securing caribbean networks
play

Securing Caribbean networks Bevil Wooding Executive Director, - PowerPoint PPT Presentation

Securing Caribbean networks Bevil Wooding Executive Director, CaribNOG THE DIGITAL WORLD Explosion of Online Devices Explosion of Online Users Explosion of Online Data Dark Side To Digital Progress There are only two types of


  1. Securing Caribbean networks Bevil Wooding Executive Director, CaribNOG

  2. THE DIGITAL WORLD • Explosion of Online Devices • Explosion of Online Users • Explosion of Online Data

  3. Dark Side To Digital Progress

  4. “ There are only two types of companies : Those that have been hacked, a nd those that will be.”

  5. THE THREAT IS REAL

  6. In a Word … PEOPLE

  7. BE AFRAID..BUT ALSO BE INFORMED Understanding The Power of the Dark Side

  8. POWERFUL DARK SIDE FORCES Today’s Cyber Criminals are: • Highly ORGANZED • Highly MOTIVATED • Highly RESOURCED and Highly EFFECTIVE!

  9. THE DARK SIDE IS SOPHISTICATED

  10. POWERFUL DARK SIDE FORCES Cybercriminals Hactivists Nation-States Insiders • Broad-based and • Targeted and • Targeted and • Targeted and targeted destructive multi-stage destructive • Financially • Unpredictable • Motivated by data • Unpredictable motivated motivations collection motivations • Getting more • Generally less • Highly • Sophistication sophisticated sophisticated sophisticated with varies endless resources

  11. 2013 - TARGET 2014 - SONY 2015 - OPM 2017 – WannaCry Ransomwear Major cyber attack disrupts internet service across the WORLD!

  12. 2013 - TARGET Russian Crime Syndicate; 1 17 yr old wrote the malware Compromised via a Third- 1 Party Vendor (HVAC) Easy Reconnaissance; 1 Ignored Initial Alerts Internal Infrastructure Used 1 Against Themselves

  13. 2014 - SONY GUARDIANS OF PEACE 1 (North Korean Government) Internally Everything Destroyed; Whole World Saw Emails & 1 Sensitive Information Most of the Company Had Too 1 Much Access; Passwords were stored in files named ‘Passwords’ 1 Warning Signs were Ignored

  14. 2015 - OPM Chinese Government 1 Compromised Using Defense 1 Contractor’s Credentials Encryption is great, but it doesn’t 1 stop those who have passwords or credentials Data Stolen During Holiday When 1 Staffing was Light.

  15. 2016 – DYN DNS Hackers - For Profit or Other 1 Motive? Millions of Compromised 1 Digital Video Cameras Unpatched IoT Devices 1 Plenty of Individuals, Companies, and Vendors to 1 Blame!

  16. 2017 - WannaCry Hackers - Unknown 1 Ransom message asking for 1 approx. $300. Increase to $600 after 3 days. After 7 days, files destroyed Estimated > 200,000 victims 1 WORLDWIDE CONTRIES AFFECTED

  17. IT’S NOW EASIER TO BE ON THE DARK SIDE

  18. PUBLICLY AVAILABLE TOOLS

  19. OUTSOURCING & CAPACITY BUILDING

  20. Securing National Development WHAT COMES NEXT … NO ONE KNOWS “Future attacks will likely increasingly be directed to softer targets in locations through which huge sums of money flow electronically for tax efficiency or advantage, those areas with infrastructure links to the United States and Europe, and in areas where the success of a sector such as tourism is central to the stability of the regional or national economy.”

  21. Securing National Development WHAT’S ALREADY HERE – CARIBBEAN ALREADY FE • Ransomware Attacks • Phishing Attacks • Distributed Denial Of Service • Data Theft • Identity Theft • ATM Scams

  22. Securing National Development GREATER THREATS, FEWER RESOURCES • Cybersecurity Skills Are in High Demand, Yet in Short Supply – most organizations do not have the people or systems to monitor their networks consistently and to determine how they are being infiltrated. – Cisco estimates there are over 1 million unfilled security jobs worldwide

  23. FORTUNATELY … ALL IS NOT LOST RESISTANCE IS NOT FUTILE W h i l e t h e r e i s n o s i l v e r b u l l e t s o l u t i o n w i t h c y b e r s e c u r i t y, a w e l l - i n f o r m e d , w e l l - s t r u c t u r e d , c o o r d i n a t e d , m u l t i - s t a k e h o l d e r a p p r o a c h c a n m a k e a b i g d i f f e r e n c e

  24. Securing National Development Opportunity in the Crisis • As the Internet of Things (IoT) gains more traction, the lack of basic security standards and the increasing skill shortage will present opportunities for countries and businesses that invest in cybersecurity skills development

  25. Securing National Development Opportunity in the Crisis • As the Internet of Things (IoT) gains more traction, the lack of basic security standards and the increasing skill shortage will present opportunities for countries and businesses that invest in cybersecurity skills development

  26. Securing National Development Joining the Resistance • Effective Cybersecurity Requires – Cyber Strategies – People, Analytics, Intelligence, and Technology – An Informed Human Approach to Security

  27. Securing National Development A Note on Cyber Strategies Cybersecurity Develop in collaboration with critical business strategies units – embed security personnel into business should be units, so security strategy can be integrated not holistic just tacked on Align to Business Goals – If you bring value with your strategy, security becomes a business differentiator and revenue generator, transforming security from cost center to a growth center.

  28. Securing National Development A Note on Cyber Strategies Cybersecurity Validate at the leadership level – Keeping organizational strategies leaders informed and involved in data breach should be preparedness and response plans is essential for holistic. maintaining a sophisticated security posture. Dynamically managed – Threat actors continuously adapt. Your cybersecurity strategy should, too. Treat it like it is a living, breathing, constantly questing process. If you let it languish, your threat posture also suffers.

  29. HOW CAN GOVERNMENTS HELP? UPDATE LEGISLATION PARTICIPATE IN REGIONAL BODIES STRENGTHEN LOCAL CAPACITY RAISE PUBLIC AWARENE SET NATIONAL STANDARDS

  30. HOW CAN INDUSTRY HELP? TRACK THE TREND LINES SUPORT PUBLIC-PRIVATE COOPERATION INVEST IN SECURITY TOOLS AND INFRASTRUCTUR ENCOURAGE AND TRAIN CYBER EXPERTS

  31. Make the Investment. Develop a Cyber Security Strategy. TAKE ACTION! “despite hard pressed budgets, cyber security needs to be seen as just as important as physical security and treated as core cost for businesses and governments .” … IT’s WORTH IT

  32. About the Presenter BEVIL M. WOODING Internet Strategist, Packet Clearing House Mr. Wooding is an an Internet Strategist for Packet Clearing House, a US-based non-profit research institute. He is also the Executive Director of the Caribbean Network Operators Group Twitter/Linked: @bevilwooding

  33. Questions in fo @ c arib no g.o r g

Recommend


More recommend