The Cyber Pandemic - Jay bavisi

Unravel the Enigma of Insecurity

The Cyber Pandemic Jay Bavisi , President – EC-‐Council

Unravel the Enigma of Insecurity CATEGORY A BIO TERRORISM AGENT




Total: 8 445 cases, 790 deaths

SARS

2003 2004

JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC

Feb. 15, 2003 SARS First iden;fied in China

March 5, 2003 First fatality recorded in Toronto

March 12, 2003 World Health Organiza;on warns against all unnecessary travel to Toronto, Beijing, and China’s Shanxi Province

April 30, 2003 World Health Organiza;on liJs its travel advisory against Toronto

June 12, 2003 Tourism in Toronto losses $190M

May 1, 2003 SARS deaths peak in Honk Kong, Toronto & Vietnam

December 2, 2003 Scien;sts with the SARS Accelerated Vaccine Ini;a;ve (SAVI) report tests are going well

July 30, 2003 SARS Stock Concert, Rolling Stones, AC/DC, Jus;n Timberlake, Rush…

September 29, 2003 Ontario’s SARS enquiry opens

October 7, 2003 University of Toronto releases a report commissioned by Health Canada

August 13, 2003 Toronto physician becomes the last fatality in the city

China - 349

Hong Kong - 299

Canada - 44


Isolate pa;ents; find and monitor pa;ent contacts

PATIENT ISOLATION PATIENT INTERVIEW FOR CONTACTS

MEDICAL AIDS


Maintain Hygiene



Epidemiology is the science that studies the pa^erns, causes, and effects of health and disease

condi;ons in defined popula;ons


Epidemiology : Cholera @ 1854

Epidemiology : Ebola -‐ Bats

Epidemiology : Swine Flu -‐ Birds

Unravel the Enigma of Insecurity Time

Disease Prevalen

ce

First successful vaccine for diphtheria in 1913, Diphtheria has largely been eradicated in industrialized naXons

Polio is now on the verge of eradicaXon due to a vaccine developed in the 1950s

Smallpox was officially eradicated in 1977

Measles was declared to have been eliminated in North, Central, and South America

Surgery, radiotherapy, and chemotherapy, Cancer have higher cure rates

Highly acXve anX-‐retroviral therapy (HAART) has made AIDS a tractable disease, discovery of post-‐exposure prophylaxis or PEP

Ebola is contained

No outbreak of SARS is reported in last few years


Timeline of Targeted Attacks

Aug

Sep Oct

Nov Dec

Jan Feb

Mar Apr

May June

July

h"p://www.bankinfosecurity.in

UPS Store 105,ooo

records exposed

The Home Depot 56M people affected

Sony $15 M financial loss

Anthem 80M records exposed

OPM 22M Social

security numbers affected AshleyMadison

37M personal records exposed

2014 2015

Premera Blue Cross Medical Informa;on Of 11 Million Customers Exposed

AdultFriendFinder 4 million records

IRS hacked 100K records stolen

Orange Spain 10 million user records exposed

DDoS on PlaystaXon 110 million users

Dropbox 6,937K creden;als compromised


An Analogy: WE ARE LOSING THE FIGHT !

Spread of Diseases

Spread of Cyber Threats

Time

Prevalen

ce

Unravel the Enigma of Insecurity Years 2011

Cost (in $b

n)

2012 2013 2014 2015 2019 2021

0 15

0 30

0 45

0 60

0 .

. .

75

0 21

00

2900

114 110

375 400

575

2.9 Trillion

An Analogy: WE ARE LOSING THE FIGHT ! Cost of Cybercrimes

2.9 Trillion


There were over 3,007,682,404 data records lost or stolen since 2013 Xll Mar-‐2015

3,221,670 records lost every day in Jan-‐15

134,236 records

every hour

2,237 records

every minute

37 records

every second

55.28% 24.08%

16.07%

3.44% 1.13%

Breach by Source

Malicious Outsider

Accidental Loss

Malicious Insider

State Sponsored

Hack;vist

9.63%

56.59%

5.13%

4.23%

20.55%

3.87%

Data Records Lost/Stolen by Industry

Technology

Retail

Educa;on

Government

Financial

Healthcare

Source: h"p://breachlevelindex.com (Jan 2014 – Dec 2014)

Cyber Hazard


Cyber Pandemic You are in IT !!!!!!! Large Giants being taken out with hacks invented a long time ago


The Facts…

“When we look at these risks in pandemic scenarios, the whole supply chain starts to suffer”


United States

World bank

United Kingdom

InternaXonal Monetary Fund

Germany

France

Canada

Gates FoundaXon

Japan

China

$750m

$400m

$201m

$150m

$140m

$130m

$89m

$57

$50

$40

$33m

$26.5

$25m

$12m

African Development Bank

Paul G. Allen Family FoundaXon

Mark Zuckerberg

India

Collateral Damage…

Funds pledged to fight the 2014 Ebola outbreak (in million U.S. dollars)


HONG KONG

CHINA

TAIWAN

SOUTH KOREA

INDONASIA

THAILAND

PHILIPPINES

The cost of SARS* (% of GDP)

1.5%

0.8%

The Cost of SARS: Initial estimates, Asian Development Bank

$bn

4%

1.9%

0.5%

1.4%

23%

1.6%

0.5%

SOURCE : ADB

SINGAPORE

MALAYSIA

Collateral Damage…


Cyber Pandemic Collateral Damage… Who would feel the impact the most, and how?

