• No results found

What s Hot and What s Not in the World of Cyber Security and Cyber Crime

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "What s Hot and What s Not in the World of Cyber Security and Cyber Crime"

Copied!
33
0
0

Loading.... (view fulltext now)

Download now ( 33 Page )

Full text

(1)

Dan Lohrmann, Chief Technology Officer

Department of Technology, Management & Budget Smart Grid Symposium

May 20, 2011

Department of Technology,

Management & Budget (DTMB)

What’s Hot and What’s Not in the World of

Cyber Security and Cyber Crime

(2)

Focus today:

Security Trends 2011

• Snapshot of Michigan’s IT environment • Did you know?

• Top 5 Cyber Challenges for 2011 • Final Thoughts

But first a snapshot of Michigan…

(3)

3

2001: Michigan becomes first

state to fully consolidate IT

• 357 online services

• 70 email systems to 2

• 37 data centers to 3

• 64 percent reduction

in contractors

• Security controls implemented

– 10,928,702 Web browser

based attacks blocked (2010)

Michigan earns “A” in 2010 Digital States Survey

0 200000 400000 600000 800000 1000000 1200000 1400000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010

Web Renewals for Vehicles and Watercraft

(4)

• 17 agencies

• 47,000 state employees • IT support provided for:

– Over 800 critical business

applications

– Over 56,000 desktops

Michigan’s Current

IT Landscape

(5)

5

The services we touch

All of them!

Whenever a citizen:

• Files an income tax return

• Pays or receives child support • Wins the Lottery

• Compares schools

• Starts a business

• Applies for a drivers license…

or gets pulled over by a state trooper

5

But like you, Michigan is not without struggles when it comes to Cyber Security…

(6)

The Global State of Cyber

Security

(7)

7

Breach Statistics

• 510,714,985 records with personal

information have been involved in

reported security breaches since 2005

Privacy Rights Clearinghouse

• 246,453,606 financial industry records

breach have been breached since 2005

- Privacy Rights Clearinghouse

• Average total cost of a breach is

estimated at $6.75M/breach - Privacy Rights Clearinghouse

(8)

Did you know?

Cyber criminals are running

black market on-line networks

that broker stolen confidential

information

- Source Panda Security

This brokering is a rapidly

(9)

9

Did you know?

You can purchase

– Credit card details for $2-$90

per card or actual cards for $180

– Bank credentials from $80 to

$700 with guaranteed balances

– Money laundering services for

10% to 40% of the total

You can pay a project team

to set up your own fake

on-line store complete with

rogueware

Source Panda Security

(10)

Did you know?

Increase in enterprise malware attacks

30%

Attacks come from the Web

92%

Malware on legitimate Web sites

(11)

11

In 2010, 79% of sites hosting or redirecting visitors

to malicious content were legitimate sites.

(12)

Cyber crime is all about money

Globally businesses lose $1 trillion to

cyber crime every year

– Source: McAfee

BUT IT IS ALSO

•Low risk

•Easy (technically)

(13)

13

The Environment is Changing

Source: Rob Walters, Sr.

(14)

How about Michigan?

(15)

15

Average

Cyber Attacks Blocked

Per Day!

1 5

2,9942 Web browser based

attacks

24,671 Http based attacks

14,072 scans

88,774 Intrusion prevention

15

Securing government is more than a defensive strategy. Start internally with

(16)

What’s hot now…

You can expect to see the

following:

(17)

17

Challenge #1:

Malware Explosion

Significant growth in

new malware strains

2010 saw 20 million

(18)

Malware Explosion

Face the facts:

• The bad guys are getting better • The cyber world is an excellent

target for crime

• The malware development

cycle has become an organized process

(19)

19

Challenge #2:

Social Media requires protection

Cyber-criminals have

found social media sites

are perfect to infect

unwary users because

users are more trusting of

the tools than say

Increased collaboration

and openness will

increase organizational

vulnerability to data

(20)

Social

Media

Should government take on Facebook?

Mark Zuckerberg, Facebook’s founder and chief executive, has promised to improve the site’s complex privacy controls, which have frustrated many users.

