1 / 15

State of the Threat

State of the Threat. What keeps us up at night. Introduction. Brian Martin is...

cora-briggs
Download Presentation

State of the Threat

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. State of the Threat What keeps us up at night.

  2. Introduction Brian Martin is... the former CISO of Lehigh Valley Health Network (my biggest client), prior military USAF, graduate of UMUC, enrolled at ESU, teaching at NCC, on education boards at LCCC, NCC, ESU, IADT, author of a few technical articles, and chief organizer of the local Lehigh Valley Links group on Linkedin. The best thing I did last year was organize a racing team for Lehigh Valley Grand Prix to raise more than $2000 for Autism.

  3. Blackmail Extortion Terrorism Theft, Monetary Theft, IP Strategic/Tactical Threat Collateral Damage Slamming Fraudulent Billing Cell Phones Defense & Response  Overview

  4. Blackmail The threat of revealing real or false information for gain. • Pay me or I frame you with the FBI. • Pay me or I tell your wife about our affair. • Its a shame YourBusiness.com has porn on it, demand money. • Lured in by an email Call the police.  Call your lawyer first if you must, but call the police.  Education is the key to successful response. http://www.sans.org/newsletters/newsbites/newsbites.php?vol=8&issue=91#sID301

  5. Extortion The threat of violence or consequence for gain. • Give me what I want and I'll go away. • Encrypt/erase your files, demand money for return. • Steal secrets, demand money. • DDoS, demand money. http://www.sans.org/newsletters/newsbites/newsbites.php?vol=8&issue=86

  6. Terrorism • Intent to cause harm to community, spread fear. • Risk varies, do analysis, but generally very low. • Cyber Terrorism can be stand-alone or part of a larger hard target effort.  • Disruption or direct harm. • Delay in emergency responders. • Be aware of your company's risk.  http://www.sans.org/newsletters/newsbites/newsbites.php?vol=9&issue=40#sID201

  7. Theft, Monetary • Direct acquisition of funds. • Worldpay $9M. • Citibank $2M. • Many, many examples, most unpublicized. • Small or large. • Individual or institutional. • Usually not a concern for an individual, provided you take precautions. •  Frank Abagnale advice http://www.google.com/search?hl=en&rlz=1G1GGLQ_ENUS274&q=hacking+worldpay&aq=f&oq=&aqi=

  8. Theft, Intellectual Property • No way to undo the damage. • Laptops in hotel rooms. • Spyware. • Content. • Real spy stuff. • Desperate people do desperate things, with your property.  http://www.sans.org/newsletters/newsbites/newsbites.php?vol=8&issue=22

  9. Strategic/Tactical Threats • Should already know of risk. • Typically hard targets, military, infrastructure, communications. • Disruption to aid primary purpose, primary attack. • Secondary effects can impact us all.  Preparation is key. http://cryptome.org/cuw.htm http://www.schneier.com/blog/archives/2009/12/cyberwarfare_po.html http://www.google.com/search?hl=en&rlz=1G1GGLQ_ENUS274&q=cyber+warfare+site%3Asans.org&aq=f&oq=&aqi= http://www.google.com/search?hl=en&rlz=1G1GGLQ_ENUS274&q=preparing+for+extended+service+disruption&aq=f&oq=&aqi=

  10. Collateral Damage • You aren't the target. • But your systems are impacted. • You are a stepping stone to another system.

  11. Slamming • You get forcibly switched to a new  • service • provider • account rep • May not even notice, at first. • Vendor renewal dates and contact info are available to all VARS, in many cases. • Evil vendors lie to you. • I've been assigned... • You've been upgraded... • We took over the account... • Your maintenance has expired... • Cell phones, equipment vendor reps, ...

  12. Fraudulent Billing • Old problem, new opportunities. • Subscription renewal notices. • Supplies. • Phone, mail, fax, email. • Insidious. • Magazines. • Hundreds of Billions in Annual Loss http://www.businessforum.com/fraud01.html http://www.msnbc.msn.com/id/22184921

  13. Cell Phones • Worse than laptops. • Multiple wandering access points. • Subverted. • With valuable intel. • Recording. • GPS. • Layers of insecurity.  • They are the future, but...

  14. Defense & Response • Worker Education & Awareness • Risk Management • Law Enforcement

  15. Brian Martin, CISSP, CHS3 Digital Trust, LLC 610.810.1727 brian@digitaltrustllc.com

More Related