slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Cyber Security and Mobility “Are we on the edge of the cliff?” PowerPoint Presentation
Download Presentation
Cyber Security and Mobility “Are we on the edge of the cliff?”

Loading in 2 Seconds...

play fullscreen
1 / 19

Cyber Security and Mobility “Are we on the edge of the cliff?” - PowerPoint PPT Presentation


  • 83 Views
  • Uploaded on

The Secure Software Acquisition Process – C Level. Cyber Security and Mobility “Are we on the edge of the cliff?”. 1. Who am I?. Chair Computer Information Systems Department University of Detroit Mercy Director Center for Cyber Security and Intelligence Studies

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Cyber Security and Mobility “Are we on the edge of the cliff?”' - fergus


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

The Secure Software Acquisition Process – C Level

Cyber Security and Mobility

“Are we on the edge of the cliff?”

1

slide2

Who am I?

  • Chair Computer Information Systems Department University of Detroit Mercy
  • DirectorCenter for Cyber Security and Intelligence Studies
  • Former EmployeeFord Motor CompanyIT Security & Strategy
  • StudentUniversity of Michigan DearbornPhD Program – Writing dissertation

IAPP Detroit KnowledgeNet (September Meeting)

Thursday September 5th, 2013

2

slide3

Aspirations

  • At the end of this presentation you will have a better understanding of:
  • The cyber risksyou face as Mobile Users
  • The current state of the mobile payment space
  • The steps you can take to protect yourself

IAPP Detroit KnowledgeNet (September Meeting)

Thursday September 5th, 2013

3

slide4

Mobile Devices (ubuiquitous)

  • Smartphone sales are greater than laptop sales.
  • Purchases increasing at an annual growth rate of more than 40%
  • About 40% of corporate devices are purchased by individuals who then use them in the enterprise.
  • Number one mitigation strategy for organizations is limiting operating system diversity
  • “We are going to limit ourselves to ONE risky platform”
  • * Source International Data Corporation

IAPP Detroit KnowledgeNet (September Meeting)

Thursday September 5th, 2013

4

slide5

Mobile Devices (general worries)

  • Gen Y has shown a propensity to accept risk.
  • Antivirus/Antispyware tools are available but not as powerful as their laptop counterparts.
  • Antivirus/Antispyware tools are often disabled because of performance.
  • There is a lack of awareness of the differences between Wi-Fi and cellular technology.

IAPP Detroit KnowledgeNet (September Meeting)

Thursday September 5th, 2013

5

slide6

Mobile Devices (Malware History)

  • First Symbian malware (2004):
    • Cabir worm (spread via Bluetooth)
    • Skuller (spread via OS vulnerability)
  • First iPhone virus (2009): Ike worm targeted jail broken iPhonesWritten by a Dutch hacker who was ripped off by a punk hacker. It targeted jailbroken phones running SSH
  • First Android Malware (2010)Trojan-SMS.AndroidOS.FakePlayerDistributed via websites not Android Market. Written by Russian virus writers.

IAPP Detroit KnowledgeNet (September Meeting)

Thursday September 5th, 2013

slide7

Mobile Devices (breaches)

  • 1 in 3 breaches attributed to mobile devices includes lost or stolen devices
  • Malware, hacking, and physical compromise were 5 of top 10 events in Verizon report
    • Others were malware, hacking of servers
  • Breaches are not matching increased usage
    • My speculation is that people don’t report loss of personally owned devices

IAPP Detroit KnowledgeNet (September Meeting)

Thursday September 5th, 2013

7

slide8

Mobile Devices (breaches)

  • 1 in 3 breaches attributed to mobile devices includes lost or stolen devices
  • Malware, hacking, and physical compromise were 5 of top 10 events in Verizon report
    • Others were malware, hacking of servers
  • Breaches are not matching increased usage
    • My speculation is that people don’t report loss of personally owned devices

IAPP Detroit KnowledgeNet (September Meeting)

Thursday September 5th, 2013

8

slide9

Mobile Devices (what’s being done?)

  • The Federal Trade Commission and the California Attorney General have recently published reports focused on mobile privacy.
  • California AG’s “Privacy on the Go” report was issued in January 2013.
  • The FTC’s “Mobile Privacy Disclosures” staff report, was released on February 1, 2013.
  • recommendations on mobile privacy disclosures to 3 different audiences: mobile app marketplaces, mobile app developers, and mobile advertising networks.