(21)

21

(22)

Challenge #3

SmartPhones and Mobile Apps need security

Mobile subscribers are growing

rapidly - 5.8 billion mobile

subscribers worldwide by 2013

Push by employees to use

personal rather than company

provided cell phones

Many operating systems

Little or no security

(23)

23

Mobile

Apps

An electron spinning technique could pave the way for a new

generation of wireless device signals difficult for enemies to intercept, according to researchers at the National Institute of Standards and Technology.

(24)

Mobile

Apps

• iPads

• iPhones

• Droids

(25)

25

Challenge #4

Securing the Cloud

Securing the cloud becomes critical as business

moves its core processes to the cloud

Hackers will exploit the cloud as they look for

low hanging fruit that can lead them to monetary

gain

(26)

Cloud

Computing

Malware will invade the cloud in 2011

A new strain of malware was recently detected in a cloud-based service, and its presence may herald a new and potentially dangerous security threat for Internet users in 2011.

(27)

27

The good, the bad and the ugly

The

good

is dazzlingly good

• Lower costs

• On-demand access and

self-service

• Rapid provisioning /

de-provisioning

• Minimal manual effort • Ubiquitous network

access

• Measured service

(28)

And then there’s the

bad

• Loss of control • Trust • Security • Privacy • Availability • Resiliency • Where’s my data?

(29)

29

But the

ugly

is really

ugly

• Below cost threshold for

procurement scrutiny

• Explosive growth/migration

of service consumption

• Fewer eyes on service use • Explosive bandwidth

consumption

• Paradigm shift for IT rates • Rogue cloud sourcing

Time for a reality check:

How ugly is it in your shop?

(30)

One extreme is

blind trust

Adopt a commodity cloud

function as-is (cloud sets the rules)

BUT: Provider accountability

is low while risks

are high

…Opposite extreme

is all about control

Dictate the standards, terms & conditions, etc.

(31)

31

Challenge #5

Crimeware Kits

Crimeware kits are all encompassing

software packages that were

designed for nontechnical

cybercriminals

They open the door for a new era of

hackers

Some of the more well known

crimeware kits are: Zeus/SpyEye,

iPack, and Avalanche

These programs range in price

(32)

Final Thought…

As cyber crime evolves, the

approach to security must evolve with it. We must be open to new ways of thinking that include

enabling, providing options and forming partnerships without risking security programs.

(33)

33

Questions

Dan Lohrmann

References

Download now ( PDF - 33 Page - 1.22 MB )

Related documents

A Music Therapy drumming Intervention in Support of Children with Developmental Dyslexia

Although existing studies have reported positive effects of music on reading skills, no study thus far has focused on music therapy interventions to address the learning needs of

CHEMICAL, MICROBIOLOGY CHANGES AND DETECTION OF HDC GENE ON LONGTAIL TUNA Thunnus tonggol DURING CHILLING TEMPERATURE STORAGE

Hasil analisis menunjukkan ikan tongkol abu-abu yang telah disimpan selama 7 hari pada suhu dingin memiliki kadar histamin sebesar 1,96±0,05 ppm.. Hal ini menunjukkan

BS EN 12504-1.pdf

The British Standards which implement international or European publications referred to in this document may be found in the BSI Standards Catalogue under the section

Free Loan Amortization Schedule

Varies for fixed and free loan amortization schedule by schwenk is particularly useful life of monthly payment loans and connect with you the period. Audio from your family of the

6.4 RECORDING AND/OR LIVE STREAMING ORDINARY MEETINGS OF COUNCIL

• Training should be provided to Councillors on debating and seminars conducted for Councillors regarding legal implications of statements made at Council. • Members of the

Currency Union and Real Exchange Rate Behavior. James R. Lothian

For Canada and Mexico the subperiods were chosen to reflect temporal differences in the exchange rate regime; for Panama which maintained a currency union with the United

Transitional justice and the arts: Reflections on the field

In relation to their operation in societies in transition, the arts could be provisionally divided into those that function in the “open” (popular music, certain types of

Propitiating the \u3ci\u3eTsen,\u3c/i\u3e Sealing the Mountain: Community Mountain-closure Ritual and Practice in Eastern Bhutan

ryn March’s study on the Solu Khumbu Sherpa almost 40 years ago (1977), community mountain-closure rituals and practices appear to have been defunct at the time of docu-