With more than 50,000 new malware created every day organisations can no longer afford to risk the financial and reputational impacts of a security or data breach, which can be too much for a business to recover from. Because of this, IT managers face increasing scrutiny and pressure from CEOs, managing directors and boards to prove that they are keeping the organisation secure.
The changing threat landscape means organisations need to be vigilant and smarter about security. While businesses still face threats from infected devices and malware, attackers have also moved beyond that. For example, there is an increasing number of targeted email attacks with cyber criminals spending time to monitor communications so they can imitate emails that are so sophisticated that even relatively savvy users will open them.
This webinar will explore the building blocks required to ensure you have the roadmap required to best protection against cyber attacks. We will provide you with a high level view of the following topics:
· Audit and discovery – What are your weaknesses and are you compliant?
· Education – Do your employees know when not to open that attachment?
· Policy – Do you have the right policies for your industry?
· Technology – Where to start and what has changed?
2. • Introduction
• Bevan Sinclair - Practice Manager, Cloud Design and Integration, Intergen
• Sven Ross - Chief Executive Officer, Diamond Cyber
• Mark Blower - National Business Manager – Networks and Security, Empired
• Why are we vulnerable to a cyber attack?
• What can we do to mitigate the threat?
• How the threat landscape is changing
• How Intergen can help
• Free offering and competition
• Questions
Agenda
3. Introduction
Why are we here?
• Business beats with a digital heart
• Rates of cyber crime increasing exponentially
• Cyber crime is highly lucrative and largely anonymous
• Attacks are becoming increasingly sophisticated, targeted and
persistent risk profiles are ever increasing
We need to stay one step ahead
5. The face of cyber crime has changed
• A commercial venture with low point of entry
• Anonymous ransomware
• Large scale, industrial approach to exploitation
• New threats by the minute
Why are we so vulnerable to cyber attack
6. • The manipulation of people and
technology to do something other
than its original purpose
• The intention behind the hacking
dictates whether it is malicious or not
• Effective law enforcement and
prevention of cyber crime is difficult for
many reasons
What is hacking?
7. In business we have competing demands:
• Market share and profitability
• Responding to customer demand
• Innovating your products and services
IT systems are connected together like never before.
Truly effective cyber security management requires a broader view
than just IT.
Where to find the time to ‘be secure’?
Competing demands vie for our attention
Source: Diamond Cyber
8. Time is a key construct of vulnerability to malicious activity.
• The competing demands of business vie for all our time.
• The IT teams’ available time is split between new initiatives,
innovation, break/fix, proactive management and more.
For the cyber criminal time is their most valuable asset.
• A persistent threat attacker is spending more time trying to break in
than you are trying to prevent it.
The attacker may be more dedicated
Source: Diamond Cyber
9. The attacker may be more dedicated
Time spent on defensive
measures, limited by cost,
prioritised by uptime.
Level of security
achieved,
measured in time-
to-compromise.
Efficiency
Hacker:
Time invested in achieving
compromising, limited by
motivation. Example: Criminal
No compromise
Compromise
Hacker:
Time invested in achieving
compromising, limited by
motivation. Example: State
This is why a realistic threat
should dictate defensive
spend, and why defensive
efficiency (strategy) is
important
Source: Diamond Cyber
10. To a large extent, we are vulnerable due to
the compliance driven approach to security.
• Some of us have an annual audit for security
• Sometimes security checks are done outside of
audits
Hackers do not wait for your yearly security
audits to create new attacks!
Process; a help and a hindrance
Verify
Controls
Apply
Controls
Exploit
Vulnerability
Identify
Vulnerability
6 Months
6 Months
Source: Diamond Cyber
11. Advanced
• Targeted, coordinated,
purposeful
Persistent
• Month after month, year
after year
Threat
• Person(s) with intent,
opportunity and capability
The Cyber Kill Chain 1. Reconnaissance
Harvesting email addresses,
conference information, etc.
