• No results found

Top 5 Data Breaches in 2014

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Top 5 Data Breaches in 2014"

Copied!
32
0
0

Loading.... (view fulltext now)

Download now ( 32 Page )

Full text

(1)

Top 5 Data Breaches in 2014

Retrieved on 24 February from http://www.cnbc.com/id/102420088

(2)
(3)

Counter Productive and Non-Collaborative Behavior

• Vulnerabilities Announced Before Patches Are Ready

Google gave Microsoft 90 days to fix a flaw. MS asked Google. Google instead published code that could assist malicious hackers

• Sony, U.S. Agencies Fumbled After Cyberattack The Wall Street Journal

• Target Breach

(4)

Danger from the Net

(5)

Entry Into The Internet – Internet

(6)

The Internet Connecting The World

Retrieved on 22 February, 2015 from

http://www.bing.com/images/search?q=internet%2c+images&id=58751FC350A8B8FBE9C151591F038FB792611E18&FORM=IQFRBA#view=detail&id=5875 1FC350A8B8FBE9C151591F038FB792611E18&selectedIndex=0

(7)

Your PC

(8)
(9)

Can a creative mind defeat a criminal mind in Cyber Warfare?

• The answer depends on our position, our perspective and ultimately our agenda

• Focus our attention on the process and the resources required

• Security professionals need assistance from experts in other fields, such as psychology, sociology, law, and human resources

(10)
(11)

21st Century Challenges and Changes

• Internet complexity and interconnectedness • Always On technology and culture

• Mobile technology challenges and shortcomings • BYOx

• Communication – Not speaking the same language • Arrogance – from executives and from techies

• Fear – No trust • Silo mentality

(12)

21st Century Challenges and Changes

• Think out-of-the-box and come up with a solution not considered before • Security professionals must out think and out maneuver cyber attackers • Not “criminally inclined,” professionals vs. criminal minds

• Catch 22 - understand the criminal mind, • Security professionals should not face alone

• Enlist the assistance of psychologists and sociologists

(13)

21st Century Challenges and Changes

• Zero-day attacks, Trojan horses, and persistent threats,

• Security environment moves faster than the computer environment • Organizations face many threats, including internal and external

• A zero day attack leaves organizations with mere hours to respond

(14)

Scope Definition - Simplification

• How we keep the bad guys away from our information assets? • How do we keep our information assets away from the bad guys?

Identify Locate Read the signs Remove the noise Careful of consequences

(15)

Scope Definition • Who are the bad guys?

• Where are the bad guys? • How can they attack us? • Are our defenses adequate?

(16)

Scope Definition

• Although information and security professionals contribute tremendous value, the field as a whole is not strongly based in theory and research. (Weaver, R., Weaver, D, & Farwood, D., 2012)

• Security and information technology overlap in so many ways • Behaviors and attitudes of those involved

(17)

Scope Definition

• The focus is on the individuals involved in computer and security

operations as well as the actors orchestrating and deploying the threats.

“Only by understanding an individual’s motivation’s that a better approach can be created to identify, counter and preempt future threats.”

(18)

The Other Part of the Question • In War – Collateral damage

“Cyber warfare will almost certainly have very real consequences.” (Shimeall, 2001).

(19)

Everything is Interconnected

• “ As computer technology has become increasingly integrated into

modern military organizations, military planners have come to see it as both a target and a weapon, exactly like other components and forces.” (Shimeall, 2001).

• “Countries that are not as dependent on high technology, within their military establishment consider such dependence a potential ‘Achilles heel’ for their enemies.” (Shimeall, 2001).

(20)

Motivations From a Civilian Standpoint • External/internal

• International/domestic • Part of a nation state

• Part of an organized effort

• Students experimenting with their new found knowledge • Part of commercial espionage

(21)

Motivations From a Military Standpoint Levels of Cyber War:

• Cyber war as an adjunct to military operations • Limited cyber war

(22)

Motivations from a Civilian Standpoint Types of Hackers (Actors)

• White Hat Hackers • Black Hat Hackers • Hacktivists

• State Sponsored Hackers • Spy Hackers

• Cyber Terrorists

(23)

Organized criminal groups in the cyber space

“While many types of cyber crime require a high degree of organization and specialization, there is insufficient empirical evidence to ascertain if cyber crime is now dominated by organized crime groups and what form or

structure such groups may take. (Lusthaus, 2013).

