1 / 67

Before we start - if you found a USB drive in your car park or in your driveway What would you do with it.

Before we start - if you found a USB drive in your car park or in your driveway What would you do with it. . 50% of people would plug it in and 80% would plug it in if it had some type of logo on it. Why Cyber criminals are smarter than we think they are!.

simeon
Download Presentation

Before we start - if you found a USB drive in your car park or in your driveway What would you do with it.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Before we start - if you found a USB drive in your car park or in your driveway What would you do with it. • 50% of people would plug it in and • 80% would plug it in if it had some type of logo on it

  2. Why Cyber criminals are smarter than we think they are! A study on future crime and how we can stop it

  3. or is it? Technology = advantage Business uses Technology to gain an advantage over their opposition or competition. Advantage through better management or the use of cutting edge ideas. The bad guys, the criminals and cyber criminals, have already developed ways to use technology well before it has been released to the general public. Business and users are always playing catch up. Business and users are always reactive

  4. Linear vs. Exponential growth Technological growth is not linear, it is exponential

  5. Linear vs. Exponential growth • The reason for that growth. Technology builds on technology, information and systems. Anything available at the time. So 30 years since the introduction of the internet as a linear time line is equivalent to more than 10,000 years exponentially growth in technology. 30 linear steps is here to the door, 30 exponential steps is here to the moon

  6. The Apollo Landing Speaking of the moon - The whole of NASA at the time of the first moon landing had less computing power than a single IPhone 4

  7. A little History on Cyber Crime

  8. Crime is exponential as well. In the old days it was Mano au Mano - one person stealing from one person.   We then added stage coaches, trains and banks one person stealing from a number of people.   The Sony hack in 2011 was one person stealing from 70 million people.  

  9. Mobile phones and pagers Mexican drug lords with their own complete mobile phone system

  10. The Mumbai terrorist attack (Raj hotel 2008)

  11. That was the normal criminals and terrorist what about the cyber criminal

  12. Android Phones September 2008 released to the world on HTC’s Dream The android market went live at the same time People started Download banking apps from the android market In the first month 50,000 banking apps were downloaded All were fake!

  13. Flashlight Apps Both android and IOS 75% have a malware component Seems to be the easiest to get through the vetting process Why do you need a location service for a light?

  14. Stuxnet- a virus / worm designed to cross the interface between normal business systems and access low end command and control systems, believed to have been produced by CIA and Israel.     Duqoand flame followed - derivative of stuxnet but changed, encrypted payload and no longer targeted at specific types of computers The problem with these types of attacks, once in the wild they are very hard to control.

  15. Spear phishing attacks are laser guided - the RSA hack is a classic example it was specifically targeted at a specific group of 5 people. Low tech works just as well QANTAS lounge, coffee shop

  16. That was the past what about the present

  17. Diverse IT In 2011 Diverse IT, a domain and website hosting company were hacked. 30 Minutes from total control to loosing everything. They didn’t see it happening and once they did they had no control – they lost everything.

  18. Vijay Kumar: Robots that fly (the TED presentation) http://www.youtube.com/watch?v=4ErEBkj_3PY Now Criminalise Them

  19. The ability to download hacking tools means that a determined 12-year old with some basic computer skills can become a successful hacker. For the more advanced, there are cyber crime black markets that sell personal data, credit card information, tools, passwords, and successful exploits. Criminals can rent “bot-nets” from the cyber-criminal underworld or even purchase complete online stores to collect personal information or to sell bogus products

  20. An Example For $4000.00 you can purchase a malware / spyware creator, all packaged up. You have to be able to speak and read Russian and be willing to have a criminal check but it comes with everything you need to be a cyber criminal including a guarantee and 24/7 tech support.

  21. This is a competitive market, with price wars, guarantees, and special offers. Hacking has become a big business, not only because the Internet is now “where the money is,” but because most networks, despite claims to the contrary, are inadequately defended.

  22. These are script kiddies – using predefined systems, software and information created by others to attack people on the internet. • They are a serious problem! • Because of them everyone who uses an internet facing system is vulnerable – mobile phone, tablet, computer, cloud based systems

  23. A bigger problem is the real bad guys, the “black hats”. The real hackers. • The ones that actually know what they are doing and have ways of getting round security and destroying your business, stealing your money and compromising your identity.

