AmadeusCybersecurity: the essentials12 th November 2014 Alex van Someren Family Office Forum 12 th November 2014, Zurich Cybersecurity: the essentials.

Slides:

Advertisements

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Advertisements

POSSIBLE THREATS TO DATA

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Security for Today’s Threat Landscape Kat Pelak 1.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

Security+ Guide to Network Security Fundamentals

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Lecture 11 Reliability and Security in IT infrastructure.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.

New Data Regulation Law 201 CMR TJX Video.

Information Security Information Technology and Computing Services Information Technology and Computing Services

Internet safety By Lydia Snowden.

eScan Total Security Suite with Cloud Security

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.

Protecting ICT Systems

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security Technological Security Implementation and Privacy Protection.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,

BUSINESS B1 Information Security.

1.1 System Performance Security Module 1 Version 5.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Liam Bradford.

IT Security Essentials Lesley A. Bidwell, IT Security Administrator.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.

Staying Safe Online Aberdeen Grammar School. Things to do online Keep in touch with friends and family using , twitter and social networking sites.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.

1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,

What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.

Chapter 2 Securing Network Server and User Workstations.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Kamran Didcote.

McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.

1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.

Topic 5: Basic Security.

Chap1: Is there a Security Problem in Computing?.

KTAC Security Task Force Superintendents Update April 23, 2015.

Computer Skills and Applications Computer Security.

Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.

Computer Security By Duncan Hall.

Security and Ethics Safeguards and Codes of Conduct.

Threats To Data 30 Threats To Data 30. Threats To Data 30 We’re now going to look at a range of different threats to people’s data: Opportunity Threats.

Information Management System Ali Saeed Khan 29 th April, 2016.

LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.

Data Compromises: A Tax Practitioners “Nightmare”

Lecture 14: Business Information Systems - ICT Security

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

Answer the questions to reveal the blocks and guess the picture.

Securing Information Systems

Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek

Cybersecurity Awareness

4 ways to stay safe online 1. Avoid viruses and phishing scams

INFORMATION SYSTEMS SECURITY and CONTROL

12 STEPS TO A GDPR AWARE NETWORK

Faculty of Science IT Department By Raz Dara MA.

Presentation transcript:

AmadeusCybersecurity: the essentials12 th November 2014 Alex van Someren Family Office Forum 12 th November 2014, Zurich Cybersecurity: the essentials

AmadeusCybersecurity: the essentials12 th November 2014 AGENDA 1.Understanding cyber risks 2.Cyber security market trends 3.State of the art: threats & defenses 4.Best practices in cyber security Cybersecurity: the essentials

AmadeusCybersecurity: the essentials12 th November Understanding cyber risks CYBERSECURITY: THE ESSENTIALS

AmadeusCybersecurity: the essentials12 th November 2014 UNDERSTANDING CYBER RISKS 4 The External attacker usually wants to: – Get access to files stored on the computer, or the local network – Copy Usernames & Passwords from users – Run programs on the computer to make it a ‘bot’ They can deliver some ‘Malware’ inside the computer to achieve this, by: – infecting it with a Virus, – getting the user to open an attachment – persuading the user to click through to an infected web page We also consider Internal attackers, i.e. employees as a possible threat Finally, disaster planning is also essential What exactly is the threat? 1

AmadeusCybersecurity: the essentials12 th November 2014 UNDERSTANDING CYBER RISKS 5 spam – Unwanted messages, also links & attachments Viruses/spyware/malware – Programs which can run on the receiving computer and do harm phishing – Targeted s, particularly asking for credentials Network intrusion/hacking – External attackers or programs trying to enter machines/networks Denial of Service attacks – Preventing systems/websites from operating What cybersecurity risks should be considered? - 1 Software & network risks 1

AmadeusCybersecurity: the essentials12 th November 2014 UNDERSTANDING CYBER RISKS 6 Theft of mobile devices – Both accidental, and targeted Theft of system hardware – Physical attacks on facilities Corporate espionage/whistleblowers – Data leakage & data theft Criminal damage – Not only physical, but also logical i.e. data deletion What cybersecurity risks should be considered? - 2 Physical & data loss risks 1

AmadeusCybersecurity: the essentials12 th November Cyber security market trends CYBERSECURITY: THE ESSENTIALS