Everybody

And How?


Least Expensive Data Breach Costs $750,000 to Resolve

h^p://www.ponemon.org/

According to the Ponemon Report of 2014 the average global loss that businesses incurred due to security breaches was $3.5 million. While the costliest data breach cost $31 million to resolve, the least expensive one set them back by at least $750,000


Quarantine

Vaccine

Cyberpandemic Timeline

IDS

IPS

Firewall

Policy

Education

Cyber Hygiene


1: <configuration>

2: <system.web>

3: <sessionState mode = <"inproc" | "sqlserver" | "stateserver">

4: cookieless=“true">

5: </system.web>

6: </configuration>

Vulnerable Code Secure Code 1: <configuration>

2: <system.web>

3: <sessionState mode = <"inproc" | "sqlserver" | "stateserver">

4: cookieless=“false">

5: </system.web>

6: </configuration>

If cookieless is set to true, then the URL is used to transfer session tokens, which are vulnerable to Session Hijacking and MITM ahack

If cookieless is set to false, then cookies are used to transfer the session token, which secures the session tokens

Wrong Code vs. Correct Attack


Types of Vaccine

ACTIVE IMMUNIZATION Measles, Mumps, Yellow Fever, Rotavirus Ethical Hacker (AnXgen and AnXbody)

PASSIVE IMMUNIZATION Tetanus

Secure Code (AnXbody) Immunological Memory


The Point

001000101110001010110010 010001001110001010110010 010111001000001010110010 010111000001011010110010 010111000101110010110010 010111000101011000010010

The Vaccine Secure Coding


Making of the Perfect Storm

BUT IS THAT ENOUGH ?


But with Social Media – Social Distancing is Dead

Social distancing is a strategy for SARS, Ebola etc.


4400 Death Per Annum

14% Consider Suicide

7% Attempt Suicide


Ronan Hughes, a 17-‐year-‐old from Co Tyrone, Northern Ireland killed himself ajer being blackmailed into posXng pictures of himself online.

At his funeral, parish priest Fr Benny Fee told mourners "He did not take his own life. His life was taken by these faceless people who put the child into a burning building that he felt he could not escape".

Ronan, a talented goalkeeper with the Clonoe O'Rahilly's gaelic football club, and a student at St Joseph's Grammar in Donaghmorehad, told his parents about the bullying and they went to the police, but unfortunately that did not help.

Ronan Hughes 1998-2015

CYBERBULLYING: CASE STUDIES

Hannah Smith, a 14-‐year-‐old girl from Lu^erworth, Leicestershire, England, hanged herself in her bedroom on August 3rd, 2013. Her body was discovered by her older sister.

In the weeks leading up to her death, Smith had been subjected to cruel taunts and insults about her weight and a family death on Ask.fm, a quesXon-‐and-‐answer social networking site that allows anonymous parXcipaXon. Bullies on Ask.fm urged her to drink bleach and cut herself. According to Hannah’s father, she went to Ask.fm to look for advice on the skin condi;on eczema.

Following the suicide, Hannah’s older sister, Jo, described how, just days aJer discovering her younger sister’s body, she started receiving abusive messages on Facebook mocking her loss and blaming her grieving father’s paren;ng skills for the tragic death.

Hannah Smith 1999-2013


EXA

MPL

E O

F TH

E PA

ND

EMIC

1:

CY

BER

BULL

YIN

G


EXAMPLE OF THE PANDEMIC 2: CYBER BULLYING

h"p://www.lavasoF.com


What Can We Do To Keep Children Safe?

Educate your children about cyberbullying

Keep home computer in a busy part of the house

Report abuse to the website administrators

Block or delete the Cyber-‐Bully

Don’t let your children include personal informaXon in online profiles



Hygiene is the Best Prevention

Cyber Hygiene Cyber Knowledge =


Creating Hygiene

Courses Gamification

Awareness Academia


Supporting Wounded Warriors


Thank You


Making of the Perfect Storm

If a hostile group was to terminate emergency communications during a powerful hurricane OR if cyber terrorists takes over your defense systems.

Date post:	23-Jan-2018
Category:	Technology
Upload:	ec-council
View:	529 times
Download:	2 times