS

Connections

Record Details

Send Details to Attacker

Page 10: Data security   brian honan

BotNet

Page 11: Data security   brian honan

Denial Of Service

Page 12: Data security   brian honan

Ransomware - Your Money or Your Bytes

Page 13: Data security   brian honan
Page 14: Data security   brian honan
Page 15: Data security   brian honan
Page 16: Data security   brian honan

Phishing

Advanced form of Social

Engineering

Emails Crafted to

Appear to Come From

Trusted Source

Bank, Ebay, Paypal

Link to Duplicate

Website

Used to Harvest Login

Credentials

Install Malware

Spear Phishing

Page 17: Data security   brian honan

€50,000

Page 18: Data security   brian honan
Page 19: Data security   brian honan

69%

22%

9%

Detected by 3rd Party

Detected by Org

Detected by Customer

Breach Detection

Page 20: Data security   brian honan

78%

22%

Not Difficult

Moderate to Difficult

Difficulty

Page 21: Data security   brian honan
Page 22: Data security   brian honan

2013 - Incidents

Page 23: Data security   brian honan

2014 - Incidents

Page 24: Data security   brian honan

2014 - Incidents

Phishing Hosted19%

Phishing Victim0%

Malware43%

Hack Attack2%

Denial of Service10%

Botnet C&C Servers3%

DDOS Outbound23%

Page 25: Data security   brian honan

2014 - Incidents

Org Crime, 75%

Other, 25%

Page 26: Data security   brian honan

Root Cause of Incidents

Poor Passwords

Missing Patches

Vulnerabilities

Web Platforms

Out of Date Anti-Virus Software

Lack of Monitoring

Poor/Lack of Security Awareness

Page 27: Data security   brian honan

95% of Breaches Were Due to “Human Error”- IBM

90% of Malware Requires Human Interaction- Symantec

100% of Successful Attacks Compromised The Human

- Mandiant

64% of Orgs See Security Awareness As a Challenge

- E&Y 2010

3 times as many breaches are caused by accidental insider activity than malicious intent

- Open Security Foundation

The Human Element

Page 28: Data security   brian honan

How To Protect

Page 29: Data security   brian honan

Identify & Value Key Assets

Page 30: Data security   brian honan
Page 31: Data security   brian honan

Establish Policies

Page 32: Data security   brian honan

Encrypt Data

Page 33: Data security   brian honan

Security

Awareness

Training

Page 34: Data security   brian honan

Keep Systems Patched

Page 35: Data security   brian honan

Anti-Virus Software

Page 36: Data security   brian honan

Monitor & Respond

Page 37: Data security   brian honan

@BrianHonan