AmadeusCybersecurity: the essentials12 th November External threats: who actually gets hit? 2.External threats: causes of data losses 3.Internal threats: causes of security breaches Cyber security market trends

AmadeusCybersecurity: the essentials12 th November 2014 External threats: who actually gets hit? CYBER SECURITY MARKET TRENDS Source: Kaspersky IT Risks Survey 2014 – n = 3,900 2

AmadeusCybersecurity: the essentials12 th November 2014 External threats: causes of data losses CYBER SECURITY MARKET TRENDS 10 Source: Kaspersky IT Risks Survey

AmadeusCybersecurity: the essentials12 th November 2014 Internal threats: causes of security breaches CYBER SECURITY MARKET TRENDS 11 Source: Kaspersky IT Risks Survey

AmadeusCybersecurity: the essentials12 th November State of the art: threats & defences CYBERSECURITY: THE ESSENTIALS

AmadeusCybersecurity: the essentials12 th November 2014 STATE OF THE ART: THREATS & DEFENCES There are three major goals of cyber security: – Confidentiality: Keep private information private Prevent data leakage, data loss – Integrity: Guarantee critical information is not altered/tampered Protect data – Availability: Ensure that critical information remains accessible Keep systems working, prevent internal attacks So, the “C.I.A.” is your friend! What are the goals of good cybersecurity? 3

AmadeusCybersecurity: the essentials12 th November 2014 STATE OF THE ART: THREATS & DEFENCES 14 The primary goal is to prevent malware from getting into computers – Employees are the source of greatest risk They sometimes click on stupid stuff They can sometimes be misled They sometimes steal data So: – train employees in cybersecurity basics – employ adequate cybersecurity technology to prevent damage & loss What are the risk mitigation strategies? 3

AmadeusCybersecurity: the essentials12 th November 2014 STATE OF THE ART: THREATS & DEFENCES 15 Network Firewalls – Control the flow of Internet traffic and prevent intrusions Anti-Spam filters/services – Minimise the amount of potentially dangerous arriving Anti-Virus software – Detect, search for & destroy malware on computers Data Loss Prevention – Detect and prevent the export of sensitive data Mobile Device Management – Allow mobile & ‘BYOD’ users to safely operate remotely What kind of basic cybersecurity defences are needed? 3

AmadeusCybersecurity: the essentials12 th November Best practices in cyber security CYBERSECURITY: THE ESSENTIALS

AmadeusCybersecurity: the essentials12 th November 2014 BEST PRACTICES IN CYBER SECURITY 17 1.Business managers must know where the most important data is held – On-site in desktops and servers, or in cloud services and mobile devices 2.Bad things happen to good businesses – Automate the secure data back-up process – How will business continue if the physical site becomes unavailable? 3.Train employees about the nature of today’s cyber-attacks – Cyber-criminals particularly target SMBs – Aiming to compromise the PCs used for online banking and payments 4.Deploy the security basics: – Firewalls for wireless and wired-based access points, – Anti-malware on endpoints and servers – Encrypt highly sensitive data at rest and in transit Adapted from Messmer/InfoWorld Oct Best practices - 1 4

AmadeusCybersecurity: the essentials12 th November 2014 BEST PRACTICES IN CYBER SECURITY 18 5.Define each individual’s access to data – Ideally use two-factor authentication – Systems administrators jobs give them huge power – Immediately de-provision access & credentials when an employee departs 6.Trust, but verify – Do background checks on prospective employees – Have SLAs for technology vendors/cloud service providers; visit data-centre 7.Remove & securely destroy hard disks – From all old computers – And any other devices that store data Best practices - 2 4

AmadeusCybersecurity: the essentials12 th November 2014 BEST PRACTICES IN CYBER SECURITY 19 8.Smartphones require different security requirements than older PCs and laptops – ‘BYOD’ raises important legal questions – Business data no longer held on a device owned directly by the business 9.Use physical access controls to keep unauthorized individuals from IT resources – That includes the office cleaners – Train staff to challenge unexpected visitors in a polite, but determined, way 10.Have an employee acceptable-use policy – Defining behavior online, how data is to be shared and restricted – Have them read and sign it – Making it clear if there will be monitoring of online activities – There should be possible penalties for non-compliance. Best practices - 3 4

AmadeusCybersecurity: the essentials12 th November 2014 Amadeus Capital Partners Alex van Someren, Managing Partner, Early Stage Funds Global Technology Investors