score statistical consulting security kristofer laxdal final.pdf · | 20 the leaks keep coming ©...
TRANSCRIPT
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
Kristofer Laxdal , Director Info and Cyber Security – Prophix Software Inc
November 14th, 2017
Cyber Security
| 2© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
Overview
▪ Introduction
▪ Data – ‘The New Oil’
▪ ‘Oil Spills’ Continue in 2017
▪ What is Cyber Security
▪ Containment Strategies
▪ Top Five Predictions for 2017 -2018
| 3© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
Introduction
| 4
Introduction – About Me
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
▪ Kristofer Laxdal , Director
Information and Cyber Security
Prophix Software Inc.
▪ Prophix is a leading FP&A SaaS
provider - as well as on prem-
http://www.prophix.com/
▪ Previously held Cyber Security
roles within CanDeal, IBM ,
Hewlett Packard, Hbc and many
more .
| 5
Data Is The ‘New Oil’
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
| 6
Data Is The ‘New Oil’
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
| 7
Data Is The ‘New Oil’
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
| 8
Data Is ‘The New Oil’
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
| 9
Data Is ‘The New Oil’
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
“Data is the new oil. It’s valuable, but if unrefined
it cannot really be used. It has to be changed into
gas, plastic, chemicals, etc. to create a valuable
entity that drives profitable activity; so must data
be broken down, analyzed for it to have value.”Clive Humby, UK Mathematician and architect of Tesco’s Clubcard, 2006
(widely credited as the first to coin the phrase)
“Information is the oil of the 21st century, and
analytics is the combustion engine.”
Peter Sondergaard, SVP Gartner, 2011:
"I believe that data is the new oil. I am saying it in
this country because I believe that the prosperity
that oil brought in the last 50 years, data will
bring in the next 50, 100 years if you use it the
right way,"
May 2017, Ajay Banga, president and CEO of MasterCard –
Speech in Saudi Arabia
| 10
The Oil Spill
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
Oil is valuable …
However if
mishandled …
| 11
The Oil Spill
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
Oil is valuable …
However if
mishandled …
It is toxic and
flammable – spills
can be disastrous
| 12© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
‘Oil Spills’ Continue in 2017
| 13
The Leaks Keep Coming
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
E-Sports Entertainment Association (ESEA)
January 8, 2017:1,503,707 records
InterContinental Hotels Group (IHG)
February 7, 2017: Malware was found on servers which processed
payments made at on-site restaurants and bars stolen data includes
cardholder names, card numbers, expiration dates, and internal
verification codes
River City Media
March 6, 2017: Database of 1.4 billion email accounts, IP addresses,
full names, and some physical addresses.
Saks Fifth Avenue
March 19, 2017: Customer information posted in plain text via a
specific link on the Saks Fifth Avenue website. The information for tens
of thousands of customers was visible on a page. email addresses,
phone numbers, product codes, and IP addresses
| 14
The Leaks Keep Coming
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
E-Sports Entertainment Association (ESEA)
January 8, 2017:1,503,707 records
InterContinental Hotels Group (IHG)
February 7, 2017: Malware was found on servers which processed
payments made at on-site restaurants and bars stolen data includes
cardholder names, card numbers, expiration dates, and internal
verification codes
River City Media
March 6, 2017: Database of 1.4 billion email accounts, IP addresses,
full names, and some physical addresses.
Saks Fifth Avenue
March 19, 2017: Customer information posted in plain text via a
specific link on the Saks Fifth Avenue website. The information for tens
of thousands of customers was visible on a page. email addresses,
phone numbers, product codes, and IP addresses
| 15
The Leaks Keep Coming
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
E-Sports Entertainment Association (ESEA)
January 8, 2017:1,503,707 records
InterContinental Hotels Group (IHG)
February 7, 2017: Malware was found on servers which processed
payments made at on-site restaurants and bars stolen data includes
cardholder names, card numbers, expiration dates, and internal
verification codes
River City Media
March 6, 2017: Database of 1.4 billion email accounts, IP addresses,
full names, and some physical addresses.
Saks Fifth Avenue
March 19, 2017: Customer information posted in plain text via a
specific link on the Saks Fifth Avenue website. The information for tens
of thousands of customers was visible on a page. email addresses,
phone numbers, product codes, and IP addresses
| 16
The Leaks Keep Coming
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
America’s JobLink
March 21, 2017: America’s JobLink, revealed its systems were
breached by a hacker who exploited a misconfiguration in the
application code. Personal information of 4.8 million job seekers,
including full names, birth dates, and Social Security numbers.
Gmail
May 3, 2017: Gmail users were targeted in a sophisticated phishing
scam that was seeking to gain access to accounts through a third-party
app - the link led to Google’s real security page where the person was
prompted to allow a fake Google Docs app to manage his or her email
account. Company says they estimate about 1 million users may have
been affected.
