Security @ UNB How UNB is using policy, practice and technology to enhance cyber security
Jan 15, 2016
Security @ UNBHow UNB is using policy, practice and technology to enhance cyber security
What are we here to talk about?
uUNB’s titanic cyber security struggle
uUsing threat intelligence for both tactical and strategic decisions
uMoving away from playing a losing game of cyber security whack-a-mole
My backgroundu Bachelor of Arts in Information and Communications Studies
(‘05). Master of Business Administration (‘15)
u Former Canadian Army reservist (armoured vehicle driver & gunner)
u Former reporter for the provincial newspaper
u Former web content strategist for UNB Communications & Marketing
u Accidental IT Security professional and fortunate member of an amazing team
The Security Action Team (SAT)u Provides IT security leadership
u Formulates, implements and coordinates polices, plans and projects
u Incident Response
u Advises IT security resourcing, technologies, and community education.
About UNBu North America’s oldest
English public university (Est. 1785)
u 11,000 students
u 2,000 FTE Faculty and Staff
u Hybrid IT environment (centralized and decentralized)
In defence of “cybersecurity”
Officially, ISO/IEC 27032 addresses “Cybersecurity” or “Cyberspace security”, defined as the “preservation of confidentiality, integrity and availability of information in the Cyberspace”.
In turn “the Cyberspace” (complete with definite article) is defined as “the complex environment resulting from the interaction of people, software and services on the Internet by means of technology devices and networks connected to it, which does not exist in any physical form”.
What I think we do:
What clients think we do….
Why are universities a target?
u We we’re designed to be open (we’re easy)
u We have a treasure trove of PIIu We have valuable intellectual propertyu We have others valuable intellectual
propertyu We are a route into more secure orgs
Our challengesu We average between 83 and 55 attempts per second
to breach our network (massively automated threats)
u We have more than 2.2 million security events daily on our network
u We have more than 500 offences weekly
u We have as many as 120 compromised endpoints a month (half of which are students)
u We are the ultimate BYOD environment
The cost of a breach
u $184 dollars on average per record in education, based on figures from a 2014 Ponemon Institute Study
Threat Intelligence Sources
u QRadar Security Inteligence Event Management (SIEM)
u Trend Micro Deep Discovery Malware detection tool
u Kaspersky Anti-Virus Reporting Systemu Government, industry contacts and
listservsu InfoSec News Sources and Social Media
Malware CNC CallBacks (30 days)
Affected Hosts
Threat Patterns
Remote Intrusion Attempts Source
Remote Intrusion Attempts Destination
Security Offences
Moving beyond tactical response
UNB’s move to IT Risk Management
Day-to-day IT Operations
IT Security Operations
Threat Analysis, Policy & Procedure Development
IT Risk Management
Maturity
Iterative improvement model
Risk Management
IT Operations
Security Operations
Threat AnalysisPolicy &
Procedure Development
The Security Building Blocks
Operations Service Desk
Security Action Team
Communications:
Risk Management, Quality Assurance and Standards Development
Service Desk
uHelp Desk escalates threats to SAT
uAssists with user education
uDesktop Group helps harden end points and triage compromises
Operations
uSystems and Network monitoring, reporting of threats, ensuring patching and reporting policy or procedure compliance issues. Participates in incident response.
Communications
u Assists with development and execution of user awareness and culture change campaigns.
u Assists with developing and executing incident communications
Security and Operationsu Operations: Trying to keep the lights on
u IT Security: ensuring compliance with protective measures
u Critical to avoid ineffective communications. Security and Operations groups in IT have different goals and in some cases cultures. Critical to ensure alignment with overall IT Strategy
The cross-functional workflow
Client provides username and
password in phishing attempt
Help Desk or Level One advises + assists client
with safe password reset
IT Security initiates incident investigation
Operations staff engaged to assist with
log review / access checks
UNB Privacy Officer engaged in event of a potential data breach
Client advised of investigation,
encouraged to take awareness course
What fighter jets in the Korean War can teach us about cybersecurity
The OODA Loop
Observe
Orient
Decide
ActOODA Cycle
A harsh truth:
uSimply buying the latest and greatest big shiny security technology will not make your organization safer
uStrategy + Technology + Process + People = Success
Security Strategy Pillars
Security Strategy
IT Security PolicyData Governance
Security Architecture:Tools, People, Process
Culture Change:User Awareness +
Behaviour Change
Translating Cyber Security-ese to Business-ese
Making the case
Where cybersecurity fits in Porter’s Value Chain
The disconnect between threat awareness and concern about threats
Do you believe your organization has an accurate picture on the threats it faces on a daily basis?
61% weren’t sure or weren’t confident
Anonymous, non-scientific poll conducted during a webinar I delivered in April 2015.
How concerned are you about an attack leading to a data breach?
Anonymous, non-scientific poll conducted during a webinar I delivered in April 2015. N = 40
65% very concerned
Anonymous, non-scientific poll conducted during a webinar I delivered in April 2015. N = 34
We need to change the cybersecurity story.
Questions?