Cyber Security - awareness, vulnerabilities and solutions
3 likes•3,539 views
This document discusses cybersecurity awareness, vulnerabilities, and solutions. It begins by outlining threats to IoT/ICS/SCADA systems from actors like script kiddies, gray hats, black hats, and state-sponsored groups. Common threats include DDoS attacks and exploiting vulnerabilities in device access controls and software updates. The document then examines solutions like developing response and recovery plans, conducting risk assessments, implementing security controls, and obtaining external cybersecurity support. It emphasizes the importance of cybersecurity awareness training, continuous monitoring, and establishing cooperation between organizations.
Cyber Security - awareness, vulnerabilities and solutions
- 1. Unifying the Global Response to Cybercrime Cyber Security – awareness, vulnerabilities and solutions Prof. Manel Medina Scientific Coordinator of APWG.eu Founder of esCERT-inLab-UPC Director MsC Cibersecurity – UPC-Talent [email protected] – [email protected]
- 2. Content 2 • Awareness – Threats to IoT/ICS/SCADA, CIIP: • CPS, Protocols, supply chain, dependencies – Threats from IoT: • DDoS, cascade effects • Vulnerabilities – Resilience of IoT platforms: • Access control, identification, back doors, malware… • Solutions – Response to cyber-attacks: • Recovery, Restore • Conclusions
- 3. AWARENESS 3
- 4. 4
- 5. Threats to IoT: Who? • Script kiddies: no money interest, no professionals, repeated errors. • GrayHats: shared criminal and not criminal activities. SPAMmers spread any kind of emails • Blackhats: experts, toolkits, business models, unique and novel, • States Sponsored: economic and security interest. Technical • Hacktivists • Leaks: criminals that have patience and technical expertise. Wait years to rob the information they want. Apply to industry and government. Regional business. 5
- 6. Threats to IoT: Why? • Script kiddies: Show their skills and our weakiness. • GrayHats: 3rd part services: Politics, socials, cultural • Blackhats: Economics • States Sponsored: Steal estrategic Information • Hacktivists: same as above • Leaks: criminals that have patience and technical expertise, wait years to rob the information they want. Apply to industry and government. Regional business 6
- 7. 7
- 8. Tendencies: long term Cyber-war • Cyber-guns: Hacking Team • Department of Defense Concludes Three-Weeks of Cyber War Games http://bit.ly/1uLsdsS http://bit.ly/1eGaGPA • Cyber attack on U.S. power grid could rack up $1 trillion in losses, study says - SC Magazine http://ow.ly/PmQyO • 3 dangerous habits that make companies less #cyber secure: http://lmt.co/1Ga2v7w #GartnerSEC (by @LM_AngelaHeise) • How Secure Is Your Small Business? 5 Tips to Protect Against Modern Cyber Attacks. by @jcmason http://entm.ag/1Af8Cbu via @Entrepreneur • Cibercrimen: https://www.amazon.es/CIBERCRIMEN-Manel-Medina- ebook/dp/B010GJOUDM 8
- 9. Threats to IoT: What? • CIIP: IoT/ICS/SCADA: – CPS, – Protocols, – supply chain, – Dependencies of IoT from service providers • Defcon conf.: hacking an electronic wheelchair or bluetooth lock from a quarter-mile away • Hack a real car • Intercept flying airplane communications 9
- 10. Threats to IoT: What? 10
- 11. Threats FROM IoT: What? 11 • 6.8B devices • 20 B by 2020 • 50 families • 3 attacks in 3 weeks • Just PoC
- 12. Threats FROM IoT: What? • DDoS: – Authentication – Malware – Protocol bugs • Cascade effects – supply chain, – Dependencies of CI from IoT 12
- 14. Who do we trust? 14 • 90% of incidents start from inside the organization – Spear-phishing – Ransomware – Lack of skills or capabilities – Lack of awareness – Human Errors • Internal Audit: Readiness
- 15. So, what? Cybersecurity life cycle 15 • Plan: – Goals, Strategy, Timeframe, Resources • Do: – Assets, Threats & Vulnerability identification – Risk Analysis (evaluation), Management • Check – Measure: people, cybersecurity tools, – Monitor: network, CPS, behaviour • Act: – Response, Recovery, Restore, (minimise impact) – Learn, Report (internal & external), Review/update
