Threats and Resilience

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
5 hours 58 minutes
Difficulty
Intermediate
CEU/CPE
6
Video Transcription
00:00
>> Welcome back to Cybrary ISSEP Course,
00:00
I'm your instructor, Brad Rhodes.
00:00
Let's talk about threats and resilience.
00:00
As a cyber defender myself,
00:00
this is one of my favorite topic area,
00:00
>> so let's jump in.
00:00
>> In this lesson, we're going to
00:00
talk about threats in pretty good detail.
00:00
We're going to cover vulnerabilities
00:00
and why it's important to
00:00
know where vulnerabilities come from and
00:00
how they're tracked as an ISSE,
00:00
and then we're going to talk about
00:00
resilience and the types of
00:00
systems that we're concerned
00:00
about when it comes to resilience.
00:00
Threats, I got two pages of threats for you.
00:00
This is the laundry list.
00:00
You go from script kiddies to insiders.
00:00
A couple of ones I want to touch on here.
00:00
One; insiders, a very very important
00:00
area to understand. There's two kinds.
00:00
You have malicious insiders;
00:00
these are folks that
00:00
you might consider the disgruntled employee,
00:00
the person that's going to plant the logic bomb
00:00
or something like that as a malicious insider.
00:00
But more common today is
00:00
the accidental insider, that is,
00:00
the user, they clicks on
00:00
the link that they're not supposed to, that is,
00:00
the engineer that misconfigures
00:00
the storage capability in the Cloud,
00:00
and it's exposed and millions
00:00
of records later you're getting sued,
00:00
and you have to provide some sort
00:00
of credit monitoring, etc.
00:00
That's an accidental insider.
00:00
Those ones account for
00:00
over 70-80 percent of our problem sets today,
00:00
unfortunately really, especially for
00:00
the large loss things you see in the news.
00:00
Script kiddies, hacktivists, cyber criminals,
00:00
all those external folks,
00:00
those are always out there,
00:00
we always have to pay attention to them.
00:00
We always want to be reading up as
00:00
an ISSE on the different threats that
00:00
are out there related to them because they
00:00
change all the time and by the way,
00:00
we're starting to see an uptick
00:00
in those different kinds of
00:00
tactics and combinations of
00:00
tactics used by threat actors,
00:00
which we'll talk about in the next slide.
00:00
More threats, malware, ransomware.
00:00
Ransomware is incredibly challenging
00:00
to deal with and it is growing in use today.
00:00
Most threat actors have ransomware in
00:00
their arsenal and it's very concerning.
00:00
Zero-days, you still see them out there,
00:00
and you see them passed quite frequently by vendors.
00:00
But I will tell you that zero-days
00:00
are typically things that
00:00
threat actors don't use unless they absolutely have to.
00:00
What the threat actors are
00:00
looking for is misconfigurations.
00:00
That is akin to that accidental insider.
00:00
Anybody that misconfigure something
00:00
that allows a threat actor in
00:00
the front door is the victim of a misconfiguration,
00:00
and that's what they're looking
00:00
for. They want to catch you.
00:00
Defenders, we have to be right
00:00
as a defender 100 percent of the time.
00:00
The threat actor only has to be right
00:00
once and once they're in your network,
00:00
they are very difficult to get out,
00:00
so patch your systems.
00:00
Pay attention to who's in your databases.
00:00
If you're going to destroy stuff,
00:00
make sure you do it correctly,
00:00
then we're going to talk about destruction,
00:00
disposal a little bit later.
00:00
But pay attention to all of these threats.
00:00
They are very problematic.
00:00
Vulnerabilities, this is
00:00
from the National Vulnerability Database,
00:00
which is managed by guess who?
00:00
NIST,
00:00
the National Institute for Standards and Technologies.
00:00
This shows vulnerabilities per year.
00:00
Obviously, 2017 was a banner year
00:00
for vulnerabilities across all operating systems,
00:00
applications, hardware, software,
00:00
that kind of thing which is tractor in this list.
00:00
But I would like to highlight that we're not even
00:00
all the way through 2020
00:00
yet and we have almost caught up.
00:00
In fact, 2020 is probably going
00:00
to have more vulnerabilities
00:00
than we've seen ever before
00:00
in the history of this tracking.
00:00
You need as and this is specific for Windows.
00:00
If you were to take and expand this to cover
00:00
all operating systems, it would be massive.
00:00
The list would be absolutely massive.
00:00
Because systems are built
00:00
by humans and humans are imperfect,
00:00
so guess what? Systems are imperfect.
00:00
As an ISSE, you need to know where to
00:00
find this kind of data.
00:00
You need to know how to use this kind of data.
00:00
As an ISSE aside from understanding the threats,
00:00
because this is all part of that risk management process,
00:00
you also need to have the vulnerabilities in mind.
00:00
By the way, you need to know
00:00
those assets that you have in your environment.
00:00
Don't just go through
00:00
and list all the current vulnerabilities.
00:00
If you don't have any, say Linux in your environment,
00:00
but you're tracking
00:00
all that stuff, that's a waste of your time.
00:00
Narrow down to the assets
00:00
you have and track vulnerabilities there.
00:00
Resilience, on the left-hand side is
00:00
the new and updated chart for
00:00
the system development life cycle.
00:00
It's a little bit more in-depth than what we have,
00:00
which we will cover that again.
00:00
But I wanted you to see that this is the new one.
00:00
It's coming out in the new 800-160 PUB from NIST.
00:00
But it really deals with the fact that we
00:00
need to look at resilience across all of our systems.
00:00
Everyone today has to deal with
00:00
things like the Internet of Things.
00:00
Everybody today has a critical infrastructure system.
00:00
If you have a building that you manage or
00:00
that your company owns, guess what?
00:00
You have critical infrastructure systems,
00:00
HVAC, water, electrical, and the building.
00:00
If you're a manufacturer,
00:00
you've got all of those pieces and parts and
00:00
then some dangerous stuff like
00:00
robotics and things like that.
00:00
Those cyber-physical systems,
00:00
processing systems for data,
00:00
enterprise IT systems, systems of systems.
00:00
All of these things need to be resilient and be able to
00:00
survive an attack from one of
00:00
those threats or exploits by vulnerability.
00:00
Resilience is pretty straightforward.
00:00
Resilience means I can recover, recovery time objective.
00:00
How long can I be down from a systems perspective?
00:00
Then recovery point objectives, RPO,
00:00
which is how much data can I stand to lose?
00:00
You need to risk from
00:00
a management perspective as an ISSE,
00:00
understand what is important
00:00
and what are the priorities for your organization,
00:00
and then you need to map out
00:00
those resilience requirements, RTO, RPO,
00:00
so that you can advise your C-Suite executives so
00:00
that they can help to make
00:00
the right decisions on priority
00:00
and guide you as to where to go.
00:00
In this lesson, we
00:00
looked at threats, we looked at vulnerabilities,
00:00
and we talked a little bit about
00:00
resilience. We'll see you next time.
Up Next