Presentation is loading. Please wait.

Presentation is loading. Please wait.

Luxury Images copyrighted to:

Published bySilvana Rossetti Modified over 6 years ago

Similar presentations

Presentation on theme: "Luxury Images copyrighted to:"— Presentation transcript:

1 Luxury Images copyrighted to: http://www.youthincmag.com/lap-of-luxury

2 Inessential supplemental Expensive
Luxury Inessential supplemental Expensive = Dispensable

3 Cyber Security is No Longer a Luxury

4 Lyubomir ivanov Software Engineer @ Paysafe Technical Trainer
Security Enthusiast

5 Agenda Recent Cyber Security Issues
Cyber Security Trends and Threats in Industrial Control Systems Rules of Thumb

6 What happened recently?

7 Denial of Service attacks

8 GITHUB Publicly available third party servers used to conduct the attack In fact you can find on the link below

9 Dyn Botnet of IoT devices (CCTV cameras, baby phones, toasters, fridges, etc.) Disrupted major world-wide services such as: Twitter Amazon PayPal Netflix

10 Viruses/worms

11 Wannacry Ransomware Not too successful but very popular
Affects outdated Windows machines

12 Notpetya Ransomware Not too successful in terms of profit
Very successful in terms of chaos created Affects outdated Windows machines Blocked Chernobyl powerplant, Ukraine’s metro, ministries and banks

13 Data breaches

14 Equifax 143 million Social Security Numbers leaked
CFO tried to cover up the story and sell shares before acknowledging publicly

15 Macron’s and Clinton’s campaigns
Private communication leaked

16 Data misuse

17 Facebook 87 million users enhanced profile information shared without consent Used for targeted advertisement for election campaign Arguably turned the tides in the US election

18 Hardware vulnerabilities

19 SPECTER & MELTDOWN Allows for a program to read another program’s operational data on the same physical host Passwords, encryption keys and other sensitive data can be stolen

20 Cyber Security is a Necessity

21 Cyber Security – main goals
Confidentiality Integrity Availability  Information is only available to authorized parties  Accuracy and completeness of the data and its metadata  A system must provide services whenever requested and only to authorized parties Non-repudiation  No party in a transaction can deny its involvement

22 Cyber Security in Industrial Control Systems (ICS)

23 ICS - software trends Mobility Remote access Code modernization
Authentication alternatives

24 ICS – trendy software pitfalls
Weak authorization No cryptography Bad cryptography Infected or vulnerable software hosts No fallback policies especially about availability 34 SCADA mobile applications  147 vulnerabilities 94% code tampering 59% insecure authorization 53% reverse engineering 47% insecure data storage 38% insecure communication Research by IOActive and Embedi revealed 147 vulnerabilities in 34 randomly selected SCADA mobile applications. The top five security weaknesses are: code tampering (94% of apps), insecure authorization (59% of apps), reverse engineering (53% of apps), insecure data storage (47% of apps) insecure communication (38% of apps). Source:

25 Availability Reliability Idempotence Redundancy Fault tolerance
issuing a command will lead to its execution or an error report Idempotence unintentional duplication of a command should bring the system to a state as if the duplication hasn’t happened Redundancy a faulty system component output should be detected and replaced by a running correct one Fault tolerance a fail of a number of system components should cause no impact on the core functionality Resilience the system should be able to resist a faulty command or a flood of commands Redundancy (mostly the N-version programming paradigm)

26 Cyber Security – how to do it ?

27

28 No formula to success

29 Some good points … Hire security experts (!)
Cyber security is not only about software Least privilege principle What-if analysis Don’t do your cryptography N-version programming

30 Cyber Security is No Longer a Luxury
Thank you!

Download ppt "Luxury Images copyrighted to:"

Similar presentations

Chapter 1  Introduction 1 Chapter 1: Introduction.

Chapter 1  Introduction 1 Chapter 1: Introduction.
Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.

ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.
Trojan Horse Program Presented by : Lori Agrawal.

Trojan Horse Program Presented by : Lori Agrawal.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Sixth Edition 1 M a n a g e m e n t I n f o r m a t i o n S y s t e m s M a n a g I n g I n f o r m a t i o n T e c h n o l o g y i n t h e E – B u s i.

Sixth Edition 1 M a n a g e m e n t I n f o r m a t i o n S y s t e m s M a n a g I n g I n f o r m a t i o n T e c h n o l o g y i n t h e E – B u s i.
Fifth Edition 1 M a n a g e m e n t I n f o r m a t i o n S y s t e m s M a n a g I n g I n f o r m a t i o n T e c h n o l o g y i n t h e E – B u s i.

Fifth Edition 1 M a n a g e m e n t I n f o r m a t i o n S y s t e m s M a n a g I n g I n f o r m a t i o n T e c h n o l o g y i n t h e E – B u s i.
Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.

Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.

1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
Chapter 13 Understanding E-Security. 2 OBJECTIVES What are security concerns (examples)? What are two types of threats (client/server) Virus – Computer.

Chapter 13 Understanding E-Security. 2 OBJECTIVES What are security concerns (examples)? What are two types of threats (client/server) Virus – Computer.
1 Chpt. 12: INFORMATION SYSTEM QUALITY, SECURITY, AND CONTROL.

1 Chpt. 12: INFORMATION SYSTEM QUALITY, SECURITY, AND CONTROL.
What security is about in general? Security is about protection of assets –D. Gollmann, Computer Security, Wiley Prevention –take measures that prevent.

What security is about in general? Security is about protection of assets –D. Gollmann, Computer Security, Wiley Prevention –take measures that prevent.
Continuous Backup for Business CrashPlan PRO offers a paradigm of backup that includes a single solution for on-site and off-site backups that is more.

Continuous Backup for Business CrashPlan PRO offers a paradigm of backup that includes a single solution for on-site and off-site backups that is more.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
1 #UPAugusta2016. 2 3 Today’s Topics What are Deadly IT Sins? Know them. Fear them. Fix them. #UPAugusta201 6.

1 #UPAugusta Today’s Topics What are Deadly IT Sins? Know them. Fear them. Fix them. #UPAugusta201 6.
James F. Fox MENA Cyber Security Practice Lead Presenters Cyber Security in a Mobile and “Always-on” World Booz | Allen | Hamilton.

James F. Fox MENA Cyber Security Practice Lead Presenters Cyber Security in a Mobile and “Always-on” World Booz | Allen | Hamilton.
Welcome to the ICT Department Unit 3_5 Security Policies.

Welcome to the ICT Department Unit 3_5 Security Policies.
Protecting Against Cyber Attacks PLEASE TAKE A MINUTE TO LOOK AT THIS IMPORTANT MESSAGE. THIS IS HAPPENING HERE AND NOW! LET US SAVE YOU AND YOUR INFORMATION.

Protecting Against Cyber Attacks PLEASE TAKE A MINUTE TO LOOK AT THIS IMPORTANT MESSAGE. THIS IS HAPPENING HERE AND NOW! LET US SAVE YOU AND YOUR INFORMATION.

Similar presentations

Ads by Google