M01-L01 - Introduction to Cybersecurity Analytics_Updated.pptx

CYBER 362 Cybersecurity Analytics Studio M01– L01: Cyber Threat Landscape and Challenges in protecting Organization Assets 1

Introduction We have becoming extremely dependent on computers and other IT tools and products (think of IoT devices) At work, at home, socially, and for entertainment Lots private and sensitive information stored and processed by these networked devices These interconnected systems have become very complex overtime More difficult to ensure that there are no bugs or backdoors hence mostly insecure Attractive targets for attackers to make money out of you or carry out mischief More organizations are looking up to AI/ML to solve complex cybersecurity problems 2

Introduction Wide range of threats and domains: intrusion detection, malware analysis, social network security, web app security, APTs, cryptography, etc. 85% of email is spam [3] – wastes network bandwidth Spam filters have been in use for quite a while Evolved over time: word filtering and meta-data reputation, to heuristics (identify spam based on pre-defined rules), and now AI/ML (using data) Best modern spam filters can block 99.9% of spam using modern data analysis Machine learning and data analysis can be applied to many problems in security Enabled by better ML algorithms and more powerful hardware 3

Cyber Threat Landscape Cyber Threats Landscape of adversaries and miscreants in security has evolved over time Malware Worm Trojan horse Spyware Adware Ransomware Rootkit Backdoors Bot and botnets Keylogger Spam Phishing DoS and DDoS Sniffing Etc. 4

Cyber Threat Landscape 5 Cyber Threat Taxonomy Information Gathering Intrusions Intrusions Attempts Fraud Abusive Content Malware Availability Attacks Scanning Sniffing Social Engineering Account Takeover Privilege Escalation Application Compromise Bot Login Attempts Exploiting Known Vulnerabilities Masquerading Phishing Unauthorized Use of Resources Incendiary Speech Spam Inappropriate Violence/ Sexuality Ransomware Worm Adware Trojan Spyware Rootkit Advanced Persistent Threats Denial of Service Sabotage

The Cybercrime economy Motivations have evolved over time Reputation including glory, mischief, street cred Today the motivations are largely financial - economic Trading stolen data that includes credit card accounts, bitcoin wallets, etc. Illegal online markets selling prescription pharmaceuticals and counterfeit goods Intellectual property theft Trade secrets and espionage – national state actors Trading software and tools for cybercrime and cybercrime consulting services Hacktivism 6

The Cybercrime economy Annual revenue from cybercrime as of May 2018 is $1.5 trillion [1] More than the combined revenues of Amazon, Facebook, Apple, Netflix, and Google (FAANG) in12 months The annual revenue from drug trafficking is $0.5 trillion [2] What is the difference between the two categories of crime? The U.S. alone, loses between $57 billion and $109 billion per year to malicious cyber activity, according to an estimate published by the White House Council of Economic Advisers. 7

Marketplace for Hacking skills The old days of being required to be a competent computer hacker are mostly gone Variety of user-friendly hacking scripts, software, vulnerabilities and tools are available for sale to lower skilled hackers (including script kiddies) 8

Marketplace for Hacking skills Trading and/or sharing vulnerabilities and exploits takes places legally and illegally Legally among security researchers https://cve.mitre.org/ , https://nvd.nist.gov/ , https://vulndb.cyberriskanalytics.com/ Illegally among hackers Elite hackers sell vulnerabilities in the marketplace and provide boutique hacking consultancy services because this a lower risk for them 9 VS

Indirect monetization Malware distribution is commoditized with a pay-per-install (PPI) model with a complex and mature ecosystem providing wide distribution channels Botnet rentals operate on the same model as on-demand cloud infrastructure with per-hour resource offerings at competitive prices Other financially rewarding offerings Deploying malware on remote servers Ransomware distribution Spyware distribution – to steal private information and then trade it Adware and spam distribution – to advertise phony pharmaceutical and financial instruments 10