DocuSign
May 17, 2017: Customers and users of the electronic signature
provider DocuSign were targeted recently by malware phishing attacks.
DocuSign-branded messages were sent that prompted recipients to
click and download a document that contained malware.
| 17
The Leaks Keep Coming
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
America’s JobLink
March 21, 2017: America’s JobLink, revealed its systems were
breached by a hacker who exploited a misconfiguration in the
application code. Personal information of 4.8 million job seekers,
including full names, birth dates, and Social Security numbers.
Gmail
May 3, 2017: Gmail users were targeted in a sophisticated phishing
scam that was seeking to gain access to accounts through a third-party
app - the link led to Google’s real security page where the person was
prompted to allow a fake Google Docs app to manage his or her email
account. Company says they estimate about 1 million users may have
been affected.
DocuSign
May 17, 2017: Customers and users of the electronic signature
provider DocuSign were targeted recently by malware phishing attacks.
DocuSign-branded messages were sent that prompted recipients to
click and download a document that contained malware.
| 18
The Leaks Keep Coming
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
America’s JobLink
March 21, 2017: America’s JobLink, revealed its systems were
breached by a hacker who exploited a misconfiguration in the
application code. Personal information of 4.8 million job seekers,
including full names, birth dates, and Social Security numbers.
Gmail
May 3, 2017: Gmail users were targeted in a sophisticated phishing
scam that was seeking to gain access to accounts through a third-party
app - the link led to Google’s real security page where the person was
prompted to allow a fake Google Docs app to manage his or her email
account. Company says they estimate about 1 million users may have
been affected.
DocuSign
May 17, 2017: Customers and users of the electronic signature
provider DocuSign were targeted recently by malware phishing attacks.
DocuSign-branded messages were sent that prompted recipients to
click and download a document that contained malware.
| 19
The Leaks Keep Coming
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
Deloitte
September 25, 2017 The reason behind this one is pretty
embarrassing for a company that was once named the “best
cybersecurity consultant in the world” by Gartner. The firm did not
employ two-factor authentication, so when hackers acquired a single
password from an administrator of the firm’s email account, they were
able to access all areas of the email system.
Yahoo! (Update)
October 9, 2017: In December 2016, it was reported that “more than 1
billion user accounts” may have been impacted by the 2013 Yahoo
breach. Recent news, however, shows it was indeed more than 1
billion—much more. Four months after Verizon acquired Yahoo’s core
internet assets, it was revealed that every single customer account was
impacted by that breach; three billion Yahoo accounts—including email,
Tumblr, Fantasy, and Flickr—were stolen. Even after thorough
investigations, it is still unknown who was behind the 2013 Yahoo
breach.
| 20
The Leaks Keep Coming
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
Deloitte
September 25, 2017 The reason behind this one is pretty
embarrassing for a company that was once named the “best
cybersecurity consultant in the world” by Gartner. The firm did not
employ two-factor authentication, so when hackers acquired a single
password from an administrator of the firm’s email account, they were
able to access all areas of the email system.
Yahoo! (Update)
October 9, 2017: In December 2016, it was reported that “more than 1
billion user accounts” may have been impacted by the 2013 Yahoo
breach. Recent news, however, shows it was indeed more than 1
billion—much more. Four months after Verizon acquired Yahoo’s core
internet assets, it was revealed that every single customer account was
impacted by that breach; three billion Yahoo accounts—including email,
Tumblr, Fantasy, and Flickr—were stolen. Even after thorough
investigations, it is still unknown who was behind the 2013 Yahoo
breach.
| 21
The Leaks Keep Coming
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
Deloitte
September 25, 2017 The reason behind this one is pretty
embarrassing for a company that was once named the “best
cybersecurity consultant in the world” by Gartner. The firm did not
employ two-factor authentication, so when hackers acquired a single
password from an administrator of the firm’s email account, they were
able to access all areas of the email system.
Yahoo! (Update)
October 9, 2017: In December 2016, it was reported that “more than 1
billion user accounts” may have been impacted by the 2013 Yahoo
breach. Recent news, however, shows it was indeed more than 1
billion—much more. Four months after Verizon acquired Yahoo’s core
internet assets, it was revealed that every single customer account was
impacted by that breach; three billion Yahoo accounts—including email,
Tumblr, Fantasy, and Flickr—were stolen. Even after thorough
investigations, it is still unknown who was behind the 2013 Yahoo
breach.
| 22© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
What Is Cyber Security ?
| 23
What is Cyber Security ?
▪ Cyber security is the body of
technologies, processes and
practices designed to protect
networks, computers,
programs and data from
attack.
▪ This includes damage or
unauthorized access - as
well as - disruption or
misdirection of the services
they provide
▪ Wow ! That covers a lot of
ground .
