Presentation Slides from InfoLab21 and the Intellectual Property Office's event: "Intellectual Property: Value Creation" at Lancaster House Hotel on 14th February 2012.

1. Cyber Risks To Intellectual Property How It Happens, Why It Happens, And How To Protect Yourself.

2. Agenda 1. Inside A Hacking Community. 2. The Threat Landscape. 3. SMEs Are The Target Of Choice. 4. A Solution?

3. The Hacking Community “ Citadel” is a popular suite of hacking software applications. It works just like “normal” software. You go online (invitation only), buy a license (all major credit cards accepted) and you get support, updates and regular bug fixes from the developers. Automated updates come out about once a week. New versions appear about every 2 months or so.

4. The Hacking Community “ Citadel” is a popular suite of hacking software tools.

5. The Hacking Community

6. The Hacking Community

7. The Hacking Community

8. The Hacking Community

9. The Hacking Community

10. The Hacking Community

12. The Threat Landscape Once they have identified a vulnerable target, APTs will often adapt custom malware such as keystroke loggers to make it specific to that target. These will then be attached to an email or embedded inside a document with a plausible sounding name to a highly targeted shortlist of key employees. This is exactly what happened in some of the most notorious, recent APTs. One in particular was an attack on a well know defence electronics company in which a malicious PDF attachment entitled “redundancy program for 2012” was sent to some key employees. The attachment contained an attack and the company suffered a serious data breach. The recently revealed attack on Symantec was an instance of an intrusion via the supply chain (a Symantec reseller) the theft of intellectual property (The source code to a number of their security products) and an attempt (unsuccessful) to extract a ransom for the safe return of the source code.

13. The Threat Landscape However if the first attack does not work as planned then they will try and try again, working through a menu of automated attacks until they find one which works and which delivers control of a legitimate users PC. And that objective, gaining control of a legitimate users PC, is the first phase of the attack. Being armed with a legitimate users login credentials they are free to probe around, undetected, inside the network of the target organisation, appearing as if they were a perfectly legitimate user and belong there.

15. The Threat Landscape Phase Two The second phase of the attack is to escalate their user account privilege until they have domain admin control level. At that point they have the keys to the Kingdom. They can steal any IP, data or customer account information they require. Have a look at this video

16. The Threat Landscape The question “ Who was responsible?” asked in that video wasn’t answered. In my view the answer is that everyone in the business has to be made responsible for protecting the organisations I.P. and sensitive data. It’s not just IT or HR or Marketing…every employee has to be “deputised” to keep data secure. It’s no longer possible, in such a dynamic and hostile environment, to block the wide and rapidly changing range of threats at the perimeter…wherever that is! It’s much more practical to protect the data, whether in use or at rest using encryption and deploy strong, multifactor authentication, preventing most current and future attack methods and specifically preventing attacker privilege escalation which is integral to phase two of an APT directed at your intellectual property.

17. The Threat Landscape Insecure password reuse is a significant problem. Users have multiple work, home and leisure digital identities and accounts that are impossible to manage, so what they end up doing is standardising on a small number (in some cases just one) of easily remembered username and password combinations and using them on multiple accounts. Corporations can’t effectively control if users are reusing passwords but what they can do, in-house, is deploy strong, multi-factor authentication and access controls so that only strong, ideally three factor authentication, is all that will work to legitimately log someone into company systems.

18. The Threat Landscape This image is from the FBI. The malware they are warning about the “DNSChanger Trojan,” alters the target computer’s Internet settings preventing victims from visiting anti virus security sites for updates to the virus signatures that could clean up the infections. DNSChanger is integrated into Citadel and other attack tools, meaning that systems infected with this Trojan often also host other, more serious malware.

19. The Threat Landscape Internet Identity, a Washington based cyber security company found evidence of DNSChanger infections in computers at half of all Fortune 500 firms, and 27 out of 55 major U.S. government agencies. http://www.internetidentity.com/

20. The Threat Landscape So…with large corporates, (including some of the biggest security software vendors!) government and law enforcement agencies succumbing to attacks what currently available technology will help to prevent APTs? It’s worth remembering that APTs have been developed in an environment where over 95% of organisations have up to date anti-virus protection, firewalls and anti-spam software. Yet they still get hacked because APTs are really good at getting around these primarily reactive solutions. In another survey by CSO magazine 61% of respondents said that encryption and multi-factor authentication would be very effective in preventing APTs. The respondent felt that if an attacker finds that user credentials cannot be compromised and/or the data is encrypted anyway then they will not persist with their attack and will focus on easier targets.

21. The Threat Landscape Whilst SMEs are particularly vulnerable Government, Utilities, Professional Services firms, Academia and large corporates (particularly Aerospace and Defence) are being specifically targeted and sometimes those attacks are state sponsored! This is an excerpt from an interview with Admiral Lord West the former head of CSOC the UKs Cyber Security Operations Centre.

