Date post: | 13-Apr-2017 |
Category: |
Technology |
Upload: | adnet-technologies |
View: | 75 times |
Download: | 0 times |
Weathering the Perfect Storm- Insider Threats, Social Media, Cybersecurity
Andrew MathiesonSenior, MARCUM LLP
May 12th, 2016
Andrew Mathieson,Senior, Marcum LLP 6 years of professional experience in IT 12 years professional experience in Investment Back Office Operations and
developmento Key Industries:
• Financial Services• Information Technology • Banking• Hedge Funds• Energy
Areas of Expertise:o SOC Reportso Data Center Operationso Regulatory Compliance (HITECH, SOX 404, etc.)o Internal Controlso Software as a Serviceo Infrastructure as a Service
Threats Businesses are facing a “Perfect Storm” from threats due to a
combination of blurred organizational boundaries, new and changing technology, and economic malaise. As organizations increasingly leverage their labor workforce and economic circumstances often require aggressive actions, the risk of malicious activity increases.
Sometimes, trusted insiders are routinely given blind trust. Those with the potential to do the most damage are usually those trusted the most; as well as those who are new to their positions. (high/low)
Unwitting insiders can also be manipulated and used as accomplices. In most cases, technology enables the event in some fashion.
5 Lessons from the FBI Insider Threat Program Insider threats are not hackers Not solely technical or “cybersecurity” issue Program should focus on deterrence first, not detection Detection has to use behavioral-based techniques Science of detection and deterrence is in its infancy
Behavioral Indicators
Works odd hours without authorization; notable enthusiasm for overtime work, weekend work, or unusual schedules when clandestine activities could be more easily conducted.
Unreported foreign contacts (particularly with foreign government officials or intelligence officials) or unreported overseas travel.
Short trips to foreign countries for unexplained or strange reasons. Unexplained affluence; buys things that they cannot afford on their household income.
Engages in suspicious personal contacts, such as with competitors, business partners or other unauthorized individuals.
Some behaviors may be a clue that an employee is spying and/or methodically stealing from the organization:
Personal FactorsThere are a variety of motives or personal situations that may increase the likelihood someone will spy against their employer:
Greed or Financial Need Anger/Revenge Problems at work Ideology/Identification Divided Loyalty Adventure/Thrill
Vulnerability to blackmail: o Extra-marital affairso Gambling, o Fraud
Ego/Self-image Ingratiation Compulsive and destructive
behavior Family problems
Did you know that……
Types of Cyber Attacks Experienced
1.7 successful attacks per company each week
Average Annualized Cyber Crime Cost Weighted by Attack Frequency
9 Cyber Security Facts That Will Surprise You.
The security of websites, Internet connections, and the businesses you frequent all affect how secure your personal information and identity are. Here are nine cybersecurity facts that you need to be aware of:
Phishing On average, phishing emails can receive email open and click
rates that rival email marketing of the business world:o 23% of recipients open phishing messageso 11% click on attachments
Think about those stats for a moment. A phishing campaign sent to 50 people will net five to six victims in the catch.
A few other insights:o 96% of mobile malware targets the Android platformo Over 5 billion downloaded Android apps are vulnerable to remote
attack
*Source: Verizon Data Breach Report 2015
The Hacker EconomyWhat is Your Information Worth? $980-$4,900: Trojan program to steal online account
information $490: Credit Card with PIN $78-$294: Billing Data, Account Info, Address, SSN, DOB $147: Drivers License $147: Birth Certificate $98: Social Security Card $25: Credit Card Number with Exp Date and Security Code $6: PayPal Account Logon and Password
* Source Trend Micro
The Turn to Healthcare and Identity Theft
The following were listed as top security threats for healthcare organizations, with respondents able to list more than one as their main concern:
System failures (79 percent) Unsecure medical devices (77 percent) Cyber attackers (77 percent) BYOD (76 percent) Identity thieves (73 percent) Mobile device insecurity (72 percent)
How Does This Happen?It’s not just Technology, but Security Policy,
it’s Implementation and Confirmation
Human Error! Lost data tapes, unencrypted systems…. New Vulnerability every day
o *Its not just software and user based systems anymore but the infrastructure that supports networks*
Exploits are developed to expose a vulnerability within hours! Two years ago it was 3 months!
Resources required by a potential hacker?o Web sites distribute these exploits within days with no coding skills requiredo Wireless accesso Internal access and weak controlso Data transmission and the ability to remove data…
• Storage device…..IPOD, Thumb Drive!
So What’s There to Worry About?91% of security professionals reported mobile device loss. 77% reported more attacks from 2013-2014. 72% believe the biggest skill gap in security professionals is
their ability to understand the business. 68% believe Malware attacks exploited their enterprise. 66% believe Phishing has exploited their enterprise.
Researchers at security vendor RSA have identified trends expected: Mobile threats are becoming more sophisticated and pervasive. Bitcoin’s growing popularity is making it a target for theft and new
fraud currencies may emerge to force cybercrime further underground.
Malware attacks are becoming more sophisticated and more common.
Mobile devices will be used as a convenient way to add additional authentication for users.
“The risk is not only the tendency of employees not to comply with policies but… the inability to determine if such non-compliance is occurring”
The threat is closer than you think…
http://www.privacyrights.org/ar/ChronDataBreaches.htm
Hacking Made Easy http://www.packetstormsecurity.org/ http://www.iwar.org.uk/news-archive/ http://www.rainbowcrack-online.com/ http://metasploit.com/ http://nepenthes.mwcollect.org/download http://www.networksolutions.com/whois/index.jsp
What are our clients worried about?
Data Integrity Intellectual Property Protection
Regulatory Compliance Brand Protection
Public Perception Media Awareness
Customer Protection Legal Liability
QUESTIONS?
Our PartnersADNET proudly partners with leading technology and business solution providers to help our clients find the best possible fit for their needs. We encourage you to visit our partners' websites to learn more about their services.
@ADNETTech
@ADNETTechnologiesLLC
@ADNETTechnologiesLLC
www.thinkADNET.com
@MarcumLLP
@Marcum-LLP
@MarcumLLP
www.marcumllp.com