The Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1

Similar documents
Incorporating Hunt Teams To Defend Your Enterprise

Governance Ideas Exchange

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

HOSTED SECURITY SERVICES

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

THE ACCENTURE CYBER DEFENSE SOLUTION

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Cybersecurity in Government

CYBER SOLUTIONS & THREAT INTELLIGENCE

Cybersecurity and Hospitals: A Board Perspective

Cybersecurity. Securely enabling transformation and change

MANAGING CYBER RISK: THE HUMAN ELEMENTS OF CYBERSECURITY

CYBER SECURITY AND MITIGATING RISKS

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

Cybersecurity, Trade, and Economic Development

RSA NetWitness Suite Respond in Minutes, Not Months

A Simple Guide to Understanding EDR

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

CYBER SECURITY AIR TRANSPORT IT SUMMIT

Featured Articles II Security Research and Development Research and Development of Advanced Security Technology

ARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin

CYBER RESILIENCE & INCIDENT RESPONSE

Cyber Risk in the Marine Transportation System

New Zealand National Cyber Security Centre Incident Summary

The New Era of Cognitive Security

Are we breached? Deloitte's Cyber Threat Hunting

Defending Our Digital Density.

Security in a Converging IT/OT World

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Security by Default: Enabling Transformation Through Cyber Resilience

Cyber Threat Intelligence Debbie Janeczek May 24, 2017

with Advanced Protection

Provisional Translation

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

Building Resilience in a Digital Enterprise

Protecting your next investment: The importance of cybersecurity due diligence

An Aflac Case Study: Moving a Security Program from Defense to Offense

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

Cyber Resilience. Think18. Felicity March IBM Corporation

Business continuity management and cyber resiliency

Evolution Of Cyber Threats & Defense Approaches

May the (IBM) X-Force Be With You

How NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity

PEOPLE CENTRIC SECURITY THE NEW

KnowBe4 is the world s largest integrated platform for awareness training combined with simulated phishing attacks.

End-to-End Trust, Segmentation and Segregation in the IIoT

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

THE POWER OF TECH-SAVVY BOARDS:

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

ISACA West Florida Chapter - Cybersecurity Event

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

Service Provider View of Cyber Security. July 2017

CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR

RSA INCIDENT RESPONSE SERVICES

Securing the Internet of Things (IoT) at the U.S. Department of Veterans Affairs

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Cybersecurity Today Avoid Becoming a News Headline

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

to Enhance Your Cyber Security Needs

Securing Industrial Control Systems

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

Monthly Cyber Threat Briefing

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

G7 Bar Associations and Councils

Retail Security in a World of Digital Touchpoint Complexity

Security Awareness Training Courses

Managing complexity and rapid change in 2019

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK

9 Steps to Protect Against Ransomware

EMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS

Cybersecurity Overview

THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE

June 5, 2018 Independence, Ohio

Securing the User: Winning Hearts & Minds to Drive Secure Behavior

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

THALES DATA THREAT REPORT

Back to the Future Cyber Security

Control Systems Cyber Security Awareness

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

Security & Phishing

Strategies for a Successful Security and Digital Transformation

RSA INCIDENT RESPONSE SERVICES

WHITE PAPER. HELPING BANKS SECURE DATA DURING AND AFTER DIGITIZATION An Infosys solution

Critical Infrastructure Analysis and Protection - A Case for Secure Information Exchange. August 16, 2016

The emerging battle between Cyber Defense and Cybercrime: How Technology is changing to keep Company and HR data safe

Transcription:

The Cyber Threat Bob Gourley, Partner, Cognitio June 22, 2016 How we think. 1

About This Presentation Based on decades of experience in cyber conflict Including cyber defense, cyber intelligence, cyber attack and analysis Informed by understanding of the complexities of technology and the critical nuances of policy and process in our system Validated by what works in defense across multiple sectors of the economy. Salient lessons fit on one slide That One Slide Follows 2

Know The Threat To Beat The Threat The Threat A great deal is known about who is attacking and what their motivations are. By studying them we can build better defenses before attack and respond smarter during attack. Get the right info for strategic, operational and tactical decisions. Adversaries Are: Nations Crime Groups Extremists Hackers Insiders Successful Attacks Are By Organizations The Situation Every sector of the economy and every government and every citizen is under almost constant attack. Most suffer ongoing infections with malware. Attackers get in fast and remain undetected for months. But risk can be reduced/mitigated. Top Lessons Are: Attackers are persistent, we must prepare for breach Defenders Should Collaborate on Lessons Unique Tech Factors Aircraft, cars, roads, trains, ships and organizations increasingly interconnected. But cyberspace is hard to observe and security hard to access. Well instrumented systems overseen by trained/experienced people are key to defense. Tools To Consider: Encryption ID Management 2FA Automated Patching Ensure Tech is Independently Assessed Your Action Lead with understanding that cybersecurity is not just an IT function. Must have your personal leadership and engagement by your entire team. Ensure external verification and validation of your strategy, policy, process and tech. Top Actions: Engage with ISACs, Collaborate with Peers, Study Threats Victory Must Be Earned 3

