SlideShare a Scribd company logo
1 of 34
BSidesLondon 2011,[object Object],Layer 8 Security,[object Object],Securing The Nut Between the Keyboard & Screen,[object Object]
What Do These Have In Common,[object Object]
The Dreaded APT!!,[object Object]
The Root Cause,[object Object],48% of Breaches Were Caused by Insiders,[object Object],- Verizon,[object Object],90% of Malware Requires Human Interaction,[object Object],- Symantec,[object Object],100% of Successful Attacks Compromised The Human,[object Object],- Mandiant,[object Object],64% of Orgs See Security Awareness As a Challenge,[object Object],- E&Y 2010,[object Object],3 times as many breaches are caused by accidental insider activity than malicious intent,[object Object],- Open Security Foundation,[object Object]
People Are The Weakest Link,[object Object]
So Are People,[object Object]
Or Are They,[object Object]
Or Are They,[object Object]
Maybe They Are,[object Object]
Maybe They,[object Object]
Mostly They Just Are,[object Object]
Yet Where Do we Spend?,[object Object],Gartner 2010,[object Object]
Our Focus Is Wrong ,[object Object]
Failure to Engage,[object Object]
Content Misses The Mark,[object Object]
Compliance Requirement,[object Object]
Don’t Take Local Issues Into Account,[object Object]
No Measurements,[object Object]
But Mostly,[object Object]
Securing The Nut,[object Object]
Developing A Security Awareness Program,[object Object]
Be Prepared,[object Object]
Develop A Strategy,[object Object]
Budget,[object Object]
Make Sure it is Adequate,[object Object]
Select Appropriate Tools,[object Object]
Consider Different Cultures,[object Object]
Hook The Audience,[object Object]
Communication,[object Object]
Continual Support,[object Object]
Review & Monitor Success ,[object Object]
Maintain The Program,[object Object]
Remember,[object Object]
Questions,[object Object],Brian.honan@bhconsulting.ie,[object Object],www.bhconsulting.ie,[object Object],www.twitter.com/brianhonan,[object Object],www.bhconsulting.ie/securitywatch,[object Object],Tel : +353 – 1 - 4404065,[object Object]

More Related Content

Recently uploaded

AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 

Recently uploaded (20)

20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 

Layer 8 Security - Securing the Nut Between the Keyboard and the Screen

  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.

