current & emerging cyber security threats

19
Current & Emerging Cyber Security Threats

Upload: ncc-group

Post on 22-Nov-2014

622 views

Category:

Technology


0 download

DESCRIPTION

 

TRANSCRIPT

Page 1: Current & Emerging Cyber Security Threats

Current & Emerging Cyber Security Threats

Page 2: Current & Emerging Cyber Security Threats

Agenda

• The threat actors

• Primary threats

• Common vectors

• Some realities

• Current threats

• Emerging threats

Page 3: Current & Emerging Cyber Security Threats

Before we begin.. Security is emotive

Page 4: Current & Emerging Cyber Security Threats

Before we begin.. Some stats

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/261674/bis-13-1293-ftse-350-cyber-governance-health-check-tracker-report.pdf

Page 5: Current & Emerging Cyber Security Threats

Before we begin.. Some more stats

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/261674/bis-13-1293-ftse-350-cyber-governance-health-check-tracker-report.pdf

Page 6: Current & Emerging Cyber Security Threats

The threat actors

Page 7: Current & Emerging Cyber Security Threats

Primary threats

Page 8: Current & Emerging Cyber Security Threats

Vectors

Page 9: Current & Emerging Cyber Security Threats

Causes

• Poorly designed and developed software and systems

• Lack of network segregation, access control & monitoring

• Level of user education and risk understanding / sense of

ownership & responsibility

• Security solutions / practices leading to poor UX

• Regulatory tick boxing / audit burden

Page 10: Current & Emerging Cyber Security Threats

Vendor hype leading to the wrong focus

Page 11: Current & Emerging Cyber Security Threats

Some realities

• Perimeter security alone has never been sufficient

• The definition of a perimeter has changed

• Asking people not to click on things is not sustainable

• Limiting the use of mobile does not work

• Security doesn’t come from free!

Page 12: Current & Emerging Cyber Security Threats

Current threats

// Internal

• Accidental data or device loss

• Deliberate data exfiltration

• Poor internal security practices

// External

• Collateral damage compromises

• Drive by compromise

• Targeted attacks

Page 13: Current & Emerging Cyber Security Threats

Emerging threats – BYOD

Page 14: Current & Emerging Cyber Security Threats

Emerging threats – data volumes

• How to tag data efficiently and effectively

• How to control access

• How to protectively monitor

• How to detect anomalous behaviour

• Aggregation of data

Page 15: Current & Emerging Cyber Security Threats

Emerging threats – tech evolution pace

• Evolution rate increasing

• Shorter product life spans

• Quicker time to market

• Sustaining older products from a security perspective

• Agile security engineering

Page 16: Current & Emerging Cyber Security Threats

Emerging threats – everyone’s a coder!

• A world where everyone is a developer

• Traditional security expertise in

development / engineering teams diluted

• We need better frameworks and platforms

Page 17: Current & Emerging Cyber Security Threats

Emerging threats – Internet of things

• Traditional patching goes away

• Exploitability doesn’t diminish

• Machine to machine interactions

• Compounded hidden I.T.

Page 18: Current & Emerging Cyber Security Threats

Final thoughts

• Cyber risk ownership can not be

outsourced

• Cyber security is just one element of

modern good business governance

• Investment should be always be proportional

• Events will occur! It shouldn’t be a drama..

Page 19: Current & Emerging Cyber Security Threats

UK Offices

Manchester - Head Office

Cheltenham

Edinburgh

Leatherhead

London

Milton Keynes

North American Offices

San Francisco

Atlanta

New York

Seattle

Austin

Australian Offices

Sydney

European Offices

Amsterdam - Netherlands

Munich – Germany

Zurich - Switzerland

Thanks? Questions?

Ollie Whitehouse

[email protected]