- 16. External support 16 • CISO – Business aware • External providers – Learn from others’ errors – Intelligence information – New Attack patterns
- 17. SOLUTIONS TO CYBER ATTACKS 17
- 18. Cooperation & coordination Plan • Risk & impact evaluation & analysis • Personnel roles & responsibilities • Cooperation opportunities & covert channels • Plan ciber-exercises & training. • Document lessons learnt • Schedule plan’s updates. 18
- 19. Risk Management: Resilience • Impact on Organization’s mission: Business continuity – Identify areas of risk – Incident response capabilities • Risk tolerance: Regulatory environment • Budget: ROSI, implementation Phases, priorities • Policy adoption & Procedures implementation. – Early Detection – Quick response – Identification & selection of controls 19
- 20. Risk Response Strategy • Probability: – Avoidance, – Perimeter, – Training, – Readiness, – Resilience. • Impact: – Detection, – Mitigation, – Response, – Recovery • Risk Acceptance & Transfer 20
- 21. Resilience Assessment Summary • Where: Available / Collectable data • What: Scope: Scenario (set of assets) • How: Time-frame: rigorousness, meaningful. • Aim: Co. Social responsibility: risk culture • Who: Compliance & sectorial regulation • When: Changing environment: external (hacktivism), internal (infrastructure, asset values), growth, customers sensitivity 22
- 22. Roadmap 2018 • Cybersecurity culture: raise awareness • Risk measurement and analysis • Protection: risk reduction and impacts mitigation • Detection and management of events • Collaboration and coordination • Research, Development and Innovation • Continuing and efficient training and education 23
- 23. Short-term corporative strategy • Cyber- Responsibility: – Cyber-risk – Cyber-trust – Cyber-insurance – Hiring of cyber-security profiles • 3 levels education – Corporate management – Cybersecurity management and operations – ICT Operations – Final end-user 24
- 24. Education and awareness Continuous training TITULACIÓN Oficial LE Operations and maintenance (on-line, in-house) Continuous education (PsG) SME Operations (capsule, education module) Experts (MsC) 25 Shared (or not) responsibilities: - Data Protection Officer - Chief Information Security Officer - Intelligence Officer - Information Systems Auditor - Computer Sec. Incident Coordinator - Data breach communication advisor - Operation… - Training…
- 25. CORPORATE PROTECTION TOOLS & STRATEGIES 26
- 26. 5 essential cybersecurity measures • Perimeter: Firewall & gateways • Safe Configuration • Access Control • Anti-malware Protection • Patch & updates management
- 27. Best practices in IoT cybersecurity • Back-up data and configuration choices • Protect programs and data with e-Signature or hash • Documents Mid-Long term Archive • Anti-DDoS • User and devices Access Control • Access & operations: logs & warnings • User & TIC staff training & awareness
- 28. 29 Recommendations • Review network infrastructure and ICT policy • Foster internal capacity building • Take any guidelines or collective recommendation • External consultants to identify planning • Establish secure communication channels with team(s) of incident coordination • Establish cooperation agreements cyber security management and incident response • Get some certification / audit
- 29. external help: Cyber-guards • Capability to – mitigate / recover • Private vs. Public: – Incibe – CERT_SI – CESIcat – CERT.EU – … – esCERT.UPC 30 European CERT (?) n/g CERT Sectorial CERT Industry n/g CERT Sectorial CERT SME n/g CERT CIIP CERT CI ENISA user ->CPD -> SOC -> CSIRT -> CERT
- 30. Final remarks • Legal requirements: – Risk analysis – Incident reporting • Self-protection: – internal controls – Use safe devices – Update software and passwords • Provide evidences of: – capabilities – good practices – External audits • Subcontract external experts 31
- 31. PREGUNTAS (& RESPUESTAS) Muchas gracias por la atención! Prof. Manel Medina Coordinador científico de APWG.eu Fundador esCERT-inLab-UPC Director Máster Ciberseguridad – UPC-Talent [email protected] – [email protected] 605 284 388