Cybersecurity Trends - 2017 & BeyondPresented by: Mike Lipinski - Principal, Plante & Moran
Joint ISACA & IIA Chapter Meeting | December 12, 20171
Data Breach Statistics
2
How long does it take an attacker to compromise your systems?
11% of cases: seconds
82% of cases: minutesSource:2016 Verizon Data Breach Report
Trends in Information Security
3
Targets — victims of opportunity:Some will be a target regardless of what they do, but
most become a target because of whatthey don’t do related to security.
Trends in Information Security
4
ABOUT PLANTE MORAN AND OUR ITC AND CYBERSECURITY SERVICES 8
Most common attack — social:
Most attacks begin socially. Employees are
your greatest asset, but often your weakest link to security.
Hackers know this, and have developed social scams by
the thousands, hoping but one will fall victim
is software designed to disrupt or damage your computer system
Malware
5
Common Threats - Ransomware
6
Our #1 defense is our weakest link
PASSWORDS
7
Risk Trends
R = p(t * v i)
8
Risk
Time
p = probability
• Impact is inevitable• Probability - getting worse• How do we mitigate Risk?
Vulnerability Trends• We still suffer from hygiene issues
• Patching• Mis-configurations• Segmentation• Knowing where sensitive data resides
• Lines of code growing• 1 vulnerability per 1800 lines of code
• Still only as strong as our weakest link• People will continue to make mistakes
9
Threat Trends• Over the first 3 quarters - ransomware modifications increased
by a factor of 11, from 2,900 to 32,091• One in five small and medium-sized businesses that paid a ransom never got its data back• 4 new malware samples per second……
• 4th Party attacks will increase• attacker trends continue to move outwards in the supply chain to include fourth parties such as
subcontractors, outsourcers, cloud service providers and device manufacturers
• Mobility and Cloud• By 2020 – 70% or workforce will be mobile Source = IDC
• Sensitive information on easily lost or stolen devices• OAuth Phishing and Delegation
• An adversarial machine learning “arms race” will develop between defenders and attackers
• Skilled talent• Need to improve process to leverage people we have• Leverage technologies that can help decision quickly
• Human judgement and decision making• AI, automation, orchestration threaten to remove
human decision making
10
Obstacles to Stronger Cybersecurity
11
Top Challenges for SOC’s
12
How confident are you?
13
Data Breach Facts the Numbers
14
200
81%
$6T
1.9B
The median number of days that attackers stay dormant within a network before detection Verizon 2017 DBIR
918 breaches led to 1.9 Billion records compromised – 1st
half of 2017 – Does not include Equifax, SEC breach or updated Yahoo numbers Source: CSO
Percent of breaches leveraged either stolen and/or weak passwords Source: Verizon 2017 DBIR
Cybercrime damage annually by 2021 Source: CSO
Will it get better?
15
• More than 209,000 cybersecurity jobs in the U.S. are unfilled Source = Forbes
• 2017 Will See 8.4 Billion Connected Things Sorrce =
https://campustechnology.com/articles/
• Perimeters are porous - Networks Un-defendable
We must defend the data – but
do we know where it is?
Can’t the government help?
No regulation or standard alone will keep your Company safe!
16
PCIFISMA NISTISO 2700x
FFIEC Cyber-
security
State Privacy
GLBAHIPAASarbanes
Oxley
Who’s responsible for cybersecurity?
7%CISO
19%Other
38%CFO
36%CIO
Who’s responsible for cybersecurity?
• Information security is not an IT issue: it is a business issue
• Security organization needs to become standalone
18
Cybersecurity: Let’s just start with this
Build your cyber and risk program around people, process and technology…..
