threat horizon 2015: more danger from known threats
Upload: centro-de-investigacion-para-la-gestion-tecnologica-del-riesgo-cigtr
Post on 12-May-2015
4.324 views
DESCRIPTION
Ponencia / Lecture Adrian Davis. Principal Research Analyst, Information Security ForumTRANSCRIPT
![Page 1: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/1.jpg)
ISF Threat Horizon
Dr Adrian Davis, PhD, MBA, MBCS, CITP, CISMPPrincipal Research Analyst
Information Security Forum
![Page 2: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/2.jpg)
Agenda
• The challenge• Our answer: Threat
Horizon• 2013...• 2014…• 2015…• What can I do?
![Page 3: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/3.jpg)
What is the ISF?
An international association of over 320 leading global organisations, which...
• addresses key issues in information risk management through research and collaboration
• develops practical tools and guidance• is fully independent, not-for-profit organisation driven by its
Members• promotes networking within its membership
The leading, global authority on information securityand information risk management
![Page 4: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/4.jpg)
“It is impossible for men in the future to fly like birds. Flying is reserved for the angels.” —Milton Wright, Bishop , 1870, father of Orville and Wilbur Wright
“This ‘telephone’ has too many shortcomings to be seriously considered as a means of communication. The device is inherently of no value to us.”— Western Union internal memo 1876
“I think there is a world market for maybe five computers.”— Thomas Watson, chairman of IBM 1943
About predicting the future
![Page 5: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/5.jpg)
Source: http://directorblue.blogspot.com/2011/07/time-to-reach-20-million-users.html
…and the pace of change is accelerating
![Page 6: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/6.jpg)
The ISF Threat Horizon
“ The brand is pivotal to us. How do you protect the brand? You look into the crystal ball, and the crystal ball is called the Threat Horizon. ”
![Page 7: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/7.jpg)
Threat Horizon:• is annual• identifies threats to information security over 24 months• is written for a business and information security audience.
How the ISF Threat Horizon helps
![Page 8: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/8.jpg)
ISF Threat Horizon methodology (cool)
Information Security Forum 8
![Page 9: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/9.jpg)
2013...
![Page 10: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/10.jpg)
2013 PLEST
![Page 11: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/11.jpg)
Government intervention
State vs. State
Breach notification
Digital human rights
Cost of resources m-economyRise of Africa
Single-issue activism
Location services
4G/LTE networks
The world of 2013
A view of the business and technical trends....
OLITICALP
EGALL
CONOMICE
T ECHNICAL
S OCIO-CULTURAL
IPv6 adoptionSmart grids
State vs. Non-state
![Page 12: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/12.jpg)
OLITICALP
EGALL
CONOMICE
T ECHNICAL
S OCIO-CULURAL
Considering the PLEST framework, several major trends emerge:Data leakage
Securing the supply chain
Blended attacks
Device revolution
Data quality issues
Attacks on infrastructure
Hacktivism
Beyond cloud
New e-crime opportunities
The information security trends of 2013
![Page 13: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/13.jpg)
An overview of the threats
On the radar but not
manageable
On the radar and
manageable
Below the radar
Black swans
![Page 14: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/14.jpg)
Threats for 2013
• On the radar and manageable
• Uncontrolled introduction of consumer devices
• Loss of trust / inability to prove identity and authenticate
• Loss of workforce loyalty – loss of organisational culture and knowledge
• On the radar but not manageable
• State-sponsored cyber-activity• Social media• Embedded location services
![Page 15: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/15.jpg)
Threats for 2013
• Below the radar• Governmental
requirements• Co-ordinated attacks for
extortion, blackmail, bribery or stock manipulation
• RFID exploits
• Black swans• Hardware back doors (low-
level attacks / vulnerabilities) in chips, SCADA
• Solar activity disrupts communications globally
![Page 16: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/16.jpg)
2014...
![Page 17: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/17.jpg)
![Page 18: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/18.jpg)
![Page 19: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/19.jpg)
Predictions for 2014
![Page 20: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/20.jpg)
EXTERNAL THREATS
![Page 21: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/21.jpg)
Cyber criminality increases as Malspace matures further
• Significant increase in maturity of the industry• Crime-sourcing more common• Attacking the cloud, mobile platforms
![Page 22: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/22.jpg)
www.securityforum.org Cyber Security Strategies Copyright © 2011 Information Security Forum Limited
Welcome to malspace
– Global highly-functional industry that supports all aspects of modern crime
– Supports the development and sale of:
• sophisticated attack tools• services to help plan and
coordinate attacks• laundering of stolen
assets.
