ASMC Training Day CCOE Overview and Emerging Cyber Threats. Presented by: RADM (Ret) Ken Slaght, CCOE Co-Chair & President

Transcription

1 ASMC Training Day 2015 CCOE Overview and Emerging Cyber Threats Presented by: RADM (Ret) Ken Slaght, CCOE Co-Chair & President July 29,

2 SAN DIEGO CYBERSECURITY NEED 3,500 workers in 100 cybersecurity companies SPAWAR employs an additional estimated 3,095 cybersecurity jobs in San Diego with more than $705 million in total economic impact $1.5 billion total economic impact more than impact of hosting 3 Super Bowls every year $53 million in contracts won with the help of SBA grants 112% job growth in cyber security % projected job growth for cybersecurity professionals $23 billion in proposed spending by the DoD to fight cybercrime over next 5 years 2

3 SAN DIEGO CYBERSECURITY ECONOMY 3

4 CCOE MISSION The Cyber Center of Excellence (CCOE) is a non-profit organization dedicated to accelerating the regional economy by promoting alignment and collaboration within the Cyber community. 4

5 CCOE INITIATIVES Attracting and Nurturing Talent Work Force Development Job Board University/Industry Summit Link2Cyber Creating New Opportunities for Business Secure San Diego Thought Leadership Cyber Advocacy Fostering Cooperation Throughout Established Cyber Community CA Cyber Security Task Force Collaboration San Diego Cyber Coalition Collaboration Regional Economic Sector Partnerships 5

6 CCOE BOARD DIRECTORS ERIC BASU President & CEO Sentek Global GLEN DAY Principal Ernst & Young LLP KEVIN DININO Founder & President KCD PR LISA EASTERLY Strategic Advisor CCOE JERRY GOODWIN VP Secure Network Systems ViaSat SAI HUDA Senior VP & Gen. Manager EGRC Solutions FIS Global CHADRIC HUMPHREYS CEO & Creative Director Diseño Communications ANDREW LEE CCOE Co-Chair CEO ESET North America PAUL MARTINI CEO & Co-Founder iboss Network Security PETER MARTINI President & Co-Founder iboss Network Security CHAD NELLEY VP Operations ESET North America STEVE PRZESMICKI Partner Cooley LLP JIM SKEEN Founder & President Lockton San Diego RADM (RET) KEN SLAGHT CCOE Co-Chair & President VICTOR RAMSAUER CCOE CFO & Treasurer President & Shareholder LevitZacks KRIS VIRTUE CCOE Secretary IT Director QUALCOMM SCOTT ZOLDI Vice President Analytic Science FICO ADVISORS SEAN BARR VP Economic Development San Diego Regional EDC PAT SULLIVAN Executive Director SPAWAR 6

7 CCOE MEMBERS Bank of America LevitZacks Cooley LLP Lockton CSUSM Morrison Foerster LLP CyberFlow Analytics Salem Partners LLC Diseno Communications Scientific Research Corp. Eastridge Sentek Global Ernst & Young LLP Qualcomm ESET North America University of Phoenix FICO ViaSat FIS Global KCD PR iboss Network Security 7

8 JOIN US! 2014 Cyber Center of Excellence 8

9 Emerging Cyber Threats 9

10 THREAT LANDSCAPE Advanced Persistent Threats Stealth Unknown & Zero Day Targeted Persistent Multi- Pronged Attack Social Engineering, Customized Malware Well- Funded Syndicates Today versus Yesterday Advanced Persistent Threats vs Legacy Threats Open Known Broad Single Event Usually Single Attacks Patchable Individuals/ Hackers Legacy Threats Source: FIS 10 10

11 THREAT LIFE CYCLE Use RDP connections. mapping network shares, interact with backdoors SQL injection attack Install backdoor malware Password hash dumping to crack domain administrator passwords Perform network discovery Steal consumer data Initial Compromise Establish Foothold Escalate Privileges Internal Reconnaissance Complete Mission Phishing with infected PDF Install GHOST RAT malware Keystroke logging to obtain privileged user credentials Perform network discovery Use RDP connections, mapping network shares, interact with backdoors Steal sensitive IP data Case Study # 1 Case Study # 2 Source: FIS External Reconnaissance 11

12 LESSONS LEARNED TARGET EXAMPLE Target breach involved: Microsoft website with case study Fazio website with case study on vendor portal Hackers use of google searches Fazio privileged users target of phishing and malware Consumer credit card data unencrypted for few seconds in memory Data scraped during the few seconds Stored at Target servers Anomaly detected by Bangalore Minneapolis ignored incident reports Microsoft rated high risk, while Fazio rated low risk in vendor risk assessment Source: FIS 12 12

13 LESSONS LEARNED TARGET EXAMPLE Target breach impact: 40M debit and credit cards compromised 70M customer credentials stolen Hackers sold credit card numbers for $18 - $35 per card on the black market Target security budget: $70M Total breach cost: $775M - $600M lost sales - $175M breach remediation Source: FIS 13 13

14 POTENTIAL SOLUTION CYBERFORCE EXAMPLE Privileged User Info Alert Management Source systems User Behavior Access Info Log files Threat Intelligence Data Server Privileged User Compromise Hacker Penetration DDos, botnet Attack Detection Engine Case Management Forensics CyberForce detects the most critical cyber vulnerabilities timely to prevent cyber disasters: Monitors privileged user behavior Detects privileged user compromise Detects hacker penetration Detects emerging botnet, DDoS attacks Generates alerts timely Provides robust dashboard reporting Instant forensic research Timely risk mitigation On-Premise License Cybersecurity as a Service (CaaS) Dashboards 14 Source: FIS 14

15 RISK MITIGATION BEST PRACTICES Five Best Practices: 1. Perform enterprise Cyber Risk Assessment and Threat Modeling 2. Implement comprehensive CyberSecurity Program based on standard such as NIST framework 3. Implement Advanced Persistent Threats Detection System and Controls 4. Implement Cyber Risk Dashboard Reporting with KPIs and KRIs 5. Perform periodic Reverse Cyber Stress Test to identify new blind spots and vulnerabilities Source: FIS 15 15

16 Q&A Closing Comments 16