CYBERSECURITY: ARE YOU PREPARED FOR WHATS NEXT? January 23, 2018 1 - - PDF document

1

CYBERSECURITY: ARE YOU PREPARED FOR WHAT’S NEXT?

January 23, 2018

1

Com Combat ating Cyb g Cyber Thr r Threat ats

Cyber Security Seminar January 23, 2018 Dan Desko Eric Wright

2

Eric W Eric Wright ight

• Technology Advisors Shareholder
• CPA (Certified Public Accountant)
• CITP (Certified Information Technology Professional)
• Started my career at Schneider Downs in 1983
• IT Audit Chair for PICPA
• Experience in delivering IT Audit, IT Security Services, Penetration

Testing and Vendor Risk Management services to a variety of industries, including dealers

• Responsible for product delivery, client satisfaction and quality

control

• BS Degree in Computer Science and Mathematics from

Waynesburg College

3

Dan Desk Dan Desko

• Senior Manager, IT Risk Advisory Services at Schneider Downs
• CISA (Certified Information Systems Auditor)
• CISSP (Certified Information Systems Security Professional)
• CTPRP (Certified Third Party Risk Professional)
• 14 years of experience, began career working in IT
• Current Outgoing ISACA Pittsburgh Chapter President
• Experience in delivering IT Audit, IT Security Services, Penetration

Testing and Vendor Risk Management services to a variety of industries.

• Responsible for product delivery, client satisfaction and quality

control.

4

3

Ag Agenda

• Current Stat

Current State of Cyber e of Cybersecurity ecurity

• Exam

Examples ples of Cyber

• f Cyberfrau

raud

• 10

10 M Must A Ask C Cybersecurity Q Questions

• Q&A

Q&A

5

Stat State of Cyber e of Cybersecurity ecurity

The following slides are highlights of the 2017 Verizon Data Breach Incident Report (DBIR)

6

4

Stat State of Cyber e of Cybersecurity ecurity

• The important thing to note on this

slide is that the majority of breaches occur in one of two ways:

1. Human error 2. Outside hackers

• Bonus: Combination of the Two!
• The other important takeaway is

that the attackers are organized criminal groups; they’re run like businesses

7

Stat State of Cyber e of Cybersecurity ecurity

• Contrary to common belief, not all

hacks involve a virus/malware. 51% of breaches involved malware; what were the other 49%?

– Stolen User Credentials – User Error – Physical Access – Incorrect Privileges

8

5

Stat State of Cyber e of Cybersecurity ecurity

• A large mass of breaches occur

through some sort of email attack such as Phishing

– Firewall technology has come a long way, humans are now the weakest link in your security – Traditional AV alone isn’t great at spotting malware

• A very large majority of the

breaches were financially motivated

• A good number of breaches were

not discovered by the breached entity, but rather a third party; Nightmare PR scenario.

9

Stat State of Cyber e of Cybersecurity ecurity

10

6

• Phishing deservedly warrants some additional

attention

– It was found in over 90% of all incidents and breaches. – Once phished, a number of things can occur:

• Installation of software (e.g., ransomware, command and control

systems, etc.)

• Influencing disclosure of sensitive data (e.g., Business Email

Compromise)

• Using the compromised computer or accounts as a foothold and

pivot to other more interesting systems

• Using a compromised email account to then phish internally

Stat State of Cyber e of Cybersecurity ecurity

11

Stat State of Cyber e of Cybersecurity ecurity

• According to report from

Osterman Research conducted in June among more than 1,000 small and medium businesses -- about 22%

• f businesses with less

than 1,000 employees that experienced a ransomware attack in the last year had to stop business operations

• immediately. About 15%

lost revenue.

12

7

Stat State of Cyber e of Cybersecurity ecurity

13

Photos from KrebsOnSecurity.com

14

8

Stat State of Cyber e of Cybersecurity ecurity

15

Ag Agenda

• Current Stat

Current State of Cyber e of Cybersecurity ecurity

• Exam

Examples ples of Cyber

• f Cyberfrau

raud

• 10

10 M Must A Ask C Cybersecurity Q Questions

• Q&A

Q&A

16

9

Examples of Cyberfraud

• Large local business

with operations all over the United States had multiple employee email accounts phished.