“Digital technology has empowered individuals as never before. Teenagers acting alone have succeeded in disabling air traffic control systems, shutting down major e-retailers, and manipulating trades on the NASDAQ stock

exchange (US Securities and Exchange Commission, 2000).”

(24)

Examples of Cyber Crimes and Cyber Offenders

1. Ryan Cleary: DDoS on SOCA

2. Andrew Auernheimer: Apple iPad Snoop 3. Aaron Swartz: Content Downloader

4. Christopher Chaney: Celebrity Hackerazzi 5. Sam Yin: Gucci Hacker

6. Edward Pearson: Identity Theft

(25)

Examples of Groups Involved in Cyber Crime

1. LulzSec and Sony Hackers 2. Dreamboard 3. DrinkOrDie 4. DarkMarket 5. DNS Changer 6. Carberp 7. Unlimited Operation 8. Koobface

(26)

Psychological Motivating Factors

• Only when we understand the individual can we start to make assumptions

• Make predictions as the criminal profilers do • Uncover the methodology of the attacker

• Psychological factors that make up an individual’s personality

It is essential to understand the psychology of the attacker if effective controls are to be developed and deployed.” (Wright, C.S. 2011).

(27)

The Manager’s Role • Understand and to motivate the individual • performance appraisal

• professional and personal plan

• A manager has a responsibility to his/her employees

(28)

Identifying the Personality Profiles of Team Members

• The Myers and Briggs personality inventory

• categorize people into 16 different personality types • result from the interaction based on people preferences • the behavior is actually quite orderly and consistent

“There are no right or wrong preferences. Reading is not better than watching movies; each has its strengths and its problems. Most people have

the ability to do both, even if they don’t like one or the other. Personality

preferences, sometimes called psychological preference, are like many other

(29)

Right Brain or Left Brain Dominance

• a left-brain dominant person prefers things to be in a logical order and likes identifying details instead of concepts

• Analytical

• Right brain dominant people are considered artists, musicians, and dreamers

• type of profession a person chooses and the types of decisions a person makes

(30)

Incentives and Motivation

• what types of incentives work the best • not everyone is motivated by money

• Mentoring and coaching are qualities of a good leader • Good leadership motivates some people

(31)

Recommendations

• Cyber Security Risk Management

• Cyber Security Incident & Insider Threat Management • Cyber Security Leadership Best Practices

• Formalize and Communicate Enterprise Security Organizational Policy • Train, Mentor, Coach everyone in the organization about the potential

threats

• Security solution must have a holistic/enterprise wide approach to be successful

• Scope Definition and Scope Management

(32)

References

Download now ( PDF - 32 Page - 1.71 MB )

Related documents

Carbon nanostructured as cathode materials for lithium sulfur batteries with improved electrochemical

Rational design for PEG and graphene coating layers were significant to accommodating volume expansion, coated sulfur points during discharge, trapping soluble

Utilization of empty fruit bunch fibre as potential adsorbent for ammonia nitrogen removal in natural rubber wastewater

Optimization of important process parameters such as adsorbent dose, pH, shaking speed and contact time for the maximum removal of colour from natural rubber wastewater

Entrepreneurial competency and business performance of women owned SMEs in Johor: a conceptual framework

7th International Conference on Technology Management, Business, and Entrepreneurship (ICTMBE2018) held in 17 & 18 October at The Katerina Hotel, Johor, Malaysia..

Use of waste optical disc in concrete to promote sustainable development in construction industry

In this study, several laboratory tests were performed on concrete specimens produced with waste ODs as partial replacement material of coarse aggregates to identify

Investigations of Ni SDC carbonate (Ni SDCC) as composite anode for low temperature solid oxide fuel cells

Systematic research regarding NiO-SDC carbonate (NiO-SDCC) as composite anode is limited despite great chemical compatibility and cell performance achieved with other low

Design and Implementation of Corporation Robots

The corporation robots follow the line and work together as leader and slave to carry load from one point to another point.. The experimental results achieved good performance

Comparative Study of PI Controller and Model Based Predictive Control for Mobile Robot

We begin by presenting the kinematic model of the robot which is the base of the control law then we present a PI controller and a model predictive controller to solve the problem

CuO nanofluids: Particle fluid interaction study using ultrasonic technique

dispersed particles on the velocity of ultrasonic propagation. This may be possibly due to more surface area of nanoparticles due to which more ethylene