5. Unravel
the
Enigma
of
Insecurity
Total: 8 445 cases, 790 deaths
SARS
2003
2004
JAN
FEB
MAR
APR
MAY
JUN
JUL
AUG
SEP
OCT
NOV
DEC
Feb.
15,
2003
SARS
First
iden;fied
in
China
March
5,
2003
First
fatality
recorded
in
Toronto
March
12,
2003
World
Health
Organiza;on
warns
against
all
unnecessary
travel
to
Toronto,
Beijing,
and
China’s
Shanxi
Province
April
30,
2003
World
Health
Organiza;on
liJs
its
travel
advisory
against
Toronto
June
12,
2003
Tourism
in
Toronto
losses
$190M
May
1,
2003
SARS
deaths
peak
in
Honk
Kong,
Toronto
&
Vietnam
December
2,
2003
Scien;sts
with
the
SARS
Accelerated
Vaccine
Ini;a;ve
(SAVI)
report
tests
are
going
well
July
30,
2003
SARS
Stock
Concert,
Rolling
Stones,
AC/DC,
Jus;n
Timberlake,
Rush…
September
29,
2003
Ontario’s
SARS
enquiry
opens
October
7,
2003
University
of
Toronto
releases
a
report
commissioned
by
Health
Canada
August
13,
2003
Toronto
physician
becomes
the
last
fatality
in
the
city
China - 349
Hong Kong - 299
Canada - 44
6. Unravel
the
Enigma
of
Insecurity
Isolate
pa;ents;
find
and
monitor
pa;ent
contacts
PATIENT
ISOLATION
PATIENT
INTERVIEW
FOR
CONTACTS
MEDICAL
AIDS
9. Unravel
the
Enigma
of
Insecurity
Epidemiology
is
the
science
that
studies
the
pa^erns,
causes,
and
effects
of
health
and
disease
condi;ons
in
defined
popula;ons
11. Unravel
the
Enigma
of
Insecurity
Time
Disease
Prevalence
First
successful
vaccine
for
diphtheria
in
1913,
Diphtheria
has
largely
been
eradicated
in
industrialized
naXons
Polio
is
now
on
the
verge
of
eradicaXon
due
to
a
vaccine
developed
in
the
1950s
Smallpox
was
officially
eradicated
in
1977
Measles
was
declared
to
have
been
eliminated
in
North,
Central,
and
South
America
Surgery,
radiotherapy,
and
chemotherapy,
Cancer
have
higher
cure
rates
Highly
acXve
anX-‐retroviral
therapy
(HAART)
has
made
AIDS
a
tractable
disease,
discovery
of
post-‐exposure
prophylaxis
or
PEP
Ebola
is
contained
No
outbreak
of
SARS
is
reported
in
last
few
years
12. Unravel
the
Enigma
of
Insecurity
Timeline of Targeted Attacks
Aug
Sep
Oct
Nov
Dec
Jan
Feb
Mar
Apr
May
June
July
h"p://www.bankinfosecurity.in
UPS
Store
105,ooo
records
exposed
The
Home
Depot
56M
people
affected
Sony
$15
M
financial
loss
Anthem
80M
records
exposed
OPM
22M
Social
security
numbers
affected
AshleyMadison
37M
personal
records
exposed
2014 2015
Premera
Blue
Cross
Medical
Informa;on
Of
11
Million
Customers
Exposed
AdultFriendFinder
4
million
records
IRS
hacked
100K
records
stolen
Orange
Spain
10
million
user
records
exposed
DDoS
on
PlaystaXon
110 million users
Dropbox
6,937K
creden;als
compromised
13. Unravel
the
Enigma
of
Insecurity
An Analogy: WE ARE LOSING THE FIGHT !
Spread
of
Diseases
Spread
of
Cyber
Threats
Time
Prevalence
14. Unravel
the
Enigma
of
Insecurity
Years
2011
Cost
(in
$bn)
2012 2013 2014 2015 2019 2021
0150300450600...75021002900
114 110
375
400
575
2.9 Trillion
An Analogy: WE ARE LOSING THE FIGHT !
