cyber security richard_benham
TRANSCRIPT
Cyber-security in the financial
industry Richard Benham
Professor of Cyber Security Management and founder of the
National MBA in Cyber Security®, Coventry University
SWIFT Nordics Regional
Conference 2015
Copenhagen, 4 - 5 March 2015
Content
With my thanks to…
• INTRODUCTION • WHAT IS A THEORY? • IS IT APPROPRIATE FOR CYBER SECURITY? • THE CYBER RIPPLE THEORY® • WHAT DOES THIS MEAN FOR FINANCIAL
INSTITUTIONS? • TWO PREDICTIONS !
- The collapse of a Bank following a cyber attack within 5 years - The rise of Economic Cyber Terrorism (ECT)
• QUESTIONS
Introduction
PR O FE SSOR O F CYB E R SE CUR IT Y MA NAG E MENT AT COVE NT R Y B USINESS SCHO O L PR O FE SSOR IN R E SIDENCE AT T HE UK NAT IO NA L CYB E R SK IL L S CE NT R E AR EAS OF INT ER EST - CYB E R MA NAG E ME NT - CYB E R IN B A NK ING - CYB E R CR IME 20 YE A R S IN FINA NCIA L SE R VICES 1 0 YEAR S IN POLICING 5 YE A R S IN CYB E R SE CUR ITY
What is a Theory? A T HE O R Y CA N B E B E ST DE SCR IB ED A S A SING LE O R NUMB ER O F IDE A S INT E NDED TO E X PLA IN SO ME THING AND TO PR OVIDE G ENERAL PR INCIPALS INDEPENDENT OF T HE ACT UA L T HING TO B E E X PL A INED. • E X PE CT TO B E E VIDE NCED O R CHA L L E NGED
• NOT A HYPOT HESIS WHICH IS A PR OPOSED
E X PLA NATIO N
• NOT A N O B SE R VAT IO N WHICH IS FR O M A SING L E SO UR CE
IN SHO R T …..
“A RATIONALISED GENERALISATION TO EXPLAIN SOMETHING”
Is it appropriate for Cyber Security?
• S U R P R I S I N G LY T H E R E A R E V E R Y F E W T H E O R I E S R E G A R D I N G C Y B E R S E C U R I T Y
• M AT H E M AT I C A L B A S E D A N D N E T W O R K / S Y S T E M F O C U S E D
• H I S TO R I C A L LY A P R E D I C T I V E S C I E N C E W I T H A LO G I C A L F LO W A N D S E Q U E N C E T H AT H A S E VO LV E D R A P I D LY W I T H T H E M A R K E T P L AC E .
• A M B I G U I T Y C A N O CC U R W I T H A N Y H U M A N I N T E R AC T I O N
• T H E O R I E S A R E N E E D E D TO U N D E R S TA N D H O W H U M A N S W I L L U S E , A B U S E A N D N E E D P R OT E C T I O N I N T H E C Y B E R W O R L D
• C Y B E R S TA N D A R D S A N D R U L E S N E E D TO H AV E A C O M M O N S TA R T I N G P O I N T
• F E E L S R E T R O S P E C T I V E … . .
The Cyber Ripple Theory ® T HE CYB E R R IPPL E T HE O R Y® IS R E L AT IVELY ST R A IG HTFO RWA R D B UT IS HUG E LY IMPO R TA NT TO T HE ECONOMIC AND SOCIAL WELL BEING OF SOCIETY AS NE T WO R K T E CHNO LOG Y A DVA NCE S. IT STAT E S; - “ T HE E FFE CT O F A CYB E R AT TACK O N A N O R G A NISATIO N OR INDIVIDUAL HAS A DEST R UCTIVE CASCADING EFFECT O N B OT H T HE CO NNE CTING T E CHNO LOGY A ND HUMA N A SPE CT S T HAT A R E L INK E D. T HE E X T E NT O F T HE DE ST R UCT IO N DE PE NDS O N T HE AWA R E NE SS A ND PR OT E CTIO N L E VE L S B UILT A R O UND T HE SE QUE NT IA L POINT S OF T HE AT TACK” PR O FE SSOR R ICHA R D B E NHA M - MAY 20 13
