4_Overview about cyber security and cyber data analytics.pdf
Document Details
Uploaded by AchievableElPaso
Mu'tah University
Tags
Full Transcript
Cyber Data Analytics 0405735 Prof. Jamal Bani Salameh 1 3. Overview about Cyber Security & Cyber Data Analytics 2 Cyberspace “A global domain within the information environment consisting of the interdependent network of...
Cyber Data Analytics 0405735 Prof. Jamal Bani Salameh 1 3. Overview about Cyber Security & Cyber Data Analytics 2 Cyberspace “A global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.“ 3 Life in a Networked World Rapid Development in Information Technology Speed of Microprocessor chips doubles every 12-18 months Storage Density doubles every 12 months Bandwidth is doubling every 12 months Price keeps dropping making technology affordable & pervasive 4 What is Cyber Security? According to Cisco, “Cybersecurity is the practice of protecting systems, networks and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.” Cyber Security is a set of principles and practices designed to safeguard your computing assets and online information against threats. Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. It's also known as information technology security or electronic information security. 5 Elements of Cyber Security For an effective cyber security, an organization needs to coordinate its efforts throughout its entire information system. Elements of cyber security encompass all of the following: Network security: According to the SANS Institute: “Network security is the process of taking physical and software preventative measures to protect the underlying networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, thereby creating a secure platform for computers, users and programs to perform their permitted critical functions within a secure environment.” Application security: It focuses on keeping software and devices free of threats. A compromised application could provide access to the data its designed to protect. Successful security begins in the design stage, well before a program or device is deployed. Apps require constant updates and testing to ensure these programs are secure from attacks. 6 Elements of Cyber Security … Endpoint security: Remote access is a necessary part of business, but can also be a weak point for data. Endpoint security is the process of protecting remote access to a company’s network. Data security: Inside of networks and applications is data. Protecting company and customer information is a separate layer of security. It protects the integrity and privacy of data, both in storage and in transit. Identity management: Essentially, this is a process of understanding the access every individual has in an organization. Database and infrastructure security: Everything in a network involves databases and physical equipment. Protecting these devices is equally important. Operational security: includes the processes and decisions for handling and protecting data assets. The permissions users have when accessing a network and the procedures that determine how and where data may be stored or shared all fall under this umbrella. Cloud security: Many files are in digital environments or “the cloud”. Protecting data in a 100% online environment presents a large amount of challenges. Mobile security: Cell phones and tablets involve virtually every type of security challenge in and of themselves. 7 Elements of Cyber Security … Disaster recovery and business continuity planning: define how an organization responds to a cyber-security incident or any other event that causes the loss of operations or data. Disaster recovery policies dictate how the organization restores its operations and information to return to the same operating capacity as before the event. Business continuity is the plan the organization falls back on while trying to operate without certain resources. End-user education: Users may be employees accessing the network or customers logging on to a company applications. Anyone can accidentally introduce a virus to an otherwise secure system by failing to follow good security practices. Educating users good habits (password changes, 2-factor authentication, delete suspicious email attachments, not plug in unidentified USB drives, and various other important lessons ) is an important part of cybersecurity and it is vital for the security of any organization. 8 Challenges of Cyber Security Cyberspace has inherent vulnerabilities that cannot be removed The most difficult challenge in cyber security is the ever-evolving nature of security risks themselves. Computer Network Defense techniques, tactics and practices largely protect individual systems and networks rather than critical operations (missions) Traditionally, organizations and the government have focused most of their cyber security resources on perimeter security to protect only their most crucial system components and defend against known treats. Today, this approach is insufficient, as the threats advance and change more quickly than organizations can keep up with. As a result, advisory organizations promote more proactive and adaptive approaches to cyber security. Similarly, the National Institute of Standards and Technology (NIST) issued guidelines in its risk assessment framework that recommend a shift toward continuous monitoring and real-time assessments, a data-focused approach to security as opposed to the traditional perimeter-based model. 9 Managing Cyber Security The National Cyber Security Alliance (NCSA) recommends a top-down approach to cyber security in which corporate management leads the charge in prioritizing cyber security management across all business practices. NCSA advises that companies must be prepared to “respond to the inevitable cyber incident, restore normal operations, and ensure that company assets and the company’s reputation are protected.” NCSA’s guidelines for conducting cyber risk assessments focus on three key areas: identifying your organization’s “crown jewels,” or your most valuable information requiring protection; identifying the threats and risks facing that information; and outlining the damage your organization would incur should that data be lost or wrongfully exposed. 10 Managing Cyber Security … Cyber risk assessments should also consider any regulations that impact the way your company collects, stores, and secures data Following a cyber risk assessment, develop and implement a plan to mitigate cyber risk, protect the “crown jewels” outlined in your assessment, and effectively detect and respond to security incidents. This plan should encompass both the processes and technologies required to build a mature cyber security program. An ever-evolving field, cyber security best practices must evolve to accommodate the increasingly sophisticated attacks carried out by attackers. Combining sound cyber security measures with an educated and security-minded employee base provides the best defense against cyber criminals attempting to gain access to your company’s sensitive data. While it may seem like a daunting task, start small and focus on your most sensitive data, scaling your efforts as your cyber program matures. 11 Cyber safety tips to protect yourself against cyberattacks How can businesses and individuals guard against cyber threats? Here are top cyber safety tips: 1. Update your software and operating system: This means you benefit from the latest security patches. 2. Use anti-virus software: Security solutions like Kaspersky Total Security will detect and removes threats. Keep your software updated for the best level of protection. 3. Use strong passwords: Ensure your passwords are not easily guessable. 4. Do not open email attachments from unknown senders: These could be infected with malware. 5. Do not click on links in emails from unknown senders or unfamiliar websites: This is a common way that malware is spread. 6. Avoid using unsecure WiFi networks in public places: Unsecure networks leave you vulnerable to man-in-the-middle attacks. 12 Cyber Security vs. Network Security: Cyber security is a subset of information security which deals with security of data at storage and transit, whereas network security is a subset of cyber security which is concerned with protecting the IT infrastructure of an organization and restricts access to it. Both the terms are often used in conjunction with each other, except cyber security is a term used in a much broader sense while network security is one aspect of information/cyber security. 13 Cyber Security vs. Information Security: Cyber security is a subset of information security While both terms are synonymous with each other, the difference between the two is subtle. While cyber security deals with protecting networks, computers, and data from unauthorized electronic access, information security deals with protecting information assets regardless of whether the information is in physical or digital format. 14 Types of cyber threats The threats countered by cyber-security are three-fold: 1. Cybercrime includes single actors or groups targeting systems for financial gain or to cause disruption. 2. Cyber-attack often involves politically motivated information gathering. 3. Cyberterrorism is intended to undermine electronic systems to cause panic or fear. 15 Some common methods used to threaten cyber-security Malware Malware means malicious software. One of the most common cyber threats, malware is software that a cybercriminal or hacker has created to disrupt or damage a legitimate user’s computer. Often spread via an unsolicited email attachment or legitimate-looking download, malware may be used by cybercriminals to make money or in politically motivated cyber-attacks. There are a number of different types of malware, including: Virus: A self-replicating program that attaches itself to clean file and spreads throughout a computer system, infecting files with malicious code. Trojans: A type of malware that is disguised as legitimate software. Cybercriminals trick users into uploading Trojans onto their computer where they cause damage or collect data. Spyware: A program that secretly records what a user does, so that cybercriminals can make use of this information. For example, spyware could capture credit card details. Ransomware: Malware which locks down a user’s files and data, with the threat of erasing it unless a ransom is paid. Adware: Advertising software which can be used to spread malware. Botnets: Networks of malware infected computers which cybercriminals use to perform tasks online without the user’s permission. 