Editor's Notes

  1. All these companies have been very publicly breached creating headlines around the world
  2. The common theme across those companies is that they were the victims of what has been dubbed the Advanced Persistent Threat.Each of these companies have very active and large security programmes in place
  3. So why were they breached?While each of the breaches may have involved some cool hack, such as a 0 day exploit (or oday for our American friends), the common denominator across them all has been each breach involved human interaction to facilitate the attack.The Google hack was the result of an employee clicking on a link embedded in an email. This link brought them to an infected website that used an exploit within IE6 and providing the attackers with a foothold within Google. Now why Google was using IE6 rather than Chrome is another issues The RSA hack was the result of an email with an MS Excel spreadsheet attachment which when opened exploited a vulnerability in Adobe Flash – which again gave the attackers the foothold they needed.
  4. So obviously people are the weakest link
  5. So why are these attacks so successful.Are your fellow workers Stupid ? They must be if they are gullible to these ruses?
  6. People are the weakest linkOr maybe they just are lazy and don’t want the hassle that security brings into their lives
  7. Perhaps they are so arrogant and cocky that they think that They will never fall for a scamThey are too important to worry about information security, that is IT’s job.They are too important to have their work interrupted by security
  8. Perhaps they choose to ignore the risks.After all it is not their problem
  9. Or simply they may not care.After all it is not their job to worry about security, they have other things to be worried about.
  10. But mostly they are just trying to get their job done.Most people are quite busy surviving their day jobAnd in this current climate, surviving is all they care about.Their focus is on their job and not necessarily on security. Whatever it takes to get their job done, that is what they will doThey will often view security as an obstacle to how they get their job done.They not only have to worry about information security, but they also have other programmes they need to keep up with;Health and SafetyEthicalProfessional DevelopmentCompany policiesHR Issues.
  11. So if people are the main issue then surely that is where most of our security investment is going?The opposite is throughA recent survey by Gartner shows that information security budgets in companies with a MATURE information security programme in place spent approximately 10% of their overall IT budget on information security.Of that 10%37% is on Personnel, salaries etc.25% is on software20% is on Hardware10% on outsourcing services9% on consulting, which includes sec awareness training.
  12. If people are the main cause of breaches why are we spending so little on security awareness?Clearly our focus is in the wrong area.So it is important to not only revise where we spend our money but more importantly that we spent that money wisely
  13. The content of many security awareness programmes can be very boring to the ordinary person.While we may find information about viruses, exploit, hacks to be riveting stuff – in reality it reduces most people to glazed out drooling zombies who would rather be thinking about something else. Often the content is boringThe trainers may no tbe knowledgeable enough about the topic, or indeed may not be good traininers. You may be an excellent security professional but can you engage an audience on something they do not care about?The delivery mechanism may be wrong.Online courses can often be ineffective if not addressing the core needs of the audience or is viewed as a game to see who can answer the questions as quickly as possible
  14. Most security awareness programmes fail because they fail to meet the deliverables, if they are deliverables defined in the first place
  15. Many security awareness programs are simply there to fulfil a compliance requirementTherefore the cheapest solution to meet that requirement is what is selected, rather than what is most effective.On a more individual basis some companies think that by Coercing people into completing their security awaren
  16. A big failure is programmes not being relevant.How many people in this room who have taken security awareness programmes that refere to laws or regulations not relevant to them? E.g. US laws.
  17. Others fail because they do not measure how effective their programmes have been.Often no benchmarks or goals have been identified t measure the success of the programSo when looking for additional budget or to re-run the programme it is hard to prove to management what the return of investment or success rate of the programme has been
  18. But mostly we simply select a solution and hope for the best
  19. So how do we go about securing the nut between the keyboard and the screen?We need to develop a solution that is continually improving itself over time as our needs changeSimilar to the Plan Do Check Act cycle within ISO 27001 and other quality standards.
  20. Get Management SupportNot just on paperActive participation
  21. Be preparedIdentify the business needs of your organisationHow disperse is the audience? Are they spread over remote offices.Have you got remote workers to consider?Technology Profile Of Users IT vs. End Users Profile of UsersManagersMobile Workers
  22. What are the Organisational Phycology/Motivational DriversIdentify the audienceDifferent content for different profilesWhat are the drivers for each group, e.g. sales v HR v AccountsTiming of courses to fit in with business needs. Don’t schedule the course for sales at the end of a quarter when they are focused on meeting key sales figures.What will be the age/social profile of the audience? Young and tech savvy or old and techphobic?
  23. You will need budget to do run your program
  24. It should be a set budget and not what remains over from the IT security budgetTry and get an annually allocated budget
  25. Delivery MechanismsClassroom/lecture StyleWorkshopIntegrated in Induction TrainingWeb BasedRole PlaysGamesInternal vs. External MaterialWhat Are the Main Differences?Internal vs. External TrainersWhy Choose One Over the Other?
  26. Size of OrganisationsHow Many Locations?International IssuesRemote WorkersSuccess of Previous Programs (if any)Feedback on Previous ProgramsWhat are the Drivers?Regulatory?Good Practise?
  27. Provide a hook for the audienceE.g. computers at home, impact of information loss in real terms
  28. On-going CommunicationUse Expertise Elsewhere in CompanyMarketing DepartmentHRPR DepartmentTrack AttendanceSeek Feedback
  29. ReinforcementPostersMouse matsLogin MessagesRegular TestingCould be Integrate with Annual reviewsSpot Checks/Tests
  30. Monitor Success of ProgramMonitoring ToolsTestsEnd of SessionOn-going TestsFeedback from AttendeesFeedback from ManagersBudgetOn Target?As % of Overall Infosec BudgetAttendanceDid All Employees/Depts Attend?Is there a pattern?Did Program Complete on Time?Ideally Try to Benchmark BeforehandIncrease/Decrease in IncidentsParadoxically reported incidents will rise after a courseIncrease/Decrease in Password ResetsIncrease in Visits to Intranet Site for InfosecTrend in Lost Laptops & Mobile Devices
  31. Review Regulatory RequirementsChanges in TechnologyMobile TechnologiesSocial MediaChanges in BusinessMergers & AcquisitionsNew MarketsChanges In Staff Profiles/KnowledgeDon’t give same course to same people repeatedlyChanges in WorkforceFull Time vs. Part TimeRemote and Teleworking Employing New Locations