Upload File

keeping independents ahead of the cyber threat

17
KEEPING INDEPENDENTS AHEAD OF THE CYBER THREAT Mario Chiock, CISSP, CISM, CISA Tweeter: @chiock

Upload: others

Post on 17-Feb-2022

2 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: KEEPING INDEPENDENTS AHEAD OF THE CYBER THREAT

KEEPING INDEPENDENTS AHEAD OF THE CYBER THREAT Mario Chiock, CISSP, CISM, CISA Tweeter: @chiock

Page 2: KEEPING INDEPENDENTS AHEAD OF THE CYBER THREAT

AGENDA

• What do Oil & Data have in common ?

• Sample of Attacks in the Oil & Gas

• Cyber Threat – Statistics

• Technology alone is not the solution

• Cyber-security is the responsibility of everyone

• Cyber Threat – Essentials

• Takeaways

Page 3: KEEPING INDEPENDENTS AHEAD OF THE CYBER THREAT

WHAT DO OIL & DATA HAVE IN COMMON ?

DATA

PII

PCI

Page 4: KEEPING INDEPENDENTS AHEAD OF THE CYBER THREAT

WHEN SPILLED … BOTH CREATE A BIG MESS

DATA

PII

PCI

DATA Spilled on the internet

Page 5: KEEPING INDEPENDENTS AHEAD OF THE CYBER THREAT

SOCIETY OF EXPLORATION GEOLOGIST

Phishing directed users to :

www.seg.org/amhousing Page

This page redirected to a

Page that had:

Nuclear Exploit Kit

&

RIG Exploit kit

Taking control of the machine of the

users clicking the link

http://www.seg.org/amhousing
Page 6: KEEPING INDEPENDENTS AHEAD OF THE CYBER THREAT

MAJOR CYBER ATTACK HITS NORWEGIAN OIL INDUSTRY http://www.theregister.co.uk/2014/08/27/nowegian_oil_hack_campaign/

Approximately 300 oil and energy

companies in Norway have been hit

by one of the biggest cyber-attacks

ever to have happened in the country.

“Spear phishing attacks –

increasingly through the

compromised systems of small

suppliers to large companies– is an

increasingly interesting attack vector

for criminals attempting to steal

valuable information and IP”.

Page 7: KEEPING INDEPENDENTS AHEAD OF THE CYBER THREAT

SAUDI ARAMCO - SHAMOON

• +30,000 machines

• Insider Exploiting privilege

account

• Use of default passwords

• Use of share accounts

Page 8: KEEPING INDEPENDENTS AHEAD OF THE CYBER THREAT

OTHER CYBER ATTACK TO OIL & GAS http://www.houstonchronicle.com/business/energy/article/Malware-on-oil-rig-computers-raises-security-fears-4301773.php

http://www.computerweekly.com/news/1280095257/Exxon-Shell-BP-hacked-in-Night-Dragon-attacks

Page 9: KEEPING INDEPENDENTS AHEAD OF THE CYBER THREAT

HACKERS BREAK INTO CORPORATE SYSTEMS THROUGH VENDING MACHINES AND ONLINE RESTAURANT MENUS

http://www.allgov.com/news/unusual-news/hackers-break-into-corporate-systems-through-vending-machines-and-online-restaurant-menus-140409?news=852874

Page 10: KEEPING INDEPENDENTS AHEAD OF THE CYBER THREAT

PHISHING STILL HOOKS ENERGY WORKERS http://fuelfix.com/blog/2013/12/22/phishing-still-hooks-energy-workers/

Page 11: KEEPING INDEPENDENTS AHEAD OF THE CYBER THREAT

CYBER THREAT – STATISTICS • 70% of Breaches are found by

3rd parties

• Law Enforcement

• Other investigations

• Partner or customer

• others

• 74% of Breaches where not

detected in months

• 5% of Breaches were not

detected over a year

Many companies been breach just don’t know it yet

• Method of attack

• Phishing

• Vishing

• Malware

• 3rd Party - Insider

• 85% of incidents successful in minutes

• Most Frequent Cause of Breaches:

Negligence - 41%

• 50% data successfully exfiltrated in

few hours

Source: 2013 Verizon Data Breach Investigations Report & Ponemon Institute

Page 12: KEEPING INDEPENDENTS AHEAD OF THE CYBER THREAT

TECHNOLOGY ALONE IS NOT THE SOLUTION

Prepare Prevent Detect Respond Recover Lessons

Learned

People

• Training ● Awareness ● Experience (Skills) ● self phishing

• Responsibility & Accountability for cyber security (Everyone)

