Presentation is loading. Please wait.

Presentation is loading. Please wait.

AmadeusCybersecurity: the essentials12 th November 2014 Alex van Someren Family Office Forum 12 th November 2014, Zurich Cybersecurity: the essentials.

Published byFlora Hampton Modified over 9 years ago

Similar presentations

Presentation on theme: "AmadeusCybersecurity: the essentials12 th November 2014 Alex van Someren Family Office Forum 12 th November 2014, Zurich Cybersecurity: the essentials."— Presentation transcript:

1 AmadeusCybersecurity: the essentials12 th November 2014 Alex van Someren Family Office Forum 12 th November 2014, Zurich Cybersecurity: the essentials

2 AmadeusCybersecurity: the essentials12 th November 2014 AGENDA 1.Understanding cyber risks 2.Cyber security market trends 3.State of the art: threats & defenses 4.Best practices in cyber security Cybersecurity: the essentials

3 AmadeusCybersecurity: the essentials12 th November 2014 1 Understanding cyber risks CYBERSECURITY: THE ESSENTIALS

4 AmadeusCybersecurity: the essentials12 th November 2014 UNDERSTANDING CYBER RISKS 4 The External attacker usually wants to: – Get access to files stored on the computer, or the local network – Copy Usernames & Passwords from users – Run programs on the computer to make it a ‘bot’ They can deliver some ‘Malware’ inside the computer to achieve this, by: – infecting it with a Virus, – getting the user to open an email attachment – persuading the user to click through to an infected web page We also consider Internal attackers, i.e. employees as a possible threat Finally, disaster planning is also essential What exactly is the threat? 1

5 AmadeusCybersecurity: the essentials12 th November 2014 UNDERSTANDING CYBER RISKS 5 Email spam – Unwanted messages, also links & attachments Viruses/spyware/malware – Programs which can run on the receiving computer and do harm Email phishing – Targeted emails, particularly asking for credentials Network intrusion/hacking – External attackers or programs trying to enter machines/networks Denial of Service attacks – Preventing systems/websites from operating What cybersecurity risks should be considered? - 1 Software & network risks 1

6 AmadeusCybersecurity: the essentials12 th November 2014 UNDERSTANDING CYBER RISKS 6 Theft of mobile devices – Both accidental, and targeted Theft of system hardware – Physical attacks on facilities Corporate espionage/whistleblowers – Data leakage & data theft Criminal damage – Not only physical, but also logical i.e. data deletion What cybersecurity risks should be considered? - 2 Physical & data loss risks 1

7 AmadeusCybersecurity: the essentials12 th November 2014 2 Cyber security market trends CYBERSECURITY: THE ESSENTIALS

8 AmadeusCybersecurity: the essentials12 th November 2014 1.External threats: who actually gets hit? 2.External threats: causes of data losses 3.Internal threats: causes of security breaches Cyber security market trends

9 AmadeusCybersecurity: the essentials12 th November 2014 External threats: who actually gets hit? CYBER SECURITY MARKET TRENDS Source: Kaspersky IT Risks Survey 2014 – n = 3,900 2

10 AmadeusCybersecurity: the essentials12 th November 2014 External threats: causes of data losses CYBER SECURITY MARKET TRENDS 10 Source: Kaspersky IT Risks Survey 2014 2

11 AmadeusCybersecurity: the essentials12 th November 2014 Internal threats: causes of security breaches CYBER SECURITY MARKET TRENDS 11 Source: Kaspersky IT Risks Survey 2014 2

12 AmadeusCybersecurity: the essentials12 th November 2014 3 State of the art: threats & defences CYBERSECURITY: THE ESSENTIALS

13 AmadeusCybersecurity: the essentials12 th November 2014 STATE OF THE ART: THREATS & DEFENCES There are three major goals of cyber security: – Confidentiality: Keep private information private Prevent data leakage, data loss – Integrity: Guarantee critical information is not altered/tampered Protect data – Availability: Ensure that critical information remains accessible Keep systems working, prevent internal attacks So, the “C.I.A.” is your friend! What are the goals of good cybersecurity? 3

