ci security
play

CI Security Mike Hamilton Founder and CISO April 19, 2019 2 - PowerPoint PPT Presentation

April 19, 2019 Our stuff keeps your stuff from becoming their stuff CI Security Mike Hamilton Founder and CISO April 19, 2019 2 Surviving 2019 and Beyond SCITDA September 24, 2019 April 19, 2019 Your Presenter Founder, CI Security


  1. April 19, 2019 Our stuff keeps your stuff from becoming their stuff CI Security Mike Hamilton Founder and CISO

  2. April 19, 2019 • 2 Surviving 2019 and Beyond SCITDA September 24, 2019

  3. April 19, 2019 Your Presenter • Founder, CI Security • Policy Advisor, Washington State • CISO, City of Seattle • Managing Consultant, VeriSign • Senior Principal Consultant, Guardent • Independent Consultant • CEO, Network Commerce, Inc. • Ocean Scientist, NASA/JPL

  4. April 19, 2019 You Are Here • You will recognize You will recognize • Water • Water • Traffic • Communications • Traffic • Emergency Management • Public Health • Government • Communications And in some cases • Energy • Emergency • Dams • Elections • 9-1-1 Management • Public Health • Government • And in some cases • Energy • Dams • Elections • 9-1-1

  5. April 19, 2019 Meanwhile… What could possibly go wrong?

  6. April 19, 2019 Leaning Into OSINT Trends emerge, which lend themselves to prediction, or at least noticing which way the wind is starting to blow

  7. April 19, 2019 Recent Public Sector Events

  8. April 19, 2019 Ransomware

  9. April 19, 2019 MSPs – A One-Stop Shop (for compromise) https://ci.security/ 9

  10. April 19, 2019

  11. April 19, 2019

  12. April 19, 2019 BEC Toyota Subsidiary Loses $37 Million Due to BEC Scam

  13. April 19, 2019 Phishing Sites are Eclipsing Malware Data from Microsoft “safe browsing” identification of unsafe sites

  14. April 19, 2019 Credential Stuffing

  15. April 19, 2019 Cryptocurrency Mining • Low-Risk for organized crime • Uses existing botnets • Becoming legitimized as an alternative to ads • Operational Continuity Threat • Not as disruptive as ransomware NOTE that the problem waxes and wanes due to the value of the cryptocurrency and power costs

  16. April 19, 2019 SIM Swapping

  17. April 19, 2019 IoT Weaponization ▪ Not secured when deployed ▪ If exposed to the Internet, immediate takeover ▪ Mirai, Reaper, DoubleDoor ▪ Used for DDOS, and TBD

  18. April 19, 2019 Gigantic DDOS Memcached Amplification Attack Breaks New DDoS Record At 1.7 Tb/s Arbor believes that we’ve entered a new era in which Tb/s DDoS attacks will be common, whether it’s through memcached server vulnerabilities or through other vulnerabilities attackers may be able to find later.

  19. April 19, 2019 Nation-State Collateral Damage

  20. April 19, 2019 AI – Friend or Foe?

  21. April 19, 2019 The Third Party Microscope

  22. April 19, 2019 Commercial Malware Companies

  23. April 19, 2019 A Spyware Company Audaciously Offers ‘Cyber Nukes’ “This ability enables an agency to instantly disable or destroy a target. Cyber strike capability is an ‘always online weapon’ that can be fired at any IP connected terminal with power to disable or destroy a target permanently. This weapon is comparable to a Nuclear Strike that can destroy city wide Cyber infrastructure or render a county wide IP communications ineffective,” the brochure adds. source: https://motherboard.vice.com/en_us/article/59weqb/a-spyware-company-audaciously-offers-cyber-nukes

  24. April 19, 2019 Hardware Vulnerabilities Meltdown-Spectre: Now the class action suits against Intel are starting to mount up "One of the problems with Spectre is that it's completely silent," Evtyushkin said. "You don't see anything happening. Compared to traditional attacks, where an application usually crashes and you can see the damage, with microarchitecture attacks you won't see it or know it happened."

