Cybersecurity Trends for 2018 Greg Blake Chief Information Officer Idaho Housing and Finance Association
Governance, Risk, and Compliance (GRC)
Making a proper risk assessments is important
Cybersecurity Program Develop and enterprise-wide data security governance program Cybersecurity Program It is the responsibility of every manger to know what assets are in use so they can manage the associated risks. Average cost of Cybersecurity breach is $3.7 Million A formal Cybersecurity program can reduce the cost of a breach $325K Implementing a Cybersecurity program ranges from $50K - $300K Annual Cybersecurity cost is $50K
Steps to implement a Cybersecurity Program
Cloud security should be your focus Develop security guidelines for cloud vendors Develop a cloud decision model Create a robust vendor management program
We all have the same behavior patterns Limbic region in the brain “oh no” hands to their heads
Yeah! Raised their arms in celebration
CARTA – Continuous Adaptive Risk and Trust Assessment Focus on protection to prevention CARTA – Continuous Adaptive Risk and Trust Assessment Deciding with certainty if an event is good or bad Behavioral Firewall (Preempt) Palo Alto Fortinet Checkpoint CISCO Juniper Forcepoint “All systems and devices must be considered potentially compromised and their behaviors continuously assessed for risk and trust.” “Users once authenticated, are given just enough trust to complete the action being requested, and their behaviors are continuously verified and assessed for risk.”
UEBA – User behavior and advanced Analytics Focus on protection to prevention Balabit Dtex E8 Security Exabeam Forcepoint Fortscale Gurucul Haystax Technology HPE Niara Interset Microsoft Palo Alto Networks Preempt RedOwl Securonix Splunk Varonis Veriato ZoneFox UEBA – User behavior and advanced Analytics How UEBA solutions work “UEBA solutions identify patterns in typical user behavior and then pinpoint anomalous activities that do not match those patterns and could correspond with security incidents.”
Software Development Lifecycle Changes DevOps to DevSecOps For its 2016 State of DevOps Report, Puppet Labs surveyed 4,600 technical professionals. Three type of organization High IT performers, which complete multiple deployments per day Medium IT performers, which deploy between once a week to once a month Low IT performers, which deploy once per month or less Study found that high IT performers deploy 200 time more frequently than low IT performers. Their lead ties are 2,555 times faster
Software Development Lifecycle Changes Implement an Agile Development Methodology Add a security professional rol
Hack yourself first Privacy is not real anymore – Assume your PII has been compromised If a hackers want inside your system he will find a way Find your vulnerabilities before the hacker does Traditional way to attack cyber crime is outdated Keep an eye our for future cyber crime strategies Select the perfect team to do a penetration test
Test your defenses
Prince William at the Royal Air Force HQ Prince William at a Royal Air Force Facility. Documentary was filmed and published online This media photo was widely distributed before someone zoomed in on the posted notices above the Prince.
RAF hacked by a major security blunder MilFlip is the UK Military Flight Information system. Not necessarily a top secret web site, but not for general public use either!