Indirect monetization How much your personal information is worth? [1] Social Security number: $1 Credit or debit card (credit cards are more popular): $5-$110 Online payment services login info (e.g. Paypal ): $20-$200 Loyalty accounts: $20 Subscription services: $1-$10 Diplomas: $100-$400 Driver's license: $20 Passports (US): $1000-$2000 Medical records: $1-$1000* The path to monetization can be long and complex. What are your thoughts on this? The 1.5 trillion dollar economy will keep growing 11

Organization assets Challenges in Protecting 12

Organization assets End point devices Networks Servers IoT Devices Data Identity and access Applications Cloud 13

Challenges in Protection Evolving threat landscape Nature and severity of threats keep evolving Defenders are usually a few steps behind attackers Budgets Most organizations do not allocate enough money for cybersecurity CEOs have difficulty in quantifying ROI on Cybersecurity Diversity of protection products and tools Large organizations have a large ecosystem of protection tools and products Firewalls, IDS/IPS, UTMs, SIEM, etc. Challenges in managing them 14

Challenges in Protection Large skills gap and heavy workload on SOC experts Workforce skills gap in Cybersecurity is very acute [7-10, 12-15] Vacant cybersecurity jobs expected to grow by 350 percent, from one million positions in 2013 to 3.5 million in 2021. Zero-percent unemployment rate in cybersecurity Shortage implies higher risk of cyber attack but also creates pressure on current SOC experts due to inadequately staffed cybersecurity teams 15

Challenges in Protection Insufficient collaboration and information sharing among stakeholders and security teams on threat intelligence Although there is some level of collaboration and information sharing, organization are cautious because of sensitivity and privacy concerns [11] Fear of potential for disclosure and liability implications (PII, SOX, etc.) Lack of regulatory framework including policies and procedures International Nationally Organization level 16

Challenges in Protection Poor governance Organizations need to have a governance mechanism for cybersecurity Defining roles and responsibilities for analysts Allocate resources based on governance processes Lack of tools to automate proactive response Orchestration and automation in the next big thing but need frameworks and tools to enable it Social-technical challenges User is the weakest link – user errors due to fatigue, training issues, etc. 17

Solutions Accelerated programs to close the gap for human experts Smarter tools for cybersecurity Security Orchestration, Automation and Response (SOAR) Leveraging AI/ML Allocate more funding – ROI on Cybersecurity Develop policy framework and updated policies More coordination, collaboration and information sharing Better governance 18

References https://www.experian.com/blogs/ask-experian/cybercrime-the-1-5-trillion-problem/ https://www.talkingdrugs.org/report-global-illegal-drug-trade-valued-at-around-half-a-trillion-dollars https://www.talosintelligence.com/reputation_center/email_rep http://www.vdiscover.org/OS-fuzzing.html http://whatis.techtarget.com/definition/machine-learning Chio , C. and Freeman, D. Machine Learning and Security: Protecting Systems with Data and Algorithms, O’Reilly, 1st Edition, 2018. Review chapter 1. https://venturebeat.com/2020/02/11/ai-and-the-cybersecurity-skills-gap/ https://venturebeat.com/2017/06/07/global-cybersecurity-workforce-to-be-short-by-1-8-million-personnel-by-2022-up-20-on-2015/ https://www.csoonline.com/article/3331983/the-cybersecurity-skills-shortage-is-getting-worse.html https://blog.isc2.org/isc2_blog/2018/10/cybersecurity-skills-shortage-soars-nearing-3-million.html https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-150.pdf 19

References https://cybersecurityventures.com/jobs/ https://www.weforum.org/agenda/2017/08/the-us-is-upping-its-game-against-cyber-attacks-but-the-security-industry-faces-a-huge-challenge https://www.cyberseek.org/index.html https://www.nist.gov/system/files/documents/2017/10/26/nice_workforce_demand_pdf.pdf 20

M01-L01 - Introduction to Cybersecurity Analytics_Updated.pptx

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

M01-L01 - Introduction to Cybersecurity Analytics_Updated.pptx

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

8-top-ai-courses-for-customer-support-representatives-in-2025.pptx

7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx

25-essential-ai-courses-for-user-support-specialists-in-2025.pptx

8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx

Know for Certain

PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx