540 likes | 652 Vues
Cybersecurity. Threats Risks Vulnerabilities 6 Environments Competitive Environment Technological Environment Cyber risks Infrastructure Mobile devices Asymetrical SoMe - Social media NCIS Tue night??. Cybersecurity. October is cybersecurity month. Cybersecurity.
E N D
Cybersecurity Threats Risks Vulnerabilities 6 Environments Competitive Environment Technological Environment Cyber risks Infrastructure Mobile devices Asymetrical SoMe - Social media NCIS Tue night??
Cybersecurity October is cybersecurity month
Cybersecurity October cybersecurity month Includes a section on Mobile device and smartphone security
TRV 101 Threats the chance a bad thing can happen, at all Risks is the consequence when that bad thing is very likely to actually happen to you Vulnerabilities is the chances of success of a particular threat against some asset
Cyber Threat trends Top 8 trends Mobile everything Data breaches Usernames and passwords compromised Malware Used to gather personal profile info Malware on mobile devices Social Media hacking Twitter accounts, Facebook pages
Cyber Threat trends Web Server errors Increase in downtime Government data breaches Outsourcing ! Highly specific ID theft of individuals who have “high net worth” Obamacare… healthcare data hacks
CybersecurityWhat terms and situations are you familiar with already? • Phishing? • Domain name hacking • Spear Phishing • Humint and Teckint • Osint !!
Cybersecurity “regular crime” vs. “cyber crime” Big influencer is “magnitude” More damage can be done On a larger scale In a shorter period of time
“regular crime” Prevention Detection Reaction “cyber crime” Prevention Who – where Detection Intangible evidence Reaction Countermeasures and deterrence Problem of jurisdiction and enforceability Cybersecurity
Six groups of “clear and present danger” Deliberate acts Inadvertant acts Third parties / outsourcing A consequence of the intense Competitive Environment
Six groups of “clear and present danger” Acts of God – weather extremes(the Geographic Environment) Hot weather in GTA 2014… Technical failures Hardware software Management failures
Cybersecurity • Deliberate acts on a large scale garner publicity and motivate politicians to react • Attacks on cyber structures at the national level 1 min 25 sec
Influencing environments • Competitive • Political – Legal – Regulatory • (example, Naver in R.O.K.) • Economic
Influencing environments • Social – cultural • SoMe – Social Media • Technological • Geographic – weather extremes
Competitive Environment …intensely competitive Companies are facing competition from other firms Other organizations offering the same product or servicenow Other organizations offering similarproducts or services now Other organizations offering a variation on a product or service, that you cannot Organizations that could offer the same or similar products or services in the future Organizations that could remove the need for a product or service we sell
Competitive Environment Intense competition forces companies to do outsourcing to cut costs
Competitive Environment - outsourcing • “outsourcing the design, implementation and maintenance of ICT across all sectors to third-party providers, including developing countries, cloud computing and large data fusion centres, along with the use of off-the-shelf commercial technologies, has increased vulnerabilities and risks.” • Gendron and Rudner • “Assessing Cyber Threats To Canadian Infrastructure • 4th party !!
Competitive Environment and Economic Environment Market Development more than Market Penetration Gaining market share is too hard so you concentrate on making more off each customer CRM, CLV, extending the PLC
Environments - political Ian MacLeod Aug 14th 2013 Quoting Angela Gendron
Background papers Written by Prof. Martin Rudner and Prof. Angela Gendron http://www.csis-scrs.gc.ca/pblctns/cdmctrch/20121001_ccsnlpprs-eng.asp
Future Threats, Risks and Vulnerabilities - Infrastructure Risks “the industrial control systems governing the operations of utilities, from water storage and purification to nuclear power reactors, pose a growing risk to national security and Canada’s economic and societal well-being. ”
Economic Environment Economic Environment The economics of information
Technological Environment • New inventions being created by new enterprises • “Apps” Applications • Materials • Electronic circuitry • Increasing miniaturization of components • Increasing connectivity – Bluetooth and WiFi everywhere + A-GPS
Technological Environment Magnitude of web based information is increasing at a rate which is phenomenal 1,800 Terabytes YouTube Instagram 40 secs
The growth of the Technological Environment = T.M.I. The problem with T.M.I. is not being able to find things
Technological Environment • The pace of technological change • Very very fast • Example • Cell phone cameras • Most devices GPS enabled • A-GPS
Technological Environment Cell phone cameras • Smartphones vs. superphones • Smartphones take good pics • Superphones take great video • Tradecraft eclipsed by “teckint” ?
