FBI Cisco Milford Presentationv 2

8/4/2019 FBI Cisco Milford Presentationv 2

1/73

DATA SECURITY CHALLENGES IN THE

ALL TOO PUBLIC AND NOT SO PRIVATE

SECTORS

Patrick GrayPrincipal Security Strategist
http://www.umb.edu/http://images.google.com/imgres?imgurl=http://diversity.haas.berkeley.edu/2009/images/logo_cisco.jpg&imgrefurl=http://diversity.haas.berkeley.edu/2009/sponsor2.html&usg=__1-gdXXSNhC9JGGcS4vRJUFUzKOI=&h=400&w=600&sz=17&hl=en&start=5&um=1&itbs=1&tbnid=o0Xnk9mJitUWiM:&tbnh=90&tbnw=135&prev=/images?q=cisco&um=1&hl=en&newwindow=1&safe=off&sa=N&rlz=1T4GGLL_enUS327US328&tbs=isch:1


2/73

I want you to take home four points

Understand

Educate

Collaborate Prepare


3/73

Its a great to be in Milford today, but uh, do you

know where your data is right now?

Its all about data, your data

The confidentiality

The integrity The availability


4/73

Its hard to protect that which we have no

idea as to its whereabouts So, where is your data today?

On any device

Any place Any time

When arent we working anymore?


5/73

When do we call it a day?

We dont, do we?


6/73

Today, its about mobility

In the past few years we

shifted our lives to the PC

and the Internet

Now, its all about beingmobile

A PC in your pocket

Our mobile work force is

growing and expanding


7/73

Where?

Where does work happen?


8/73

It happens wherever we are!

No longer does business take place solely behind

network walls

The critical work is happening increasingly onsocial networks, on handheld devices, in the field,

and at local cafes


9/73

Diminishing Border

The traditional corporate perimeter,

with clearly identifiable boundaries,

has diminished

In its place, a network with limitless

potential is rising

One where agencies, companies,

their customers, and their partnersdemand access to information

whenever and wherever they need it


10/73

New Considerations

It is information technologys role to ensure that

the appropriate people, using the correct

devices, are accessing the proper resources while

having a highly secure yet positive user

experience within your networks


11/73

A blurring of activities

In addition, it is common for workers to blend

business and personal communications on these

social networks, further blurring the network

perimeter


12/73

The future aint what it used to be.


13/73

Some bone-jarring statistics

50% of Facebook active users log on to Facebook

on any given day

More than 60 million users update their status -daily

People spend over 500 billion minutes per month

on Facebook


14/73

Billions

More than 3 billion photos

uploaded to the site each

month

More than 5 billion pieces

of content (web links, news

stories, blog posts, notes,

photo albums, etc.) sharedeach week


15/73

The involvement is viral

Millions of local businesses have active Pages on

Facebook

More than 20 million people become fans ofPages each day

Pages have created more than 5.9 billion fans


16/73

Mobility

There are more than 200 million active users

currently accessing Facebook through their

mobile devices


17/73

I just have to check

Just last month, 57 million Americans visited

social networking sites from a work computer

Checking your Facebook account has becomethe default Water Cooler

It's the most commonly visited website at the

workplace, twice as popular as Google and

three times as popular as Yahoo


18/73

Cisco on Facebook


19/73

Cisco on Twitter


20/73

Cisco on be
http://www.google.com/imgres?imgurl=http://www.wrestlingroundtable.com/images/youtube.jpg&imgrefurl=http://www.wrestlingroundtable.com/&usg=__6z8IalRlty6hsXPnVjf3l0YyNF4=&h=302&w=591&sz=51&hl=en&start=24&um=1&itbs=1&tbnid=OmHiEjO-MN_aEM:&tbnh=69&tbnw=135&prev=/images?q=youtube&start=18&um=1&hl=en&newwindow=1&safe=off&sa=N&rlz=1T4GGLL_enUS327US328&ndsp=18&tbs=isch:1http://www.google.com/imgres?imgurl=http://www.wrestlingroundtable.com/images/youtube.jpg&imgrefurl=http://www.wrestlingroundtable.com/&usg=__6z8IalRlty6hsXPnVjf3l0YyNF4=&h=302&w=591&sz=51&hl=en&start=24&um=1&itbs=1&tbnid=OmHiEjO-MN_aEM:&tbnh=69&tbnw=135&prev=/images?q=youtube&start=18&um=1&hl=en&newwindow=1&safe=off&sa=N&rlz=1T4GGLL_enUS327US328&ndsp=18&tbs=isch:1


21/73


22/73

Connecticut Computer Services, Inc.


23/73

Owl Computing


24/73

Proton Energy Systems


25/73

CT Post 14


26/73

This is viral

Overall, 43 percent of Americans said they keep

in touch via social networking websites such as

Facebook and LinkedIn


27/73

Connecticut Facebook users

There are almost two million Facebook users in

The Nutmeg State


28/73

There is a human element to all ofthis, an element that is more often

than not, overlooked


29/73

Its no longer just close relationships

Our employees are going places theyve never

gone before and are touching technology

daily

That which they are touching is touching our

networks as well


30/73

5 Reasons Cisco embraces Social Media

Attracting and retaining the

best employees

Innovation and knowledgecreation

Operational efficiency

Talent development

Employee engagement


31/73

That being said

There are things we really need to be aware of

The bad guys know what were doing, where

were going and want to make the trip a wee bitmore difficult


32/73

With Web 2.0

A new breed of malware is evolving

Google Mashups, RSS feeds, search, all of these

can be misused by hackers to distribute malware,

attack Web surfers and communicate with botnets


33/73

Risk it's everywhere

And no one knows that better than IT security

professionals

Disgruntled employees, students, fired employees,

clueless employees who succumb to socialengineering, passwords left on Post-it notes, wide-

open instant messaging and increasingly powerful

hacker tools in the hands of teenagers, Web Mobs

and Organized Crime targeting Social Media sites


34/73

Objective?