The tools that we use are also available to our attackers
![Page 23: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/23.jpg)
The cyber arms race leads to a cyber cold war
• Stuxnet proved the effectiveness of cyber weapons (vis-à-vis military action)
• Investments into cyber resilience and intelligence sharing• Scale of cyber espionage becoming apparent, starting to hurt
![Page 24: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/24.jpg)
![Page 25: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/25.jpg)
More causes come online;activists get more active
• New players• Protesting tools fully available• Increasing speed, reach and impetus of
online democracy
![Page 26: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/26.jpg)
Cyberspace gets physical
• Real impact• Utilities hacked• Lives at stake
![Page 27: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/27.jpg)
![Page 28: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/28.jpg)
REGULATORY THREATS
![Page 29: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/29.jpg)
New requirements shine a light in dark corners, exposing weaknesses
• Secrecy does not equal security• Transparency everywhere
– regulations– business partners– customers
• Whistle-blowing, fraud and cyber attacks
![Page 30: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/30.jpg)
A focus on privacy distracts from other efforts
• Incoming privacy regulations• New technologies, new concerns• Cyber havens
![Page 31: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/31.jpg)
The regulatory storm…
– Governments and regulators are demanding action
– The results often have extra-territorial impacts:
• EU Data Privacy Directive• US FATCA• US Dodd-Frank Act• PCI DSS• Proposed EU Directive on
Network and Information Security
![Page 32: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/32.jpg)
…is getting stronger
• Monetary Authority of Singapore (MAS)– June 2012 notice:
“[..] inform the Authority in writing within 30 minutes upon the discovery of all IT security incidents [...]”
• (http://www.mas.gov.sg/~/media/resource/publications/consult_papers/2012/13%20June%202012%20Notice%20On%20Technology%20Risk%20Management.pdf)
![Page 33: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/33.jpg)
INTERNAL THREATS
![Page 34: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/34.jpg)
“CERT Australia: 44% of attacks originate from
within the organisation…”
![Page 35: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/35.jpg)
Cost pressures stifle investment;an undervalued function can’t keep up
• West in self-induced stagnation• Legacy of underinvestment kicking back
• Deteriorating security awareness
![Page 36: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/36.jpg)
A clouded understanding leads to an outsourced mess
• Strategically unsound business decisions strain security• IT security increasingly outsourced• Organisations in a digital divide
![Page 37: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/37.jpg)
New technologies overwhelm
• Mobile is king• The Internet of Things• Big data runs businesses off course
![Page 38: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/38.jpg)
The supply chain springs a leak,as the insider threat comes from outside
• Closer business relationships lead to unforeseen security challenges
• Increased risk complexity• Your business information is your supplier’s data
![Page 39: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/39.jpg)
IT is a key disruptor in supply chains...
Risks Triggers for disruption
46% conflict
44% shocks
59% natural
disasters
57% subcontr
acting
59% fragment
ation
63% shared
data
53% visibility
30% Information
and communications
64% Reliance
on Oil
![Page 40: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/40.jpg)
2015...
![Page 41: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/41.jpg)
Predictions for 2015
Information Security Forum 41
![Page 42: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/42.jpg)
Predictions for 2015
Is there anything that’s really new?
Information Security Forum 42
![Page 43: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/43.jpg)
Predictions for 2015
Does “new” really matter?
Information Security Forum 43
Threats have evolved. Attackers are organised.Attacks are sophisticated.
Old threats are more dangerous and pose more risk to our organisations
It’s not so much about “new” than about the potential to do harm.
![Page 44: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/44.jpg)
CYBER RISK IS CHALLENGING
![Page 45: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/45.jpg)
The CEO doesn’t get it
Information Security Forum 45
• Organisations’ dependence on cyberspace is still increasing• The increasing knowledge from the board doesn’t always match• Understanding cyber risks and rewards is fundamental to trust• Organisations that do get it see business benefits
![Page 46: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/46.jpg)
Organisations can’t find the right people
• Skills shortage is a main obstacle to deliver• Educational system can’t provide people with relevant experience• High unemployment make immigration a sensitive subject for governments
![Page 47: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/47.jpg)
Outsourcing security backfires
• Evolving environments require to maintaincontrol on information security strategy
• Loss of key capacities will disconnect the businessfrom the information security strategy
• Outsourcers are partners
Information Security Forum 47
![Page 48: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/48.jpg)
REPUTATION IS THE NEW TARGET
![Page 49: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/49.jpg)
Insiders fuel corporate activism
• People place their own ethics and perceptions above those of their employers• Organisations will be scrutinised by employees, contractors and customers• Hacktivists will join the fights
Information Security Forum 49
![Page 50: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/50.jpg)
Hacktivists create fear, uncertainty and doubt
• Reputation becomesthe target
• Organisations have less time than ever to respond
• People use non-verified sources of information such as Youtube or Twitter
• Organisations will be guilty until proven innocent
Information Security Forum 50
![Page 51: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/51.jpg)
CYBER RISK IS CHALLENGING
![Page 52: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/52.jpg)
Crime as a Service (CaaS) upgrades to v2.0
• Criminal organisations have a huge and diverse talent pool readily available
• Attacks are becoming even more sophisticated and targeted
• Persons’ information is eclipsed by organisations’ information
Information Security Forum 52
![Page 53: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/53.jpg)
Information leaks all the time
• The combination of sources provide valuable information
• People need to realise the true value of information
• Organisations need to define what is public information
Information Security Forum 53
![Page 54: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/54.jpg)
CHANGING PACE OF TECHNOLOGY
![Page 55: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/55.jpg)
BYOC adds unmanaged risks
• Amount of information is still increasing exponentially• So is the demand for access, anywhere, anytime and from any device• People already have their own cloud
Information Security Forum 55
![Page 56: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/56.jpg)
BYOD further increases information risk exposure
• Organisations won’tbe able to ignore bring your own device (BYOD) initiatives
• Integration is complex and needs careful consideration
• It’s the consumer oriented features which make a device popular
• The number different architectures andtheir updates can be a support nightmare
Information Security Forum 56
![Page 57: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/57.jpg)
DO NOT MISUNDERSTAND THE ROLE OF GOVERNMENT
![Page 58: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/58.jpg)
Governments and regulators won’t do it for you
• Governments have a role in securing cyberspace• Governments are expecting organisations to do their part• Regulations can’t keep up with the speed of technology• No one can better protect an organisations’ information than the organisation itself
Information Security Forum 58
![Page 59: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/59.jpg)
WHAT CAN I DO?RECOMMENDATIONS
![Page 60: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/60.jpg)
It’s as much about the predictions…
• …as what you do with them.