19
what you have what you identify
direct and indirect attacks
accordingly (IRP)
appropriately (BCP/DRP)
Identify Protect Detect Respond Recover
Let’s focus on solving:
20
Data Silos
• Teams silo’ed• Information silos
Alert Fatigue
• Rule based solutions• Too many false positives
No Hunting Capabilities
• Weak visualization• Inefficient investigation• Skilled talent shortage
Scalability • Serious scale issues • People and Technology
A Traditional Insider Threat Solution
A traditional insider threat solution includes all of the individual tools needed to perform analysis……
……Administration, analysis and event workflow however occur in silo’s
21
DLP solution Proxy solution SIEM solution Identity & AccessManagement solution
Data
Admins / Analysts Admins / Analysts Admins / Analysts Admins / Analysts
Data Data Data
Example - How Do We Find Threats and Risky Insiders?
22
Network Activity• A/V, Malware• Access Request denials• Flow Data• Large Downloads
Endpoint / Data Exfiltration• Email traffic• Attachments to suspicious recipients• Print anomalies• DLP alerts
Access• Identity• Access levels• Security clearance• Privilege user rights
Physical Security• Access requests and denials• Physical access anomalies• Access control systems• VPN logs
Compliance• Audit remediation progress• Policy violations• Training gaps
Fraudulent Activity• Expense violations• Time entry violations• Unauthorized access • Abnormal behavior
Identity Context• HR data• Performance ratings• Notice / terminations• Reprimand• Groups - Peers
External data• Social• Census• Credit data• Criminal / Civil• Travel to High risk countries• Financial stressors
Industry Predictions
23
Industry predictions:
• Crime-as-a-service (CaaS) will expand available tools and services
• The internet of things (IoT) will further add unmanaged risks
• The supply chain will remain the weakest link in risk management
• Regulation will add to the complexity of critical asset management
• Unmet board expectations will be exposed by major incidents
• The ability to protect is progressively compromised• Cyber insurance safety net is pulled awaySource = Information Security Forum
24
Biggest security threats through 2018
• The IoT leaks sensitive information
• IoT lead to greater DDoS attacks
• Opaque algorithms compromise integrity
• Increase in rogue government terrorist cyber attacks
• Lack of vulnerability disclosure
• Governments become more involved
• Regulations will impact the cloud
• Criminal capabilities expanding
25
Source – ISF – Information Security Forum
Gartner 2018+ predictions
26
Gartner continued…• Through 2020, 99% of vulnerabilities exploited will
continue to be ones known by security and IT professionals for at least one year
• By 2020, a third of successful attacks experienced by enterprises will be on their shadow IT resources
• By 2018, the need to prevent data breaches from public clouds will drive 20% of organizations to develop data security governance programs
• By 2020, 40% of enterprises engaged in DevOps will secure developed applications by adopting application security self-testing, self-diagnosing and self-protection technologies
27
Gartner Continued…• By 2020, IT sponsored information security
programs will suffer 3 times as many significant breaches as those sponsored by the business
• By 2019, use of passwords and tokens in medium-risk use cases will drop 55%, due to the introduction of recognition technologies.
• Through 2018, more than 50% of Internet of Things (IoT) device manufacturers will not be able to address threats….
• By 2020, more than 25% of identified enterprise attacks will involve IoT, though IoT will account for only 10% of IT security budgets.
28
29
“…US companies will struggle with GDPR.”
…continued increase in ransomware and DDoS attacks.”
…more effective, harder to detect phishing campaigns.”
…continued high profile attacks across all industries.”
…a significant IoT event – maybe critical infrastructure
…Security by design will catch on
…AI will be weaponized and used to attack us
…blockchain technologies will disrupt
…Fewer rouge email servers at political organizations.”
2018 – Mike’s predictions
Best Practice Tips
3030
Formal security program Don’t forget cloud…
Security by design Access Control Zero Trust Model for Partners
Review of vendor service contract terms for security and data protection
Periodic testing of network and infrastructure
User awareness training Focus on Hygiene:
Passwords, patching, segmentation IR, BCP
NextGen SOC Leverage technology to drive process
and maximize people
31