17

• The hackers began to study

the company’s operations.

• They created a new look-a-

like domain and email accounts with real employee’s names.

• Began sending real invoices

with doctored payment instructions to actual clients.

• Other accounts were used to

phish additional employees and other business partners.

• Rinse and Repeat….

Examples of Cyberfraud

• Medium sized business

has multiple workstations and file servers locked by ransomware.

• Operations slowed to a

crawl for nearly a week.

• The organization did not

have a good backup strategy and was forced to pay the ransom.

18

10

Examples of Cyberfraud

• Medium sized local business

discovers Bitcoin mining software on a number of their servers after weeks of performance issues and failures.

• Cyber thieves in this case stole

company resources (electricity and CPU power) to enhance their Bitcoin operations.

19

Examples of Cyberfraud

• Medium sized /

geographically disparate business with field operations has internet hotspots compromised and used to send bulk spam.

• Did not realize until

they received data bills for $30k plus per location.

20

11

Examples of Cyberfraud

21

Photo courtesy: FBI.gov

Ag Agenda

• Current Stat

Current State of Cyber e of Cybersecurity ecurity

• Exam

Examples ples of Cyber

• f Cyberfrau

raud

• 10

10 M Must A Ask C Cybersecurity Q Questions

• Q&A

Q&A

22

12

Questio Question One One

How well do you know your IT environment?

– Accurate inventory of devices – Accurate inventory of software – Accurate inventory of Internet- facing systems

23

Questio Question T Two

What data do the hackers want and where does it live?

• Look at not only structured data, but unstructured as well (e.g.,

spreadsheets, user reports, downloads from ERP or CRM systems)

• What data lives in your employee’s email accounts?

24

13

Questio Question Three Three

If you have identified critical systems and data, how do you further protect access to it?

• Do you require complex passwords?
• Do you require two-factor authentication to critical systems

and the network? – Email – VPN – ERP – CRM

25

Questio Question F Four ur

Are y Are your em ur emplo ployees ees susc suscep eptible t e to being being phish phished? d?

• Statistics show the

answer is likely “yes”.

• Have you

tested/trained them?

• What technical

controls have you put in place to stop it?

– e.g., Advanced Email Protection

26

14

Questio Question Fiv Five

If phishing succeeds, do If phishing succeeds, do you ha u have additional additional pr prot

• tection m

ection methods?

• ds?
• Advanced endpoint

protection complements traditional anti-virus

• Encryption of data
• Whitelisting of allowed

applications

27

Questio Question Six Six

Does y Does your IT staf ur IT staff concentrat f concentrate e mor more on

• n secur

security ty or oper

• r operation

ations? s?

• Management often believes

their IT staff focuses on security more than they actively do in reality.

• Reality is that security and IT
• perations often conflict with

each other

• Having an independent

security group or security consulting partner helps bridge the gap

28

15

Questio Question Se Seven

Do yo you k know

• w w

where yo you a are vulnerable? lnerable?

• A large amount of breaches take

advantage of unpatched operating systems and application software. – e.g., Equifax breach leveraged vulnerability in Apache Struts software toolkit.

• How often does your IT team patch

systems and software?

• Have you run vulnerability scans to

test the effectiveness of the patching process?

• Do not forget your mobile devices.

29

Questio Question Eight Eight

Ha Have y you simulat u simulated an d an external attack t rnal attack to det determine ho ine how secure/vulne secure/vulnerable rable y you u really a ally are? e?

• Penetration tests or

ethical hacking exercises are valuable because they help identify issues before the bad guys do.

30

16

Questio Question Nine Nine

Ho How pr w prepared a epared are y e you u fo for a a breach?

• Its not a matter of “IF,”

but, “WHEN”

• Having a solid incident

response plan that is tested may not prevent a breach, but will surely limit the impact

• Practice common

scenarios (e.g., Phishing, Ransomware, Business Email Compromise, etc.)

31

Questio Question T Ten

Ha Have y you adopt u adopted and d and assessed y assessed your urself self against a against a standar standard security frame security framewor

• rk?

k?

