Lessons Learned from 4,000 Security Assessments - CDW€¦ · Lessons Learned from 4,000 Security...
Transcript of Lessons Learned from 4,000 Security Assessments - CDW€¦ · Lessons Learned from 4,000 Security...
![Page 1: Lessons Learned from 4,000 Security Assessments - CDW€¦ · Lessons Learned from 4,000 Security Assessments Sadik Al-Abdulla ... Google Drive, etc. 2000% increase in mobile violations.](https://reader034.fdocument.pub/reader034/viewer/2022042801/5ae47e9e7f8b9ae74a8f2c8a/html5/thumbnails/1.jpg)
Lessons Learned from 4,000 Security Assessments
Sadik Al-AbdullaSecurity Practice Director, CDW
![Page 2: Lessons Learned from 4,000 Security Assessments - CDW€¦ · Lessons Learned from 4,000 Security Assessments Sadik Al-Abdulla ... Google Drive, etc. 2000% increase in mobile violations.](https://reader034.fdocument.pub/reader034/viewer/2022042801/5ae47e9e7f8b9ae74a8f2c8a/html5/thumbnails/2.jpg)
MY GOAL TODAY
Share learning from 4000+ security assessments
Provide tactical and strategic guidance to step towards truly adaptive security
Balancing IT Security
![Page 3: Lessons Learned from 4,000 Security Assessments - CDW€¦ · Lessons Learned from 4,000 Security Assessments Sadik Al-Abdulla ... Google Drive, etc. 2000% increase in mobile violations.](https://reader034.fdocument.pub/reader034/viewer/2022042801/5ae47e9e7f8b9ae74a8f2c8a/html5/thumbnails/3.jpg)
THIS ISN’T OUR BIGGEST THREAT…
![Page 4: Lessons Learned from 4,000 Security Assessments - CDW€¦ · Lessons Learned from 4,000 Security Assessments Sadik Al-Abdulla ... Google Drive, etc. 2000% increase in mobile violations.](https://reader034.fdocument.pub/reader034/viewer/2022042801/5ae47e9e7f8b9ae74a8f2c8a/html5/thumbnails/4.jpg)
OR THIS…
![Page 5: Lessons Learned from 4,000 Security Assessments - CDW€¦ · Lessons Learned from 4,000 Security Assessments Sadik Al-Abdulla ... Google Drive, etc. 2000% increase in mobile violations.](https://reader034.fdocument.pub/reader034/viewer/2022042801/5ae47e9e7f8b9ae74a8f2c8a/html5/thumbnails/5.jpg)
IT’S THIS!
![Page 6: Lessons Learned from 4,000 Security Assessments - CDW€¦ · Lessons Learned from 4,000 Security Assessments Sadik Al-Abdulla ... Google Drive, etc. 2000% increase in mobile violations.](https://reader034.fdocument.pub/reader034/viewer/2022042801/5ae47e9e7f8b9ae74a8f2c8a/html5/thumbnails/6.jpg)
AND THIS!
Source: APT1: Exposing one of China’s Cyber Espionage Units, Mandiant®, 2013
![Page 7: Lessons Learned from 4,000 Security Assessments - CDW€¦ · Lessons Learned from 4,000 Security Assessments Sadik Al-Abdulla ... Google Drive, etc. 2000% increase in mobile violations.](https://reader034.fdocument.pub/reader034/viewer/2022042801/5ae47e9e7f8b9ae74a8f2c8a/html5/thumbnails/7.jpg)
BY THE NUMBERS
“In 99% of the cases: someone else told the victim they had suffered a breach.” (Referring to POS intrusions)1
“Median number of days attackers were present on a victim network before they were discovered has gone from 365 to 229 to 146 days”2
1. 2014 Verizon Data Breach Report (DBIR), page 182. 2013 APT1, 2014 M-Trends, 2015 M-Trends Reports by Mandiant
![Page 8: Lessons Learned from 4,000 Security Assessments - CDW€¦ · Lessons Learned from 4,000 Security Assessments Sadik Al-Abdulla ... Google Drive, etc. 2000% increase in mobile violations.](https://reader034.fdocument.pub/reader034/viewer/2022042801/5ae47e9e7f8b9ae74a8f2c8a/html5/thumbnails/8.jpg)
THE DEFENSES ARE WORKING… BUT
![Page 9: Lessons Learned from 4,000 Security Assessments - CDW€¦ · Lessons Learned from 4,000 Security Assessments Sadik Al-Abdulla ... Google Drive, etc. 2000% increase in mobile violations.](https://reader034.fdocument.pub/reader034/viewer/2022042801/5ae47e9e7f8b9ae74a8f2c8a/html5/thumbnails/9.jpg)
SECURITY ASSESSMENT FINDINGS
4,000 Assessments completed 100% Ability to gain access
