Cyber og Sundhed

Hvad sker der og hvordan?

Morten von Seelen, Cyber Ops

2

“The bomber will always get through”

“I think it is well also for the man in the street to realise that there is no power on earth that can protect him from being bombed. Whatever people may tell him, the bomber will always get through…”

“The only defence is in offence, which means that you have to kill more women and children more quickly than the enemy if you want to save yourselves...If the conscience of the young men should ever come to feel, with regard to this one instrument [bombing] that it is evil and should go, the thing will be done; but if they do not feel like that – well, as I say, the future is in their hands. But when the next war comes, and European civilisation is wiped out, as it will be, and by no force more than that force, then do not let them lay blame on the old men. Let them remember that they, principally, or they alone, are responsible for the terrors that have fallen upon the earth”.[2][3][4]

33

Meget aktuelt

44

Truslen kommer udefra. Punktum.

Kilde: Verizon/Deloitte Data Breach Investigations Report 2015

5 | Deloitte Copyright © 2016 Deloitte & Touche Oy. All rights reserved.

6 | Deloitte Copyright © 2016 Deloitte & Touche Oy. All rights reserved.

77

1. Mangel på tid, budget og ekspertise til at gennemføre omfattende sikkerhedsfunktioner.

2. Ingen dedikeret IT-sikkerhed folk på lønningslisten.

3. Manglende kendskab til risiko.

4. Fravær af systemoverblik og dokumentation

5. Mangel på medarbejderuddannelse.

6. Manglende opdatering af systemer.

7. Outsourcing af sikkerhed til ukvalificeret 3. part eller systemadministratorer

8. Manglende hardning af ”endpoints”

8 | Deloitte Copyright © 2016 Deloitte & Touche Oy. All rights reserved.

Organization

Physical

Locations

Human

Elements

Cyber

Third

Parties

Fourth Party

Infra-

structure

(Web)-

applications

High Risk

Locations

Building

Access

Inadvertent

Damage

Malicious

Exfiltration

Vendors

Client specific

biz.

Client

specific

Industry

specific

Off-the-shelf

Applications

Internally

hosted

Mobile

Applications

Third party hosted

Cloud/SaaS

Connections

Personal

Computers

Databases

B2B

ConnectionsRemote

connections

(VPN, File

transfer)

Security

Measure

s

Security &

Monitoring

Access

Control

Geographic

core

location

99

1. Phishing (ransomware etc.)

2. Social Engineering

3. CEO/ BEC Fraud

4. Network hacking (including wifi)

5. Website hacking

6. Social Media Hacking

Fælles MO

Sådan angribes virksomhederne anno 2016

1010

Ransomware

Moderne landevejsrøveri

11 | Deloitte Copyright © 2016 Deloitte & Touche Oy. All rights reserved.

12 | Deloitte Copyright © 2016 Deloitte & Touche Oy. All rights reserved.

1313

PhishingPhishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.[1][2]

14© 2016 Deloitte 14

Deloitte Phishing test

15© 2016 Deloitte 15

Results of the simulation are summarized on the chart:

1616

Social Engineering Phishing

1717

Social Engineering Phishing

18 | Deloitte Copyright © 2016 Deloitte & Touche Oy. All rights reserved.

1919

CEO Fraud / BEC Fraud

2020

Social Media Hacking

2121

Network Attack

Sårbarheder giver adgang længere ind I virksomheden

2222

Network Attack - Wifi

23© 2016 Deloitte 23

Man kan komme ind på Netværket på flere måder

2424

Webhacking

25© 2016 Deloitte AS

IT Cyber Attack

Simulations

Business-Wide

Cyber Attack Exercises

Sector-Wide & Supply Chain

Cyber Attack Exercises

Enterprise-Wide Infrastructure

& Application Protection

Global Cross-Sector Threat

Intelligence Sharing

Identity-Aware

Information Protection

IT BC & DR

Exercises

Ad Hoc Infrastructure &

Application Protection

Adaptive & Automated

Security Control Updates

IT Service Desk

& Whistleblowing

Security Log Collection

& Ad Hoc Reporting

External & Internal Threat

Intelligence Correlation

Cross-Channel Malicious

Activity Detection

24x7 Technology Centric

Security Event Reporting

Automated IT Asset

Vulnerability Monitoring

Targeted Cross-Platform

User Activity Monitoring

Tailored & Integrated

Business Process Monitoring

Traditional Signature-Based

Security Controls

Periodic IT Asset

Vulnerability Assessments

Pro

ac

tiv

e T

hre

at

Ma

na

ge

me

nt

Level 1 Level 2 Level 3 Level 4 Level 5

Automated Electronic

Discovery & Forensics

Situational Awareness of

Cyber Threats

Basic Online

Brand Monitoring

Automated Malware

Forensics & Manual

Electronic Discovery

Government / Sector Threat

Intelligence Collaboration

Ad-hoc Threat

Intelligence Sharing

with Peers

Baiting & Counter-Threat

Intelligence

Criminal / Hacker

Surveillance

Commercial & Open Source

Threat Intelligence Feeds

Real-time Business Risk

Analytics & Decision Support

Workforce / Customer

Behaviour Profiling

Network & System Centric

Activity Profiling

Business Partner Cyber

Security Awareness

Targeted Intelligence-Based

Cyber Security Awareness

General Information Security

Training & Awareness

Internal Threat

Intelligence

Security Event

Monitoring

Asset

Protection

Cyber Attack

Preparation

Training &

Awareness

Behavioural

Analytics

External Threat

Intelligence

Intelligence

Collaboration

E-Discovery &

Forensics

Brand

Monitoring

Cyber Security Maturity Levels

Basic Network Protection

Acceptable

Usage Policy

Transf

ormat

ion

Operational Excellence

Blissful Ignorance

Online Brand &

Social Media Policing

Ad Hoc System /

Malware Forensics

Consumer Business &Life Sciences

Military & Defence

25

Hvor vil I ligge? Snak om det!

2626

Stil krav om overblik!

Vores (forsøg på en) løsning:

Overblik! Kend jeres svagheder og trusler

27

1. Er vores SPF1 record opsat korrekt?

2. Hvor længe må vi højest være nede pga. IT-nedbrud?

3. Er ansvaret for sikkerheden defineret?

4. Har vi 2. factor autentificering på adgang udefra?

5. Beskytter vores ansatte, virksomhedens oplysninger med password som: [virksomhedsnavn][årstal] ?

6. Er vores IT-sikkerhedes politik up to date med modern trusler?

7. Er vores netværk VLAN segmenteret?

8. Overlever vores backup selvom det er en IT-medarbejder som bliver ramt af ransomware?

9. Har vi procedure på plads for overførsel af penge?

10.Opsamler vi logfiler et central sted?

11.Dækker vores beredskabsplaner cyber terror?

12.Er vores lokale maskiner sikret med andet end Antivirus?

13.Har vi styr på Databehandleraftalerne?

14.Gemmer medarbejdere følsomme dokumenter på deres bærbare – hvis ja, er der så kryptering på denne?

15.Er vi klar til GDPR?

16.Er adgangen til de finansielle systemer tilpas sikre?

17.Ved ledelsen rent faktisk, hvordan tilstanden er I virksomheden på IT-sikkerheds området?

18.Kan vores IT ansatte løfte opgaven ved et rigtigt hackerangreb?

19.Har I selv kommunikeret kravene til sikkerhed tydeligt nok?

Spørg jer selv…

02.02.2017

Morten von Seelenmvonseelen@deloitte.dk3093 5033