Tackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud

Similar documents
Cybersecurity Today Avoid Becoming a News Headline

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Emerging Issues: Cybersecurity. Directors College 2015

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Cybersecurity The Evolving Landscape

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Cybersecurity Session IIA Conference 2018

Cyber Risks in the Boardroom Conference

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

Designing and Building a Cybersecurity Program

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

2017 Annual Meeting of Members and Board of Directors Meeting

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Cybersecurity Threat Modeling ISACA Atlanta Chapter Geek Week Conference

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

Cyber Insurance: What is your bank doing to manage risk? presented by

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

Cybersecurity and Nonprofit

Getting over Ransomware - Plan your Strategy for more Advanced Threats

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

Les joies et les peines de la transformation numérique

Personal Cybersecurity

Transforming Security from Defense in Depth to Comprehensive Security Assurance

RSA NetWitness Suite Respond in Minutes, Not Months

UNB S CYBERSECURITY PROGRAM

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

May the (IBM) X-Force Be With You

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

InfoSec Risks from the Front Lines

Cybersecurity and the role of internal audit An urgent call to action

Assessing Your Incident Response Capabilities Do You Have What it Takes?

CISO as Change Agent: Getting to Yes

Addressing the elephant in the operating room: a look at medical device security programs

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

Cyber Hygiene: A Baseline Set of Practices

Cybersecurity for Health Care Providers

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

ISE North America Leadership Summit and Awards

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Combating Cyber Risk in the Supply Chain

Putting security first for critical online brand assets. cscdigitalbrand.services

External Supplier Control Obligations. Cyber Security

RSA INCIDENT RESPONSE SERVICES

Cybersecurity Auditing in an Unsecure World

Information Security Is a Business

ANATOMY OF AN ATTACK!

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

DeMystifying Data Breaches and Information Security Compliance

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Cybersecurity, safety and resilience - Airline perspective

Protecting your next investment: The importance of cybersecurity due diligence

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Cyber Liability Preventive Services & Tools Specific & Pre-Emptive Considerations BEFORE the Inevitable Cyber Event.

Protect Your Institution with Effective Cybersecurity Governance. Baker Tilly Virchow Krause, LLP

Cyber-Threats and Countermeasures in Financial Sector

with Advanced Protection

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

Must Have Items for Your Cybersecurity or IT Budget in 2018

Changing the Game: An HPR Approach to Cyber CRM007

Cyber Fraud What can you do about it?

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

Sneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Introduction to Ethical Hacking. Chapter 1

Gujarat Forensic Sciences University

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

Cybersecurity and Hospitals: A Board Perspective

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

RSA INCIDENT RESPONSE SERVICES

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

A CFO s Guide to Cyber Security in the Coming Year

How Breaches Really Happen

OA Cyber Security Plan FY 2018 (Abridged)

CyberSecurity: Top 20 Controls

Sage Data Security Services Directory

Cyber Security Incident Response Fighting Fire with Fire

Protect Your Data the Way Banks Protect Your Money

NIST Cybersecurity Framework Protect / Maintenance and Protective Technology

June 2 nd, 2016 Security Awareness

Background FAST FACTS

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

21ST CENTURY CYBER SECURITY FOR MEDIA AND BROADCASTING

CYBER SOLUTIONS & THREAT INTELLIGENCE

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

Top Ten IT Security Risks CHRISTOPHER S. ELLINGWOOD SENIOR MANAGER, IT ASSURANCE SERVICES

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

Aligning with the Critical Security Controls to Achieve Quick Security Wins

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards

2017 Cyber Incident & Breach Readiness Webinar Will Start Shortly

FDIC InTREx What Documentation Are You Expected to Have?

Transcription:

Tackling Cybersecurity with Data Analytics Identifying and combatting cyber fraud San Antonio IIA iheartaudit Conference February 24, 2017

What We ll Cover + Current threat landscape + Common security measures + Why this isn t enough (case studies) + How to identify the needle in the haystack + What organizations should be doing

Presenters Brett Nabors, CISA Weaver Senior Manager, IT Advisory Services Reema Parappilly, CISA Weaver Senior Manager, Data Analytics

Disclaimer The comments and statements in this presentation are the opinions of the speakers and do not necessarily reflect the opinions or positions of Weaver and Tidwell, LLP. This presentation is the property of Weaver and Tidwell, LLP. All rights reserved. No part of this document may be reproduced, transmitted or otherwise distributed in any form without written permission from Weaver and Tidwell, LLP. Weaver and Tidwell, LLP expressly disclaims any liability in connection with the use of this presentation or its contents by any third party.

IT Advisory Services DISTINGUISHING IT AS A STRATEGIC ADVANTAGE IT Advisory Services (ITAS) is a collection of assurance and consulting services focused on information technology. We work with IT organizations, internal audit departments, security organizations and more. 5

Current Landscape 6

Background TWO KINDS OF ORGANIZATIONS: those that have been breached those that know that they ve been breached

What s going on + Zero day malware via phishing and websites + Gets past typical controls + Impact: Data / system hijacking & ransom Data exfiltration (credentials, account info, card info) Fraudulent transactions, credit card fraud, identity theft, fraudulent wires, account takeover

What s going on

What s going on By the numbers. May LinkedIn (167 million), Myspace (360 million) September Krebs DDoS attack around 620-655 Gbps October Dyn DDoS 20k IoT endpoints November AdultFriendFinder 412 million December Yahoo over 1 billion accounts (from 2013, 2014) DHS, FDIC, IRS.

