Securing Caribbean networks Bevil Wooding Executive Director, - - PowerPoint PPT Presentation

Securing Caribbean networks

Bevil Wooding

Executive Director, CaribNOG

THE DIGITAL WORLD

• Explosion of

Online Devices

• Explosion of

Online Users

• Explosion of

Online Data

Dark Side To Digital Progress

“There are only two types of companies:

Those that have been hacked, and those that will be.”

THE THREAT IS REAL

In a Word… PEOPLE

BE AFRAID..BUT ALSO BE INFORMED

Understanding The Power of the Dark Side

POWERFUL DARK SIDE FORCES

Today’s Cyber Criminals are:

• Highly ORGANZED
• Highly MOTIVATED
• Highly RESOURCED

and Highly EFFECTIVE!

THE DARK SIDE IS SOPHISTICATED

Cybercriminals

• Broad-based and

targeted

• Financially

motivated

• Getting more

sophisticated

Hactivists

• Targeted and

destructive

• Unpredictable

motivations

• Generally less

sophisticated

Nation-States

• Targeted and

multi-stage

• Motivated by data

collection

• Highly

sophisticated with endless resources

Insiders

• Targeted and

destructive

• Unpredictable

motivations

• Sophistication

varies

POWERFUL DARK SIDE FORCES

2013 - TARGET 2015 - OPM 2017 – WannaCry Ransomwear 2014 - SONY

Major cyber attack disrupts internet service across the WORLD!

Compromised via a Third- Party Vendor (HVAC) Easy Reconnaissance; Ignored Initial Alerts Russian Crime Syndicate; 17 yr old wrote the malware

1

Internal Infrastructure Used Against Themselves

2013 - TARGET

1 1 1

Internally Everything Destroyed; Whole World Saw Emails & Sensitive Information Most of the Company Had Too Much Access; Passwords were stored in files named ‘Passwords’ GUARDIANS OF PEACE (North Korean Government) Warning Signs were Ignored

2014 - SONY

1 1 1 1

Compromised Using Defense Contractor’s Credentials Encryption is great, but it doesn’t stop those who have passwords or credentials Chinese Government Data Stolen During Holiday When Staffing was Light.

2015 - OPM

1 1 1 1

Millions of Compromised Digital Video Cameras Unpatched IoT Devices Hackers - For Profit or Other Motive? Plenty of Individuals, Companies, and Vendors to Blame!

2016 – DYN DNS

1 1 1 1

Hackers - Unknown

2017 - WannaCry

1 1 1

Ransom message asking for

• approx. $300. Increase to $600

after 3 days. After 7 days, files destroyed Estimated > 200,000 victims WORLDWIDE

CONTRIES AFFECTED

IT’S NOW EASIER TO BE ON THE DARK SIDE

PUBLICLY AVAILABLE TOOLS

OUTSOURCING & CAPACITY BUILDING

Securing National Development

WHAT COMES NEXT … NO ONE KNOWS “Future attacks will likely increasingly be directed to softer targets in locations through which huge sums of money flow electronically for tax efficiency or advantage, those areas with infrastructure links to the United States and Europe, and in areas where the success of a sector such as tourism is central to the stability

• f the regional or national economy.”

Securing National Development

WHAT’S ALREADY HERE – CARIBBEAN ALREADY FE

• Ransomware Attacks
• Phishing Attacks
• Distributed Denial Of Service
• Data Theft
• Identity Theft
• ATM Scams

Securing National Development

GREATER THREATS, FEWER RESOURCES

• Cybersecurity Skills Are in High Demand, Yet in

Short Supply

– most organizations do not have the people or systems to monitor their networks consistently and to determine how they are being infiltrated. – Cisco estimates there are over 1 million unfilled security jobs worldwide

FORTUNATELY…ALL IS NOT LOST

RESISTANCE IS NOT FUTILE

W h i l e t h e r e i s n o s i l v e r b u l l e t s o l u t i o n w i t h c y b e r s e c u r i t y, a w e l l - i n f o r m e d , w e l l - s t r u c t u r e d , c o o r d i n a t e d , m u l t i - s t a k e h o l d e r a p p r o a c h c a n m a k e a b i g d i f f e r e n c e

Securing National Development

Opportunity in the Crisis

• As the Internet of Things (IoT) gains more traction,

the lack of basic security standards and the increasing skill shortage will present opportunities for countries and businesses that invest in cybersecurity skills development

Securing National Development

Opportunity in the Crisis

• As the Internet of Things (IoT) gains more traction,

the lack of basic security standards and the increasing skill shortage will present opportunities for countries and businesses that invest in cybersecurity skills development

Securing National Development

Joining the Resistance

• Effective Cybersecurity

Requires

– Cyber Strategies –People, Analytics, Intelligence, and Technology –An Informed Human Approach to Security

Securing National Development

A Note on Cyber Strategies

Cybersecurity strategies should be holistic

Develop in collaboration with critical business units – embed security personnel into business units, so security strategy can be integrated not just tacked on Align to Business Goals – If you bring value with your strategy, security becomes a business differentiator and revenue generator, transforming security from cost center to a growth center.

Securing National Development

A Note on Cyber Strategies

Cybersecurity strategies should be holistic.

Validate at the leadership level – Keeping organizational leaders informed and involved in data breach preparedness and response plans is essential for maintaining a sophisticated security posture. Dynamically managed – Threat actors continuously

• adapt. Your cybersecurity strategy should, too. Treat it

like it is a living, breathing, constantly questing process. If you let it languish, your threat posture also suffers.

PARTICIPATE IN REGIONAL BODIES STRENGTHEN LOCAL CAPACITY SET NATIONAL STANDARDS

HOW CAN GOVERNMENTS HELP?

UPDATE LEGISLATION RAISE PUBLIC AWARENE

TRACK THE TREND LINES SUPORT PUBLIC-PRIVATE COOPERATION INVEST IN SECURITY TOOLS AND INFRASTRUCTUR ENCOURAGE AND TRAIN CYBER EXPERTS

HOW CAN INDUSTRY HELP?

Make the Investment. Develop a Cyber Security Strategy. TAKE ACTION!

“despite hard pressed budgets, cyber security needs to be seen as just as important as physical security and treated as core cost for businesses and governments.”

…IT’s WORTH IT

About the Presenter

BEVIL M. WOODING

Internet Strategist, Packet Clearing House

• Mr. Wooding is an an Internet Strategist for Packet Clearing House, a US-based

non-profit research institute. He is also the Executive Director of the Caribbean Network Operators Group Twitter/Linked: @bevilwooding

Questions

in fo @ c arib no g.o r g