<10% Access detected 0 Times we tried to hide
![Page 10: Lessons Learned from 4,000 Security Assessments - CDW€¦ · Lessons Learned from 4,000 Security Assessments Sadik Al-Abdulla ... Google Drive, etc. 2000% increase in mobile violations.](https://reader034.fdocument.pub/reader034/viewer/2022042801/5ae47e9e7f8b9ae74a8f2c8a/html5/thumbnails/10.jpg)
TOP SECURITY ASSESSMENT FINDINGS
People/Process
#1: Insecure default configurations, gaps in patch discipline
#2: Bad passwords
#3: Arbitrary trusts
#4: Phishing, users like to click
Technology
#5: Application code issues
#6: Man in the middle
#7: Lack of encryption or porous implementation
#8: Mobile application vulnerabilities
![Page 11: Lessons Learned from 4,000 Security Assessments - CDW€¦ · Lessons Learned from 4,000 Security Assessments Sadik Al-Abdulla ... Google Drive, etc. 2000% increase in mobile violations.](https://reader034.fdocument.pub/reader034/viewer/2022042801/5ae47e9e7f8b9ae74a8f2c8a/html5/thumbnails/11.jpg)
TOP SECURITY ASSESSMENT FINDINGS
#1: Gaps in patch discipline
![Page 12: Lessons Learned from 4,000 Security Assessments - CDW€¦ · Lessons Learned from 4,000 Security Assessments Sadik Al-Abdulla ... Google Drive, etc. 2000% increase in mobile violations.](https://reader034.fdocument.pub/reader034/viewer/2022042801/5ae47e9e7f8b9ae74a8f2c8a/html5/thumbnails/12.jpg)
TOP SECURITY ASSESSMENT FINDINGS
#2: Bad passwords
![Page 13: Lessons Learned from 4,000 Security Assessments - CDW€¦ · Lessons Learned from 4,000 Security Assessments Sadik Al-Abdulla ... Google Drive, etc. 2000% increase in mobile violations.](https://reader034.fdocument.pub/reader034/viewer/2022042801/5ae47e9e7f8b9ae74a8f2c8a/html5/thumbnails/13.jpg)
TOP SECURITY ASSESSMENT FINDINGS
#3: Arbitrary trusts
![Page 14: Lessons Learned from 4,000 Security Assessments - CDW€¦ · Lessons Learned from 4,000 Security Assessments Sadik Al-Abdulla ... Google Drive, etc. 2000% increase in mobile violations.](https://reader034.fdocument.pub/reader034/viewer/2022042801/5ae47e9e7f8b9ae74a8f2c8a/html5/thumbnails/14.jpg)
TOP SECURITY ASSESSMENT FINDINGS
#4: Phishing, users like to click
![Page 15: Lessons Learned from 4,000 Security Assessments - CDW€¦ · Lessons Learned from 4,000 Security Assessments Sadik Al-Abdulla ... Google Drive, etc. 2000% increase in mobile violations.](https://reader034.fdocument.pub/reader034/viewer/2022042801/5ae47e9e7f8b9ae74a8f2c8a/html5/thumbnails/15.jpg)
DATA LOSS PREVENTION (DLP) ASSESSMENT FINDINGS
300+Assessmentscompleted
100%
Discovered sensitiveinformation outside
approved areas
86%
Loss of sensitiveinformation DURING
ASSESSMENT PERIOD
95%
5%
Incidents that were accidental exposure or by well-meaning insiders
Incidents that were … not
80% Email incidents 12% Web incidents
![Page 16: Lessons Learned from 4,000 Security Assessments - CDW€¦ · Lessons Learned from 4,000 Security Assessments Sadik Al-Abdulla ... Google Drive, etc. 2000% increase in mobile violations.](https://reader034.fdocument.pub/reader034/viewer/2022042801/5ae47e9e7f8b9ae74a8f2c8a/html5/thumbnails/16.jpg)
DLP ASSESSMENT 24-MONTH TRENDS
800%increase in upload
violations -Dropbox, Skydrive, Google Drive, etc.
2000%increase in mobile
violations
![Page 17: Lessons Learned from 4,000 Security Assessments - CDW€¦ · Lessons Learned from 4,000 Security Assessments Sadik Al-Abdulla ... Google Drive, etc. 2000% increase in mobile violations.](https://reader034.fdocument.pub/reader034/viewer/2022042801/5ae47e9e7f8b9ae74a8f2c8a/html5/thumbnails/17.jpg)
I’ve tried to keep the company real about the fact that I could spend twice as much as I do today on security, and it doesn’t mean that we’re going to eliminate the risk. We might reduce it a bit, but I can’t give a good answer of how much. Compromise is a certainty.