22. The Threat Landscape Not all the threats are purely external in origin. Recession induced lay offs also place data and Intellectual Property at risk. Remaining, often overstretched staff, begin to make security mistakes, putting company reputations on the line. Because we live in a world where everyone, everything, everywhere is connected, data has to flow to wherever it is needed; an organisations actual perimeter is no longer its physical or legal boundary. The security focus is moving away from hardware on the network edge and onto the data user with the spotlight firmly on verifiable encryption as the only workable solution.

23. The Threat Landscape The reason cyber criminals target SMEs is that small businesses do not have the same high-level security that their enterprise counterparts have deployed. SMEs are under the same regulatory and contractually imposed data security pressure as their corporate partners but their needs are different. SMEs need an incremental, tactical, level of protection with greater choice and maximum flexibility for protecting the information that drives their businesses. Although the majority of small or mid-sized businesses have some form of data protection solution in place, these solutions are often time-consuming to operate or are inconsistently used. This causes "workflow friction" resulting in time pressed employees finding work-arounds which ultimately compromise security. In addition SMEs are often faced with other problems such as lack of staff time, limited in-house skills and expertise, and restricted budgets.

26. User Behavior Is An Issue Text Text However a significant number of information security breaches come about, either directly or indirectly, as a result of employees’ failure to comply with existing, well documented, security practices and policies. Many organisations, large and small, have tried to sustainably modify their users behavior towards IP protection, data security and encryption. Almost all have found it difficult if not impossible. Research has shown that a large number of data security breaches are caused by security mechanisms which are either technically complex or have become an impediment to the user completing their work in a timely fashion. (workflow friction) http://gaudior.net/alma/johnny.pdf (Why Johnny Can’t Encrypt)

27. Software Usability Is An Issue Text Text Even technically competent users such as systems administrators and software developers often struggle to keep up with todays sophisticated and tenacious and fast moving cyber threats. On top of the cyber threats sys admins have to cope with the ever increasing complexity and administrative workload created by Governance Regulation and Compliance, Data Loss Prevention and security and encryption processes. Yee, K P. (2005) User Interaction Design for Secure Systems. In L. Faith Cranor & S. Garfinkel [Eds.]: Security and Usability: Designing secure systems that people can use 2005. pp 13-30. O'Reilly Books.

29. It’s Networkers Not Networks Text Text It’s mainly individuals who compromise IP and cause data loss It’s individual end user behaviour which has to be sustainably modified and it’s individuals who choose whether to comply or not with the security policies governing their immediate work context. Individuals choose whether or not to comply with security guidelines based on risk and reward or cost and benefit. There is a natural limit to the amount of effort users will expend on compliance unless there is a corresponding benefit to them.

30. Why It’s The Way It Is Text Text Modern digital encryption came out of the US military in the 1970s and 1980s. The inflexible, top-down, command-and-control structure of its original development environment created the encryption structures and landscape we see today. Within a fully integrated public or private organisation, with a standardized IT structure, encryption offers nearly unbreakable information security. Every single legal jurisdiction across the world which has data security legislation in place advocates encryption as the solution of choice.

31. Ships In The Night? Text Text However across extended supply chains, everyday practical issues in the deployment, maintenance and use of encryption technology have limited the business benefits and impaired overall supply chain efficiency. Misapplied encryption increases risk, decreases security, incurs unnecessary costs and reduces efficiency. Until recently it has been difficult for unrelated organisations, with conflicting IT systems, differing skill sets and inconsistent attitudes to data protection to consistently and securely exchange confidential corporate or personal data. This was especially the case where data was only likely to be exchanged very infrequently or even on a one-off basis. The investment in infrastructure, training and skills outweighed the benefit of deploying compatible encryption technologies, especially across multiple legal jurisdictions.

32. Summary Text Text Organisations of all sizes need easy-to-learn-and-use security solutions which deliver the security options they need, when they need it, for only as long as they need it at a price they can afford, with fair, transparent, flexible licensing and without disrupting established workflow practices or impacting on current network architecture. Modern data security solutions should be designed with these needs and with “newly deputised” non technical data users in mind. Flexible licensing should provide maximum freedom for users to “just get on with the day job” whilst maintaining a high degree of data security whether they are using, sharing, storing, recovering or deleting sensitive corporate information. For more information about protecting your intellectual property from cyber crime please visit: www.safetok.com You can email me at [email_address] Or pick up a leaflet from our display.

33. Thank You Text Text Styskin's Solutions Limited B1 Business Center, Suite 206, Davyfield Road, Blackburn, Lancashire, BB1 2QY, www.safetok.com [email_address]