The Human Firewall How Security Awareness Impacts Your Control Environment

57 

Loading....

Loading....

Loading....

Loading....

Loading....

Full text

(1)

SecureWorks

The Human Firewall –

How Security Awareness

Impacts Your Control

Environment

Dane Boyd, Security Awareness Training

Principal Consultant

John Andrew, IT Security Auditor

Dell SecureWorks

(2)

2

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Agenda

Introduction

In The News …

‘Red Team’ Stories

Defining the Problem

Winning Awareness Strategies

Winning Awareness Tactics

Q&A

(3)

3 SecureWorks

Introduction

Dane Boyd, Security Awareness

Training Principal Consultant

- Awareness Com Leader – CISO

- Led DSWx Awareness practice for

5 years

- Fun facts: (From, Speak, Hobby)

John Andrew, CISA, CISSP,

GLEG

-

IT Security Auditor – dotted

line to CISO

-

Over 20 Years IT, IT Audit,

and IT Security experience

-

Fun facts: (From, Speak,

(4)

4

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Disclaimer – Rules of the Road

This presentation is prepared

solely

for educational purposes.

Our goal is to engage IT Auditors in Security Awareness efforts.

Much of what we will share is based on our personal experience.

Take what benefits you… forget the rest.

(5)

5 SecureWorks

In The News…

‘Wired’ writer Andy

Greenberg reports on Jeep

Cherokee exploit

All of this is possible only because Chrysler, like

practically all carmakers, is doing its best to turn the

modern automobile into a smartphone. Uconnect, an

Internet-connected computer feature in hundreds of

thousands of Fiat Chrysler cars, SUVs, and trucks,

controls the vehicle’s entertainment and navigation,

enables phone calls, and even offers a Wi-Fi hot spot.

(6)

6

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

In The News…

‘Wall Street Journal’ –

Michael Hayden describing

the OPM hack – 21 MM

Security Clearance Records

compromised.

(7)

7 SecureWorks

(8)

8

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

In The News…

Critical Infrastructure

Survey Results –

48% of IT Executives

believe that it is likely

that there will be an

attack on critical

infrastructure.

When - in the next three

years…

Impact – resulting in loss

of life…

(9)

9 SecureWorks

Critical Infrastructure

The ERIPP and SHODAN search engines can be easily used to find

Internet facing ICS devices, thus identifying potential attack targets.

These search engines are being actively used to identify and

access control systems over the Internet. Combining these tools

with easily obtainable exploitation tools, attackers can identify and

access control systems with significantly less effort than ever

before.

(10)

10

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Red

Team Stories

Project Shine - Control Systems Found Include-

Traffic light controls

Traffic cameras

Swimming Pool Acid Pump

Hydroelectric plant

Nuclear Power Plant

Hotel Wine Cooler

Hospital Heart Rate Monitor

Home Security System

Gondola Ride

Car Wash

Source:

http://money.cnn.com/2013/04/08/technology/security/shodan/index.

html

(11)

11 SecureWorks

Red

Team Stories

DHS Public Private Partnership

2014 IC Analyst – Private Sector Program –

Critical Manufacturing Findings

Lack of Awareness and information sharing

Interpretation of cyber threats and the cyber security posture

differed significantly between management, engineering, audit,

compliance, and IT security.

Need for more training, education, and awareness across all

Critical Sectors.

(12)

12

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

(13)

13 SecureWorks

95% of all attacks on

enterprise networks are

the result of successful

spear phishing”

Source: Allan Paller, Director of

Research - SANS Institute

(14)

14

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Firewall

IDS/IPS

Web Proxy

Anti-Virus

User

Network

Defense

Layers

End-point

Defenses

Key

Terrain

Endpoint

Monitoring

Defense in Depth

(15)

15 SecureWorks

Vigilant

Employee

Strategies for a Vigilant Employee

Proper

Attention

Executive

Support

Inspect what

you expect

(16)

SecureWorks

Strategy:

(17)

17 SecureWorks

Defense in Depth: A Closer Look

User

Only

60%

of organizations have a Security Awareness Program.

Source: PwC The Global State of Information Security Survey 2014

Testing

Key

Terrain

(18)

18

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Testing Improves Learning

“The added effort required to

recall the information makes

learning stronger.”