• Allows for continuous

improvement

• Set a road map for long-

term information security success

32

17

Extra Credit! Extra Credit!

Do y Do you kn u know what v what vend ndor

• rs

s ha have acc access t ss to, or st

• r store
• re

yo your d data?

• You can outsource certain

business operations, but you can’t outsource the risk.

• Ask business service

providers for a SOC report

• r similar attestation

report regarding their security controls to gain transparency.

33

Ag Agenda

• Current Stat

Current State of Cyber e of Cybersecurity ecurity

• Exam

Examples ples of Cyber

• f Cyberfrau

raud

• 10

10 M Must A Ask C Cybersecurity Q Questions

• Q&A

Q&A

34

18

Questio Questions? s?

Conta ntact I t Informat rmation ion

Eric Wright – ewright@schneiderdowns.com 412-697-5328 Dan Desko – ddesko@schneiderdowns.com 412-697-5285

35

19

Overview

Applications of the Future Use is Driving Technology Call to Action Infrastructure of the Future

Demand of the network is driving exponentially faster then compute Smartphone is a Trigger Processor Performance

Moore vs Metcalfe Law

P E R F O R M A N C E DEMAND Network of Users

20

End of Moore’s Law

P E R F O R M A N C E TIME

Technology Changes

Code Repositories

Briefcases File Servers GIT

Development

Waterfall Agile Continuous Integration Continuous Development

Programming

Punch Card Tape Object Oriented Web Application

Network

TCP/IP DNS DHCP

Infrastructure

Mainframe Physical X86 Server Virtual X86 Server Container Function

21

Overview

Applications of the Future Use is Driving Technology Call to Action Infrastructure of the Future

Old Applications

Base Application 1.0 Update 1.1 Update 1.2 Update 1.3 Update 1.4 Application 2.0 Application 3.0 LINES OF CODE A G I L I T Y C O M P L E X I T Y

22

Challenges with Old Applications

• Hard to troubleshoot
• Long lead time for a new developer to have an impact
• A single patch requires a massive rebuild
• Infrastructure is a consequence of an application instead of a fore

thought

• Auxiliary services are bolted on

Challenges with Old Applications

Application Load Balancing Firewall Backup Replication Hardware OS Compliance

• People are required to

make all of the changes

• Infrastructure is responsible

for running apps developers give

• Very little natural

communication

23

Micro‐Services Design

Container(s ) Load Balancing Firewall Code Repository Geographic Distribution Hardware OS Complianc e Rules Analytics Logging Relational Database Key/Value Store Message Queue Scaling Engine CI/C D Global DNS Container(s ) Hardware OS Container(s ) Hardware OS

Continuous Integration/Continuous Deployment

• Integration is the process of eliciting fast, automated feedback on

the correctness of your application every time there is a change to the code.

• Delivery builds upon the earlier concept by providing fast, automated

feedback on the correctness and production readiness of your application every time there is a change to code, infrastructure, or configuration.

24

Overview

Applications of the Future Use is Driving Technology Call to Action Infrastructure of the Future

What is a Container?

Shipping Container

• Standard Unit of Payload
• Shipping Ports
• Rail Cars

Application Container

• Single Application
• Can run on Anything
• Scalable

25

OS vs Container Applications

Server Hardware Hypervisor Guest OS Windows Guest OS Ubuntu Guest OS Centos Libraries Drivers Libraries Drivers Libraries Drivers App 1 App 2 App 3 VM Server Hardware Hypervisor(Optional) Guest OS Linux or Windows App 1 App 2 App 3 Container Docker

Docker Image: What and Where?