Technological EnvironmentFuture Trends Web 2.0 Web 3.0
Technological EnvironmentFuture Trends • Web 4.0 • Marriage of human biologic capabilities with IT hardware and software
Social – Cultural Environment • Risks • Household devices and appliances with IP addresses • In condos and apts were there is a centrally wired structure • Houses in micro-communities (gated communities or prestigious developments) where there is wired or bluetooth connectivity
Social – Cultural Environment • increasingly demanding and educated customers • Demanding • Educated • Wikipedia • Google • Everyone is an expert • But ppl don’t know how to discriminate
Future Trends – Influencing Environments Political – Legal – Regulatory Environment Laws as a result of politicians responding to IT isssues Politically motivated cyber crime Challenges of cyber crime being outside the jurisdiction of a police / security agency
Future Trends – Influencing Environments Political – Legal – Regulatory Environment The “ruling” Government is also the “policies” of the particular political party in power stay in power Suppress crime
Future Trends – Influencing Environments Political – Legal – Regulatory Environment • National, regional, local • Surveillance technology
Future Trends – Influencing Environments National Surveillance technology CBC News Wed Oct 9th New CSEC H.Q. in Ottawa One of the key themes is the requirement for massive amounts of CPU power Why?
Requirements for computing power Mackenzie Institute as a word.doc file = 22 KB Mackenzie Institute as an audio file = 42 KB Mackenzie Institute as a video of someone speaking the words = 6,600 KB
What does this mean in the context of the classical approach to Security • Threat • The nature of the threats are changing • Who is who and where • Example • Internal employees also includes your outsourcing IT partners • Risk • Vulnerability – “who” is changing • Not just computers
Future Threats, Risks and Vulnerabilities Mobile web access Marketing and business
Future Threats, Risks and Vulnerabilities • Vulnerabilities • Highly specific ID theft of individuals who have “high net worth”
e 911 http://www.witiger.com/ecommerce/mcommerceGPS.htm Trends • 70% of calls to 911 in the U.S. are from mobile devices (over 50% in GTA) • GPS functionality used for social media • GPS, SPS, PPS • Relates to marketing where people are • “where” people are (victims and “bad guys”)
Smartphone security 2011 paper on smartphone securityhttp://www.eecg.toronto.edu/~lie/papers/au-spsm2011.pdf Prof. David Lie Canada Research Chair in Secure and Reliable Computer Systems Dept. of Electrical and Computer EngineeringUniversity of Torontohttp://www.eecg.toronto.edu/~lie/papers/au-spsm2011.pdf
Future Trends – Influencing Environments Political – Legal – Regulatory Environment • Municipal police agencies and cyber crime
Staff Inspector Bryce Evans Ritesh Kotak TPS http://www.torontopolice.on.ca/socialmedia/
Cyber tools to fight crime Co-operation and co-ordination
conclusion Cybersecurity lends itself to a focus on teckint Will the solutions be mostly teckint? What role will humint play? Osint?
Tim Richardson School of Marketing Seneca College tim.richardson@senecacollege.ca University of Toronto, CCIT Program, Mississauga and Dept. of Management, Scarborough richardson@utsc.utoronto.ca www.witiger.com http://people.senecac.on.ca/tim.richardson/powerpoints/