Securing Caribbean networks Bevil Wooding Executive Director, CaribNOG
THE DIGITAL WORLD • Explosion of Online Devices • Explosion of Online Users • Explosion of Online Data
Dark Side To Digital Progress
“ There are only two types of companies : Those that have been hacked, a nd those that will be.”
THE THREAT IS REAL
In a Word … PEOPLE
BE AFRAID..BUT ALSO BE INFORMED Understanding The Power of the Dark Side
POWERFUL DARK SIDE FORCES Today’s Cyber Criminals are: • Highly ORGANZED • Highly MOTIVATED • Highly RESOURCED and Highly EFFECTIVE!
THE DARK SIDE IS SOPHISTICATED
POWERFUL DARK SIDE FORCES Cybercriminals Hactivists Nation-States Insiders • Broad-based and • Targeted and • Targeted and • Targeted and targeted destructive multi-stage destructive • Financially • Unpredictable • Motivated by data • Unpredictable motivated motivations collection motivations • Getting more • Generally less • Highly • Sophistication sophisticated sophisticated sophisticated with varies endless resources
2013 - TARGET 2014 - SONY 2015 - OPM 2017 – WannaCry Ransomwear Major cyber attack disrupts internet service across the WORLD!
2013 - TARGET Russian Crime Syndicate; 1 17 yr old wrote the malware Compromised via a Third- 1 Party Vendor (HVAC) Easy Reconnaissance; 1 Ignored Initial Alerts Internal Infrastructure Used 1 Against Themselves
2014 - SONY GUARDIANS OF PEACE 1 (North Korean Government) Internally Everything Destroyed; Whole World Saw Emails & 1 Sensitive Information Most of the Company Had Too 1 Much Access; Passwords were stored in files named ‘Passwords’ 1 Warning Signs were Ignored
2015 - OPM Chinese Government 1 Compromised Using Defense 1 Contractor’s Credentials Encryption is great, but it doesn’t 1 stop those who have passwords or credentials Data Stolen During Holiday When 1 Staffing was Light.
2016 – DYN DNS Hackers - For Profit or Other 1 Motive? Millions of Compromised 1 Digital Video Cameras Unpatched IoT Devices 1 Plenty of Individuals, Companies, and Vendors to 1 Blame!
2017 - WannaCry Hackers - Unknown 1 Ransom message asking for 1 approx. $300. Increase to $600 after 3 days. After 7 days, files destroyed Estimated > 200,000 victims 1 WORLDWIDE CONTRIES AFFECTED
IT’S NOW EASIER TO BE ON THE DARK SIDE
PUBLICLY AVAILABLE TOOLS
OUTSOURCING & CAPACITY BUILDING
Securing National Development WHAT COMES NEXT … NO ONE KNOWS “Future attacks will likely increasingly be directed to softer targets in locations through which huge sums of money flow electronically for tax efficiency or advantage, those areas with infrastructure links to the United States and Europe, and in areas where the success of a sector such as tourism is central to the stability of the regional or national economy.”
Securing National Development WHAT’S ALREADY HERE – CARIBBEAN ALREADY FE • Ransomware Attacks • Phishing Attacks • Distributed Denial Of Service • Data Theft • Identity Theft • ATM Scams
Securing National Development GREATER THREATS, FEWER RESOURCES • Cybersecurity Skills Are in High Demand, Yet in Short Supply – most organizations do not have the people or systems to monitor their networks consistently and to determine how they are being infiltrated. – Cisco estimates there are over 1 million unfilled security jobs worldwide
FORTUNATELY … ALL IS NOT LOST RESISTANCE IS NOT FUTILE W h i l e t h e r e i s n o s i l v e r b u l l e t s o l u t i o n w i t h c y b e r s e c u r i t y, a w e l l - i n f o r m e d , w e l l - s t r u c t u r e d , c o o r d i n a t e d , m u l t i - s t a k e h o l d e r a p p r o a c h c a n m a k e a b i g d i f f e r e n c e
Securing National Development Opportunity in the Crisis • As the Internet of Things (IoT) gains more traction, the lack of basic security standards and the increasing skill shortage will present opportunities for countries and businesses that invest in cybersecurity skills development
Securing National Development Opportunity in the Crisis • As the Internet of Things (IoT) gains more traction, the lack of basic security standards and the increasing skill shortage will present opportunities for countries and businesses that invest in cybersecurity skills development
Securing National Development Joining the Resistance • Effective Cybersecurity Requires – Cyber Strategies – People, Analytics, Intelligence, and Technology – An Informed Human Approach to Security
Securing National Development A Note on Cyber Strategies Cybersecurity Develop in collaboration with critical business strategies units – embed security personnel into business should be units, so security strategy can be integrated not holistic just tacked on Align to Business Goals – If you bring value with your strategy, security becomes a business differentiator and revenue generator, transforming security from cost center to a growth center.
Securing National Development A Note on Cyber Strategies Cybersecurity Validate at the leadership level – Keeping organizational strategies leaders informed and involved in data breach should be preparedness and response plans is essential for holistic. maintaining a sophisticated security posture. Dynamically managed – Threat actors continuously adapt. Your cybersecurity strategy should, too. Treat it like it is a living, breathing, constantly questing process. If you let it languish, your threat posture also suffers.
HOW CAN GOVERNMENTS HELP? UPDATE LEGISLATION PARTICIPATE IN REGIONAL BODIES STRENGTHEN LOCAL CAPACITY RAISE PUBLIC AWARENE SET NATIONAL STANDARDS
HOW CAN INDUSTRY HELP? TRACK THE TREND LINES SUPORT PUBLIC-PRIVATE COOPERATION INVEST IN SECURITY TOOLS AND INFRASTRUCTUR ENCOURAGE AND TRAIN CYBER EXPERTS
Make the Investment. Develop a Cyber Security Strategy. TAKE ACTION! “despite hard pressed budgets, cyber security needs to be seen as just as important as physical security and treated as core cost for businesses and governments .” … IT’s WORTH IT
About the Presenter BEVIL M. WOODING Internet Strategist, Packet Clearing House Mr. Wooding is an an Internet Strategist for Packet Clearing House, a US-based non-profit research institute. He is also the Executive Director of the Caribbean Network Operators Group Twitter/Linked: @bevilwooding
Questions in fo @ c arib no g.o r g
Recommend
More recommend