Henry L. Roediger III

, Washington University in St. Louis

and a co-author of “Make It Stick: The Science of

(19)

19 SecureWorks

Strategy:

(20)

20

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Reason #1: Employee Resentment

(21)

21 SecureWorks

Reason #2: Employees Understanding

(22)

22

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

(23)

SecureWorks

(24)

24

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

The Whale Hunt

Salary

Previous jobs

(25)

25 SecureWorks

(26)

26

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

The Whale Hunt

Salary

Previous jobs

Donations

Children’s name

(27)

27 SecureWorks

The Whale Hunt

Salary

Previous jobs

Donations

Children’s name

Mother’s death date

(28)

28

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

The Whale Hunt

Salary

Previous jobs

Donations

Children’s name

Mother’s death date

City & State

Tax Record

Home Address

Aerial Photo of

(29)
(30)

30

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

(31)
(32)

32

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Strategy:

Treat Awareness like a

vulnerability

(33)

33 SecureWorks

Proper Importance

In computer security, a vulnerability is a

weakness which allows an attacker to

reduce a system's information assurance.

Vulnerability is the intersection of three

elements: a system susceptibility or flaw,

attacker access to the flaw, and attacker

capability to exploit the flaw.

Source:

Wikipedia

CVE-2014-7861

Employee ID 24355

(34)

34

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Live Poll: How frequently are you patching the

human firewall?

New Employee Security Awareness Training?

Annual Security Awareness Training?

Periodic Security Awareness Newsletter?

Phishing Assessments?

Lunch & Learn?

(35)

35 SecureWorks

(36)

36

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Typical Security Awareness Program Tactics

Once a year

“Too Long!”

Computer Expert

Policy

Acknowledgement

Form

?

(37)

37 SecureWorks

Reinforcement

Testing

Focus

Instructor

Duration

Frequency

Learn from

Arnold

Worked out twice a day

Trained each muscle group

3x/week

26 – 61 sets per workout

Tens of thousands of pounds

(38)

38

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Pop quiz!

(39)

39 SecureWorks

Reinforcement

Testing

Focus

Instructor

Duration

Frequency

How often are you training

your employees?

(40)

40

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Reinforcement

Testing

Focus

Instructor

Frequency

Duration

Who is this???

Edward Everett, 1794 – 1865

Spoke at Dedication of Soldier's

National Cemetery

Two hours long speech

(41)

41 SecureWorks

Reinforcement

Testing

Focus

Instructor

Frequency

Duration

Learn from

Lincoln

Gettysburg Address

272 words

Two minutes

(42)

42

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Reinforcement

Testing

Focus

Instructor

Frequency

Duration

How long are your training

sessions?

(43)

43 SecureWorks

Reinforcement

Testing

Focus

Frequency

Duration Instructor

SAT Tip: Understanding security is a skill.

Communication is a separate skill!

(44)

44

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Reinforcement

Testing

Focus

Frequency

Duration Instructor

Who here is a strong

communicator?

(45)

45 SecureWorks

Reinforcement

Testing

Frequency

Duration Instructor Focus

SAT Tip: Training must be specific to threats

and adapt as threats change. Intel is key!

Learn from

Coast Guard

Continually adapted to smugglers

methods:

Cargo ships

Fast Boats

(46)

46

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Reinforcement

Testing

Frequency

Duration Instructor Focus

What threats do we see today?

How do we adapt?

(47)

47 SecureWorks

Reinforcement

Testing

Frequency

Duration Instructor Focus

What threats do we see today?

(48)

48

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Reinforcement

Frequency

Duration Instructor

Focus

Testing

Learn from the

US ARMY

What is the number one principle in

peacetime training?

Replicate battlefield conditions

(49)

49 SecureWorks

Reinforcement

Frequency

Duration Instructor

Focus

Testing

What are the battlefield conditions?

How do you simulate these

conditions?

Phishing

Vishing

USB Drops

Tail gating

Bacon

(50)

50

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Frequency

Duration Instructor

Focus Testing

Reinforcement

Learn from

Advertisers

1.2 billion media impressions

Social Media

Television

Radio

Signage

107% Increase in Sales

SAT Tip: Consistent message & multiple mediums

(Combined with frequency) to change behavior

(51)

51 SecureWorks

Frequency

Duration Instructor

Focus Testing

Reinforcement

What does reinforcement look like?

Posters

Newsletters

Signage

Reward Program

Recognition Programs

“Secret Shopper”

Trivia

(52)

52

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Frequency

Duration Instructor

Focus Testing

Reinforcement

Output

(53)

53 SecureWorks

(54)

54

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

Phishing Failure Rate

(55)

55 SecureWorks

(56)

56

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

(57)

SecureWorks

Figure

Updating...