1. what is your position within your organization? · social hacktivism . 2 about advisen: advisen...
TRANSCRIPT
1
Social Hacktivism
2
About Advisen: Advisen Ltd. is a privately-owned, independent and unbiased provider
of news, data and risk analytics to the commercial insurance industry.
Advisen’s mission is to deliver productivity and insight to insurance professionals. Advisen brings greater success though
technology and data, revolutionizing the way the commercial
insurance industry functions. Our customers leverage the Advisen
platform, adding power to their proprietary ability and bringing
value to their clients.
Please locate us on: www.advisen.com
Many Thanks to our Sponsor!
4
Social Hacktivism
http://corner.advisen.com
• White Paper:
Hacktivism: The Growth and Implications of this 21st Century Method of Protest
• Copy of these slides
• Recording of today’s webinar
Today’s Moderator
David Bradford- President, Research & Editorial Group, Advisen Ltd.
Today’s Panelists
Mary Beth Borgwing, Managing Director, Standish Risk Management
Larry Collins, Vice President, E-Solutions Risk Engineering, Zurich
Tom Lahiff, External General Counsel, Vigilant, Inc.
Today’s Panelists Larry Collins, Vice President, E-Solutions Risk Engineering,
Zurich
Larry has more than 35 years of experience in Risk Engineering.. As the Vice President for E-Solutions, he leads a team that provides electronic services to tens of thousands of on-line customers. He’s appeared on TV on cyber security, has spoken on a number of panels and has published several articles and white papers on Security and Privacy related risk issues. He’s done many media interviews on that subject. Larry’s team recently received the Arthur Quern Quality Awards from the Risk and Insurance Managers Society (RIMS) for their Accident Review Tool. The Arthur Quern Quality Award recognizes significant contributions within the field of risk management that raises the quality of products, processes, programs, systems and services. The recipient of the Arthur Quern Quality Award demonstrates innovation within the risk management industry and increased quality in products, services and enterprise risk management within an organization.
Today’s Panelists Mary Beth Borgwing, Managing Director, Standish Risk
Management
Mary Beth Borgwing is a finance and technology savvy senior executive with general management, strategy, finance, technology and operations experience in financial services, global insurance, healthcare, manufacturing and small business market segments. She has extensive start-up and turn around experience with a strong track record for problem solving, profit and market share improvement, speedy results and team building. Mary Beth is founding member of Standish Risk Management a consulting and advisory services firm focused on the 360-degree view of operational risk. In conjunction with her work in risk & insurance she has developed the C Shift: RiskEquilibrium TM a process that creates cultures of risk awareness. The firm currently works with teams and companies in high growth sectors, financial services, and Fortune 500. Prior to Standish Risk Management, Mary Beth served as Chief Financial Officer and Treasurer Sentillion (MFST: US), an IT Security Healthcare company and FAST Company (Morningstar, Inc.). Also she served as EVP at Arthur J Gallagher (AJG), SVP at Willis Group Holdings (WSH) and VP at Marsh (MMC) where she managed client risk strategy and business development in Boston and New York City. Before Sentillion, she held a number of senior positions in financial management performing turnarounds, starting up corporate divisions and advising high growth technology companies.
Today’s Panelists Tom Lahiff, External General Counsel, Vigilant, Inc.
Tom is currently external general counsel and corporate secretary to Vigilant, Inc., which provides managed security information and event management services to Fortune 100 companies. Prior to joining Vigilant, he was a director in the information management practice at PricewaterhouseCoopers, having previously served for 17 years as Vice President and Assistant General Counsel of Citibank, N.A., from 1990 to 2007. While at PwC, Tom helped clients manage the lifecycle of unstructured corporate information to maintain regulatory compliance, manage discovery costs, and leverage intellectual capital. He advised Fortune 100 clients in the transportation, technology, consumer product, and energy sectors on information management. He also developed tools to help firms manage discovery and outside legal expenses. While at Citibank, he worked in the e-commerce and IP units, developing strategies to monetize and defend the Firm’s intellectual property. He also helped develop the Firm’s information security policy and worked with the Bulge Bracket group of financial institutions to respond to the federal banking regulators request for a financial industry business continuity plan. He also worked on the Firm’s response to the electronic discovery amendments to the Federal Rules of Civil Procedure. He helped draft and implement a document retention schedule and legal hold process.
Can you define “hacktivism” and give some history? What are these groups hoping to achieve?
Dave Bradford- Advisen Ltd.
Mary Beth Borgwing, Managing Director, Standish Risk Management
Larry Collins, Vice President, E-Solutions Risk Engineering, Zurich
Tom Lahiff, External General Counsel, Vigilant, Inc.
Hacktivism and Hacktivists
Who are they and what do they want?
• Hacktivism is the use of computers and computer networks as a means of protest to
promote political ends.
• Hacktivism is a business problem, not a technology problem.
• Hacktivism is the te h ology orld’s approa h to politi al a ti is . • Deals with reputation and public image
• Large, high-profile organizations are preferred targets,
• Differentiated only by motive from cyber thieves
• Usually issue specific
• Against something or someone.
• VS West
• VS Capitalism
• VS government privacy
• Know Your Enemy
• I the syste here the religio a d sa red thi gs are ot ho ora le, a d o ly aterial, money and finance have value, this seems a suitable and effective way to act and can
i flue e go er ors a d de isio akers.
Al Qassam Brigades
Hacktivism and Hacktivists
Underlying Causes
• Politically motivated
• Market Visibility / Major Brand
• Perceived social wrong doer
• Politically incorrect public image
• Cyber war
• Recent bank attacks may be the work of a foreign government.
• Retaliation for sanctions and other on-line attacks
• Ricochet revenge
• Financial industry – much harm is possible
• Electrical industry – can shut down the U.S. economy
• Government policy
• DoD and CIA are frequent targets
• Law enforcement
Hacktivists – who are they?
Cult of the Dead Cow
• Who are they / Ho ig are they? / Who’s i their group?
• a computer hacker and DIY media organization founded in 1984 in Lubbock,
Texas.
• Coi ed the ter hacktivist O ega, a ult e er • What’s their goal
• Global Domination Through Media Saturation
• What have they done lately?
• Released the various BackOrifice tools to the hacker community.
Hacktivists – who are they?
Izz ad-din Al qassam
• Who are they / Ho ig are they? / Who’s i their group?
• Though U.S. intelligence officials have said the hackers responsible for the
assaults on banks may have ties to Iran, the al Qassam hacktivists say they are a
group of volunteers who operate across cyberspace without a leader or
geographi ase. There is o spe ial leader, al Qassa rote. I fa t olle ti e de isio aki g leads us to o e.
• What’s their goal
• U.S. Defense Secretary Leon Pa etta des ri ed the atta k as u pre ede ted i terms of scale and speed.
• Many of the largest U.S. financial Co’s targeted:
• Bank of America, U.S. Bancorp,
• SunTrust, Capital One,
• Regions Financial, PNC
• Wells Fargo.
Hacktivists – who are they?
Anonymous
• Who are they
• We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect
us.
• What’s their goal
• They see themselves as activists and protectors of free speech, and tend to rise
up most powerfully when they perceive a threat to internet freedom or personal
privacy.
• What have they done lately? Sept 2012 site take downs
Hacktivists – who are they?
WikiLeaks
• Who are they?
• WikiLeaks is an international, online, not for profit organization which publishes
secret information, news leaks and classified media from anonymous sources.
• What’s their goal • Our goal is to bring important news and information to the public. We provide
an innovative, secure and anonymous way for sources to leak information to our
journalists (our electronic drop box).
• What have they done lately?
• Risks to intellectual property
• Disgruntled employees
Hacktivists – who are they?
Cutting Sword of Justice?
17
• One of the most successful attacks to date.
• 30,000 computers affected
• Major impact
• Theoretically about Saudi policies
• We, behalf of an anti-oppression hacker group that have been fed up of crimes
and atrocities taking place in various countries around the world, especially in
the neighboring countries such as Syria, Bahrain, Yemen, Lebanon, Egypt and ...,
and also of dual approach of the world community to these nations, want to hit
the main supporters of these disasters by this action..
• May be state sponsored
• More likely an Aramco insider
• May never know.
Hacktivism and Hacktivists
Risk Management Response
18
• How do I defend myself?
• Understand your public image! Does the public see me differently than
my advertising message?
• Understand what information your company has.
• Implement a risk management strategy which uses multiple layers of
security that cost an attacker additional time and effort.
• Utilize controls in areas such as identity management, access
management, encryption and DLP technologies.
• Be aware of attack trends. Hacktivists can and do!.
• When a new attack is witnessed it should serve as an indicator of attacks
to come.
The information in this presentation was compiled from sources believed to be reliable for informational purposes only. All sample policies and procedures herein should serve as a guideline, which you can use to create your own policies and procedures. We trust that you will customize these samples to reflect your own operations and believe that these samples may serve as a helpful platform for this endeavor. Any and all information contained herein is not intended to constitute legal advice and accordingly, you should consult with your own attorneys when developing programs and policies. We do not guarantee the accuracy of this information or any results and further assume no liability in connection with this presentation and sample policies and procedures, including any information, methods or safety suggestions contained herein. Moreover, Zurich reminds you that this cannot be assumed to contain every acceptable safety and compliance procedure or that additional procedures might not be appropriate under the circumstances The subject matter of this publication is not tied to any specific insurance product nor will adopting these policies and procedures ensure coverage under any insurance policy.
© Zurich American Insurance Company 2012.
