Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyberdefense and security policy – concepts and considerations for government policy 1 Cyberdefense and security policy Concepts and considerations for.

Published byJuliet Walker Modified over 9 years ago

Similar presentations

Presentation on theme: "Cyberdefense and security policy – concepts and considerations for government policy 1 Cyberdefense and security policy Concepts and considerations for."— Presentation transcript:

1 Cyberdefense and security policy – concepts and considerations for government policy 1 Cyberdefense and security policy Concepts and considerations for government policy Zoltán Précsényi Government Affairs Manager

2 Issue statement Cyberdefense and security policy – concepts and considerations for government policy 2

3 Agenda Cyberdefense and security policy – concepts and considerations for government policy 3 The threat landscape 1 Attack types 2 Cyberdefence, cybersecurity, cyberintelligence 3 Emerging challenges 4 Recommendations 5

4 Cyberdefense and security policy – concepts and considerations for government policy 4 The Threat Landscape

5 2010 Trends Cyberdefense and security policy – concepts and considerations for government policy 5 Social Networking + social engineering = compromise Attack Kits get a caffeine boost Targeted Attacks continued to evolve Hide and Seek (zero-day vulnerabilities and rootkits) Mobile Threats increase

6 2010 in numbers 286M+ threats +93% web-based attacks 260.000 identities exposed per breach +42% mobile vulnerabilities 6253 new vulnerabilities 14 new zero day vulnerabilities 1M+ bots in Rustock $0.07 to $100 per stolen credit card Cyberdefense and security policy – concepts and considerations for government policy 6

7 7 Attack types

8 Sources 8 Organized crime Well meaning insiders Malicious insiders Extremists Cyberdefense and security policy – concepts and considerations for government policy

9 TargetMethodToolsImpact Infrastructure DDoS (e.g. Estonia)BotnetsService disruption Control compromise (e.g. stuxnet) Specific malware exploiting zero day vulnerabilities, compromised credentials... Infrastructure failure Information Targeted attack Advanced persistent threats, leading to data breach, identity theft, loss of control… Tailored attack Customised malware using attack toolkits, social engineering... Phishing, data theft Botnets, toolkits, social engineering, keystroke loggers... Identity and data breach Targets and methods Cyberdefense and security policy – concepts and considerations for government policy 9 Any combinations of the above are possible. And likely.

10 Cyberdefense and security policy – concepts and considerations for government policy 10 Cyberdefense Cybersecurity Cyberintelligence

11 CybersecurityCyberdefense Object:Systems relevant to you……systems relevant to national security. Awareness:Understand threats to your business……and threats to national security. Action:Protect against threats you see……and figure out what you don’t see. Reaction:Block the attack that hits you……and take counter-measures. Resilience:Foresee disaster recovery……but also ensure maximum continuity. In short:Secure your perimeter……and build in-depth security. Focus on:People, processes, technology From cybersecurity to cyberdefense Cyberdefense and security policy – concepts and considerations for government policy 11

12 Cyberintelligence: What is the Internet used for? Communication: – Propaganda, instructions, information exchange – Diversion / disinformation / psychological operations Cybercrime and related finances: – Turning stolen data and attack capabilities into profits – Laundering money Intelligence – OSINT operations, social engineering Attack – Web-based attacks against information, organisations, infrastructure The Internet can also be used in support of other forms of attack. Cyberdefense and security policy – concepts and considerations for government policy 12

13 Cyberintelligence: needs and challenges Needs: – Design: Engineering skills – Deploy: Infrastructure for advanced monitoring – Leverage: Strong analytical capabilities, including human intelligence skills Challenges: – Fundamental rights: How intrusive can you be? – Confidentiality, encryption: How effective can you be? – Mass of information: Can you tell the wheat from the chaff? – Attribution: Can you tell who you’re up against? Can you really? Cyberdefense and security policy – concepts and considerations for government policy 13

14 Symantec™ Global Intelligence Network Identifies more threats, takes action faster & prevents impact Information Protection Preemptive Security Alerts Threat Triggered Actions Global Scope and Scale Worldwide Coverage 24x7 Event Logging Rapid Detection Attack Activity 240,000 sensors 200+ countries Malware Intelligence 133M client, server, gateways monitored Global coverage Vulnerabilities 40,000+ vulnerabilities 14,000 vendors 105,000 technologies Spam/Phishing 5M decoy accounts 8B+ email messages/day 1B+ web requests/day Austin, TX Mountain View, CA Culver City, CA San Francisco, CA Taipei, Taiwan Tokyo, Japan Dublin, Ireland Calgary, Alberta Chengdu, China Chennai, India Pune, India 14 Cyberdefense and security policy – concepts and considerations for government policy

