Cybersecurity T HE EVER EVOLVING BUSINESS CHALLENGE

Derek GrockeCyberOps

Agenda

• Cyber Threat Trends

• The Hacker Motivation

• The Virus Threat Explosion

• Online Hacking Tools and Techniques

• Hacker Search Engine

• The DarkNet, DarkWeb or TOR

• The four golden rules of cyber security

• Cyber Penetration Hardware

• What Can Be Done

Cyber ThreatTrends

The HackerMotivation

The Virus Threat Explosion

Social Media& Profiling

http://www.social-searcher.com/• Facebook• Twitter• Google +• Flickr• Tumblr• Reddithttp://socialmention.com/http://www.whostalkin.com/

Twitter and Flickr GPS Location Tracking

https://app.echosec.net

Active Internet Attack

http://map.norsecorp.com/

Hacker Search Engine

Provides system information, which other Search Engines excludehttps://www.shodan.io

DarkNet, Deep Web or TOR

Red Onion Tor Browser for Apple- anonymous browsing and DarkNet- https://itunes.apple.com/au/app/red-onion-tor-powered-web/id829739720?mt=8

Cyber Penetration Hardware• WiFi Pineapple

• Mimics any wireless hotspot to attack vulnerable devices.

• Provides a network wiretap.

• Wireless network jammer.

• USB Rubber Ducky

• Simulates a keyboard.

• Captures keystrokes, gathering intelligence, installing backdoors and extracting data.

• LAN Turtle

• Covert Systems Administration and Penetration Testing tool providing stealth remote access, network intelligence gathering, and man-in-the-middle monitoring capabilities.

• UberTooth

• Hacks Bluetooth devices and listen to Bluetooth conversations.

http://hakshop.myshopify.com/

The four golden rules of cyber security

• Get the basics right. • Over 75 percent of attacks exploit the lack of basic controls.

• Look after your crown jewels. • You have to prioritise where you spend your money to defend yourself, so build a fortress around

your most critical assets.

• Do your homework on your enemies. • Invest in understanding who might attack you, why and how, so that you can anticipate the most

likely scenarios and defend those assets that are most likely to get attacked.

• Treat cyber risk as an opportunity to look closely at your business. • Security and resilience can affect nearly every part of an organization. Strategies to protect IT

security and business resiliency should align with an organisation’s broader goals — from protecting intellectual property to maximising productivity to finding new ways to delight customers.

http://www.kpmg.com/SG/en/IssuesAndInsights/ArticlesPublications/Documents/Advisory-CS-Cyber-security-A-failure-of-imagination-by-CEO-2.pdf

The SkillsGap

How to improve your Cyber Security

• Incorporate cyber risks into existing risk management and governance processes.

• Implement industry standards and best practices, don’t rely on compliance.

• Evaluate and manage your organisation’s specific cyber risks.

• Provide oversight and review.

• Develop and test incident response plans and procedures.

• Coordinate cyber incident response planning across the enterprise.

• Maintain situational awareness of cyber threats.

http://www.belden.com/blog/industrialsecurity/Industrial-Cyber-Security-Understanding-the-CEO-Perspective.cfm

If You Do Nothing Else

• Patch or upgrade all Operating Systems and Applications

• This includes mobile and other devices

• Ensure you have a an Active and Up-To-Date Virus/Malware Scanner

• This includes Android and Windows mobile devices

• Consider a internet security suite (virus, firewall, and network)

• Ensure System and Network Firewalls are Enabled

• Engage a security professional to Conduct a Security Review

Useful Links

• Report Cyber Incidents• http://www.acorn.gov.au/

• http://www.asd.gov.au/infosec/reportincident.htm

• https://www.cert.gov.au/incidents

• Australian Guidelines and Advice• http://www.asd.gov.au/partners/cybersecurity.htm

• https://www-304.ibm.com/easyaccess/fileserve?contentid=224109

• http://www2.deloitte.com/content/dam/Deloitte/sg/Documents/risk/sea-risk-cyber-security-changing-role-in-audit-noexp.pdf

• Cyber Defences• http://www.asd.gov.au/infosec/mitigationstrategies.htm

• Certified Testers• http://www.crestaustralia.org/approved.html

• Security Standards• https://www.cisecurity.org/

• http://blog.trendmicro.com/category/azure/

• http://blog.trendmicro.com/category/aws/

• http://www.nist.gov/cyberframework/cybersecurity-framework-industry-resources.cfm

• https://www.sans.org/media/critical-security-controls/critical-controls-poster-2016.pdf

• Training and Guidelines• https://www.sans.edu/

• http://www.isaca.org/CYBER/Pages/default.aspx

Questions

Em: Derek@cyberops.com.auPh: 0421056699

When To Involve The Security Team

Involve Security Advisors Early !!!

• Security Activities

• Threat Prevention

• Threat Detection

• Incident Management

• Identify Management

• Governance

• Budget process

• Business initiatives

• Project development and delivery lifecycle

• Security architecture

• Compliance and Audits

• Legal and Human Services

Cyber Security Questions From The Auditor

• How frequently do you review and update policies and procedures related to detection and response of cybersecurity incidents?

• How will you maintain business continuity in the event of a cybersecurity incident?

• Within your function, what is the cascade of events if a cybersecurity incident occurs?

• How do you ensure contractors, consultants, and other third parties only have access to the minimum necessary relevant data?

• What policies are in place to change or remove data privileges in the event of employee role changes or contract termination?

5 Management Questions For Cyber Staff

1. How Is Our Executive Leadership Informed About the Current Level and Business Impact of Cyber Risks to Our Company?

2. What Is the Current Level and Business Impact of Cyber Risks to Our Company? What Is Our Plan to Address Identified Risks?

3. How Does Our Cybersecurity Program Apply Industry Standards and Best Practices?

4. How Many and What Types of Cyber Incidents Do We Detect In a Normal Week? What is the Threshold for Notifying Our Executive Leadership?

5. How Comprehensive Is Our Cyber Incident Response Plan? How Often Is It Tested?

https://www.us-cert.gov/sites/default/files/publications/DHS-Cybersecurity-Questions-for-CEOs.pdf

Additional Links• Personal Virus Protection

• http://www.tomsguide.com/us/best-antivirus,review-2588.html

• Data breach notification — A guide to handling personal information security breaches

• https://www.oaic.gov.au/agencies-and-organisations/guides/data-breach-notification-a-guide-to-handling-personal-information-security-breaches

• Cyber Security Tips and Tricks

• https://www.us-cert.gov/ncas/tips

• Cyber Security Incident Plan

• http://www.cio.ca.gov/ois/government/library/documents/incident_response_plan_example.doc

• http://www.crest-approved.org/wp-content/uploads/CSIR-Procurement-Guide.pdf

• https://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901

• https://technet.microsoft.com/en-us/library/cc700825.aspx

• http://www.int-comp.org/media/2070/cyber-security-incident-response-plan2.xls