7. Actions on objective
With ‘hands on’ access the
intruders accomplish their goal
2. Weaponisation
Couple exploit with
backdoor into a payload.
3. Delivery
Delivery of exploit to victim.
Email, web, USB, etc.
6. Command and control
Command channel for remote
manipulation
4. Installation
Installing malware on the asset
5. Exploitation
Exploit a vulnerability to
execute code on the asset
Source: Diamond Cyber
13. Understand the enemy
• Persistent, advanced and human-based. Actively probing for weakness
• Multiple threat vectors, changing daily
• Likely spending more time trying to attack you than you are defending
Identify your risks and exposure
• Where are your information assets and how protected are they?
• Where are your weaknesses?
Build a defensive strategy and execute upon it
• Plan to protect what matters the most
Continuously validate its effectiveness
• Optimise your defences by probing for weakness
What should businesses do?
15. • Identify business/mission objectives and high-level organisational priorities
• Determine the scope of systems and assets that support the selected business line or process
• Identify related systems and assets, regulatory requirements, and overall risk approach
• Identify the Threat Groups most likely to target the organisation and understand why.
Prioritise,
Scope &
Orient
• Identify a framework to reference cyber control definitions (NIST, COBIT, ISO 27001, CIS-CSC)
• Develops a Current Profile by indicating what cyber controls currently exist in the business
• Determine the maturity of controls
Create
Current State
Profile
• Assessment is guided by the organisation’s overall risk management process or previous risk
assessment activities.
• Analyse the operational environment in order to discern the likelihood of a cybersecurity event
and the impact that the event could have on the organisation.
• Identify the Most Likely and Most Dangerous threat scenarios which could occur.
Conduct Risk
Assessment
Cyber program development
16. • Create a Target Profile that focuses on the assessment of the identified Controls describing the
organisation’s desired cybersecurity outcomes
• Consider influences and requirements of external stakeholders such as sector entities, customers,
and business partners when creating a Target Profile
Create Target
State Profile
• Compare the Current Profile and the Target Profile to determine gaps
• Create a prioritised action plan to address those gaps that draws upon mission drivers, a
cost/benefit analysis, and understanding of risk to achieve the outcomes in the Target Profile
• Determine resources necessary to address the gaps
Determine &
Prioritise
Gaps
• Determine which actions to take in regards to the gaps, if any, identified in the previous step
• Monitor the cybersecurity practices against the Target Profile
Implement
Action Plan
Cyber program development
17. Cyber program development – Core Functions
Identify
Protect
DetectRespond
Recover
• Identify the components of your business that require
protection and how this is achieved.
• Implement process and technology to protect your
information assets.
• Build capability to detect when an attack may occur, is
occurring or has occurred.
• Establish people, process and technology to respond to
cyber incidents.
• Create a cyber resilient business that is capable of
recovering from cyber incidents.
18. How the threat landscape is changing
“Only two things are infinite, the universe and human
stupidity, and I'm not sure about the former” Albert Einstein
19. • The traditional firewall and E-mail
protection is dead
• Next generation firewalls (UTMs)
and advanced mail protection are a
step in the right direction
• We need threat analytics and real
time protection
• Considerations for bespoke vs
unified solutions
Perimeter protection
20. Antivirus technology is dated and
not effective
We need:
• Real time protection
• Ways to enforce corporate
policy to the remote worker
• Mobile device protection
Antivirus and antimalware
21. • We can’t consider the wired
network is safe anymore
• Provide accessibility to the
correct people
• Prepare yourself for IoT
Protect your network
22. Application Control Devices (ACDs)
provide visibility of who accesses what
and when.
They enable us to
• Protect the application in any
location
• Provision accessibility for the correct
user and block others
Protect your application
23. Insight is crucial to effective
management of the threat landscape
No visibility = minimal benefit
Unify systems
Security Incident and Event
Management
Visibility and monitoring