15 15 Emerging challenges

16 TechnologyStrengthsWeaknesses Cloud Enhanced overall security capabilities: Detection Protection Backup and recovery Blurred individual security perimeter: Loss of control over certain assets Increased interdependencies New single points of failure Virtualisation Flexibility and efficiency: More resilient infrastructure Better use of hardware Enhanced interoperability Segregated tasks run on shared assets: Physical proximity between isolated virtual environments Higher exposure to more vulnerabilities Mobile Well, mobility: Access to data anytime, anywhere Federated identity management Better convergence between different communication channels Well, again, mobility: Lower security awareness and culture Cross-exposure of federated identities to vulnerabilities in one of them Increased risk of data loss through device loss Next generation computing technologies Cyberdefense and security policy – concepts and considerations for government policy 16

17 Mobile Threats Most malware for mobiles are Trojans posing as legitimate apps Mobiles will be targeted more when used for financial transactions Cyberdefense and security policy – concepts and considerations for government policy 17 163 vulnerabilities 2010 115 vulnerabilities 2009 42% increase

18 Cyberdefense and security policy – concepts and considerations for government policy 18 Recommendations

19 Cyberdefense and security policy – concepts and considerations for government policy 19 Design security already into the earliest concept. 10 View cybersecurity as a national security stake. Security: in depth, mobile, adjustable, dynamic. Security can no longer go without intelligence. Monitor, correlate data, respond accordingly. Assess actual threat levels, prioritise accordingly. Focus on people, processes and technology. Operationalise public private partnerships in CIIP. Ensure that cybersecurity is adequately resourced. Allocate clear responsibility for cybersecurity. 1 2 3 4 5 6 7 8 9

20 Thank you! SYMANTEC PROPRIETARY/CONFIDENTIAL – INTERNAL USE ONLY Copyright © 2010 Symantec Corporation. All rights reserved. Thank you! Cyberdefense and security policy – concepts and considerations for government policy 20 Zoltán Précsényi zoltan_precsenyi@symantec.com +32 225 71319

Download ppt "Cyberdefense and security policy – concepts and considerations for government policy 1 Cyberdefense and security policy Concepts and considerations for."

Similar presentations

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
‘Changing environment – changing security’ - Cyber-threat challenges today – Budapest, September 17-18, 2012 1 Industry and the fight against cybercrime.

‘Changing environment – changing security’ - Cyber-threat challenges today – Budapest, September 17-18, Industry and the fight against cybercrime.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Security for Today’s Threat Landscape Kat Pelak 1.

Security for Today’s Threat Landscape Kat Pelak 1.
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.

Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
Microsoft Ignite /16/2017 4:54 PM

Microsoft Ignite /16/2017 4:54 PM
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Symantec Security Intelligence Internet Security Threat Report Volume XVI June, 2011 Tiffany Jones Director – Programs and Strategy Symantec Public.

Symantec Security Intelligence Internet Security Threat Report Volume XVI June, 2011 Tiffany Jones Director – Programs and Strategy Symantec Public.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
RSA Approach for Securing the Cloud Bernard Montel Directeur Technique RSA France Juillet 2010.

RSA Approach for Securing the Cloud Bernard Montel Directeur Technique RSA France Juillet 2010.
1 Cybersecurity and web-based attacks A perspective from Symantec Zoltan Precsenyi Government Affairs Manager International Conference on Terrorism and.

1 Cybersecurity and web-based attacks A perspective from Symantec Zoltan Precsenyi Government Affairs Manager International Conference on Terrorism and.
E-Commerce Security and Fraud Issues and Protections

E-Commerce Security and Fraud Issues and Protections
INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.

INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
StorTech Security Regulatory compliance provides the business foundation for security Organisations need to tackle all security challenges from a business.

StorTech Security Regulatory compliance provides the business foundation for security Organisations need to tackle all security challenges from a business.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

Similar presentations

Ads by Google