Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Security: State of the Nation

Published byArron Palmer Modified over 6 years ago

Similar presentations

Presentation on theme: "Cyber Security: State of the Nation"— Presentation transcript:

1 Cyber Security: State of the Nation
Presented by: Joe LoBianco, CISSP

2 “There are only two types of companies: those that have been hacked
and those that will be.” Robert Mueller FBI Director, 2012

3 The Threat Landscape Continues to Evolve
Which actors should I be worried about? State-sponsored Cyber Warfare 2016+ ? Organized Crime Source: Deloitte

4 Threats… What is going on out there? Progress works both ways…
Information Security Capabilities Threat Actor Capabilities Attackers are continuing recent trends, mirroring macro technology trends Leading to Advancements in… Attack Methods Sophistication/Organization of criminals Types of Targets (Perimeter  Highly Protected)

5 1. Attack Methods Cost Quality Increasing attack frequency and impact.
Economics in action: “cheaper and better” lowers barrier to entry Cost Quality More commoditized Attacks-as-a-Service: Malware, DDoS, Ransomware Malware is more sophisticated Evades detection More modular: Mix and match attack tools Increasing attack frequency and impact. Can’t be sure who the enemy actually is anymore.

6 2. Attacker Sophistication
A rising tide lifts all foes This is not just about Nation States Cheaper, better and more accessible attack methods are enabling all types of criminals by narrowing the sophistication gap High Nation States Organized Crime Level of Sophistication Thieves, Small-scale criminals Low Time

7 3. Types of Targets Thieves are using better capabilities to eye higher value targets We’ve moved beyond worrying about “Smash and Grab”… Via DDoS, Perimeter Web Systems, Customer Fraud (small loss per account) …to worrying about high impact targets (customer, business) Via internal systems compromise, APTs, Ransomware (destructive malware) targeting organizations

8 “If you think technology can solve your security problems,
then you don’t understand the problems and you don’t understand the technology.” Bruce Schneier Cryptographer, Computer Security and Privacy Specialist

9 3. Types of Targets People and process are now integral to successful attacks Attacks target all dimensions of your organization… PEOPLE PROCESS TECHNOLOGY Social engineering, Insider threats Learn your processes and supply chain to exploit weaknesses Exploit vulnerabilities, attack highly protected assets – not just perimeter targets

10 Challenges for Security Professionals
The bad guys only need to be successful once The challenge is the same as always: Protect against both old and new attacks Key Factors Key Questions Usually measured by the strength of our mature, well-known controls (DDoS, AV, IPS, etc.) Do we think these controls will protect us from the new attacks? Do we even know what controls we need to deal with the newest threats? The people that evaluate us (eg. regulators, auditors, etc.) are typically not evaluating the maturity of threat and risk-based programs How do we balance “hygiene” of old controls and implementation of improved controls?

11 Advice on Staying Ahead
Actions you can take today… 1 Threat Simulation Scenario-based continuous re-evaluation Table-top methods and real-world simulated attacks Simulations are not just for your CIRT, but effective as risk assessment and awareness exercises too Increasing your Information Security capabilities 2 Intelligence in your processes External threat intelligence data Internal incident data Adapt your education and awareness as threats evolve To inform risk assessments 3 Educate the Board Senior level engagement goes to CEO and Board Security must be on their agenda (not optional!) Start with education and not metrics, and don’t tell them that everything is OK

12 A Cyber-Resilient Organization
Balancing investment in several types of defenses Too much focus in one area can leave you exposed on another… Governance Threat Intelligence Threat Mitigation Incident Response

Download ppt "Cyber Security: State of the Nation"

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.

Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
Cyber Resilience Simon Onyons Financial Stability – Resilience Team.

Cyber Resilience Simon Onyons Financial Stability – Resilience Team.
Network Vulnerability Scanning Xiaozhen Xue Dept. of Computer Science Texas Tech University, USA Akbar Siami Namin Dept. of Computer.

Network Vulnerability Scanning Xiaozhen Xue Dept. of Computer Science Texas Tech University, USA Akbar Siami Namin Dept. of Computer.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
Ali Alhamdan, PhD National Information Center Ministry of Interior

Ali Alhamdan, PhD National Information Center Ministry of Interior
TOP 10 TECHNOLOGY INITIATIVES © 2013 - Robert G. Parker S-1 Issues Loss or theft of mobile devices Lack of MDM (mobile device management) software Cloud.

TOP 10 TECHNOLOGY INITIATIVES © Robert G. Parker S-1 Issues Loss or theft of mobile devices Lack of MDM (mobile device management) software Cloud.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.

Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.
Security: Emerging Threats & Trends Danielle Alvarez, CISO.

Security: Emerging Threats & Trends Danielle Alvarez, CISO.
FFIEC Cybersecurity Assessment Tool Maine Credit Union League September 23, 2015 Patrick Truett, Information Systems Officer National Credit Union Administration.

FFIEC Cybersecurity Assessment Tool Maine Credit Union League September 23, 2015 Patrick Truett, Information Systems Officer National Credit Union Administration.
©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals CHECK POINT MOBILE THREAT PREVENTION.

©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals CHECK POINT MOBILE THREAT PREVENTION.
External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.

External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.
Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015.

Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015.
Quantifying Cyber Security Risk in Dollars and Cents to Optimize Budgets CRM008 Speakers: Chris Cooper, VP, Operational Risk Officer; RGA Reinsurance Company.

Quantifying Cyber Security Risk in Dollars and Cents to Optimize Budgets CRM008 Speakers: Chris Cooper, VP, Operational Risk Officer; RGA Reinsurance Company.
Presented by: Mike Gerdes Director, Information Security Center of Expertise Cybersecurity State of the Union.

Presented by: Mike Gerdes Director, Information Security Center of Expertise Cybersecurity State of the Union.

Similar presentations

Ads by Google