…But I can limit the impact.
— Malcolm Harkins CISO, Intel
![Page 18: Lessons Learned from 4,000 Security Assessments - CDW€¦ · Lessons Learned from 4,000 Security Assessments Sadik Al-Abdulla ... Google Drive, etc. 2000% increase in mobile violations.](https://reader034.fdocument.pub/reader034/viewer/2022042801/5ae47e9e7f8b9ae74a8f2c8a/html5/thumbnails/18.jpg)
MANAGING IMPACTS MEANS…
Accepting that breach is inevitable
Designing for post-breach detection
Designing to limit impacts
Planning for breach response
![Page 19: Lessons Learned from 4,000 Security Assessments - CDW€¦ · Lessons Learned from 4,000 Security Assessments Sadik Al-Abdulla ... Google Drive, etc. 2000% increase in mobile violations.](https://reader034.fdocument.pub/reader034/viewer/2022042801/5ae47e9e7f8b9ae74a8f2c8a/html5/thumbnails/19.jpg)
THREATS -> RISKS -> IMPACTS
MaliciousOutsider Data
Loss
![Page 20: Lessons Learned from 4,000 Security Assessments - CDW€¦ · Lessons Learned from 4,000 Security Assessments Sadik Al-Abdulla ... Google Drive, etc. 2000% increase in mobile violations.](https://reader034.fdocument.pub/reader034/viewer/2022042801/5ae47e9e7f8b9ae74a8f2c8a/html5/thumbnails/20.jpg)
THE WAY WE USED TO THINK ABOUT IT…
![Page 21: Lessons Learned from 4,000 Security Assessments - CDW€¦ · Lessons Learned from 4,000 Security Assessments Sadik Al-Abdulla ... Google Drive, etc. 2000% increase in mobile violations.](https://reader034.fdocument.pub/reader034/viewer/2022042801/5ae47e9e7f8b9ae74a8f2c8a/html5/thumbnails/21.jpg)
THE $5 WRENCH
![Page 22: Lessons Learned from 4,000 Security Assessments - CDW€¦ · Lessons Learned from 4,000 Security Assessments Sadik Al-Abdulla ... Google Drive, etc. 2000% increase in mobile violations.](https://reader034.fdocument.pub/reader034/viewer/2022042801/5ae47e9e7f8b9ae74a8f2c8a/html5/thumbnails/22.jpg)
THE WAY WE NEED TO THINK ABOUT IT…
Identify
RespondRecover
ProtectDetect
Networks Data
Devices
![Page 23: Lessons Learned from 4,000 Security Assessments - CDW€¦ · Lessons Learned from 4,000 Security Assessments Sadik Al-Abdulla ... Google Drive, etc. 2000% increase in mobile violations.](https://reader034.fdocument.pub/reader034/viewer/2022042801/5ae47e9e7f8b9ae74a8f2c8a/html5/thumbnails/23.jpg)
LESSONS LEARNED
Rate of Occurrence
People & process require as much attention as technology
─ Simplicity, flexibility and reinforcement are key
Over controlling reactions generate greater systemic risk
Uncontrolled adoption creates enormous risk
Single Loss Expectancy
Time to detect/time to respond are key metrics
True segmentation is critical to limiting impacts
Data centric controls are critical to limiting impacts
![Page 24: Lessons Learned from 4,000 Security Assessments - CDW€¦ · Lessons Learned from 4,000 Security Assessments Sadik Al-Abdulla ... Google Drive, etc. 2000% increase in mobile violations.](https://reader034.fdocument.pub/reader034/viewer/2022042801/5ae47e9e7f8b9ae74a8f2c8a/html5/thumbnails/24.jpg)
LESSONS LEARNED
Tactical Next Steps
Identify “check the box” activities, repurpose spend and cycles
Adopt TRUE segmentation
Revisit fundamentals for sensitive data management
Revisit fundamentals for identity management in a cloud-enabled world
Search out and revise overly and overtly restrictive policies
Start measuring time to detect / time to respond
![Page 25: Lessons Learned from 4,000 Security Assessments - CDW€¦ · Lessons Learned from 4,000 Security Assessments Sadik Al-Abdulla ... Google Drive, etc. 2000% increase in mobile violations.](https://reader034.fdocument.pub/reader034/viewer/2022042801/5ae47e9e7f8b9ae74a8f2c8a/html5/thumbnails/25.jpg)
LESSONS LEARNED
Strategic Next Steps
Measure and invest separately for:
– People, process, technology
– Before, during, after
Engage proactively; design OTHER IT projects securely
Build security governance and sponsorship cross functionally
View and evangelize security as a process: break out of the “point in time” design and administration model