Cyber response to insider threats 3.1

Cyber Security in Real-Time Systems

David Spinks

Advanced Attacks and Role of Insiders

70% of all breaches are discovered by external 3rd parties!

Why me?Worked in process control and ICS environments for about 24 years then moved

into Information Security Risk Management for last 20 years.

My first job in 1970

Glaxo (now GSK) –Animal Rights 10 years

Sizewell B Software Emergency

Shut Down code validation

Why me?

UK AEA then AEA Technology plc 10 years

Safety Risk Management SRD

Cyber Security in Real Time Systems?

Linkedin CSIRS : http://www.linkedin.com/groups/Cyber-Security-in-RealTime-Systems-3623430

Safety Critical and Safety Related Systems

Mission and Business Critical systems

Critical National Infrastructure (CNI)

Systems in Energy, Oil and Gas

Regulated systems in Financial Industry such as E-banking and Point-of-Sale (POS)

SCADA and PLC in large-scale manufacturing

Systems supporting Defence and Law Enforcement

Health and Pharmaceutical Systems Aviation and Transport Systems

https://www.cert.org/insider-threat/

http://www.cpni.gov.uk/advice/Personnel-security1/Insider-threats/

Best Practice ResearchUS DoD

UK MoD

Types of Insider Threat

Unauthorised disclosure

of sensitive information

Process corruption

Facilitation of third party

access to assets

Physical, Logical and Sabotage

Social

Engineering

Malware

Motive

Cert Cases

Who is a possible Insider Threat?

Disgruntled employees Passed over for salary increase or

promotion

Former employees - fired from the company, holds animosity to

company or personnel

Addictions – Drugs, Alcohol or Gambling

Gullible to Social engineers or Coercion or Blackmail

Top 3 Insider Threat Mitigation Steps

Role Based Access Controls – Segregated Access

You will be caught deterrent

Physical access logs Phone access logs Email and Internet Access

We are monitoring and make sure all staff know

reports are examined and action will be taken

Embedding Security within Corporate Culture

Care, Compassion and Consideration

Primary defence

social engineering

Finally what is certain

Threats

Losses

Sophistication

Final thought

david.spinks@hp.com

Cyber response to insider threats 3.1

Technology

Transcript of Cyber response to insider threats 3.1

Cyber SeCurity inCident reSponSe - ponemon.org › local › upload › file › Lancope... · • Distributed denial-of-service (DDoS) attacks • Insider threats • Advanced persistent

Unintentional Insider Threats: Social Engineering

MANUFACTURING CYBER THREATS

Insider Threats (RIMS 2012)

Monitoring Technologies for Mitigating Insider Threats

Insider threats and countermeasures

Brown Bag Presentation: Insider Threats

Insider Threats: Insider The Danger Within Threats...defines insider threats as any “current or former employee, contractor, or other business partner who has or had access to an

Understanding Cyber Threats & Cyber Security

COUNTERING INSIDER THREATS – HANDLING INSIDER THREATS … · countering insider threats – handling insider threats using dynamic, run-time forensics 5c. program element number

Threat Visibility for Cyber Hunters - Kite Distribution · WHITE PAPER Threat Visibility for Cyber Hunters 3 Introduction The challenge of hunting bad actors, insider threats, and

Analysis and Detection of Insider Threats

Understanding Insider Information Security Threats, and ...

CORPORATE CYBER SECURITY INSIDER THREATS Dan Maloney.

Defeating Cyber Threats

Common Sense Guide to Mitigating Insider Threats, … Threat - CERT...REV-04.06.2018.0 Common Sense Guide to Mitigating Insider Threats, Sixth Edition CERT National Insider Threat

Unintentional Insider Threats: Social Engineering · PDF fileUnintentional Insider Threats: Social Engineering The CERT® Insider Threat Center Produced for Department of Homeland

Managing Insider Threats

Cyber response to insider threats 3.1

Identifying and Preventing Insider Threats