  25. April 19, 2019 So… What Should We Do?

  26. April 19, 2019 Outcomes to Avoid, Financial Impacts - Records Disclosure : ~$150/record - Theft : $75K-$1.2M in our region, multiple millions elsewhere - Disruption : Loss of business continuity or operating capacity, loss of life for critical services

  27. April 19, 2019 Assume Breach We now recognize we cannot eliminate the likelihood of security events • Government must manage security as a business risk rather than an IT problem • 20th Century : Prevent compromises and security events • 21st Century : Manage the risk of this foreseeable event 27

  28. April 19, 2019 The Mathematics of Risk R = P(T V ) * I The likelihood , or probability that a threat is realized • Preventive controls reduce that likelihood The impact (usually financial) of that realized threat • Detection and rapid, effective response address the impact term 28

  29. April 19, 2019 R = P(T V ) * I Preventive Controls Detective Controls • Firewall • Intrusion Detection System • Intrusion Prevention System / • SIEM Application Firewall • Log Aggregation and Analysis • URL filtering • Packet capture and analysis • E-mail security • Human investigators • Vulnerability management • Anti-Virus • Employee training https://ci.security/ 29

  30. April 19, 2019 Detection & Response is a gap Most organizations suffer deal with the fallout 69% 89% 205 average days until of victims are notified by a of victims were not compliant compromised asset detected third party such as the FBI with regulatory requirements https://ci.security/ 30

  31. April 19, 2019 Key Metrics Minimize: • The time from initial compromise to detection • The time to reach full recovery after detection • The sum of these two is known as the ‘dwell time’ https://www.armor.com/blog/dwell-time-cyber-security-metric/

  32. April 19, 2019 Improving Detection and Response • Make it IT’s job • Designate authority and set standards to federate incident response • Use the help/service desk • Make use of Interns • Outsource it

  33. April 19, 2019 Not Everything is Bad… We Think AI, ML, and Security Automation

  34. April 19, 2019 Let’s Talk about AI & ML https://www.legalcheek.com/2019/03/40-of-ai-start-ups-dont-use-ai/ https://www.csoonline.com/article/3378201/11-questions-to-ask-before-buying-ai-enabled-security-software.html

  35. April 19, 2019 Intelligence That’s More Than Artificial Threat Intelligence Firms Look to AI, but Still Require Humans Machine learning and artificial intelligence are helping threat-intelligence firms cover a greater area of the darknet, but human analysts will always be necessary, experts say. Threat intelligence firms are racing to expand their machine-learning capabilities to capture more of the un-indexed parts of the internet, but somewhat ironically, human analysts and experts remain critical to the effort . https://www.darkreading.com/risk/threat-intelligence-firms-look-to-ai-but-still-require-humans/d/d-id/1334570 https://www.ttnews.com/articles/ai-will-boost-productivity-needs-human-guidance https://www.extremetech.com/extreme/291952-google-duplex-still-needs-a-lot-of-help-from-humans

  36. April 19, 2019 This Was PRISEM • P ublic • R egional • I nformation • S ecurity • E vent • M onitoring Confidential Information 36

  37. April 19, 2019 Public Infrastructure Security Cyber Education System (PISCES) CI Security Provides the Monitoring Stack, Collectors, and Maintenance Data Access for Cyber Analyst Curriculum 5-year contract for technology and maintenance services Real-Time Network Security Data Technology Hosting Agreement Incident Reporting Curriculum and Response Agreements Data Sharing Agreements City and County Governments The PISCES Nonprofit https://ci.security/ 37

  38. April 19, 2019 Wrapping… You still don't have to run faster than the bear, but you might be collateral damage • Service disruption for the purpose of extortion is the largest emerging threat – monitor , including your control systems (water/waste/traffic/etc.) • Use the Microsoft controls with O365 • Be prepared to rapidly and effectively respond • Hold your vendors to a security standard • Procurement and policy are your best friends

  39. April 19, 2019 I’ll Leave You With This Rescinding the policy of de minimis use can reduce compromises by 40%

  40. April 19, 2019 THANK YOU Mike Hamilton mkh@ci.security @detectrespond – Company Tweets @seattlemkh – Unvarnished Opinions Sign up for the IT Security News Blast https://ci.security/news/daily-news

  41. April 19, 2019 Our stuff keeps your stuff from becoming their stuff CI Security

Recommend


More recommend