The Details How we think. 4

About Cognitio We Do Three Things Cognitio is a strategic consulting and engineering firm led by a team of former senior technology executives from the U.S. Intelligence Community. We have a track record of safeguarding some of the nation s greatest secrets, equipping U.S. leadership with actionable intelligence that helps protect lives and driving technology innovation that kept key government agencies generations ahead. Cognitio leverages that vast knowledge to enable companies across disparate industries to effectively manage technology, maximize technology investments, and reduce overall institutional risk. Cyber Security Innovation Data Analytics We provide cyber assessment, awareness, remediation and containment strategies. Our process, the Cyber360, includes best practices from government and industry. Continued innovation is required for market success. Innovation requires well thought out action plans informed by knowledge of both legacy and new technologies. We know the so-what of data, it is there to enhance your ability to achieve your business objectives. And we know the infrastructure and applications required to let you take advantage of your data. Reach Us On Pre-Competed GWAC Vehicle 5

Defense Lessons From All Industries Everyone is under continuous attack Most organizations have ongoing infections with malware Converged/blended attacks the norm Attackers get in fast, but remain undetected for months Awareness of threat is seen as helpful, it helps people understand what to do and who to notify of anomalous activity Transportation Sector Can Learn From Other Sectors 6

Hot Topics From The Daily Threat Brief Cyber attacks against transportation sector are growing and dangerous (but attacks against healthcare sector growing faster) Ransomware evolving/becoming harder to prevent/beat Most visible/attention getting demonstration is the 2015 Charlie Miller/Chris Valasek demonstrations. But vulnerabilities in many vehicles and infrastructure systems For organizations, Phishing remains dominant path in exploits human traits of compassion and curiosity. IoT is coming to transportation sector. Awareness of IoT vulnerabilities becoming more widespread, but little indication of security solutions Mobile device vulnerabilities: exploited to gain account info All Indications Are Attacks Will Continue 7

The Condensed History of the Cyber Threat Civil War: Both sides attacked, exploited, hacked 1998 Moonlight Maze: It takes a nation to fight a nation 2007 Estonia: Be ready to weather a storm 2008 Georgia: Expect cyber attacks timed to military ops 2008 Turkey Pipeline: Large cyber to physical attack 2009 GhostNet: When a powerful adversary wants in nothing will stop them. Collaborative cyber intel can inform response 2011 Wikileaks: Know the human element. Know balance between info sharing and protection 2013 Mandiant Report: Cyber intel is strategic 2013 Snowden Leaks: Know the threat before it strikes 2013/14 Banks and Retail: Nothing stops this adversary 2015 Warsaw s Chopin Airport DDoS: Transportation is a target 2015 Healthcare and Governments: No sector immune 2015 Cars and Embedded IT: Threat actors will find a way 2016: Ukraine power grid: Infrastructure a target 8

Who is Attacking? Successful attacks are conducted by organizations Organizations are groups of people acting together for a common purpose By studying those organizations and how they behave and what they want we can help deter their actions and mitigate some of their capabilities When under attack we can better defend When penetrated we can more quickly respond The four categories of organizations: Nations, Criminals, Extremists, Hactivists 9

The Special Case of the Insider The term Insider Threat has a special use in the security community. Can be a person you trust who you have given credentials to your most sensitive networks and accounts. Can be good one day then change intent the next Could be operating as an extension of one of the organizational categories described above Cannot be stopped by technology alone (but technology can help). Requires policies, process and a highly functioning team of good people to catch the bad ones 10

The Threat Actors 11

Attack Patterns 12

Bad Actors and Their Code Modern malware is designed to stay under the radar Old anti-virus solutions do not work against new threats Malware hops between media Slow, hard to observe communications Sandboxing, honeypots/nets not the entire solution Even sophisticated adversaries and modern malware can be detected No adversary can be invisible Well trained incident response teams find them However, non-automated methods are overwhelmed and cannot scale Automation is key, including automating cyber intelligence Foundational Work Has Been Done Enabling Automation 13

What Can We Do About It? Assess and Understand: Know what data, systems and capabilities are most important to the function of your organization, and maintain continuous automated awareness of their status. Enhance Defenses (but prepare for breach): The adversary in cyberspace is continuing to innovate, which means we must continue to review our defenses and modernize. Even with this continual defense, history proves that the adversaries eventually get in. Design for Containment: Early detection and rapid incident response will be aided if systems are designed to contain adversaries. Containment of attacks is especially important in malicious code. Ensure Backup: Every critical system must have a backup, and recovery methods must be defined and tested. 14

What Can We Do About It? Coordinate Early: Work with those that are critical to responding to attack. For example, the FBI, the US CERT, and the appropriate ISAC (Surface Transportation ISAC, Aviation ISAC, Public Transportation ISAC, Multi-State ISAC). Build bonds of trust before an incident. Leverage Experience of Others: No transportation organization can match the technical talent of the modern cyber criminal or nation. This requires seasoned professionals who constantly focus on learning threat tactics and mitigation strategies. Automate Defenses and Enhance Monitoring: Here too external help is almost always the right path forward. Find the a team that provides analysis of anomalies in your network in ways that give the best of both automation and experience professionals (Gartner calls this Managed Detection and Response or MDR). 15

Review Every citizen you serve, every company you work with or support, every supplier you have, and every other member of the transportation sector, are all facing the same threat Adversaries have objectives they are going to fight to achieve History has shown they will never stop History also shows the bad guys will always get in, eventually A well-instrumented enterprise with well engineered automation and experienced external help can detect and mitigate adversary actions Which Leads To Our Concluding Recommendations 16

Concluding Recommendations Continually Learn! Know and Improve Your Policies! Communicate! ThreatBrief.com TheCyberThreat.com Bob.gourley@cognitiocorp.com 17

Bob Gourley bob.gourley@cognitiocorp.com 18 How we think.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback