4_Overview about cyber security and cyber data analytics.pdf

Full Transcript

Cyber Data Analytics
0405735

Prof. Jamal Bani Salameh

1
 3. Overview about

Cyber Security
&
Cyber Data Analytics

2
Cyberspace

“A global domain within the information
environment consisting of the interdependent
network of information technology infrastructures,
including the Internet, telecommunications
networks, computer systems, and embedded
processors and controllers.“

3
 Life in a Networked World
 Rapid Development in Information Technology
Speed of Microprocessor chips doubles every 12-18 months
Storage Density doubles every 12 months
Bandwidth is doubling every 12 months
Price keeps dropping making technology affordable & pervasive

4
 What is Cyber Security?
 According to Cisco, “Cybersecurity is the practice of protecting
systems, networks and programs from digital attacks. These
cyberattacks are usually aimed at accessing, changing, or
destroying sensitive information; extorting money from users; or
interrupting normal business processes.”
Cyber Security is a set of principles and practices designed to safeguard
your computing assets and online information against threats.
Cyber security is the practice of defending computers, servers, mobile
devices, electronic systems, networks, and data from malicious attacks.
It's also known as information technology security or electronic
information security.

5
 Elements of Cyber Security
For an effective cyber security, an organization needs to coordinate its efforts
throughout its entire information system. Elements of cyber security encompass all of
the following:
 Network security: According to the SANS Institute: “Network security is the
process of taking physical and software preventative measures to protect the
underlying networking infrastructure from unauthorized access, misuse,
malfunction, modification, destruction, or improper disclosure, thereby creating
a secure platform for computers, users and programs to perform their permitted
critical functions within a secure environment.”
 Application security: It focuses on keeping software and devices free of threats.
A compromised application could provide access to the data its designed to
protect. Successful security begins in the design stage, well before a program or
device is deployed. Apps require constant updates and testing to ensure these
programs are secure from attacks.

6
 Elements of Cyber Security …
 Endpoint security: Remote access is a necessary part of business, but can also be a
weak point for data. Endpoint security is the process of protecting remote access to a
company’s network.
 Data security: Inside of networks and applications is data. Protecting company and
customer information is a separate layer of security. It protects the integrity and privacy
of data, both in storage and in transit.
 Identity management: Essentially, this is a process of understanding the access every
individual has in an organization.
 Database and infrastructure security: Everything in a network involves databases and
physical equipment. Protecting these devices is equally important.
 Operational security: includes the processes and decisions for handling and protecting
data assets. The permissions users have when accessing a network and the procedures
that determine how and where data may be stored or shared all fall under this umbrella.
 Cloud security: Many files are in digital environments or “the cloud”. Protecting data in
a 100% online environment presents a large amount of challenges.
 Mobile security: Cell phones and tablets involve virtually every type of security
challenge in and of themselves. 7
 Elements of Cyber Security …
 Disaster recovery and business continuity planning: define how an
organization responds to a cyber-security incident or any other event that causes
the loss of operations or data. Disaster recovery policies dictate how the
organization restores its operations and information to return to the same
operating capacity as before the event. Business continuity is the plan the
organization falls back on while trying to operate without certain resources.
 End-user education: Users may be employees accessing the network or
customers logging on to a company applications. Anyone can accidentally
introduce a virus to an otherwise secure system by failing to follow good
security practices. Educating users good habits (password changes, 2-factor
authentication, delete suspicious email attachments, not plug in unidentified
USB drives, and various other important lessons ) is an important part of
cybersecurity and it is vital for the security of any organization.

8
 Challenges of Cyber Security
 Cyberspace has inherent vulnerabilities that cannot be removed
 The most difficult challenge in cyber security is the ever-evolving nature of security
risks themselves.
 Computer Network Defense techniques, tactics and practices largely protect individual
systems and networks rather than critical operations (missions)
 Traditionally, organizations and the government have focused most of their cyber
security resources on perimeter security to protect only their most crucial system
components and defend against known treats.
 Today, this approach is insufficient, as the threats advance and change more quickly than
organizations can keep up with.
 As a result, advisory organizations promote more proactive and adaptive approaches to
cyber security.
 Similarly, the National Institute of Standards and Technology (NIST) issued guidelines
in its risk assessment framework that recommend a shift toward continuous monitoring
and real-time assessments, a data-focused approach to security as opposed to the
traditional perimeter-based model.
9
 Managing Cyber Security
 The National Cyber Security Alliance (NCSA) recommends a top-down
approach to cyber security in which corporate management leads the charge in
prioritizing cyber security management across all business practices.
 NCSA advises that companies must be prepared to “respond to the inevitable
cyber incident, restore normal operations, and ensure that company assets and
the company’s reputation are protected.”
 NCSA’s guidelines for conducting cyber risk assessments focus on three key
areas:
identifying your organization’s “crown jewels,” or your most valuable
information requiring protection;
identifying the threats and risks facing that information; and
outlining the damage your organization would incur should that data be lost
or wrongfully exposed.

10
 Managing Cyber Security …
 Cyber risk assessments should also consider any regulations that impact the way
your company collects, stores, and secures data
 Following a cyber risk assessment, develop and implement a plan to mitigate cyber
risk, protect the “crown jewels” outlined in your assessment, and effectively detect
and respond to security incidents.
 This plan should encompass both the processes and technologies required to build a
mature cyber security program.
 An ever-evolving field, cyber security best practices must evolve to accommodate
the increasingly sophisticated attacks carried out by attackers. Combining sound
cyber security measures with an educated and security-minded employee base
provides the best defense against cyber criminals attempting to gain access to your
company’s sensitive data. While it may seem like a daunting task, start small and
focus on your most sensitive data, scaling your efforts as your cyber program
matures.

11
 Cyber safety tips to protect yourself
against cyberattacks
How can businesses and individuals guard against cyber threats? Here are top
cyber safety tips:
1. Update your software and operating system: This means you benefit from
the latest security patches.
2. Use anti-virus software: Security solutions like Kaspersky Total Security
will detect and removes threats. Keep your software updated for the best
level of protection.
3. Use strong passwords: Ensure your passwords are not easily guessable.
4. Do not open email attachments from unknown senders: These could be
infected with malware.
5. Do not click on links in emails from unknown senders or unfamiliar
websites: This is a common way that malware is spread.
6. Avoid using unsecure WiFi networks in public places: Unsecure networks
leave you vulnerable to man-in-the-middle attacks.
12
 Cyber Security vs. Network Security:
 Cyber security is a subset of information security which deals with security of
data at storage and transit, whereas network security is a subset of cyber security
which is concerned with protecting the IT infrastructure of an organization and
restricts access to it. Both the terms are often used in conjunction with each other,
except cyber security is a term used in a much broader sense while network
security is one aspect of information/cyber security.

13
 Cyber Security vs. Information Security:
 Cyber security is a subset of information security
 While both terms are synonymous with each other, the difference between the two is
subtle.
 While cyber security deals with protecting networks, computers, and data from
unauthorized electronic access, information security deals with protecting information
assets regardless of whether the information is in physical or digital format.

14
Types of cyber threats
The threats countered by cyber-security are three-fold:

1. Cybercrime includes single actors or groups targeting
systems for financial gain or to cause disruption.

2. Cyber-attack often involves politically motivated
information gathering.

3. Cyberterrorism is intended to undermine electronic
systems to cause panic or fear.

15
 Some common methods used to threaten
cyber-security
Malware
 Malware means malicious software. One of the most common cyber threats, malware is software
that a cybercriminal or hacker has created to disrupt or damage a legitimate user’s computer. Often
spread via an unsolicited email attachment or legitimate-looking download, malware may be used by
cybercriminals to make money or in politically motivated cyber-attacks.
 There are a number of different types of malware, including:
 Virus: A self-replicating program that attaches itself to clean file and spreads throughout a computer
system, infecting files with malicious code.
 Trojans: A type of malware that is disguised as legitimate software. Cybercriminals trick users into
uploading Trojans onto their computer where they cause damage or collect data.
 Spyware: A program that secretly records what a user does, so that cybercriminals can make use of
this information. For example, spyware could capture credit card details.
 Ransomware: Malware which locks down a user’s files and data, with the threat of erasing it unless
a ransom is paid.
 Adware: Advertising software which can be used to spread malware.
 Botnets: Networks of malware infected computers which cybercriminals use to perform tasks online
without the user’s permission.
16
 Some common methods used to threaten
cyber-security …
SQL injection
 An SQL (structured language query) injection is a type of cyber-attack used to take control of and
steal data from a database. Cybercriminals exploit vulnerabilities in data-driven applications to
insert malicious code into a databased via a malicious SQL statement. This gives them access to the
sensitive information contained in the database.
Phishing
 Phishing is when cybercriminals target victims with emails that appear to be from a legitimate
company asking for sensitive information. Phishing attacks are often used to dupe people into
handing over credit card data and other personal information.
Man-in-the-middle attack
 A man-in-the-middle attack is a type of cyber threat where a cybercriminal intercepts
communication between two individuals in order to steal data. For example, on an unsecure WiFi
network, an attacker could intercept data being passed from the victim’s device and the network.
Denial-of-service attack
 A denial-of-service attack is where cybercriminals prevent a computer system from fulfilling
legitimate requests by overwhelming the networks and servers with traffic. This renders the system
unusable, preventing an organization from carrying out vital functions. 17
Security Threats

18
 Security Risks
 Compromised Personally Identifiable Information (PII); PII data refers to name,
SSN, D. Licenses, bank accounts
 Identity Theft- computer intruders intent on stealing your personal information to
commit fraud or theft
 Identity Theft is a crime in which an impostor obtains key pieces of personal
Identifying Information (PII) such as Social Security Numbers and driver’s license
numbers and uses them for their own personal gain.
 The use of unsecure settings of Peer to Peer File Sharing applications.
 Compromised computer; A computer experiencing unexpected and unexplainable
Disk activities
Performance degradation
Repeated login failure or connections to unfamiliar services
Third party complaint of a suspicious activity
 Or a stolen or lost computer
19
Cyber Threat Evolution

20
Cyber disruptions

21
Financial and Insurance

22
Who’s behind the breaches?

23
What tactics do they use?

24
Who are the victims?

25
What else is common?

26
International Security Trends

27
Ransomware Statistics 2017

28
Cyber Threats and Sources

29
Main Cyber Players and their Motivations

30
 Hardware Cyber Security Concerns
 Most equipment and technology for setting up Cyber Security
infrastructure are currently procured from global sources. These
systems are vulnerable to cyber threats just like any other connected
system.
 There are various types of hardware attacks which includes the
following.
Manufacturing backdoors may be created for malware or other penetrative
purposes. Backdoors may be embedded in radio frequency identification (RFID)
chips and memories.
Unauthorized access of protected memory
Inclusion of faults for causing the interruption in the normal behavior of the
equipment.
Hardware tampering by performing various invasive operations
Through insertion of hidden methods, the normal authentication mechanism of 31
the systems may be bypassed.
 Hardware Cyber Security Concerns …
 Above hardware attacks may pertain to various devices or systems
like:
Network systems
Authentication tokens and systems
Banking systems
Surveillance systems
Industrial control systems
Communication infrastructure devices

32
Innovations to Attack: End-Points Example

33
Challenges are increasing in the Cyber
Space Domain

34
…

35
Anatomy of Attack

36
…

37
Cyber Security Framework

38
…

39
…

40
IoT Cyber Security - Vulnerabilities

41
Future Technology to be Designed with
Security

42
…

43
10 Steps to Cyber Security

44
10 Steps to Cyber Security

45
10 Steps to Cyber Security

46
10 Steps to Cyber Security

47
10 Steps to Cyber Security

48
Cyber Security Planning

49
…

50
 Security analytics and why we need it
 The base-rate fallacy is related to the problem of unbalanced data sets
and refers to the problem of applying the aggregate accuracies of
classifiers to the probability that a single data instance is good or bad.
 Example:
Suppose that the likelihood of a phishing email has been determined through
some data collection methods and it happens to be 10%.
Let us say that a phishing detector from the academic literature is 90%
accurate.
Now suppose the detector says that a specific email e is a phishing email.
Does that mean that the probability of being a phishing email is 90%? It
turns out that if we apply Bayes’ rule to calculate this probability, it is only
50%, i.e., the same probability that we would get by tossing a fair coin. This
example shows what we are up against.

51
 Security analytics and why we need it
 The costs of misclassification can be very different for different classes
of users.
For example, for a novice the cost of misclassifying a phishing email
as genuine can be very high. For sophisticated users on the other
hand, the cost of misclassifying a genuine email as phishing may be
higher. For a detector to automatically infer the cost of
misclassification requires data about the user of the detector. No
amount of learning from data sets of phishing and legitimate emails is
going to help in this regard.
 In most real-world situations, attack detection needs to be very quick and
in real-time, i.e., as the attack is in progress, since otherwise the damage
can be enormous and recovery almost impossible.

52
 Security analytics and why we need it
 Finally, of course, there is human behavior that we have to contend
with in security. Humans are said to be the weakest links in the
security literature. No amount of detection will do any good, unless
the human operator making the decision pays attention to the
results of the detection.
For example, if the phishing detector claims that the email is a
phishing email, yet the employee clicks the link or downloads
the attachment, then the damage to the company is done.
Therefore, human skill development and training is essential.
This principle is called secure the weakest link principle in
security.

53