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
| 24
Cyber Security Domains
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
| 25© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
2017 Breach Profile
| 26
The Cyber Breach Profile
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
Statistics from the Verizon Data Breach Investigation Report 2017
| 27
The Cyber Breach Profile
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
| 28© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
Spill Containment Strategies
| 29
Containment Strategies
Implementing a formal information
security governance approach
Establish and maintain a framework
that provides assurance information
security strategies are aligned with
and support the business - a great
starting point –
When selecting one of these
methods, ensure your program
provides the ability to employ a risk-
based approach and enables your
teams to detect incidents
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
| 30
Containment Strategies
Stop Data Loss
Most enterprises rely on employee
trust, but that won’t stop data from
leaving the company.
Now, more than ever, it is
extremely important to control
access, monitor vendors and
contractors as well as employees,
and know what your users are
doing with company data.
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
| 31
Containment Strategies
Detect Those Insider Threats
Your biggest asset is also your
biggest risk.
While well trained users can be
your security front line, you still
need technology as your last
line of defense.
UEBA allows you to detect
unauthorized behavior and
verify user actions are not
violating security policy.
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
| 32
Containment Strategies
Back Up Data, Rinse ,
Repeat
It is crucial for organization
to have a full ,tested and
working back up of all of
data - not only from a basic
security hygiene
prospective, but also to
combat emerging attacks.
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
| 33
Containment Strategies
Beware of Social Engineering
The technology and IT security
policies you implement doesn’t
replace the need for common
sense or eliminate human error.
Remember most hacks are
‘credentialed hacks’
Attempts may come from
phone, email (phishing) or
other communications with your
users.
The best defense is to…
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
| 34
Containment Strategies
Educate and Train Your Users
Your users will always be your
weakest link when it comes to
information security.
Training should include how to:
recognize a phishing email, create
and maintain strong passwords,
avoid dangerous applications,
ensure valuable information is not
taken out of the company in
addition to other relevant user
security risks is critical
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
| 35
Containment Strategies
Patch and Update All Software and
Systems - Min 30 days -
With cyber-criminals constantly
inventing new techniques and looking
for new vulnerabilities, an optimized
cyber security is only optimized for so
long.
Make sure your software and
hardware is up to date with the latest
and greatest within a minimum of 30
days of a patch release - immediately
if critical / zero day
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
| 36
Containment Strategies
Create an Incident Response Plan
No matter how well you follow these
best practices, you will still get
breached – it’s not an if – it is a
when
Having a tested response plan laid
out ahead of time will allow you to
close any vulnerabilities, limit the
damage of a breach, and allow you
to remediate nimbly and effectively
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
| 37
Containment Strategies
Maintain Your Compliance
Regulations like HIPAA, PCI
DSS and ISO offer standards
for how your business should
conduct and measure its
security posture .
More than a hassle which
you need to prepare audit
logs for, compliance can help
guide your business.
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
| 38© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
Top Five 2017 -2018 Cyber
Security Predictions
| 39
2017-2018 Cyber Security Predictions
Increase in Supply Chain
Attacks Though 2018
In a nutshell, a “supply chain
attack” refers to the
compromise of a particular
asset, e.g. a software
provider’s infrastructure and
commercial software, with the
aim to indirectly damage a
certain target or targets, e.g.
the software provider’s clients.
.
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
Used as a stepping stone for
further exploitation, once
foothold is gained to the target
system or systems
| 40
2017-2018 Cyber Security Predictions
IoT – Continued serious
attacks
DDoS / Credential Stealing
Gartner estimates that there
are 6.4 billion connected things
worldwide in use this year, a
number expected to reach 20.8
billion by 2020.
That’s a lot of targets. ( most
aren’t or cannot be patched
easily )
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
| 41
2017-2018 Cyber Security Predictions
Ransomware
▪ If you thought 2016
was bad for
ransomware then
2017 – 2018 will be
worse.
▪ Expect to see a higher
attack volume, using
more sophisticated
technologies and
continue upward
trajectory in 2017.
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
What you need to consider:▪ When was the last time you tested and
verified the backup?
▪ Have you applied basic file blocking to
prevent threats from entering your
organization?
▪ Certain file types can be a risk to your
organization. Ask yourself, “Should we allow
all files or should we manage the risk by not
allowing malicious files types that may cause
an issue?”
| 42
2017-2018 Cyber Security Predictions
Blockchain Technology
Blockchain technology
vulnerabilities will be
discovered by malicious
actors who will exploit
them in an effort to
compromise the security
and confidentiality of
financial transactions in
2017 -2018.
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
| 43
2017-2018 Cyber Security Predictions
Rise of artificial intelligence and machine
learning-driven security
These frameworks will be leveraged by
Cyber Security teams for implementing
predictive security analytics across public,
private and SaaS cloud infrastructures by
leveraging externally sourced threat data
and using it for self-configuring / self-healing
based on organization-specific needs
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
© Copyright 2009 SCORE Statistical Consulting Inc.™ All Rights Reserved www.scorestat.com
Thank you