16 Some common methods used to threaten cyber-security … SQL injection An SQL (structured language query) injection is a type of cyber-attack used to take control of and steal data from a database. Cybercriminals exploit vulnerabilities in data-driven applications to insert malicious code into a databased via a malicious SQL statement. This gives them access to the sensitive information contained in the database. Phishing Phishing is when cybercriminals target victims with emails that appear to be from a legitimate company asking for sensitive information. Phishing attacks are often used to dupe people into handing over credit card data and other personal information. Man-in-the-middle attack A man-in-the-middle attack is a type of cyber threat where a cybercriminal intercepts communication between two individuals in order to steal data. For example, on an unsecure WiFi network, an attacker could intercept data being passed from the victim’s device and the network. Denial-of-service attack A denial-of-service attack is where cybercriminals prevent a computer system from fulfilling legitimate requests by overwhelming the networks and servers with traffic. This renders the system unusable, preventing an organization from carrying out vital functions. 17 Security Threats 18 Security Risks Compromised Personally Identifiable Information (PII); PII data refers to name, SSN, D. Licenses, bank accounts Identity Theft- computer intruders intent on stealing your personal information to commit fraud or theft Identity Theft is a crime in which an impostor obtains key pieces of personal Identifying Information (PII) such as Social Security Numbers and driver’s license numbers and uses them for their own personal gain. The use of unsecure settings of Peer to Peer File Sharing applications. Compromised computer; A computer experiencing unexpected and unexplainable Disk activities Performance degradation Repeated login failure or connections to unfamiliar services Third party complaint of a suspicious activity Or a stolen or lost computer 19 Cyber Threat Evolution 20 Cyber disruptions 21 Financial and Insurance 22 Who’s behind the breaches? 23 What tactics do they use? 24 Who are the victims? 25 What else is common? 26 International Security Trends 27 Ransomware Statistics 2017 28 Cyber Threats and Sources 29 Main Cyber Players and their Motivations 30 Hardware Cyber Security Concerns Most equipment and technology for setting up Cyber Security infrastructure are currently procured from global sources. These systems are vulnerable to cyber threats just like any other connected system. There are various types of hardware attacks which includes the following. Manufacturing backdoors may be created for malware or other penetrative purposes. Backdoors may be embedded in radio frequency identification (RFID) chips and memories. Unauthorized access of protected memory Inclusion of faults for causing the interruption in the normal behavior of the equipment. Hardware tampering by performing various invasive operations Through insertion of hidden methods, the normal authentication mechanism of 31 the systems may be bypassed. Hardware Cyber Security Concerns … Above hardware attacks may pertain to various devices or systems like: Network systems Authentication tokens and systems Banking systems Surveillance systems Industrial control systems Communication infrastructure devices 32 Innovations to Attack: End-Points Example 33 Challenges are increasing in the Cyber Space Domain 34 … 35 Anatomy of Attack 36 … 37 Cyber Security Framework 38 … 39 … 40 IoT Cyber Security - Vulnerabilities 41 Future Technology to be Designed with Security 42 … 43 10 Steps to Cyber Security 44 10 Steps to Cyber Security 45 10 Steps to Cyber Security 46 10 Steps to Cyber Security 47 10 Steps to Cyber Security 48 Cyber Security Planning 49 … 50 Security analytics and why we need it The base-rate fallacy is related to the problem of unbalanced data sets and refers to the problem of applying the aggregate accuracies of classifiers to the probability that a single data instance is good or bad. Example: Suppose that the likelihood of a phishing email has been determined through some data collection methods and it happens to be 10%. Let us say that a phishing detector from the academic literature is 90% accurate. Now suppose the detector says that a specific email e is a phishing email. Does that mean that the probability of being a phishing email is 90%? It turns out that if we apply Bayes’ rule to calculate this probability, it is only 50%, i.e., the same probability that we would get by tossing a fair coin. This example shows what we are up against. 51 Security analytics and why we need it The costs of misclassification can be very different for different classes of users. For example, for a novice the cost of misclassifying a phishing email as genuine can be very high. For sophisticated users on the other hand, the cost of misclassifying a genuine email as phishing may be higher. For a detector to automatically infer the cost of misclassification requires data about the user of the detector. No amount of learning from data sets of phishing and legitimate emails is going to help in this regard. In most real-world situations, attack detection needs to be very quick and in real-time, i.e., as the attack is in progress, since otherwise the damage can be enormous and recovery almost impossible. 52 Security analytics and why we need it Finally, of course, there is human behavior that we have to contend with in security. Humans are said to be the weakest links in the security literature. No amount of detection will do any good, unless the human operator making the decision pays attention to the results of the detection. For example, if the phishing detector claims that the email is a phishing email, yet the employee clicks the link or downloads the attachment, then the damage to the company is done. Therefore, human skill development and training is essential. This principle is called secure the weakest link principle in security. 53