ISACA West Florida Chapter - Cybersecurity Event

Transcription

1 ISACA West Florida Chapter - Cybersecurity Event Presented by Sri Sridharan Managing Director & Chief Operating Officer Florida Center for Cybersecurity

2 CURRENT TRENDS

3 Top Cybersecurity Trends of 2015 Attackers continue to increase in reach and creativity Healthcare industry is starting to emerge as the top target (340% more security incidents than other industries) Major increase in state sponsored attacks Cybersecurity goes mainstream Record breaking attendance at conferences Media coverage Hollywood productions like CSI Cyber Source: Digital Guardian

4 PHISHING Phishing scams common via and social media Social Media- take advantage of popular stories Ebola Outbreak Celebrity Scandals Pose as security updates to popular websites or professional accounts to gain login credentials Source: Symantec WSTR 2015

5 COMMON MALWARE THREATS Keyloggers The act of recording everything you type on a computer in order to steal passwords, log-in credentials, etc. Trojan Aimed at discovering your financial information and infiltrating system resources Botnet Enable cyber criminal to take over infected PCs Ransomware Restricts access to network/pc/account by locking you out & demanding a sum of money of additional access to certain data Backdoor Opens backdoor access to a vulnerable machine, allowing continued access to network and records

6 IMPACT OF CYBER CRIME ECONOMIC IMPACT According to the Center for Strategic & International Studies- cyber crime is expected to cost the global economy $445 billion annually INDIVIDUAL IMPACT Fraudsters stole $16 billion from 12.7 million U.S. consumers last year according to Javelin Strategy & Research s March 2015 Study Of these fraud victims in /3 of them had previously received a data breach notification in the same year

7 VALUE OF INFORMATION SOLD ON BLACK MARKET Supply & Demand Cyber criminals rely on this to buy and sell services in an anonymous setting Large demand for trade in: Stolen data Malware Attack kits & services

8 2015 THREAT LANDSCAPE

9 2015 THREAT LANDSCAPE Cyber crime comes in many flavors but it remains vastly driven by financial interests. HP Cyber Risk Report 2015 Internet of Things (IoT) Over 50 billion connected devices predicted by end of decade Wearables, Connected Car Protecting the IoT Source: Gartner 2014, Clarice Technologies, Symantec WSTR 2015

10 2015 THREAT LANDSCAPE Expect attackers to continue to focus on: Intellectual Property (IP) Personally Identifiable Information (PII) Credit and Debit Card Information IoT is more than a trend Data sharing between companies is essential (ISAC s) Source: Symantec WSTR 2015

11 CYBERSECURITY ACROSS DIFFERENT SECTORS

12 FINANCIAL Average cost to financial institutions- $259 per compromised record According to the FBI- more than 500 million financial records were stolen in % from website breaches 22% from cyber espionage Majority of incidents in financial services resulted from: Web Application Attacks Denial of Service Attacks Card Skimmers Insider Negligence or Misuse Source: Symantec WSTR 2015; Ponemon Institute, 2015 Cost of Data Breach Study

13 UTILITY & ENERGY Industrial Control Systems (ICS) are prime targets for cyber attacks Common Motives for ICS Attacks: Cyberespionage Damaging utilities & critical infrastructure Ability to impact national security, national economic health & national public health and safety Primary entry point for ICS attacks is poorly-protected, internet-accessible critical infrastructure Malware attacks remain #1 in ICS threat landscape Due to remote accessibility & corporate connectivity exposing new vulnerabilities Source: Symantec WSTR 2015

14 RETAIL Industry most liable for large # s of identities exposed In almost 60% of all identities exposed through retail breach result in the compromise of personal records (up from 30% in 2013) One of the top sources of retail data breach Point of Sale systems (POS) Credit card companies now provide quick alerts to uncommon spending patterns Good Side- alert consumers to identity theft more efficiently Bad Side- cyber criminals need a steady supply of fresh card numbers Source: Symantec WSTR 2015

15 HEALTHCARE 23% increase in # of healthcare data breaches in % of healthcare breaches were result of lost or stolen devices Top motives for targeting medical information Medical identity theft (PII) Gaining more complete personal information compared to data captured elsewhere Financial fraud Health insurance fraud In early the U.S. saw healthcare breaches that compromised personal records & identity of nearly 91 million records Source: Symantec WSTR 2015

16 FEW IMPORTANT OBSERVATIONS Cybersecurity is NOT just an IT issue. It is an enterprise-wide risk management issue Identify risks and develop plans to mitigate Outsource? Data stored or backed up in the cloud Periodic reviews Insurance Depending on size, make sure that the CISO has adequate resources budget and FTE s Does the CISO report into the appropriate executive of the company, so there is good check and balance?

17 Seven Global Megatrends in Cybersecurity Cybersecurity will become a C-Level priority Insider negligence risks are decreasing (Awareness, BYOD etc.) Cybercrime will keep Information Security leaders up at night Need to address security risks in IoT* Cybersecurity talent gap will increase Technological advances to watch Encryption, Big Data Analytics, Cyber intelligence, SIEM** tools *IoT Internet of Things; **SIEM Security Information and Event Management Source: Ponemon Institute

18 FLORIDA CENTER FOR CYBERSECURITY

19 FC 2 - WHO WE ARE & HOW WE HELP The Florida Center for Cybersecurity (FC 2 ) is located at the University of South Florida and supports cybersecurity research, education and outreach at all (12) public Florida universities, as well as throughout other sectors of the state RESEARCH FC² EDUCATION OUTREACH

20 EDUCATION Workforce shortage makes the U.S. and Florida vulnerable Identify capability & educational gaps Dynamic cyber environment requires a spectrum of education and training for industry and government professionals Create multiple pathways to cybersecurity careers Veteran s program (Cyber Academy) Develop an enduring pipeline K-12 Engagement Women in STEM Workshops Employer customized programs Collaborate across SUS to maximize resources/programs & reduce redundancy

21 RESEARCH Collaborative SUS research will generate new, essential capabilities Seed Grants ($1M committed) - SUS universities participating Technology transfer and commercialization efforts will create new jobs which aids education and workforce development Promote entrepreneurial leadership in partnership with existing entities to create future cyber-solutions and economic opportunities Protecting the IoT, Cloud, Smart Grids, and mobile devices is a major research challenge

22 OUTREACH Conferences General Keith Alexander was the keynote speaker this year Trade Shows Educational Meetings Community Events Focus Groups Past Keynote Speakers Vice Admiral Mike McConnell Robert Herjavec Dr. P.W. Singer Best Practices Education Awareness

23 QUESTIONS

24 INFORMATION SHARING What is an ISAC? Information Sharing & Analysis Center ISACs are trusted entities established by Critical Infrastructure Key Resource (CI/KR) owners and operators to provide comprehensive sector analysis, which is shared within the sector, with other sectors, and with government ISACs take an all-hazards approach and have strong reach into their respective sectors, with many reaching over 90 percent penetration Services provided by ISACs include risk mitigation, incident response, alert and information sharing The goal is to provide users with accurate, actionable, and relevant information Source: National Council of ISACs 2015; Verizon DBIR 2015

25 CYBERSECURITY AS A CAREER

26 CYBERSECURITY CAREERS Companies are increasing their security staff due to high-profile breaches in the news and the consistent risks and threats of: Identity Theft Hacking Data Security Privacy Do to this demand, salaries in the cybersecurity field are increasing Source: CSOonline.com, 2015