Understanding and Managing Your Threat Landscapesfisaca.org/images/FC15_Presentations/E11.pdf · CRISC CGEIT CISM 2013 Fall Conference –“Sail to Success” CISA Understanding

CRISC

CGEIT

CISM

CISA2013 Fall Conference – “Sail to Success”

Understanding and Managing Your Threat Landscape

Eric Kurnie, SVP, Wells FargoCybersecurity Essentials – E11

11/8/2015 2

CRISC

CGEIT

CISM


CHANGING RISK LANDSCAPE

2

2015 Fall Conference – “CyberSizeIT”November 9 – 11, 2015

Cyber History

3


Cyber Current

4


World’s biggest data breaches: 2004 - 2005

5

accidentally published

hacked

inside job

lost / stolen computer

lost / stolen media

poor security

METHOD OF LEAK

Source: www.informationisbeautiful.net. World’s Biggest Data Breaches

http://www.informationisbeautiful.net/


World’s biggest data breaches: 2013 - 2015

6

accidentally published

hacked

inside job

lost / stolen computer

lost / stolen media

poor security

METHOD OF LEAK

Source: www.informationisbeautiful.net. World’s Biggest Data Breaches

http://www.informationisbeautiful.net/


Who, Why, How, What, Impacts…

7

WHO: Threat Actors

• Cyber Terrorist

• Hacktivists

• Nation State

• Financially Motivated

• Insider

WHY:Goals

• Disruption / Reputation

• Attention

• Espionage

• Theft

• Monetary

• ID

• Revenge

HOW: Vectors

• DDoS-Distributed Denial of Service

• Malware

• Direct Hack

• Phishing

• Social Engineering

What: Vulnerability

•Missing Patches

•Code Vulnerability

•Zero Day vulnerabilities

•“Un-patchable” and End of Life Assets

•Data Back up and Recovery

•Lack of Encryption

•Human issues•ID and Access Mgmt•PasswordMgmt

Impacts:

• Reputational

• Lost Business / Unavailable Services

• Regulatory

• Fraud Losses

11/8/2015 8

CRISC

CGEIT

CISM


THREATS

8


Threat Landscape

9

Cyber-

war

Cyber-

espionage

Cyber agitation

Cybercrime

Geopolitical Conflict

Traditional Domain of Opportunistic Hackers

Highly Motivated (More Detrimental

to Operations)

Opportunistic (Less Detrimental to

Operations)

Examples Targeted Assets

Estonia Internet backboneGeorgia Government sitesStuxnet Nuclear facility

Dupont Trade SecretsNight Dragon Source codeOperation Aurora Intellectual propertyRio Tinto Strategic legal docsShady RAT Bidding plans

Anonymous Sensitive data ,variousChevron Public reputationHBGary Federal Sensitive emailsSony Executive’s detailsScientology DDoS, reputationWikiLeaks Classified documents

JPMC Account informationTarget/HD Credit card dataEpsilon Email addressesSony Player accountsSpyEye and Zeus Login credentials, PIN


10

Opportunistic Hackers


11

Cybercrime


Cyber Agitation

12


Cyber Espionage

13


14

Cyber War


Today’s Financial Industry Security Threat Landscape

15

Business growth drives more systems in the environment

‒ Massive complexity and asset intimacy

‒ Harder to understand all technical risks

Requires more complex application / system development

Attack surface has expanded significantly (mobile, wireless, cloud)

Evolved Ecosystem

More attackers, characterized as:

‒ Sophisticated

‒ Better resourced than their targets

‒ Monetized incented attacks

‒ Security controls also targets (e.g. tokens)

Targets no longer limited to certain industry sectors

Emergence of social engineering

External Threat Landscape

Increase

d Targetin

g of

Info

rmatio

nal A

ssets fo

r Mo

netary G

ain

Shifting Threat LandscapeAdds to Defense in Depth


The price of a data breach

16

Scottrade Stock Trading Service Hacked

possibly affecting 4.6 million customers- October 2015

Anthem Hacked

Nearly 80 million Anthem members impacted

- February 2015

JP Morgan Chase Cyberattack affected 76

million households- July 2014


Miscellaneous Errors

17


Crimeware

18


Insider Misuse

19

11/8/2015 20

CRISC

CGEIT

CISM


VULNERABILITIES

20


Don’t be a… (video)

https://www.youtube.com/watch?v=nPR131wMKEo

21

https://www.youtube.com/watch?v=nPR131wMKEo


Passwords

22


Password1?

23


$m=gC+M&cH

24


Passwords – additional controls

25


26

Social Engineering


Published Vulnerabilities

27


83 percent+ of compromises go undetected for long periods of time

28

5%

62%

16%

8%

9%

0%

0%

0% 10% 20% 30% 40% 50% 60% 70%

Years

Months

Weeks

Days

Hours

Minutes

Seconds

Discovery Timeline Cyber-Espionage

Source: Verizon 2014 Data Breach Investigations Report


Zero-Day Vulnerabilities

29


Attackers moving at an increasing speed

30

Botnets Armed forAttacks

Code Developed toExploit

Scanning forVulnerability

In five months, the attacker’s average timeto exploit was reduced by almost two-thirds

HeartbleedApril 2014

BashbugSept 2014

24 hrs.

6 hrs.

48 hrs.

12 hrs.

7 days

48 hrs.

* Data points compiled from several public sources


Managed evolution results in effective risk management

31

A v o i d M i t i g a t e A c c e p t T r a n s f e r

Regulatory Risks ThreatsKEEP IT SIMPLE

Effective Risk Management

Focus on the current state of risk and the impact that the evolving

risk landscape, new technologies, and business processes present

during this journey.


Conclusion

32

11/8/2015 33

CRISC

CGEIT

CISM


QUESTIONS? COMMENTS?

CONTACT INFORMATION:ERIC KURNIE

(650) [email protected]

33

Documents

Understanding and Managing Your Threat Landscapesfisaca.org/images/FC15_Presentations/E11.pdf · CRISC CGEIT CISM 2013 Fall Conference –“Sail to Success” CISA Understanding