1 / 54

Setting the scene

Setting the scene . Current and future state of cyber security. Mike Loginov, Chief Strategist Cyber Security Public Sector EMEA <Date>. 1 . Introduction and agenda. Agenda. HP corporate strategy. Cyber security Cloud computing Big data analytics. HP worldwide security advantages.

joey
Télécharger la présentation

Setting the scene

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Setting the scene Current and future state of cyber security Mike Loginov, Chief Strategist Cyber Security Public Sector EMEA <Date>

  2. 1. Introduction and agenda

  3. Agenda

  4. HP corporate strategy • Cyber security • Cloud computing • Big data analytics

  5. HP worldwide security advantages 5,000security professionals 8global operations centres #1 securityresearch

  6. Human nature vs. technology

  7. Threat vectors • Hackers • Crackers • Criminals • Hacktivists • Terrorists • Thieves • Disgruntled employees • Errors • Spies • Social engineers • Nation states

  8. Hacking international

  9. Hacking international: Mindset James Smith C|EH

  10. 2. Perspectives - PESTLE

  11. The new world: DK2 • Post 12/11 • Post Wiki Leaks • Post Edward Snowden • Post ??

  12. Top sources of information risk? Hype vs. reality Perception gap between CEO and CIO CEO rated nation state attack as significant source of information risk – CIOs did not Cyber crime State-sponsored attack PRIVACY Data leakage Tech failure Internal Risks remain high risk areas Data Leakage, Employee carelessness, staff turnover and account for 56% of risks Ranking by hype Employee carelessness Supplier carelessness Data corruption Staff turnover Natural disaster * When asked “what are the top 2 main sources of information risk to your organisation?”

  13. “The cyber threat keeps me awake at night – I’m paranoid andyou should be to” Gottfried Leibrandt CEO SWIFTSociety for Worldwide Interbank Financial Telecommunication

  14. “The internet of shortdistances” Thomas Kramer Board Member Data Privacy Deutsche Telekom

  15. “We are not able to defend ourselves adequately; the internet is facing a crisis” Thomas Kramer Board Member Data Privacy Deutsche Telekom

  16. Fast facts 2013January February March April May June July August September October – 100% Patched and Latest Anti Virus in place. 243 • days average time to detect breach

  17. “We are not winning the war on online criminal activity… The threat of a cyber attack to the UK is so serious it is marked as a higher threat than a nuclear attack” Keith Vaz, Committee Chair Home Affairs Select Committee July 2013

  18. “Among the greatest concerns that impacts both military and civilian realms is cyber security, Today, we have a billion devices that are accessing the Internet, Our economies are entangled in this Internet sea, and it’s an outlaw sea. Nothing exists in the norms of behaviour. There is a military aspect to it, but it’s all of society. At some point, there needs to be a very global conversation on this challenge.” James G. Stavridis Navy Admiral NATO’s Supreme Allied Commander for Europe

  19. “We need to see the attack. If we can’t see the attack, we can’t stop it.” Army Gen. Keith B. AlexanderDirector National Security Agency and Commander USCYBERCOM (March 27, 2012)

  20. Long cycles of innovation Water power Textiles Iron Digital networks Software New media Steam Rail Steel Electricity Chemicals Combustionengine Petrochemicals Electronics Aviation Pace of innovation 4th wave 3rd wave 5th wave 2nd wave 1st wave 30 years(?) 40 years 50 years 60 years 55 years 1950 1990 1785 1845 1900 Source: Adapted from The Economist, February 20, 1999.

  21. 3. Game changers

  22. Cyber risk game changers Smart world Data analytics • Demographics PrivacyNatives/immigrants + Hacking humans Plus TrustIn government(s)? Techno leaps(Quantum?)

  23. There’s no patch for people Hacking humans Hacking Humans

  24. There will be an estimated 50billion devices connected to the Internet by 2020

  25. Population growth drives up cyber risk 2000 6 billion World population growth After taking all of human history for population to reach one billion, it took only a little over a century to reach two billion in 1930. The third billion was added in just 30 years, the fourth in only 15 years. 1987 5 billion 1975 Today, the world gains 1 billion people every 11 years! 4 billion 1960 3 billion 1930 2 billion 1800 1 billion 250 million 5 million 0 Year 1 10,000 BC 5,000 BC 1000 2000

  26. World population growth 10 Billions 8 Developing regions Industrialized regions 6 4 2 0 2050 2000 1850 1950 1900 1800 1750 Sources: United Nations Population Division and Population Reference Bureau, 1993.

  27. Stress on the ecosystem grows • Critical nationalinfrastructure Attackvectorschange Finiteresources

  28. Online population growth = attack surface 2020 60% online 4,800,000,000 7.5% online 34% online 77% online 2010 32.7% online 2,270,000,000 0.25% = 1,000,000+ Potential new hackers

  29. Kill chain While we’ve heard and spoken about the attacks on our networks and digital assets, there has been an interesting change in the nature of these attacks, and their impact on enterprises. Despite widespread awareness of the impact of cyber crime, cyber attacks continue to occur more frequently and result in serious financial consequences.