DIY or Use an App Store (hub.docker.com)

26

Docker Compose

Creates Services, Networks, and Volumes to build an application

Wordpress From Pub Internet on Port 8000 MySQL Hardware Docker Storage and Network

• wned by Docker

Docker Scaling

• Policy Driven Scale
• Non Persistent Images
• Really becomes Important with Micro‐Services and 12 Factor App

Creation

• Can be used as Alternative to Tradition HA

27

Function as a Service ‐ Serverless Computing

• AWS Lambda ‐ Run Code, Not Servers
• Event Driven Coding
• Pay per Invocation – Usage vs

Usefulness

• Very lightweight

Server Hardware Hypervisor(Optional) Guest OS Containe r Containe r Containe r Container Framework Function 1 Function 2 Function 3 Functions

Spectrum of Compute

Packaging Updates Execution Run Time Unit of Cost VM VMDK/VHD Patching Multi‐threaded, Multi‐ task Hours to Months Per VM per Hour/Month Container Container File Versioning Multi‐threaded, single‐ task Minutes to Days Per VM per Hour Function Code Versioning Single‐threaded, single‐ task Microseconds to Seconds Per Memory/Second Per Request

Time? Cost? Scale?

28

Hyper‐Converged – What is it? Hyper‐Converged – What is it?

Management Software Hypervisor CPU RAM Disk

29

Cloud Infrastructure

• Infrastructure Form and Factor will Change
• Scale Out Everything
• Software Defined
• Latency Matters

AWS will not rule all… Zipf’s Law says so

Why is there not only one…

• Website?
• HW Manufacturer
• Cloud

30

Hybrid Cloud is the Future

‐ Interconnected resources available wherever you need them to be ‐ Location selection criteria changes ‐ Available processing power increases dramatically

Customer Premises

Overview

Applications of the Future Use is Driving Technology Call to Action Infrastructure of the Future

31

So what does this all mean?

‐ Landscape continues to get increasingly complex as new business drivers emerge ‐ Your focus is on your business and your customers ‐ Use your resources

‐ People like me at solution providers like Expedient who spend their days evaluating these technologies, assessing opportunities, and evangelizing them to our teams

Besides that … what can I do?

‐ Learn

‐ Attend conferences, webinars, and more

‐ Meetup

‐ Find local groups, attend meetups and seminars ‐ Learn from your peers!

‐ Follow

‐ Social media, industry experts, solution providers – learn from us, stay on top of industry trends

‐ Partner

‐ Work with partners like Expedient who can help you along the way. While you will own the application, we can help with the infrastructure.

32

john.white@expedient.com | 412.316.2899

@johna_whit e /in/iamjohn

Assessment and Improvement of the Culture and Performance of Perioperative and Labor and Delivery Services MEDSTAR WASHINGTON HOSPITAL CENTER

High Performance Medicine

Beyond Innovation

Schneider Downs Cybersecurity Event January 2018

33

Why Are We Unsettled?

Internet Connectivity

34

35 Over Half of the World’s Web Traffic Comes From Mobile Devices There are over 8.3 Billion Unique Mobile Connections

Source: GSMA Intelligence Source: Northeastern University

90% of the world’s data has been created in the last two years.

Source: IBM Marketing Cloud

36

Quiet, But Massive Change

• 1. Superconnected Society
• 2. Hyper-empowered Humans
• 3. Data & Information Abundance

37

Transportation

38

Bioscience Kilowatt Hour 1977 $76.67 Energy Kilowatt Hour 2017: $0.06

39

Accelerating Technology is creating unprecedented opportunity

40

...lots of grey areas...

41

...And the rise of a “Pliable Reality”.

42

Unprecedented Challenges Across Security, Medicine, and Business...

• 1. Simplifying Complexity

43

From “The Enlightenment” to “The Entanglement”

44

45

• 2. Legacy Structure is Limiting

46

The Territory is Not the Map.

Source: WSJ “

47

48

• 3. Human Systems Have To Be

Reimagined

49

50

51

Simplifying Complexity Transcending Legacy “Maps” Reimagining Human Systems Why Innovation? For Survival.

52

Three Mental Models of 21st Century Success

• 1. Concept of Trust is Changing

53

VS.

• 2. Be Ruthless in Pursuing Unorthodox

Relationships

54

• 3. Extraordinary Organizations Are

Doubling-Down on Human Capital

55

The Greatest Story of Our Time is Not Technology… ...It is the Ability of Technology to Amplify Our Potential.

56

THANK YOU FOR ATTENDING

Don’t forget to fill out your evaluation form.