  24. They are so sophisticated that in 2012 • A criminal organisation in the Ukraine set itself up as a marketing company: • Selling software and websites – malware infected • Legitimate offices and payed taxes • Had all of the correct staffing including a call centre • Generated 500 Million Euros in revenue • Only 5% of the people knew they were doing something illegal

  25. The bad guys are coming!

  26. That was then, what about the future? • The bad guys are smart • The bad guys are persistent • The bad guys are well educated in computer systems • The bad guys are developing more and more sophisticated ways of gaining access to your systems and information

  27. How do the bad guys gain access? Everyone is a target • They use Viruses, malware, spyware, ransom ware, RATs and focused hacking attacks • They have sophisticated command and control systems • Use and create Bot nets • They use sophisticated encrypted commssystems • Rent cloud space, super computer cycles and bot nets – with a stolen credit cards of course • Paid in Bit coins • If that doesn’t work they use social engineering and • Industrial espionage – usb in the car park

  28. What do they want • They want your Money • They want your Ideas and Intellectual Property • They want everyone's information – staff, users, management, clients.

  29. Once they have it they trade the information with their illegal friends – the Black market • A confirmed credit card number, with name and security code will net anyware from $20.00 to $350.00 each depending on number and viability.

  30. The cost to everyone • 2 trillion dollar industry – world wide • The actual loss of intellectual property cannot be measured • There are unaccountable number of lives destroyed

  31. Against bad guys how can we hope to protect ourselves? We have to protect: • Ourselves • Your staff, users and clients • Your assets • Your personal and business knowledge and your Intellectual property

  32. We also have to protect the innocent, the unaware, the uneducated and the ill-informed people among us. • They are the ones with the most to loose. • These are the easiest to bring up to a level of awareness

  33. The internet of Everything

  34. Internet Addresses The internet as we know it today has: 4,294,967,296 addresses • The new internet IPv6 has • 340,282,366,920,938,463,463,374,607,431,768,211,456 340 undecillion, 282 decillion, 366 nonillion, 920 octillion, 938 septillion, 463 sextillion, 463 quintillion, 374 quadrillion, 607 trillion, 431 billion, 768 million, 211 thousand and 456.

  35. Why is this important Everything is coming out with the ability to have an IP address configured to it. Sim cards, RFID Chips, small computer – now 2 x 2 milometers Making everything Internet aware creates its own problems. Increasing your businesses Threat Vectors

  36. Recently Large multi national defence company in Dallas was compromised. The IT manager was an IT Nazi and could not believe that his system had been compromised. • He narrowed it down to the board room because of information that became available on the internet. He assumed it was the phone system or an insider and took the necessary steps • It was in fact the Air Conditioning system that had been plugged into his network

  37. Maybe we need some sort of guru

  38. I don’t know about you but I consider the Internet a very dangerous place. I compare it to walking down a dark alley, with your hands and feet shackled, a large amount of money in your wallet and a large flashing neon sign saying “ROB ME”

  39. How do we protect ourselves

  40. Start Here? • A holistic system with more than one component • A system of interlocking components workingtogether • Business needs a framework

  41. Which framework COSO - Enterprise Risk Management Integrated Framework The business model for internet security

  42. How about a simple framework? • A framework that grows with your business A framework for building a secure business environment • They are • A framework that allows future requirements to be plugged into it without changing • A framework that includes the four pillars of business security

  43. Technology All of those technology components Firewalls and operating systems Applications Encryption Cloud based and BYOD Wireless and VPN Anti Virus Best Practice

  44. Management A management process and we need to know who is involved in it. The three “P’s” – Processes, Policies, Procedures Auditing Reporting Training

  45. Adaptability Risk Assessment Risk Management Disaster Recovery Business Continuity Cyber Resilience Culture

  46. Compliance Regulations and what you need from them to protect yourself This is probably the most difficult component to define because all businesses are different

  47. These four components, working together creates a cyber security business framework This is a framework that creates a secure environment for your business. • This is a framework that tightens up your business cyber security as you add components to it.

  48. There are lots of frameworks out there but most are produced by companies that say – “Buy my widget and you will be secure” – from the high end like Cisco, Fortinet, Juniper, Microsoft to the low end like d-link and netcomm. • That is not holistic! • A good framework has to have certain Features

  49. The framework has to be agnostic No one thing is going to do the job but one thing from any supplier can do a job. Each piece, is a piece in a puzzle and it is a large puzzle with a very defined goal – protect the business The more you spend the better the features and the better the solution but you can start with the most basic and build on the components

More Related