The key objective, of course, is to recognize risk,

safeguard your reputation and not reveal sensitive

or confidential information that may prove quite

harmful


35/73

Malware

Historically, malware has plagued e-mail, hidden inmalicious attachments

While that's still happening, more malware writersare putting their efforts into malicious Web sites


36/73

Constant Mutation

The goal in developing malware is not to simply

infect as many systems as possible but to

specifically steal usage information and other

data from compromised systems Use of polymorphic code that constantly mutates


37/73

Bad Statistic


38/73

Two biggest vectors for Malware

Email

Web-based


39/73

The Human Firewall an invaluable tool

A good human firewall employee is one who filters

good security practices and rejects any others

much like a network firewall only allows

authorized traffic and rejects any other

The only way to build a good human firewall is to

raise peoples awareness; to teach them good

habits, to make them recognize bad practices and

change them into good practices

Your cyber security is only as good as the people

who manage it and those who use it


40/73

So Patrick, why do we really need that Human

Firewall?


41/73

Because, Friend has become a verb

Social media users believe there is protection inbeing part of a community of people they know

Criminals are happy to prove this notion wrong


42/73

Causation

The threats and security issues that come with

social media arent usually caused by

vulnerabilities in software


43/73

The herd mentality

More commonly, these threats originate from

individuals who place an unwarranted amount of

transitive trust in the safety of these

communities


44/73

Remember

On social sites

Your privacy is history

They don't have your best interests in mind Social engineering attacks are getting more

targeted


45/73

Trust?

Users will trust something or someone because a

user they know has also expressed trust in that

person or subject

We trust because we are curious and curiosity


46/73

Curious? This is why! Out of date???


47/73

They want to send us somewhere else


48/73

The unknown DO NOT TOUCH THIS!!!


49/73


50/73


51/73


52/73

Dont go there!

Stay on the path that you know well!

Okay to trust but please verify So, have fun! But monitor

Be a bit more vigilant

And manage appropriately

This is what our users are up against

Malware popping up out of nowhere !


53/73

But what does all this mean?

I am just a user and am not an engineer or a

technician or a programmer or a geek!

Im just sitting at my desk, talking to friends

and all sorts of people

How in the world am I threatening our

network???


54/73

2 Reasons

You probably do not understand policies,

procedures, best practices and standards

If you do understand them, they are violated

because there are no consequences the policies

are not enforced

Who, me?


55/73

Education is Critical

Few executives grasp the case for investing insafeguards against hackers, malware, and the like

Education starts at the top and works its way down

the food chain throughout the entire business Before any employee puts their fingers on the

keyboard they must understand that it is not theircomputer


56/73

The Seven Deadly Sins of Network Security

1. Not measuring risk2. Thinking compliance equals security

3. Overlooking the people

4. Lax patching procedures5. Lax logging, monitoring

6. Spurning the K.I.S.S.

7. Too much access for too many


57/73

Did I mention the Insider?


58/73

The Opposing Team

The Hackers

Disgruntled Insiders

Clueless employees

Competitors

Foreign Governments

Terror organizations


59/73

Biggest Players in the Global Black Market

Russia

China

Brazil

Israel

U.S.


60/73

North Korea in the fray


61/73

Krews

HangUp Team

CNHonker

Russian Business Network

Rock Phish

76Service

MAAS

Hoff is Thirsty


62/73


63/73

Great Effort


64/73


65/73

System Penetration

It is an unfortunate reality that you will suffer abreach of security at some point

To bypass security, an attacker only has to find

one vulnerable system within the entirenetwork

But to guarantee security, you have to makesure that 100 percent of your systems areinvulnerable -- 100 percent of the time


66/73

Data Leakage:

How many breaches in 2010?

760 Breaches

222,477,043

records exposed

How were you

impacted?

278 Breaches in2011


67/73

Its inevitable, so be prepared


68/73

Not good

But Patrick! It wont happen to us!


69/73

Whether you get hacked depends

Do you assume the posture of, It cant happen here.

Do you hear, We havent heard of any worm outbreaks

and all seems quiet. Why upgrade those devices?

We have no budget.

Were just hanging out in Connecticut!

Theyre only going after the Government and those

really big banks.

Then my question is, Can you really afford to give up

data today?


70/73

You cant afford to give up data,

so be prepared and alert

Every man has a plan until he gets hit!

Have a robust Computer Security Incident

Response Plan

1. Test it

2. Update it both in terms of technology and

personnel

3. Include Legal and HR in those plans


71/73

So, what are they really after?

Your data

Your assets

Your employees data

Your personal data

Your paycheck

Your friends

Your family


72/73

You are the last line of Defense! Step up!

Understand

Educate

Collaborate

Prepare


73/73

Thank You!

FBI Cisco Milford Presentationv 2

Documents

Transcript of FBI Cisco Milford Presentationv 2