SlideShare a Scribd company logo

Cyber response to insider threats 3.1

David Spinks
David Spinks

David Spinks has over 24 years of experience in process control and cyber security risk management. He discusses cyber security threats to real-time systems, including safety critical systems, critical national infrastructure, SCADA/PLC systems, and systems supporting defense, healthcare, and transportation. Insider threats pose a major risk, with 70% of breaches discovered by external third parties. Types of insider threats include unauthorized information disclosure, process corruption, and facilitating third party access. Motivations may include grievances, addictions, and social engineering. The top three mitigation steps are role-based access controls, deterring insiders through monitoring and consequences, and embedding a security-focused culture. Threats and losses will continue to

Related slideshows

MITRE ATT&CKcon 2.0: ATT&CK Updates - ICS; Otis Alexander, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - ICS; Otis Alexander, MITREMITRE ATT&CKcon 2.0: ATT&CK Updates - ICS; Otis Alexander, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - ICS; Otis Alexander, MITRE
 
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them
 
Global Cybersecurity Market Industry Trends, Analysis Report 2021
Global Cybersecurity Market Industry Trends, Analysis Report 2021Global Cybersecurity Market Industry Trends, Analysis Report 2021
Global Cybersecurity Market Industry Trends, Analysis Report 2021
 
1 of 18
Download to read offline
Cyber Security in Real-Time Systems CSIRS David Spinks CSIRS Cyber Security in Real-Time Systems Advanced Attacks and Role of Insiders
70% of all breaches are discovered by external 3rd parties!
Why me? Worked in process control and ICS environments for about 24 years then moved into Information Security Risk Management for last 20 years. My first job in 1970 Glaxo (now GSK) –Animal Rights 10 years
Sizewell B Software Emergency Shut Down code validation Why me? UKAEA thenAEATechnology plc 10 years Safety Risk Management SRD
Cyber Security in Real Time Systems? LinkedinCSIRS:http://www.linkedin.com/groups/Cyber-Security-in-RealTime-Systems-3623430  Safety Critical and Safety Related Systems  Mission and Business Critical systems  Critical National Infrastructure (CNI)  Systems in Energy, Oil and Gas  Regulated systems in Financial Industry such as E-banking and Point-of-Sale (POS)  SCADA and PLC in large-scale manufacturing  Systems supporting Defence and Law Enforcement  Health and Pharmaceutical Systems  Aviation and Transport Systems
https://www.cert.org/insider-threat/ http://www.cpni.gov.uk/advice/Personnel-security1/Insider-threats/ Best Practice Research US DoD UK MoD
Types of InsiderThreat Unauthorised disclosure of sensitive information Process corruption Facilitation of third party access to assets Physical, Logical and Sabotage APT Social Engineering Malware
Motive
Cert Cases
Cyber response to insider threats 3.1
Who is a possible Insider Threat? Disgruntled employees Passed over for salary increase or promotion Former employees - fired from the company, holds animosity to company or personnel Addictions – Drugs,Alcohol or Gambling Gullible to Social engineers or Coercion or Blackmail
Top 3 InsiderThreat Mitigation Steps
Role Based Access Controls – Segregated Access
You will be caught deterrent Physical access logs Phone access logs Email and InternetAccess We are monitoring and make sure all staff know reports are examined and action will be taken
Embedding Security within Corporate Culture Care, Compassion and Consideration Primary defence social engineering
Finally what is certain Threats Losses Sophistication
Final thought
CSIRS Cyber Security in Real-Time Systems david.spinks@hp.com

More Related Content

Cyber response to insider threats 3.1

  • 1. Cyber Security in Real-Time Systems CSIRS David Spinks CSIRS Cyber Security in Real-Time Systems Advanced Attacks and Role of Insiders
  • 2. 70% of all breaches are discovered by external 3rd parties!
  • 3. Why me? Worked in process control and ICS environments for about 24 years then moved into Information Security Risk Management for last 20 years. My first job in 1970 Glaxo (now GSK) –Animal Rights 10 years
  • 4. Sizewell B Software Emergency Shut Down code validation Why me? UKAEA thenAEATechnology plc 10 years Safety Risk Management SRD
  • 5. Cyber Security in Real Time Systems? LinkedinCSIRS:http://www.linkedin.com/groups/Cyber-Security-in-RealTime-Systems-3623430  Safety Critical and Safety Related Systems  Mission and Business Critical systems  Critical National Infrastructure (CNI)  Systems in Energy, Oil and Gas  Regulated systems in Financial Industry such as E-banking and Point-of-Sale (POS)  SCADA and PLC in large-scale manufacturing  Systems supporting Defence and Law Enforcement  Health and Pharmaceutical Systems  Aviation and Transport Systems
  • 7. Types of InsiderThreat Unauthorised disclosure of sensitive information Process corruption Facilitation of third party access to assets Physical, Logical and Sabotage APT Social Engineering Malware
  • 11. Who is a possible Insider Threat? Disgruntled employees Passed over for salary increase or promotion Former employees - fired from the company, holds animosity to company or personnel Addictions – Drugs,Alcohol or Gambling Gullible to Social engineers or Coercion or Blackmail
  • 12. Top 3 InsiderThreat Mitigation Steps
  • 13. Role Based Access Controls – Segregated Access
  • 14. You will be caught deterrent Physical access logs Phone access logs Email and InternetAccess We are monitoring and make sure all staff know reports are examined and action will be taken
  • 15. Embedding Security within Corporate Culture Care, Compassion and Consideration Primary defence social engineering
  • 16. Finally what is certain Threats Losses Sophistication
  • 18. CSIRS Cyber Security in Real-Time Systems david.spinks@hp.com