  30. The cost of cyber crime £27 Billion buys? Excludes existing costs of defending against cyber threats

  31. 30-year cycles of innovation Year 1800 1830 1860 1890 1920 1950 1980 2010 2040 Most innovative industry Textiles Railroads Chemicals Electricity Automobiles Aircraft Computers Internet ?????? Source: Matt Ridley, “The Rational Optimist” Source: Matt Ridley, “The Rational Optimist”

  32. News headlines worldwide According to some analysts this situation will reverse over the next 10 years. The chief candidates for catastrophic failure are world financial markets, military command and control systems and the CNI. Weekly World news articleThe only reliable newspaper (Floppy Disk – 20 years ago)

  33. News headlines worldwide Petrobras’s P36 rigsunk in 2001 due to accidental explosions.

  34. Transitioning times The chief candidates for catastrophic failure are world financial markets,military command, control systems (SCADA) and the CNI

  35. News headlines worldwide ‘Bazooka attack’ on Spamhaus – spam blacklists

  36. 4. Adversaries—state sponsored

  37. The Art of War—Sun Tzu • The CPC cyber warfare doctrine has its roots in ancient Chinese unconventional warfare philosophy • The Art of WarSun Tzu’s 544-496 BC “So in war, the way is to avoid what is strong and to strike what is weak”

  38. Chairman Mao Tse-Tung Edict: “Seal up the enemies’ eyes and ears and make them become blind and deaf, and as far as possible confuse the minds of their commanders and turn them into madmen, using this to achieve our own victory” Architect and Founding Father of the PRC from 1945 - 1976

  39. Communist Party China (CPC) • Interests beyond China’s borders include: • Intelligence on operations that could harm China • Sources of natural resources (rare earth minerals) • Intellectual property and company secrets

  40. Model worker: Lei Feng People's Liberation Army soldier Born on Dec 18, 1940. Died 1962. He is hailed as a cultural icon, symbolising selflessness, modesty, and dedication. Learn from Comrade Lei Feng,—Chairman Mao

  41. Model worker: Li Congna (李聪娜)PLA 解放军女专家梦里获编程灵感成功后昏迷三天 Li Congna lost 7.5 kg, and a marathon coding session left her unconsciousness for three days. Li stayed late in her office "memorising related functions, studying protocol mechanisms, researching both foreign and domestic computer programme models. In one month, she had written 300,000 lines of code, more than 100 types of functions, more than 60 protocol mechanisms, and more than 20 design algorithms.“ "Yesterday's technology cannot win tomorrow's wars." 李聪娜载誉归来

  42. Only 14 listed 16 major special projects • Core electronic components, high-end general use chips and basic software products • Large-scale integrated circuit manufacturing equipment and techniques • New generation broadband wireless mobile communicationnetworks • Advanced numeric-controlled machinery and basic manufacturing technology • Large-scale oil and gas exploration • Large advanced nuclearreactors • Water pollution control and treatment • Breeding new varieties of genetically modified organisms • Pharmaceutical innovationand development • Control and treatment of AIDS, hepatitis, and other major diseases • Large aircraft • High-definition earth observation system • Manned spaceflight and lunar probe programs • Classified military projects (x3)

  43. Threat vectors—strategy Information dominancePrecise attack vectors of Planting information mines Conducting information reconnaissance Changing network data Releasing information bombs Dumping information garbage Disseminating propaganda Applying information deception Releasing clone information Organizing information defense Establishing network spy stations

  44. 5. Policy and legislation

  45. The security conundrum Primary challenges A new type of adversary 1 • Nature and motivation of attacks(hacktivist, nation state) Research Infiltration Discovery Capture Exfiltration 3 • Transformation of enterprise IT • (delivery and consumption changes) Enhanced regulatory environment NERC • Sarbanes-Oxley •Basel III • PCI Security Standards Council 2 • Regulatory pressures • (increasing risk, cost and complexity) Delivery Mobility Big data Cloud Traditional DC

  46. Regulation and standards are being left behind Attacks Industrialized identity theft, cyber attacks, and illicit information markets Individual gain 5yr Gap Loose collaboration among groups Individual fame Time Wide variety of regulations by industry and geography Regulations begin tocome into force New ones under development Internal measures Variety of regulations under development Regulation

  47. Compliance growth The exponential growth of U.S. financial services regulation

  48. The Analyst is King Skills: The analyst is king

  49. 84% of breaches occur at the application layer

  50. Secure application development Software development has shifted from system-centricity to user-centricity • All enterprise applications will have been rewritten by 2020 Mainframe Client/Server Web Devices System centric User centric

More Related