![Page 61: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/61.jpg)
Recommendations
1. Prepare for the strategic challenge of cyberspace2. Build cyber resilience into your organisation3. Create or enhance your strategy and governance4. Develop an incident management capability5. Secure your supply chain6. Focus on the basics7. Keep looking forwards
![Page 62: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/62.jpg)
1. Prepare for the strategic challenge of cyberspace
• CYBERSPACE– Always-on,
technologically interconnected world
– Made up of people, organisations, information and technology
• CYBERSECURITY– Organisation’s ability to
secure its people, information, systems and reputation
– Builds on information security – the basics and principles are the same
![Page 63: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/63.jpg)
www.securityforum.org Cyber Security Strategies Copyright © 2011 Information Security Forum Limited
2. Build cyber resilience into your organisation
– Organisation’s capability to withstand impacts from threats materialising in cyberspace
– Covers all threats – even the one we don’t know about
– Driven by agile, broader risk management
• Linking information risk to ERM
![Page 64: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/64.jpg)
3. Create or enhance your strategy and governance
A plan of action to take the information security function from mission to vision
![Page 65: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/65.jpg)
3. Create or enhance your strategy and governance
Aligned to ISO/IEC 27014
![Page 66: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/66.jpg)
4. Develop an incident management capability
•There are five key components which need to be addressed to establish an effective information security incident management capability.
Post incident analysis and forensics are vital. The results from these should change risk
assessments that select controls
![Page 67: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/67.jpg)
5. Secure your supply chain: Follow the information
1. Approve• Build support
2. Prepare• Create the tools and build on
existing risk management
3. Discover• Categorise, prioritise and
assess existing contracts
4. Embed• Build information risk
management in to the vendor lifecycle and new contracts
67
Aligned to ISO/IEC 27036
![Page 68: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/68.jpg)
6. Focus on the basics: collaborate
– Adopt a consistent approach to security
– Integrate security in the business
– Share information on attacks
– Build awareness across your customers, suppliers and employees
– Build up a threat picture
![Page 69: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/69.jpg)
7. Keep looking forwards… go beyond the horizon
• Biometrics• Embedded chips• Quantum computing• SPIT• Nano-technology• AI• New interfaces• Everyone connected to
everything
![Page 70: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/70.jpg)
Conclusion
![Page 71: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/71.jpg)
Information Security Forum 72
The threat is changing and evolving…
• Bring your own device (BYOD, 2013) is now bring your own Cloud (BYOC, 2015)
• Loss of knowledge (2013) has become lack of knowledge (2015)
• State-sponsored cyber activity (2013) is hotting up (2014) and merging with Cybercrime 2.0 (2015)
• Supply chains first appeared in 2014; now they are a key threat source (2015), via outsourcing and the cloud (2014, 2015)
• Social media (2013) has become hacktivism (2014 and 2015)
![Page 72: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/72.jpg)
Information Security Forum 73
The threat is changing and evolving…
• The greatest threat is, and always will be, people– We’ve always stressed the
people aspect
• The threats are not only from the bad guys:– Good guys make mistakes– People who don’t want to,
or cannot, understand the ‘cyber world’
– Missed opportunities
• Remember, there are many positives – You can minimise your
vulnerabilities– The Internet, along with
mobile devices, offers an unparalleled opportunity to create new businesses, services and products
– Treat these as business risk to be managed and overcome
![Page 73: Threat Horizon 2015: More danger from known threats](https://reader031.vdocuments.site/reader031/viewer/2022013003/5551437cb4c905f2288b4b1b/html5/thumbnails/73.jpg)
Information Security [email protected]
www.securityforum.orghttp://uk.linkedin.com/in/adriandaviscitp/