welcome back to CyberRays is, of course, I'm your instructor. Brad Roads. So let's talk about threats and resilience as a cyber defender myself. This is one of my favorite topic area. So let's jump in
in this lesson. We're gonna talk about threats and pretty good detail. We're gonna cover vulnerabilities and why. It's important, you know, we're vulnerabilities come from and how they're tracked as an ISI. And we're gonna talk about resilience and the types of systems that we're concerned about when it comes to resilience.
So threats. I got two pages of threats for you. This is the laundry list, right? You got you go from script kiddies to insider. So ah, couple of ones I want to touch on here
one insiders a very, very important area to understand. There's two kinds. You have malicious insiders. These are folks that are
you might consider the disgruntled employees the person that's gonna plant the logic bomb or something like that as a malicious insider.
But more common today is the accidental insider that is the the user that clicks on the link that they're not supposed to. That is the engineer that Miss configures the storage capability in the cloud and it's exposed and millions of records later. You're getting sued and you have to provide some sort of credit monitoring, etcetera, etcetera.
That's an accidental insider, and
those ones account 40 70 to 80% of our problems. That's today, unfortunately, really, especially for the large loss, the large loss things you see in the news. Um, script kiddies, activists, cybercriminals, all those external external folks, those air always out there. We always have to pay attention to them. Um, and
we always wanna be reading up as an ISI
on the different threats that are out there related to them because they change all the time. And, oh, by the way, we're starting to see an uptick in those different kinds of tactics and combinations of tactics used by threat actors, which we'll talk about in the next slide.
More threats, malware Ransomware Ransomware is incredibly, incredibly challenging to deal with, and it is growing in use today. Most threat actors have ransomware in their arsenal
on, and it's very concerning zero days. You still see them out there and you see them past quite frequently by vendors. But I will tell you that zero days are are typically things that threat actors don't use unless they absolutely have to.
What threat actors are looking for
is Miss Configurations. That is, ah akin to that accidental insider. Anybody that miss configure something that allows a threat actor in the front door, um is the victim of a mis configuration and and that's what they're looking for. They want to catch you and and and defenders, we have to be right is a defender. Ah, 100% of the time.
The Threat actor only has to be right once
and once they're in your network, they are very, very difficult to get out. So patch your systems, pay attention, toe Who's in your databases, right? If you're gonna destroy stuff, make sure you do it correctly, and we're gonna talk about destruction disposal a little bit later. But pay attention to all of these threats. They are very, very problematic
vulnerabilities. This is from the National Vulnerability Database, which is managed by Guess who missed the National Institute for Standards and Technologies. And this shows vulnerabilities per year. Obviously, 2017 was a banner year for vulnerabilities across all operating systems applications, hardware, software, that kind of thing, which is Tractor in this list.
But I would like to highlight that. We're only
We're not even all the way through 2020 yet. And we have almost caught up. In fact, 2020 is probably gonna have mawr vulnerabilities thing we've seen ever before in the history of this tracking. So you need as and this is specific for Windows eso. If you were to take and expand this to cover all operating systems,
it would be massive. The list would be absolutely massive because
systems are built by humans and humans are in perfect. So guess what systems were in perfect. So as an ISI, you need to know where to find this kind of data. You need to know how to use this kind of data as an ISI. Aside from understanding the threats, because this is all part of that risk management process, you also need to have the vulnerabilities in mind.
And, oh, by the way, you need to know those assets that you have in your environment.
Don't just, you know, go through and list all the current vulnerabilities. If you don't have any, say, Lennox in your environment but you're tracking all that stuff. That's a waste of your time, narrow down to the assets you have and track vulnerabilities there.
Resilience on the left hand side is the new and updated charge for the system development life cycle. It's a little bit more in depth than what we have, which we're gonna We will cover that again, but I want you to see that this is the new one. It's coming out in the new 801 60 pub from NIST,
but it really deals with the fact that we need to look at resilience across all of our systems. Uh, everyone today has to deal with things like the Internet of things. Everybody today has a critical infrastructure system. If you have a building that you manage or that you that your company owns, guess what. You have critical infrastructure systems
water, electrical in the building. If you're a manufacturer, you've got all of those pieces and parts and then some. And oh, by the way, dangerous stuff like robotics and things like that. Those cyber physical systems processing systems for data enterprise, I T systems, systems of systems. All of these things need to be resilient
on be able to survive an attack from one of those threats or exploits by vulnerability.
And so resilience is pretty straightforward. Resilience means I can recover. Think recovery time objective. So how how how long can I be down from assistance, perspective and then recovery point objectives? R p o. Which is How much data can I stand to lose? Um, you need to from, ah, risk management perspective is an ISI understand
what is important and what are the priorities for your organization,
and then you need to map out Those resilience requirements are T o R p o. So that you can advise your c suite executives s so that they can help to make the right decisions on priority and guide us to where to go
in this lesson. We looked at threats. We looked at vulnerabilities and we talked a little bit about resilience.
We'll see you next time