Cyber security and the mainframe (v1.3)
-
Upload
rui-miguel-feio -
Category
Technology
-
view
337 -
download
0
Transcript of Cyber security and the mainframe (v1.3)
Cyber Security and the Mainframe Rui Miguel Feio RSM Partners Date of presenta<on (03/11/2015) Session <FC>
Delivering the best in z services, soJware, hardware and training. Delivering the best in z services, soJware, hardware and training.
World Class, Full Spectrum, z Services
Cyber Security and the Mainframe Rui Miguel Feio Security Lead
Agenda • Introduc<on • Cyber Crime • Recent APacks • The Mainframe • What to Do • World Wide Real-‐Time Cyber APacks • References and Resources • Ques<ons?
Introduc<on Rui Miguel Feio is…
– Security lead at RSM Partners
– Mainframe technician specialising in mainframe security
– Has been working with mainframes for the past 16 years
– Started as an MVS Systems Programmer
– Experience in other pla\orms as well
Cyber Crime
Cyber Crime – The Actors • Cyber Crime is any criminal act dealing with electronic devices and
networks. Cyber crime also includes tradi<onal crimes conducted through the Internet.
• The typical actors of cyber crime ac<vi<es: – Hackers – Organised Criminal Gangs – Hack<vists – Terrorists – Na<on-‐States – Internal Threats
2015 Cost of Cyber Crime Study • Ponemon Ins<tute report sponsored by HP Enterprise published in
October 2015: – “2015 Cost of Cyber Crime Study: Global”
• Global study at a glance: – 252 companies in 7 countries:
• United States, UK, Germany, Australia, Japan, Russia and Brazil
– 2,128 interviews with company personnel – 1,928 total aPacks used to measure total cost – $7.7 million USD is the average annualised cost – 1.9% net increase over the past year
Average Cost of Cyber Crime 2015
** Cost in millions of US Dollars
Although we see a cost decrease in some of the countries, this is due to exchange rate differences over the past year resul<ng from a strong USD. Adjus<ng for exchange rate differences we actually see a net increase in all countries.
Average Cost by Industry 2015
* Cost in millions of US dollars
Types of Cyber APacks in 2015
Cyber Crime Cost by APack 2015
Report Summary Highlights • Cyber crime con<nues to be on the rise for organisa<ons:
– Cost ranges $310 K -‐ $65 million with an average of $7.7 million
• The most costly cyber crimes are those caused by malicious insiders, denial of services (DoS) and web-‐based aPacks.
• Cyber aPacks can get costly if not resolved quickly – The mean number of days to resolve is 46 with an average cost of $21,155 per
day – Total cost of $973,130 over the 46 day remedia<on period
Report Summary Highlights • Business disrup<on represents 39% of total external costs, followed
by the costs associated with informa<on loss.
• Deployment of security intelligence systems (SIEM) represents an average cost savings of $1.9 million
Recent APacks
Recent APacks
* Informa>on is Beau>ful (hAp://www.informa>onisbeau>ful.net/visualiza>ons/worlds-‐biggest-‐data-‐breaches-‐hacks/)
The Mainframe
“If you give an hacker a new toy, the first thing he'll do is take it apart to figure out how it works.”
Jamie Zawinski
How Secure is the Mainframe? • “The mainframe is the most secured pla\orm there is!”
• “No one Hacks the mainframe!”
• “Only mainframers know how a mainframe works!”
• “You would need to work for the company to be able to do some harm to the mainframe, and no one does it.”
• “Hackers are not interested in the mainframe!”
How Secure is the Mainframe? • “The mainframe is the most secured pla\orm there is!”
– It’s definitely highly securable but that requires work and focus • “No one Hacks the mainframe!”
– There are several documented cases of mainframes being hacked
• “Only mainframers know how a mainframe works!” – Mainframe documenta>on is available for free on the internet?!
• “You would need to work for the company to be able to do some harm to the mainframe, and no one does it.” – Given the opportunity any employee may take advantage (and they have!)
• “Hackers are not interested in the mainframe!” – Oh boy, you are coming for a surprise!!
“There are regular ac>ons that an aAacker takes because they are aAackers. They don’t know your network the way you do. They don’t know which accounts have greater access. They don’t know which file servers contain more data. They have to discover it all.”
ScoP Kennedy, Cloudshield blog
A Typical Company
Mainframe “Shared” Servers
Servers
Service Providers Customers
Company Servers
Unaccounted Servers Decommissioned
Servers
“Shared” Servers – Candy Shops • Technical documenta<on • Processes & Procedures • Instruc<ons • Training material • Contacts • Departments/teams structure • Confiden<al documenta<on • Team backups • Personal backups…
Personal Backups… • Technical notes • Technical documents • Confiden<al informa<on • Personal informa<on • Contacts • Passwords • Email account backups • Pics of girls in bikini!!
“The hacker is going to look for the crack in the wall…”
Kevin Mitnick in “The Art of Intrusion”
What to Do?
How to Prevent? • Security must be seen as a whole • Company needs to work as One • Review en<re technological estate • Review processes / procedures • Educate employees and externals • Get external expert help and support • Keep updated and up-‐to-‐date • Repeat all these steps on a regular basis
• OR You can get Chuck and his seal of approval
For those of you who are going senile…
Contact Chuck via Gmail
World Wide Real-‐Time Cyber APacks
* NORSE IPViking (hAp://map.ipviking.com/)
Cyber APacks – Norse IPViking
Cyber APacks – Blitzortung
* Blitzortung (hAp://www.blitzortung.org/Webpages/index.php?lang=en)
References & Resources
References & Resources • “2015 Cost of Cyber Crime Study: Global”, Ponemon Ins<tute • “The Art of Intrusion”, Kevin Mitnick -‐ John Wiley & Sons (2005) • “Future Crimes”, Marc Goodman -‐ Bantam Press (2015) • “How to Think Like a Cyber APacker”, ScoP Kennedy – Cloudshield blog • Ponemon Ins<tute: www.ponemon.org • Informa<on is Beau<ful: www.informa<onisbeau<ful.net • NORSE – IPViking: map.ipviking.com • Blitzortung: www.blitzortung.org/Webpages/index.php?lang=en • Jamie Zawinski: en.wikipedia.org/wiki/Jamie_Zawinski • Kevin Mitnick: en.wikipedia.org/wiki/Kevin_Mitnick
Ques<ons? Ask now or forever be quiet!!
Rui Miguel Feio, RSM Partners [email protected] mobile: +44 (0) 7570 911459 linkedin: www.linkedin.com/in/rfeio www.rsmpartners.com
Contact
Session feedback – Do it online at conferences.gse.org.uk/2015/feedback/nn
Session feedback
• Please submit your feedback at http://conferences.gse.org.uk/2015/feedback/FC
• Session is <FC>
This is the last slide in the deck
36