14 AmadeusCybersecurity: the essentials12 th November 2014 STATE OF THE ART: THREATS & DEFENCES 14 The primary goal is to prevent malware from getting into computers – Employees are the source of greatest risk They sometimes click on stupid stuff They can sometimes be misled They sometimes steal data So: – train employees in cybersecurity basics – employ adequate cybersecurity technology to prevent damage & loss What are the risk mitigation strategies? 3

15 AmadeusCybersecurity: the essentials12 th November 2014 STATE OF THE ART: THREATS & DEFENCES 15 Network Firewalls – Control the flow of Internet traffic and prevent intrusions Anti-Spam filters/services – Minimise the amount of potentially dangerous email arriving Anti-Virus software – Detect, search for & destroy malware on computers Data Loss Prevention – Detect and prevent the export of sensitive data Mobile Device Management – Allow mobile & ‘BYOD’ users to safely operate remotely What kind of basic cybersecurity defences are needed? 3

16 AmadeusCybersecurity: the essentials12 th November 2014 4 Best practices in cyber security CYBERSECURITY: THE ESSENTIALS

17 AmadeusCybersecurity: the essentials12 th November 2014 BEST PRACTICES IN CYBER SECURITY 17 1.Business managers must know where the most important data is held – On-site in desktops and servers, or in cloud services and mobile devices 2.Bad things happen to good businesses – Automate the secure data back-up process – How will business continue if the physical site becomes unavailable? 3.Train employees about the nature of today’s cyber-attacks – Cyber-criminals particularly target SMBs – Aiming to compromise the PCs used for online banking and payments 4.Deploy the security basics: – Firewalls for wireless and wired-based access points, – Anti-malware on endpoints and servers – Encrypt highly sensitive data at rest and in transit Adapted from Messmer/InfoWorld Oct. 2014 Best practices - 1 4

18 AmadeusCybersecurity: the essentials12 th November 2014 BEST PRACTICES IN CYBER SECURITY 18 5.Define each individual’s access to data – Ideally use two-factor authentication – Systems administrators jobs give them huge power – Immediately de-provision access & credentials when an employee departs 6.Trust, but verify – Do background checks on prospective employees – Have SLAs for technology vendors/cloud service providers; visit data-centre 7.Remove & securely destroy hard disks – From all old computers – And any other devices that store data Best practices - 2 4

19 AmadeusCybersecurity: the essentials12 th November 2014 BEST PRACTICES IN CYBER SECURITY 19 8.Smartphones require different security requirements than older PCs and laptops – ‘BYOD’ raises important legal questions – Business data no longer held on a device owned directly by the business 9.Use physical access controls to keep unauthorized individuals from IT resources – That includes the office cleaners – Train staff to challenge unexpected visitors in a polite, but determined, way 10.Have an employee acceptable-use policy – Defining behavior online, how data is to be shared and restricted – Have them read and sign it – Making it clear if there will be monitoring of online activities – There should be possible penalties for non-compliance. Best practices - 3 4

20 AmadeusCybersecurity: the essentials12 th November 2014 Amadeus Capital Partners Alex van Someren, Managing Partner, Early Stage Funds alex.vansomeren@amadeuscapital.com https://www.amadeuscapital.com/ Global Technology Investors

Download ppt "AmadeusCybersecurity: the essentials12 th November 2014 Alex van Someren Family Office Forum 12 th November 2014, Zurich Cybersecurity: the essentials."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
POSSIBLE THREATS TO DATA

POSSIBLE THREATS TO DATA
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Security for Today’s Threat Landscape Kat Pelak 1.

Security for Today’s Threat Landscape Kat Pelak 1.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Current Security Threats WMO CBS ET-CTS Toulouse, France 26-30 May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.

Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.

Similar presentations

Ads by Google