Presentation is loading. Please wait.

Presentation is loading. Please wait.

2014: the year so far in cyber security

Published byVivien Murphy Modified over 6 years ago

Similar presentations

Presentation on theme: "2014: the year so far in cyber security"— Presentation transcript:

1 2014: the year so far in cyber security
Brian Markham, Director Compliance and Risk Services Division of IT 10/8/2014

2 2013: What a year Snowden/NSA Revelations
Target/Neiman Marcus breaches Security in the news!

3 Some things to keep in mind
Clicks are king Consider the source Hack vs. breach vs. something else Hat color

4 Nothing is ever 100% secure!

5 Home Depot

6 What happened? April 2014 - September 2014
Malware was variant of BlackPOS used in Target attack

7 What was the impact? 56M credit and debit cards compromised
Largest credit card breach in history Credit monitoring for all customers between April and September!

8 What did we learn? Home Depot’s security program could have been better Compliance ≠ Security Data breaches have a material impact on a company’s finances and reputation

9 iCloud Photo “Hack”

10 What happened? Apple’s iCloud service was exploitable through a common access control flaw Credentials were guessed, accounts accessed Personal photos and videos were leaked Apple corrected the flaw, improved overall iCloud security

11 What was the impact? Discussion of cloud security
Discussion of cloud privacy Victim shaming Apple publicly defends their commitment to security and piracy

12 What did we learn? Use two-factor authentication
Security questions = Insecurity questions Victims are victims

13 Heartbleed

14 What happened? A vulnerability was found in the OpenSSL cryptographic software library Exploited the heartbeat extension of OpenSSL’s TLS/DTLS Exploitation was not detectable CVE

15 What was the impact?

16 What was the impact?

17 What was the impact? Websites using OpenSSL f are vulnerable and needed to be upgraded to 1.0.1g Up to 66% of the web sites exposed (Apache and nginx) New certificates issued Panic!

18 What did we learn? Open source software has many benefits; perfect security not one of them! OSS needs support and resources, especially when widely used Asset management is important

19 Shellshock

20 What happened Bash is the default shell for Linux and Mac OS X
CVE

21 What was the impact?

22 What did we learn?

23 University of Maryland

24 What happened? Attacker used pivot points to explore the UMD network
Found something good Reset user credentials for administrators Smash and grab

25 What was the impact? 287,580 records of faculty, staff, students and affiliated personnel Five years of free credit monitoring 100,000 X $20 = $2M Total costs ~$10M

26 What did we learn? Educational institutions will continue to be a “soft” target for attackers Rapid response is key Know your data!

27 Content Management Systems (CMS)

28 What happened Vulnerabilities in popular content management systems Drupal, Joomla, and Wordpress

29 What was the impact?

30 What did we learn?

31 Summary Security is in the news now more than ever
These are complicated, difficult problems; very different from traditional crime and security

32 Any Questions?

Download ppt "2014: the year so far in cyber security"

Similar presentations

Information Security Jim Cusson, CISSP. Largest Breaches 110,000 2009-11-27 NorthgateArinso, Verity Trustees 6,400 2009-11-25 Aurora St. Luke's Medical.

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.
Protecting Your Identity: What to Know, What to Do.

Protecting Your Identity: What to Know, What to Do.
Windows 7 Project and Heartbleed Update Sian Shumway Director, IT Customer Service.

Windows 7 Project and Heartbleed Update Sian Shumway Director, IT Customer Service.
By Ashlee Parton, Kimmy McCoy, & Labdhi Shah

By Ashlee Parton, Kimmy McCoy, & Labdhi Shah
Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center.

Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center.
Trojan Horse Program Presented by : Lori Agrawal.

Trojan Horse Program Presented by : Lori Agrawal.
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
The Heartbleed Bug A vulnerability in the OpenSSL Cryptographic Library.

The Heartbleed Bug A vulnerability in the OpenSSL Cryptographic Library.
What is Wordpress?  WordPress has a web template processor. Users can re-arrange widgets without editing PHP of HTML code; they can also install and.

What is Wordpress?  WordPress has a web template processor. Users can re-arrange widgets without editing PHP of HTML code; they can also install and.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.

RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.
Protecting Customer Websites and Web Applications Web Application Security.

Protecting Customer Websites and Web Applications Web Application Security.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
8/1/2015. Please Ask Questions! 2 Hacks In The News Office of Personnel Management (OPN) Flash vulnerabilities Sony Heartbleed iCloud Leaked Pictures.

8/1/2015. Please Ask Questions! 2 Hacks In The News Office of Personnel Management (OPN) Flash vulnerabilities Sony Heartbleed iCloud Leaked Pictures.
Www.softwareassist.net Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.

Did You Hear That Alarm? The impacts of hitting the information security snooze button.
PCI: As complicated as it sounds? Gerry Lawrence CTO

PCI: As complicated as it sounds? Gerry Lawrence CTO
Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.

Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Cyber Security: Now and.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Cyber Security: Now and.

Similar presentations

Ads by Google