IAPP Detroit KnowledgeNet (September Meeting)

Thursday September 5th, 2013

9

slide10

Mobile Devices (what’s being done?)

  • NIST
  • “Guidelines for Managing the Security of Mobile Devices in the Enterprise”
  • DRAFT Guidelines on Hardware-Rooted Security in Mobile Devices
  • DRAFT Guidelines on Mobile Device Forensics

IAPP Detroit KnowledgeNet (September Meeting)

Thursday September 5th, 2013

10

slide11

Mobile Devices (compromises)

  • Accelerometer
  • Confused Deputy.
  • SSL
  • NFC
  • Charger
  • GCM

IAPP Detroit KnowledgeNet (September Meeting)

Thursday September 5th, 2013

11

slide12

Cyber Crime

  • Popular accounts suggest that cybercrime is large, rapidly growing, profitable and highly evolved.
  • Annual loss estimates range from billions to nearly $1 trillion.
  • Some claim cybercrime rivals the global drug trade in size
  • Estimates may be enormously exaggerated, but it would be a mistake not to consider cybercrime a serious problem
  • Cybercrime is actually a relentless, low-profit struggle for the majority.
  • You have the power to limit your vulnerability to cyber crime.
  • *Source: The Cybercrime Wave That Wasn’t By DINEI FLORÊNCIO and CORMAC HERLEY, Published: April 14, 2012

IAPP Detroit KnowledgeNet (September Meeting)

Thursday September 5th, 2013

12

slide13

What do they want?

  • Assets that can be turned into money
    • SSNs
    • Bank accounts
    • Credit Card accounts
    • Identities
  • Access to physical things
    • Cars
    • Places of business
  • Underage candidates for exploitation

IAPP Detroit KnowledgeNet (September Meeting)

Thursday September 5th, 2013

13

slide14

Mobile Commerce (what is it?)

  • NOT: browser based payments
  • NOT: traditional Visa/Mastercard/Amex/Discover
  • IS: “New Experience where the technology fades into the background”
  • IS: SMS, ACH, eMAil, “trusted third parties”
  • IS: Huge across the globe, burgeoning in the U.S.

IAPP Detroit KnowledgeNet (September Meeting)

Thursday September 5th, 2013

14

slide15

Mobile Commerce (players?)

Device Manufacturers

Industry Groups;

Banks

Payment Channel Creators

Credit Card Companies

Corporations

Merchants

Mobile Users

IAPP Detroit KnowledgeNet (September Meeting)

Thursday September 5th, 2013

15

slide16

Mobile Commerce (examples)

  • Google Wallet (not NFC)
    • Stalled until GoogleCash (email cash)
  • ISIS (NFC)
    • AT&T, Verizon and T-Mobile have inked. Visa, MasterCard, Discover and American Express are partners
  • Western Union (SMS)
    • ACH transfers
  • Square (not NFC, yes GPS)
    • SquareReader, SquareWallet, SquareCash, SquareRegister
  • PayPal (eBay, headed to NFC)
    • 20B in mobile payments, PayPal reader, cash cow

IAPP Detroit KnowledgeNet (September Meeting)

Thursday September 5th, 2013

16

slide17

Mobile Commerce (Protections)

  • Google Wallet
    • Hacked twice, immediately
  • ISIS
    • NFC vulnerabilities, Uses Secure Element
  • Western Union
    • SMS vulnerabilities
  • Square
    • GPS vulnerabilities, uses geofencing, uses proprietary
  • PayPal
    • undetermined

IAPP Detroit KnowledgeNet (September Meeting)

Thursday September 5th, 2013

17

slide18

Mobile Commerce (What to do)

  • Move slowly
  • Tie accounts to low balance credit card not a debit card
  • Separate your phone and credit cards.
  • Don’t put your phone in a “bumpable” place
  • For a business, engage an expert for a threat assessment and policy inspection

IAPP Detroit KnowledgeNet (September Meeting)

Thursday September 5th, 2013

18

slide19

For more information

Jeff Ingalsbe

Chair - Computer Information Systems

Center for Cyber Security and Intelligence Studies

University of Detroit Mercy

ingalsja@udmercy.edu

threatmodeler@gmail.com

IAPP Detroit KnowledgeNet (September Meeting)

Thursday September 5th, 2013

19