Part 2 - The Humans Behind Cyber Security Incidents
Video Activity
This lesson discusses the human causes behind cyber security incidents. These include but are not limited to: · Negligent/Unaware employees · Insider threats · Competition · Nation States In addition to the human causes behind cybersecurity incidents, participants in this lesson also learn about why incident response is so necessary. Cyber security...
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Description
This lesson discusses the human causes behind cyber security incidents. These include but are not limited to: · Negligent/Unaware employees · Insider threats · Competition · Nation States In addition to the human causes behind cybersecurity incidents, participants in this lesson also learn about why incident response is so necessary. Cyber security threats result in billions of dollars lost. According to the Center for Strategic and International Studies (CSIS), the USA lost around $100 billion in 2013 from such things. They can cause severe economic damage. The purpose of cyber incident response is to determine the threat, respond accordingly and also keep it from happening again and/or spreading.
Video Transcription
00:03
>> Who causes cybersecurity incidents?
00:03
The first thing that we talked
00:03
about was negligent employees.
00:03
Who is a negligent employee?
00:03
Well, that's someone who doesn't really have
00:03
a good understanding of
00:03
>> how cybersecurity incidents work.
00:03
>> A good example here is this meme that
00:03
the basic user changed his password to incorrect.
00:03
Every time he types in
00:03
the wrong password, it
00:03
tells him his password is incorrect.
00:03
Kind of an extreme that there are people who don't have
00:03
a good understanding
00:03
>> of how cybersecurity incidents work.
00:03
>> Your business partners.
00:03
Maybe you're in partnership
00:03
with the business or you're using some type of
00:03
contractor and you've given them
00:03
access to your proprietary information
00:03
and they don't understand or
00:03
have the same security policies that you do.
00:03
They might put your information at risk.
00:03
Another example is going to be insider threats.
00:03
We already talked about Snowden, an extreme example.
00:03
But there may be others that
00:03
maybe you've terminated someone and they
00:03
have some computer knowledge and they
00:03
put that logic bomb in your system that's going to
00:03
delete all your data or keep you
00:03
from getting access to that data.
00:03
Those insider threats.
00:03
The next one is going to be criminals.
00:03
Here's an example of some ransomware.
00:03
They're going to want to make money maybe off of
00:03
your systems because you had some
00:03
user click on something or
00:03
go somewhere that they shouldn't have.
00:03
They're going to try and get three dollars,
00:03
500 out of you.
00:03
Or hospitals now have come
00:03
under attack from ransomware and they're
00:03
getting tens of thousands of dollars just to get access
00:03
back to their patient information.
00:03
You're going to have hacktivists, terrorists.
00:03
Hacktivists are going to try
00:03
and cause some type of damage to your system
00:03
>> because they have a political ideology that may
00:03
>> differ from yours or they want to prove a point.
00:03
Terrorists, obviously,
00:03
the cyber plane is now
00:03
becoming the next generation of warfare.
00:03
We're going to see a lot more cyber attacks happening
00:03
instead of these mass kinetic attacks and wars.
00:03
Just because cyber is something that is
00:03
important and connects all
00:03
of us throughout the world, we now bank on that.
00:03
We have a lot of our critical infrastructure
00:03
that depends on cyber.
00:03
We're going to see a lot more of that happen.
00:03
Then we're going to have competition
00:03
>> from your business.
00:03
>> People who are a competitor with you,
00:03
they may want to hack into
00:03
your systems to get your proprietary information
00:03
>> so they can one-up you and
00:03
>> go ahead and get something to market before you do.
00:03
Then nation states.
00:03
An example of what we had with
00:03
nation states is the Stuxnet virus.
00:03
Where we essentially had an attack against a ram that
00:03
interfered with some of their program of
00:03
more logic controllers and
00:03
set back some of their development.
00:03
These are just some examples of
00:03
who causes cybersecurity incidents.
00:03
There's obviously could be more,
00:03
but these are just some of
00:03
the basic examples of who does that.
00:03
Why is incident response necessary?
00:03
We've already touched on this a little bit,
00:03
but again, cyber is that next plane,
00:03
that next generation of warfare.
00:03
Here's just some examples of how
00:03
cyber threats are affecting
00:03
the United States and US businesses.
00:03
The Justice Department has declared that
00:03
China's espionage activities are
00:03
so wide in scale that they
00:03
constitute a national security emergency,
00:03
as China targets almost
00:03
>> every sector in the US business.
00:03
>> That's pretty significant.
00:03
If you're out there and you've got something
00:03
that is worthwhile,
00:03
something that can go to market,
00:03
China may be trying to launch an attack against
00:03
you so they can configure
00:03
out how to build that and make that better.
00:03
We'll talk about some of
00:03
the Chinese threats
00:03
>> a little bit later on in this course.
00:03
>> According to 60 Minutes,
00:03
the activity is actually costing US
00:03
companies hundreds of billions of dollars in losses and
00:03
more than two million jobs have been
00:03
lost through these cyber incidents occurring.
00:03
That's pretty significant.
00:03
If we can prevent these or
00:03
mitigate these after they've happened,
00:03
we can save billions of dollars and actually
00:03
put people or keep people in their jobs.
00:03
The Center for Strategic and International Studies,
00:03
CSIS, estimated the likely annual cost
00:03
of cybercrime and economic espionage to
00:03
the world economy at
00:03
more than $445 billion
00:03
or almost one percent of the global income.
00:03
Again, that's just a significant number in terms of
00:03
dollars of the magnitude of cybersecurity threats.
00:03
Then just in the United States,
00:03
CSIS estimated that the US lost
00:03
about $100 billion in GDP in the year 2013.
00:03
Just underscores the significance of cyber threats.
00:03
Here's a graphic explaining of how much
00:03
a cybersecurity incident can
00:03
actually cost an organization.
00:03
We have this known cost that we
00:03
realize that we're going to have to deal with when
00:03
one of these incidents occurs.
00:03
One of the infographics here
00:03
that Deloitte has on their website
00:03
shows the costs that are
00:03
mostly well-known when one of these incidents occurs.
00:03
You're going to have that technical investigation.
00:03
You're going to have to notify
00:03
your customers that there's been a breach.
00:03
You're going to have to do something
00:03
>> to get you back into
00:03
>> regulatory compliance depending on
00:03
what type of organization you hit.
00:03
More than likely you're going to have to
00:03
be engaged in litigation.
00:03
You're going to have to hire an attorney and
00:03
those guys bill usually in
00:03
three-minute increments. That's not cheap.
00:03
Then you're going to have to provide some type of
00:03
protection to your customers after that happens.
00:03
During the OPM hack,
00:03
we had essentially notification set out
00:03
to federal employees that one, they've been hacked.
00:03
But two, here's something that's a weight of a two.
00:03
Look at your credit and see if
00:03
someone's trying to open accounts in your name.
00:03
You're also going to have to go on some type
00:03
of public relations circuit
00:03
to ameliorate that bad publicity that you've had.
00:03
Then you're going to have to figure out a way
00:03
to improve your cybersecurity.
00:03
Those are the above
00:03
the surface and the
00:03
>> better-known costs of cybersecurity.
00:03
>> That being said, there's going to
00:03
be some beneath-the-surface costs.
00:03
This is estimated this is going to be where
00:03
95 percent of your financial impact is going to occur.
00:03
The top, obviously those are very expensive.
00:03
But these underneath the
00:03
surface attack some things that you may
00:03
not necessarily consider are very important as well.
00:03
Your insurance is going to go up.
00:03
If you've had one of these cybersecurity incidents
00:03
occur and you've got an insurance coverage for it,
00:03
more than likely, just like
00:03
when you have a car accident,
00:03
your insurance company is going to raise your rates.
00:03
When you take on some of
00:03
these cybersecurity incidents and try to mitigate them,
00:03
you're going to have an increased
00:03
cost to raise your debt.
00:03
Then you're going to have an impact
00:03
in operations or disruptions.
00:03
That's one of the drawbacks
00:03
to having cybersecurity incidents to banks.
00:03
Even going offline for 30 minutes for
00:03
a bank could cost them millions of dollars.
00:03
Then you may have a loss of
00:03
value in your contract revenue.
00:03
You're going to have a devaluation in your trade name.
00:03
The Target incident when they were hacked
00:03
and they lost customers' credit card data,
00:03
they took a hit to their business.
00:03
Depending on what type of business you have,
00:03
your trade name is going to be pretty valuable to you.
00:03
I was reading somewhere where
00:03
the actual trademark name of Coke is
00:03
actually worth more than
00:03
the products that the company sells.
00:03
You could have loss of intellectual property.
00:03
If you'd make one specific thing,
00:03
you'd do it and you do it well and you
00:03
do it better than anybody else.
00:03
If someone were to steal that, it's lost,
00:03
it's gone forever and you no longer
00:03
have essentially the market share that you had.
00:03
Then your customers could also
00:03
>> lose faith in your ability
00:03
>> to handle information and they
00:03
may want to take their business somewhere else.
00:03
Those are just some of the beneath-the-surface costs
00:03
which more than
00:03
likely are going to far
00:03
outweigh the above-the-surface cost.
00:03
What is the purpose of cyber incident response?
00:03
It's going to be essentially a collage of
00:03
things that you're going to have to do.
00:03
You're going to have to determine
00:03
first if an incident has actually occurred.
00:03
That could actually be done by having some type
00:03
of electronic notifications and IDS that says,
00:03
hey, something has occurred.
00:03
Or maybe you've gotten some type of
00:03
virus from your virus detection software.
00:03
After you've determined that a threat has occurred,
00:03
you're going to actually have to stop the threat to
00:03
keep that damage from occurring over and over again.
00:03
The next thing that you're
00:03
going to have to do is you're going to
00:03
determine how the threat actually occurred.
00:03
You can go to the next step and mitigate or minimize
00:03
the damage and prevent it from trying to happen again.
00:03
Then we're going to want
00:03
>> to have to counter that threat.
00:03
>> Then lastly, we're going to want to
00:03
prevent that threat from reoccurring or spreading.
Up Next
Similar Content
