avoiding a digital pearl harbor - fst · history repeats! avoiding a digital pearl harbor stephen...
TRANSCRIPT
History repeats! Avoiding a Digital Pearl Harbor
Stephen McCombie PhD CISSP-ISSMP CFE
Senior Practice Manager, Advanced Cyber Defense Asia Pacific & Japan
2 © Copyright 2015 EMC Corporation. All rights reserved.
3 © Copyright 2015 EMC Corporation. All rights reserved.
Pearl Harbor Attack
4 © Copyright 2015 EMC Corporation. All rights reserved.
The Warnings…
5 © Copyright 2015 EMC Corporation. All rights reserved.
Technology
6 © Copyright 2015 EMC Corporation. All rights reserved.
7 © Copyright 2015 EMC Corporation. All rights reserved.
BULLSEYE!!! MALWARE onto Point of Sale
(P.O.S.) systems !!!
AND, Target officials not even aware of the breaches until
contacted by the US DoJ!
Hackers harvested >40 MILLION credit card details
and 70 MILLION customers’ phone
numbers, mail and email addresses.
8 © Copyright 2015 EMC Corporation. All rights reserved.
The Malware Called a “RAM scraping” attack - Collection of
un-encrypted data as it passed through the infected POS machine’s memory.
AVAILABLE FOR SALE on black market for $1,800 - $2,300
Described by McAfee as as “absolutely unsophisticated and uninteresting.”
9 © Copyright 2015 EMC Corporation. All rights reserved.
Target Data Exfiltration (Dell Secureworks)
10 © Copyright 2015 EMC Corporation. All rights reserved.
Source: Bloomberg Business Weekly
11 © Copyright 2015 EMC Corporation. All rights reserved.
Source: Bloomberg Business Weekly
12 © Copyright 2015 EMC Corporation. All rights reserved.
Source: US Senate Committee
13 © Copyright 2015 EMC Corporation. All rights reserved.
14 © Copyright 2015 EMC Corporation. All rights reserved.
15 © Copyright 2015 EMC Corporation. All rights reserved.
Stop History from Repeating……………. • KNOW THY ENEMY
• Investment needs to be STRATEGIC (not just tools)
• Importance of TRAINING - Rules & Regulations within integrated teams
• Formal Information Flow/RESPONSE Plans
• Use of INTELLIGENCE (internal/external)
• Gain VISIBILITY
• EXERCISE regularly
16 © Copyright 2015 EMC Corporation. All rights reserved.
Group Discussion 1
What are the
Security Drivers,
Trends and Predictions
Impacting Australian FSI this year and
beyond?
17 © Copyright 2015 EMC Corporation. All rights reserved.
Group Discussion 2
Detection, Analysis, Prevention and
Response Tactics
18 © Copyright 2015 EMC Corporation. All rights reserved.
RSA Advanced Cyber Defence Services Portfolio
Readiness, Response & Resilience
Cyber & Counter Threat Intelligence
Vulnerability & Risk Management
Strategy & Roadmap
Incident Response
Security Operations Management
ASOC Design & Implementation
19 © Copyright 2015 EMC Corporation. All rights reserved.
FREE WHITEPAPER AVAILABLE
20 © Copyright 2015 EMC Corporation. All rights reserved.
Stephen McCombie Senior Manager,Asia Pacific & Japan Advanced Cyber Defense Practice
Mobile +61 408 206836 | Email [email protected]
General information enquiries: [email protected] Interested in what RSA is saying – Follow RSA on Twitter:@rsaAPJ | LinkedIn with RSA Security APJ
RSA Contact (ACD Assessments/ General Information)
EMC, RSA, the EMC logo and the RSA logo are trademarks of EMC Corporation in the U.S. and other countries.