Cost of Cybercrimes
2.9 Trillion
15. Unravel
the
Enigma
of
Insecurity
There
were
over 3,007,682,404 data
records
lost
or
stolen
since
2013
Xll
Mar-‐2015
3,221,670
records
lost
every
day
in
Jan-‐15
134,236
records
every
hour
2,237
records
every
minute
37
records
every
second
55.28%
24.08%
16.07%
3.44%
1.13%
Breach by Source
Malicious
Outsider
Accidental
Loss
Malicious
Insider
State
Sponsored
Hack;vist
9.63%
56.59%
5.13%
4.23%
20.55%
3.87%
Data Records Lost/Stolen by Industry
Technology
Retail
Educa;on
Government
Financial
Healthcare
Source:
h"p://breachlevelindex.com
(Jan
2014
–
Dec
2014)
Cyber Hazard
16. Unravel
the
Enigma
of
Insecurity
Cyber Pandemic
You are in IT !!!!!!!
Large Giants being taken out with
hacks invented a long time ago
17. Unravel
the
Enigma
of
Insecurity
The Facts…
“When we look at these risks in pandemic
scenarios, the whole supply chain starts to
suffer”
18. Unravel
the
Enigma
of
Insecurity
United
States
World
bank
United
Kingdom
InternaXonal
Monetary
Fund
Germany
France
Canada
Gates
FoundaXon
Japan
China
$750m
$400m
$201m
$150m
$140m
$130m
$89m
$57
$50
$40
$33m
$26.5
$25m
$12m
African
Development
Bank
Paul
G.
Allen
Family
FoundaXon
Mark
Zuckerberg
India
Collateral Damage…
Funds pledged to fight the 2014 Ebola outbreak (in million U.S. dollars)
19. Unravel
the
Enigma
of
Insecurity
HONG KONG
CHINA
TAIWAN
SOUTH KOREA
INDONASIA
THAILAND
PHILIPPINES
The cost of SARS* (% of GDP)
1.5%
0.8%
The Cost of SARS: Initial estimates, Asian Development Bank
$bn
4%
1.9%
0.5%
1.4%
23%
1.6%
0.5%
SOURCE
:
ADB
SINGAPORE
MALAYSIA
Collateral Damage…
20. Unravel
the
Enigma
of
Insecurity
Cyber Pandemic Collateral Damage…
Who would feel the impact the most, and how?
Everybody
And How?
21. Unravel
the
Enigma
of
Insecurity
Least Expensive Data Breach Costs
$750,000 to Resolve
h^p://www.ponemon.org/
According to the Ponemon Report of 2014 the average
global loss that businesses incurred due to security
breaches was $3.5 million. While the costliest data breach
cost $31 million to resolve, the least expensive one set
them back by at least $750,000
22. Unravel
the
Enigma
of
Insecurity
Quarantine
Vaccine
Cyberpandemic
Timeline
IDS
IPS
Firewall
Policy
Education
Cyber Hygiene
23. Unravel
the
Enigma
of
Insecurity
1:
<configuration>
2:
<system.web>
3:
<sessionState mode = <"inproc" |
"sqlserver" | "stateserver">
4:
cookieless=“true">
5:
</system.web>
6:
</configuration>
Vulnerable
Code
Secure
Code
1:
<configuration>
2:
<system.web>
3:
<sessionState mode = <"inproc" |
"sqlserver" | "stateserver">
4:
cookieless=“false">
5:
</system.web>
6:
</configuration>
If
cookieless
is
set
to
true,
then
the
URL
is
used
to
transfer
session
tokens,
which
are
vulnerable
to
Session
Hijacking
and
MITM
ahack
If
cookieless
is
set
to
false,
then
cookies
are
used
to
transfer
the
session
token,
which
secures
the
session
tokens
Wrong Code vs. Correct Attack
24. Unravel
the
Enigma
of
Insecurity
Types of Vaccine
ACTIVE
IMMUNIZATION
Measles,
Mumps,
Yellow
Fever,
Rotavirus
Ethical
Hacker
(AnXgen
and
AnXbody)
PASSIVE
IMMUNIZATION
Tetanus
Secure
Code
(AnXbody)
Immunological
Memory
25. Unravel
the
Enigma
of
Insecurity
The Point
001000101110001010110010
010001001110001010110010
010111001000001010110010
010111000001011010110010
010111000101110010110010
010111000101011000010010
The
Vaccine Secure
Coding
26. Unravel
the
Enigma
of
Insecurity
Making of the Perfect Storm
BUT
IS
THAT
ENOUGH
?