Thank you
The information in this presentation was compiled from sources believed to be reliable for informational purposes only. All sample policies and procedures herein should serve as a guideline, which you can use to create your own policies and procedures. We trust that you will customize these samples to reflect your own operations and believe that these samples may serve as a helpful platform for this endeavor. Any and all information contained herein is not intended to constitute legal advice and accordingly, you should consult with your own attorneys when developing programs and policies. We do not guarantee the accuracy of this information or any results and further assume no liability in connection with this presentation and sample policies and procedures, including any information, methods or safety suggestions contained herein. Moreover, Zurich reminds you that this cannot be assumed to contain every acceptable safety and compliance procedure or that additional procedures might not be appropriate under the circumstances The subject matter of this publication is not tied to any specific insurance product nor will adopting these policies and procedures ensure coverage under any insurance policy. © Zurich American Insurance Company 2012.
What are some of the techniques used by hacktivists?
Dave Bradford- Advisen Ltd.
Mary Beth Borgwing, Managing Director, Standish Risk Management
Larry Collins, Vice President, E-Solutions Risk Engineering, Zurich
Tom Lahiff, External General Counsel, Vigilant, Inc.
Who are hacktivists most likely to attack?
Dave Bradford- Advisen Ltd.
Mary Beth Borgwing, Managing Director, Standish Risk Management
Larry Collins, Vice President, E-Solutions Risk Engineering, Zurich
Tom Lahiff, External General Counsel, Vigilant, Inc.
How are hacktivists using the Cloud to launch attacks? What new technologies are they exploiting?
Dave Bradford- Advisen Ltd.
Mary Beth Borgwing, Managing Director, Standish Risk Management
Larry Collins, Vice President, E-Solutions Risk Engineering, Zurich
Tom Lahiff, External General Counsel, Vigilant, Inc.
How does a hacktivist differ from a cyber terrorist? Are there state-sponsored hacktivists?
Dave Bradford- Advisen Ltd.
Mary Beth Borgwing, Managing Director, Standish Risk Management
Larry Collins, Vice President, E-Solutions Risk Engineering, Zurich
Tom Lahiff, External General Counsel, Vigilant, Inc.
Why is it so difficult to identify and take action against hacktivists?
Dave Bradford- Advisen Ltd.
Mary Beth Borgwing, Managing Director, Standish Risk Management
Larry Collins, Vice President, E-Solutions Risk Engineering, Zurich
Tom Lahiff, External General Counsel, Vigilant, Inc.
What are the legal issues associated with hacktivist attacks?
Dave Bradford- Advisen Ltd.
Mary Beth Borgwing, Managing Director, Standish Risk Management
Larry Collins, Vice President, E-Solutions Risk Engineering, Zurich
Tom Lahiff, External General Counsel, Vigilant, Inc.
What action is the U.S. government taking against hacktivists?
Dave Bradford- Advisen Ltd.
Mary Beth Borgwing, Managing Director, Standish Risk Management
Larry Collins, Vice President, E-Solutions Risk Engineering, Zurich
Tom Lahiff, External General Counsel, Vigilant, Inc.
What should an organization do if it is the victim of a hacktivist attack?
Dave Bradford- Advisen Ltd.
Mary Beth Borgwing, Managing Director, Standish Risk Management
Larry Collins, Vice President, E-Solutions Risk Engineering, Zurich
Tom Lahiff, External General Counsel, Vigilant, Inc.
How can risk managers help manage this threat?
Dave Bradford- Advisen Ltd.
Mary Beth Borgwing, Managing Director, Standish Risk Management
Larry Collins, Vice President, E-Solutions Risk Engineering, Zurich
Tom Lahiff, External General Counsel, Vigilant, Inc.
What insurance coverages would respond to a hacktivist incident?
Dave Bradford- Advisen Ltd.
Mary Beth Borgwing, Managing Director, Standish Risk Management
Larry Collins, Vice President, E-Solutions Risk Engineering, Zurich
Tom Lahiff, External General Counsel, Vigilant, Inc.
Q&A
Dave Bradford- Advisen Ltd.
Mary Beth Borgwing, Managing Director, Standish Risk Management
Larry Collins, Vice President, E-Solutions Risk Engineering, Zurich
Tom Lahiff, External General Counsel, Vigilant, Inc.
Many Thanks to our Sponsor!
Many Thanks to our Panelists!
Mary Beth Borgwing, Managing Director, Standish Risk Management
Larry Collins, Vice President, E-Solutions Risk Engineering, Zurich
Tom Lahiff, External General Counsel, Vigilant, Inc.
33
White Paper: Available on Advisen’s Corner Store
34
Upcoming Advisen Webinars
Visit http://corner.advisen.com/advisen_webinars.html for the 2012 Webinar Schedule
Trends in Business Globalization: The Implications
for Employees Health and Safety & Solutions for
Addressing Them
Wednesday, December 12, 2012 at 11am EST
End of Year: Wrap-Up
Thursday, December 13, 2012 at 11am EST
35
Upcoming Advisen Conferences
Visit http://corner.advisen.com/advisen_conference.html for the 2012
Webinar Schedule
Date: Thursday, January 31, 2:00 PM EST
https://advisen.omnovia.com/register/41841336591883
36
How to reach us: Advisen Ltd.
1430 Broadway
8th Floor
New York, NY 10018
www.advisen.com
Voice: +1.212.897.4800
Fax: +1.212.972.3999