Recent Developments in Cyber€¦ · SecOps North America 2016 Recent Developments in Cyber James...
Transcript of Recent Developments in Cyber€¦ · SecOps North America 2016 Recent Developments in Cyber James...
![Page 1: Recent Developments in Cyber€¦ · SecOps North America 2016 Recent Developments in Cyber James P. O’Shea III RBC Capital Markets DISCLAIMER: The views and opinions expressed](https://reader033.fdocuments.in/reader033/viewer/2022052005/6018c413dfefc263ec61f98b/html5/thumbnails/1.jpg)
SecOpsNorthAmerica2016
RecentDevelopmentsinCyberJamesP.O’SheaIIIRBCCapitalMarkets
DISCLAIMER:Theviewsandopinionsexpressedintoday’spresenta=onaremyown,anddonotrepresentthoseofRBCFinancialGroupandits
subsidiaries.
![Page 2: Recent Developments in Cyber€¦ · SecOps North America 2016 Recent Developments in Cyber James P. O’Shea III RBC Capital Markets DISCLAIMER: The views and opinions expressed](https://reader033.fdocuments.in/reader033/viewer/2022052005/6018c413dfefc263ec61f98b/html5/thumbnails/2.jpg)
SecOpsNorthAmerica2016
CyberEvolvesfrom1990stoPresent
GenericAFacks
• RandomTargets• LowVolume,‘nuisance’value• Moderate/highdifficultytobuildanduseaFacktools
• Limitedskillpool• Isolatedtoindividualcomputersorsmallworkgroups
• RandomlyaFackwhatthevirusdecidestoaFack
• Return:onlynotorietytoaFacker
BroadlyTargetedAFacks
• Generalizedtargets• HighVolume,LowValue• Improvingskillpool• Commercialspamcampaigns• DenialofService• Generalizedphishing
• Hitandrun• AFackthe(hoped-for)holderofatradeablecommodity
• Return:propertyofthevicYm’swhichtheaFackercanre-sell,one-Yme,withshortlifespananddecreasingvalueoverYme(password;creditcard)
PersonalizedAFacks
• Specific,individual,targets• LowVolume,HighValue(USD1bn?)• MaturesupplychainforcrimewareandassociatedecosystemforeaseofaFack• SpearPhishing• Customizedexploitcode• AdvancedPersistentThreats
• Getinandstayin• AFackaspecificbusinessprocess• Return:abilitytoconYnuallyobserve&extractvaluedirectlyfrom/asthevicYm
![Page 3: Recent Developments in Cyber€¦ · SecOps North America 2016 Recent Developments in Cyber James P. O’Shea III RBC Capital Markets DISCLAIMER: The views and opinions expressed](https://reader033.fdocuments.in/reader033/viewer/2022052005/6018c413dfefc263ec61f98b/html5/thumbnails/3.jpg)
SecOpsNorthAmerica2016
Howdoesabreachoccur?Moststartwithanemail…
![Page 4: Recent Developments in Cyber€¦ · SecOps North America 2016 Recent Developments in Cyber James P. O’Shea III RBC Capital Markets DISCLAIMER: The views and opinions expressed](https://reader033.fdocuments.in/reader033/viewer/2022052005/6018c413dfefc263ec61f98b/html5/thumbnails/4.jpg)
SecOpsNorthAmerica2016
BreachesOccurFasterThanDetecYon
AFackersaregebngfasteratbreaching,andaredoingsomorerapidlythandefendersaregebngfasteratdetecYng
![Page 5: Recent Developments in Cyber€¦ · SecOps North America 2016 Recent Developments in Cyber James P. O’Shea III RBC Capital Markets DISCLAIMER: The views and opinions expressed](https://reader033.fdocuments.in/reader033/viewer/2022052005/6018c413dfefc263ec61f98b/html5/thumbnails/5.jpg)
SecOpsNorthAmerica2016
1/3ofRecipientsWillOpenaPhishing(Test)Email;>50%of‘Openers’WillClickTheMaliciousLinkWithin3Hours
1min40sec.MedianYmeforthe1strecipientofaphishingcampaigntoopenthebademail
3min45sec.
MedianYmeunYlthemaliciousaFachmentisclickedonbyanyrecipientfromthestartofaphishingcampaign
![Page 6: Recent Developments in Cyber€¦ · SecOps North America 2016 Recent Developments in Cyber James P. O’Shea III RBC Capital Markets DISCLAIMER: The views and opinions expressed](https://reader033.fdocuments.in/reader033/viewer/2022052005/6018c413dfefc263ec61f98b/html5/thumbnails/6.jpg)
SecOpsNorthAmerica2016
MostVicYmsDoNotKnowThey’reBreached
LawEnforcementandotherThirdPartyNoYficaYonstoVicYmarethemostcommonmethodsofdiscoveringabreach
FrauddetecYonandotherinternalcontrolshavebeenrapidlydecliningasmeansofdetecYngbreach
![Page 7: Recent Developments in Cyber€¦ · SecOps North America 2016 Recent Developments in Cyber James P. O’Shea III RBC Capital Markets DISCLAIMER: The views and opinions expressed](https://reader033.fdocuments.in/reader033/viewer/2022052005/6018c413dfefc263ec61f98b/html5/thumbnails/7.jpg)
SecOpsNorthAmerica2016
AnOunceofPrevenYon:99%+OfBreachesExploitVulnerabiliYesThatAreMoreThan1YearOld
![Page 8: Recent Developments in Cyber€¦ · SecOps North America 2016 Recent Developments in Cyber James P. O’Shea III RBC Capital Markets DISCLAIMER: The views and opinions expressed](https://reader033.fdocuments.in/reader033/viewer/2022052005/6018c413dfefc263ec61f98b/html5/thumbnails/8.jpg)
SecOpsNorthAmerica2016
WhatCanYouDo?
• Inventoryyourdataandprocesses.• Knowwhatismostimportanttoyourfirm.
• Classifyyourdata.• Whichofthoseimportantitemscomesfirst?
• Haveaplan;assumebreach.• Howwillyouoperatealerabreachoccurs?
• Youwill‘fightlikeyoutrain.’• Exerciseyourplansregularly.
• Shareinforma=onandexper=sewithinyourindustryandgovernmentregularly• ParYcipateininformaYonsharingorganizaYonslikeFS-ISACandFBI’sInfraGard• BuildtherelaYonshipsyouwillneedbeforeyouneedthem
![Page 9: Recent Developments in Cyber€¦ · SecOps North America 2016 Recent Developments in Cyber James P. O’Shea III RBC Capital Markets DISCLAIMER: The views and opinions expressed](https://reader033.fdocuments.in/reader033/viewer/2022052005/6018c413dfefc263ec61f98b/html5/thumbnails/9.jpg)
SecOpsNorthAmerica2016
FurtherReading
• The2016VerizonDBIRdatain4-minuteformforFinancialServiceshFp://www.verizonenterprise.com/resources/reports/rp_2016-DBIR-Financial-Data-Security_en_xg.pdf• The2016fullVerizonDataBreachInvesYgaYonsReporthFp://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/• DataBreachDigest–Briefcasestudiesofwhoandhow.hFp://www.verizonenterprise.com/resources/reports/rp_data-breach-digest_xg_en.pdf• 20CriYcalSecurityControls–CenterforInternetSecurityhFps://www.cisecurity.org/criYcal-controls.cfm