27. Unravel
the
Enigma
of
Insecurity
But with Social Media – Social
Distancing is Dead
Social distancing is a strategy
for SARS, Ebola etc.
28. Unravel
the
Enigma
of
Insecurity
4400 Death Per Annum
14% Consider Suicide
7% Attempt Suicide
29. Unravel
the
Enigma
of
Insecurity
Ronan
Hughes,
a
17-‐year-‐old
from
Co
Tyrone,
Northern
Ireland
killed
himself
ajer
being
blackmailed
into
posXng
pictures
of
himself
online.
At
his
funeral,
parish
priest
Fr
Benny
Fee
told
mourners
"He
did
not
take
his
own
life.
His
life
was
taken
by
these
faceless
people
who
put
the
child
into
a
burning
building
that
he
felt
he
could
not
escape".
Ronan,
a
talented
goalkeeper
with
the
Clonoe
O'Rahilly's
gaelic
football
club,
and
a
student
at
St
Joseph's
Grammar
in
Donaghmorehad,
told
his
parents
about
the
bullying
and
they
went
to
the
police,
but
unfortunately
that
did
not
help.
Ronan Hughes 1998-2015
CYBERBULLYING: CASE STUDIES
Hannah
Smith,
a
14-‐year-‐old
girl
from
Lu^erworth,
Leicestershire,
England,
hanged
herself
in
her
bedroom
on
August
3rd,
2013.
Her
body
was
discovered
by
her
older
sister.
In
the
weeks
leading
up
to
her
death,
Smith
had
been
subjected
to
cruel
taunts
and
insults
about
her
weight
and
a
family
death
on
Ask.fm,
a
quesXon-‐and-‐answer
social
networking
site
that
allows
anonymous
parXcipaXon.
Bullies
on
Ask.fm
urged
her
to
drink
bleach
and
cut
herself.
According
to
Hannah’s
father,
she
went
to
Ask.fm
to
look
for
advice
on
the
skin
condi;on
eczema.
Following
the
suicide,
Hannah’s
older
sister,
Jo,
described
how,
just
days
aJer
discovering
her
younger
sister’s
body,
she
started
receiving
abusive
messages
on
Facebook
mocking
her
loss
and
blaming
her
grieving
father’s
paren;ng
skills
for
the
tragic
death.
Hannah Smith 1999-2013
31. Unravel
the
Enigma
of
Insecurity
EXAMPLE OF THE
PANDEMIC 2:
CYBER BULLYING
h"p://www.lavasoF.com
32. Unravel
the
Enigma
of
Insecurity
What Can We Do To Keep Children Safe?
Educate
your
children
about
cyberbullying
Keep
home
computer
in
a
busy
part
of
the
house
Report
abuse
to
the
website
administrators
Block
or
delete
the
Cyber-‐Bully
Don’t
let
your
children
include
personal
informaXon
in
online
profiles
38. Unravel
the
Enigma
of
Insecurity
Making of the Perfect Storm
If a hostile group was to terminate emergency communications
during a powerful hurricane OR if cyber terrorists takes over your
defense systems.