The Cyber Ripple Theory ® T HE CYB E R R IPPL E T HE O R Y® IS R E L AT IVELY ST R A IG HTFO RWA R D B UT IS HUG E LY IMPO R TA NT TO T HE ECONOMIC AND SOCIAL WELL BEING OF SOCIETY AS NE T WO R K T E CHNO LOG Y A DVA NCE S. IT STAT E S; - “ T HE E FFE CT O F A CYB E R AT TACK O N A N O R G A NISATIO N OR INDIVIDUAL HAS A DEST R UCTIVE CASCADING EFFECT O N B OT H T HE CO NNE CTING T E CHNO LOGY A ND HUMA N A SPE CT S T HAT A R E L INK E D. T HE E X T E NT O F T HE DE ST R UCT IO N DE PE NDS O N T HE AWA R E NE SS A ND PR OT E CTIO N L E VE L S B UILT A R O UND T HE SE QUE NT IA L POINT S OF T HE AT TACK” PR O FE SSOR R ICHA R D B E NHA M - MAY 20 13
The Cyber Ripple Theory ® T HE CYB E R R IPPL E T HE O R Y® IS R E L AT IVELY ST R A IG HTFO RWA R D B UT IS HUG E LY IMPO R TA NT TO T HE ECONOMIC AND SOCIAL WELL BEING OF SOCIETY AS NE T WO R K T E CHNO LOG Y A DVA NCE S. IT STAT E S; - “ T HE E FFE CT O F A CYB E R AT TACK O N A N O R G A NISATIO N OR INDIVIDUAL HAS A DEST R UCTIVE CASCADING EFFECT O N B OT H T HE CO NNE CTING T E CHNO LOGY A ND HUMA N A SPE CT S T HAT A R E L INK E D. T HE E X T E NT O F T HE DE ST R UCT IO N DE PE NDS O N T HE AWA R E NE SS A ND PR OT E CTIO N L E VE L S B UILT A R O UND T HE SE QUE NT IA L POINT S OF T HE AT TACK” PR O FE SSOR R ICHA R D B E NHA M - MAY 20 13
The Cyber Ripple Theory ® T HE CYB E R R IPPL E T HE O R Y® IS R E L AT IVELY ST R A IG HTFO RWA R D B UT IS HUG E LY IMPO R TA NT TO T HE ECONOMIC AND SOCIAL WELL BEING OF SOCIETY AS NE T WO R K T E CHNO LOG Y A DVA NCE S. IT STAT E S; - “ T HE E FFE CT O F A CYB E R AT TACK O N A N O R G A NISATIO N OR INDIVIDUAL HAS A DEST R UCTIVE CASCADING EFFECT O N B OT H T HE CO NNE CTING T E CHNO LOGY A ND HUMA N A SPE CT S T HAT A R E L INK E D. T HE E X T E NT O F T HE DE ST R UCT IO N DE PE NDS O N T HE AWA R E NE SS A ND PR OT E CTIO N L E VE L S B UILT A R O UND T HE SE QUE NT IA L POINT S OF T HE AT TACK” PR O FE SSOR R ICHA R D B E NHA M - MAY 20 13
What does this mean for Financial Institutions?
WE NE E D MO R E T HE O R IE S FO R T HE NAT IO NA L MB A “ FINA NCIA L SE R VICES MO DUL E” WE NE E D TO FACE T HE O B VIO US QUE ST IO NS AG A IN A ND ASK….. (1 ) IS A CYB E R AT TACK O N A B A NK L IMITE D TO T HAT
B A NK ? (2) IS IT S E FFE CT CO NST R A INED B Y CO UNT R Y? (3 ) IS IT S EFFECT CONST R AINED BY R EG ION? (4) IS T HE USE O F ME DIA TO DE ST R OY T HE INT E GR ITY O F
A B A NK MO R E CO ST E FFE CT IVE A ND L E SS R ISK ? ( 5 ) IS T HE L A ST B A NK ING CR ISIS A DR Y R UN FO R A CYB E R
G E NE R ATED CO L L A PSE? (6) WHAT IS PLAN B? – IS IT G OVER NMENT BACKED
B A NK ING? (7) IS T HE R E A FUT UR E FO R PR IVAT E LY O WNE D B A NK S? (8) HO W DO WE DE A L WIT H T HE NE E D FO R SHA R E D
INT E LL IGENCE VE R SE S T HE NE E D FO R CO MME RCIA L PR IVACY AND NON DISCLOSURE OF CYBER LOSSES?
Two Personal Predictions !
- The collapse of a Bank following a cyber attack within 5 years
Reputation damage using social media prompting a run / share sale on that particular bank…………
Two Personal Predictions !
- The rise of Economic Cyber Terrorism (ECT)
An Individual , Organisation or State using the fear of cyber attacks and exposure of vulnerabilities by social media to economically ruin a organisation or company.