Process

• Policies & Standards that can be audited, Enforce & Measured

• Threat Modeling ● Drills ● Secure by Design/Default/deployment

Technology

• Use a Next Generation Platform ● Automate actions

• Security technology should collaborate ● Share IOC’s

Page 13: KEEPING INDEPENDENTS AHEAD OF THE CYBER THREAT

CYBER SECURITY MUST BE ON EVERYONE’S AGENDA

Executives What is the potential

impact of a cyber

breach-attack

Mitigate Risk

Business We need to use the

Data

We need to use the

Technology

We need to protect the

DATA and Technology

Board

CEO

CFO

Operations

Marketing

HR

Legal

HSE

Supply Chain

Operational Technology

CIO

Business Systems

Helpdesk

Data Centers

IT Security

IT Operations

Networks

Servers

Desktops

Information

Technology

We manage the IT

Infrastructure &

Software

We need to protect IT

ALL Employees

&

Contractors

Page 14: KEEPING INDEPENDENTS AHEAD OF THE CYBER THREAT

CYBER THREAT - ESSENTIALS

Information Sharing

ONG-ISAC

InfraGard

Engage with FBI – DHS

Incident Response

Invest on Preparedness

Desktop exercise

Root Cause Analysis

Executive Buy-In

Everyone Responsible & Accountable

Adopt the Safety Culture into Cyber-Security

IT & OT need to work together

Build Cyber-Security Skill set

Training

Network with peers

Adopt Best Practices

Concentrate in basic Cyber Hygiene

Page 15: KEEPING INDEPENDENTS AHEAD OF THE CYBER THREAT

TAKEAWAYS

•Technology alone is not the solution

• Information Sharing

• Prepare for the worse

•Cyber-security is the responsibility of everyone

•Concentrate on Essentials & Cyber-security Hygiene

•Train your staff & build cyber-security skills

Page 16: KEEPING INDEPENDENTS AHEAD OF THE CYBER THREAT

Questions ?

Page 17: KEEPING INDEPENDENTS AHEAD OF THE CYBER THREAT

USEFUL ORGANIZATIONS

• ONG-ISAC - http://www.ongisac.org/

• InfraGard – https://www.infragard.org/

• ISSA – http://www.issa.org/

• ISACA – https://www.isaca.org

• ICS-CERT

• US-CERT

• STOP-Think-Connect (http://www.dhs.gov/stopthinkconnect)

• NIST - http://www.nist.gov/cyberframework/


Nigeria - independents breaking through

Brian S. Dennis Director Cyber Security Center for Small ......Staying ahead of the threat curve • Lack of awareness of the threat • Increased scrutiny and liability from buyers,

HUR A INDEPENDENTS

Helena Popovic at Flying Solo's Independents' Day

The Young Independents

A2IM: American Independents Mean Business

programa Independents d'Artà 2011

Paul Wallbank at Flying Solo's Independents' Day

STAYING AHEAD OF THE THREAT

Always Ahead of the Threat .. with CYREN Security Blog in September

v4.0 Independents List

Perkins All Pos Independents

Dale Beaumont at Flying Solo's Independents' Day

Cheltenham Independents Day

Ken Hudson at Flying Solo's Independents' Day

The Fortinet Advanced Threat Protection Framework€¦ · Staying Ahead of the Threat Curve with Fortinet 6 The Fortinet Advanced Threat Protection Framework. 3 “All organizations

Declaration of Independents

Karenni Independents and Self Determination

Stay One Step Ahead of Hackers With Visa Threat Intelligence · Stay One Step Ahead of Hackers With Visa Threat Intelligence | 23 March 2016 Visa Public 6 Data vs. Threat Intelligence

Independents Day

Cyber Threat Intelligence − How to Get Ahead of Cybercrime

7 Ways to Stay 7 Years Ahead of the Threat 2015

Staying ahead of the threat in the cyber security game

Independents vs. Partisans Do political independents really exist?

Page 2 THE INDEPENDENTS - Petroleum News ·  · 2007-09-15Page 6 THE INDEPENDENTS THE INDEPENDENTS ... Prodigy Oil and Gas LLC 70 Trading Bay Energy Corp. ... steps that will encourage

Partisans vs. Independents

Independents Week 2015

Always Ahead of the Threat .. with CYREN Security Blog

OUTPACING CYBER THREATS - Nuclear Threat Initiative · ahead of this rapidly evolving global threat. There’s no doubt that nuclear facility operators and regulators are aware of

Understanding the mobile threat landscape · for the mobile threat landscape for the year ahead. Understanding the mobile threat ... T-Mobile, Google and Facebook. Additionally, 2018

SAN A INDEPENDENTS

PROGRAMA ELECTORAL DE INDEPENDENTS PER ALAQUÀS

Who Feeds Bristol & Bristol Independents

Zero-Day Threats: How to Get Ahead of Attackers with Threat Intelligence

Milan All Pos Independents