What s going on How fast is a gigabit internet connection? 11

What are they after?

Where does the data go?

` Common Measures 14

What are we doing today? + Anti-virus, anti-malware + Patching updating + Employee and customer training + Perimeter security + Scanning, vulnerability assessment, and penetration testing + Social engineering assessments + Some risk assessment & vendor management

What is accomplished? + Identifying / fixing known issues + Making it harder to attack us + Educating our employees

What s NOT accomplished? + Progress against zero day malware + Getting hands around the cyber risk + Ability to detect issues quickly + Resiliency, preparedness for when something happens 17

Prevention is ideal, detection is a must! 18

How Data Analytics Can Help You 19

Data Collection TO BE ABLE TO ANALYZE DATA, YOU NEED TO BE LOGGING AND STORING THE DATA.

Tools + Splunk + Tripwire + QRadar

Repurposing Existing Tools + Internal Audit s tool + Utilized by IT Proof of Concept Ongoing tool + Oversight by IA Monitoring

Scenarios 23

Utilizing Tools + Alerting + Periodic Reviews + Port Scans + Unauthorized Connections + Rejected IP Addresses + Unsuccessful logins + Outbound activity from internal servers + Source routed packets

Scenarios 10/13/2015 5:42 PM,Info,172.##.##.##,id=firewall sn=############ time=""2015-10-13 22:42:59 UTC"" fw=174.##.###.## pri=# c=#### m=### msg=""connection Closed"" app=#### n=############ src=192.#.#.###:#####:x#- V###: dst=23.##.###.##:###:x#: proto=tcp/https sent=1493 rcvd=14873

Scenarios Source IP Address Destination IP Address Protocols

Causation & Correlation + Causation: an act that occurs in such a way that something happens as a result + Correlation: a relationship between two variables CORRELATION DOES NOT IMPLY CAUSATION 27

Steps to Take 28

Liability YOU PERSONALLY FACE GROWING LIABILITY FOR PROTECTING INFORMATION ASSETS Executives and Directors are no longer viewed as innocent victims in the event of a cyber breach. GROWING RISKS + New consumer protection laws hold officers accountable for cyber breaches. + State attorneys general now target organizations for non-disclosure of cyber breaches. + Improperly handled cyber attacks are now considered breaches of fiduciary duty.

Organizational Impact A SINGLE BREACH COULD RESULT IN SEVERE ORGANIZATIONAL PROBLEMS Cyber criminals now target trade secrets, intellectual property, and financials, as well as personal data. POTENTIAL HARM + Lawsuits resulting from a breach can cost millions. + Incident response and remediation can result in significant expense. + Loss of public trust can damage organizational effectiveness

Call to Action YOUR CURRENT TACTICS FOR CYBER SECURITY ARE NOT ENOUGH Misconceptions and misinformation can leave you vulnerable and at risk. FACTS + Continuous monitoring of cyber threats is now an essential practice. + Tools such as mobile devices open doors for cyber breaches. + Cyber crime methods and technology change and escalate daily. + Audits and Vulnerability Assessments are NOT enough

21st Century Tactics Preparing for Battle Leveraging Cyber Threat Intelligence Proactively + Can you Respond to an incident? + Is there Zero-Day malware within our environment now? + What do the hackers currently have of mine?

Cyber Resiliency Homeland Security says, PPD-21 defines resilience as the ability to prepare for and adapt to changing conditions, and withstand and recover rapidly from disruptions. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents.

Cyber Resiliency (cont.) 1. Asset Management 2. Controls Management 3. Configuration and Change Management 4. Vulnerability Management 5. Incident Management 6. Service Continuity Management 7. Risk Management 8. External Dependency Management 9. Training and Awareness 10.Situational Awareness https://www.us-cert.gov/ccubedvp/self-service-crr

Cyber Resiliency Resources https://www.us-cert.gov/ccubedvp/self-service-crr#

NIST National Institute of Standards and Technology https://www.nist.gov/cyberframework

SANS https://www.sans.org/media/critical-security-controls/poster_fall_2014_cscs_web.pdf

SANS 20 Critical Security Controls Control 1: Inventory of Hardware Devices Control 2: Inventory of Software Control 3: Secure Configurations for Computer Systems Control 4: Vulnerability Assessment and Remediation Control 5: Malware Defenses Control 6: Application-Layer Software Security Control 7: Wireless Device Control Control 8: Data Recovery Capability Control 9: Skills Assessment and Training Control 10: Secure Configurations for Network Devices Control 11: Control of Network Ports, Protocols and Services Control 12: Administrative Privileges Control 13: Boundary Defense Control 14: Audit Logs Control 15: Controlled Access Based on Need To Know Control 16: Account Monitoring and Control Control 17: Data Loss Prevention Control 18: Incident Response Control 19: Secure Network Engineering Control 20: Penetration Tests

Questions?

Reema Parappilly, CISA Senior Manager, Data Analytics Tel: 832.320.3254 Email: Reema.P@Weaver.com Brett Nabors, CISA Senior Manager, IT Advisory Services Tel: 512. 609.1947 Email: Brett.Nabors@Weaver.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback