The world we live in right now is getting more and more digital. All possible things we were reading in sci-fi books or watching in fantasy movies are becoming a reality. Internet of things, drones, e-world, mobility, applications, cloud, digital prototyping, e-voting, quantum computing, 3D printing like in Terminator movies and much more is a reality. On average auditory of this room can agree that it is ok to say that we live in the future. As what has happened to technology for personal use and business in last 25 years is impressive. And we can experience that. We are unique generation and live in unique times.
The digital world gives huge opportunities to any business entering it. There are soon close to 4 billion of potential customers out there in 2015 that are. Digital world introduces new products every day and technology creators are extremely working on to get new products to market as soon as possible.
But like in every book, movie, story, historical reality when there are good forces also there are bad forces. Cyber crime is growing and various things are happening everywhere. New technologies also introduce new risks and those risks are with different configuration. Countries attack countries and we call that a cyber wars, citizens are attacking countries and we call that hacktivism, professionals are attacking everyone for financial gains and we call that organized digital crime. And the methods are getting more and more sophisticated so in the end doesn’t matter how great are technologies of defense every day we have new articles of new indicents, data breeches, companies who have huge financial loses and damages of reputation, lost marketplace, stock market positions, customers, employees or even lives. I won’t touch each different method of attacks but I will simply try to share how we as a system integrator of complex cyber security protection technology solutions look at things and protect our customers.
2. “Data Security Solutions” business cardWhat We Do?
DSS
Cyber
Security
Only
Full IT
Security
Services
Lifecycle
Most
Innovative
Portfolio in
Baltics
Member–
ships,
Awareness
Rising
Technology
&
Knowledge
Transfer
ICT
Security
Evangelists
Endpoints
Applications
Networks
Data
Identity
Mobility
Management
Cloud
7. Future is now. We live in future.
3D Printers (Terminator 2 style)
Google Glasses (..and “glassh**es)
Cloud Computing
Big Data & Supercomputers (quantum)
Mobile Payment & Virtual Money
eCasino’s, eBetting, eShops, eAnything
Robotics and Intraday Deliveries
Internet of things & smart cities
Augmented Reality
Extreme development of App’s
Digital prototyping
Gadgets (devices) & Mobility
Technology replaced jobs (automation)
Geo-location power
Biometrics
Health bands and mHealth
Electronic cars
Avegant Glymph and much, much more
12. The Raise of Threats and Attacks
Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2015
Attack types
2012
40% increase
2013
800,000,000+ records
2014
Unprecedented impact
XSS SQLiMisconfig. Watering
Hole
Brute
Force
Physical
Access
Heartbleed Phishing DDoS Malware Undisclosed
$6.5M
average cost of a U.S. data breachaverage time to detect APTs
256days
Source: 2015 Cost of Data Breach Study, Ponemon Institute
13. Sophisticated attacks of today’s cybercrime
Targeted professional attacks
Massive Denials of Services
Watering hole attacks
Advanced persistent threats
Mobile incidents
Cyber wars
Hacktivists
Global virus outbreaks
Shadow IT and dark net
Insane data leakages
Identity thefts
Cyber espionage
And so on...
14. “You take the blue pill, the story ends. You wake up in your bed and believe whatever you want to
believe. You take the red pill, you stay in wonderland, and I show you how deep the rabbit hole
goes.”
~Morpheus @Matrix
15. Rabbit hole versus wonderland...
Blue pill option e.g. «wonderland»
Don’t invest now
Believe in security of Your data&IS’s
Ignore it all despite reality to
contrary that every business is
affected
Red pill «rabbit hole»
Stop functioning under illusion of
security
Implement effective and innovative
security technologies
Learn how deep rabbit hole goes...
16. Impact of Cyber Security Risks to «C’s»
Loss of market share
and reputation
Legal exposure
Business continuity
Audit failure
Fines and
enforcement impact
Financial loss
Impact to data and
systems,
(confidentiality,
integrity and /
or availability)
Violation of
employee
privacy
Loss of
sensitive data
Loss of
customer
trust
Loss of
brand reputation
CEO / COO CCO / CFO CIO CHRO / CDO CMO
Your board and CEO demand a strategy
17. Political (external and internal)
Technological (risks, threats, fraud, attacks, leaks)
Economical (budget reality, competition, costs…)
Legal (compliances, regulations etc.)
Professional (HR, information quantity)
Psychological ( traditions / knowledge / trust)
Challenges of CIO’s & CSO’s
20. Compliant and secure are two different things....
Compliance does great job to help elevate
awareness of security concerns
And also help to enforce minimum baseline
standards
However checking right boxes to get through
every next audit leaves organization exposed to
any new technologically advanced threat,
sophisticated targeted attack and so on
If organization has automated risk
management (GRC) solution in place that’s also
significantly better than a manual teamwork
(XLS’s)
24. Summary before «silver bullet»
Cybercrime is real deal, everyone is affected and it is
next door if haven’t been knocking at Yours already yet
– and you do not want to get famous...
All traditional securities invented decades ago aren’t
any more efficient, as well all compliances, regulas and
security standards without innovative technologies and
investment in cyber security always remain one step
behind bad guys
World is short on enough smart good guys that know
both – business and IT security – and can translate IT
into business language and manage the risks with
ellegance
Don’t take blue pill – that might cost lot more later
25. How to establish security as imune system?
Security Intelligence & Integration is
mandatory
HR training / awareness raising (corporate
cyber security driver’s license)
Compliance and risk management
Cyber Security as business enabler
26. Business part
Business processes analysis from tech perspective
Assessment and management of cyber security risks
Related technological part
Inventory of devices and software
Secure configuration of everything (end-users, devices)
Vulnerability assessment and management
Malware defenses, application security, pen tests
Wifi security
Mobile security
Data security
Continuos skills training and learning
Access control and visibility
Audit, monitoring, analysis, incident response and more
Business & technology common risk language
30. Suspected
Incidents
Prioritized Incidents
Servers and mainframes
Data activity
Network and virtual activity
Application activity
Configuration information
Security devices
Users and identities
Vulnerabilities and threats
Global threat intelligence
Extensive Data Sources
Automated
Offense
Identification
•Massive data reduction (millions to one)
•Automated data collection,
asset discovery and profiling
•Automated, real-time,
and integrated analytics
•Activity baselining
and anomaly detection
•Out-of-the box rules
and templates
Embedded
Intelligence
Security intelligence for automated offense detection
31. Our proposal with Security Intelligence & Integration
Advantages and immediate gains
Intelligence & Visibility (real time risk
identification and management, continous
automated audit, forensics, increased quality
of services, alerts, privilleged users control,
real time topology&inventory etc.)
Centralized intelligent storage (of
business, user, IT event data for auditors,
reports, improved analysis of anything
Current and future costs saving
(technology and HR efficiency perspective)
If used now of in future as integrated
solution – the whole SOC (security
operations centre)
35. How we can help
Analyze and detect risks
Fulfill audit
Build security action plan
Train the employees
Pass compliance regulations
Save from data leakage
Protect critical assets
Get rid of passwords
Consult Your professionals
Protect from attacks
Help creating RFP docs
Be Your IT Security Advisor!
Business value of «Data Security Solutions»
IT Security services (consulting, audit, pen-testing, market analysis, system testing and integration, training and technical support)
Solutions and experience portfolio with more then 20 different technologies – Cybersecurity global market leaders from more than 10 countries
Trusted service provider for banks, insurance companies, government, and private companies (critical infrastructure etc.)
Own organized conference “DSS ITSEC”
5th annual event this year
More than 400 guests and more than 250 online live streaming wievers from LV, EE, LT
4 parallel sessions with more than 40 international speakers, including Microsoft, Oracle, Symantec, IBM, CISCO, Samsung, F-Secure and many more – everything free of charge
Participation in other events & sponsorship
CERT & ISACA conferences
RIGA COMM exhibition & conferences
Roadshows and events in Latvia / Lithuania / Estonia (f.i. Vilnius Innovation Forum, Devcon, ITSEC HeadLight, SFK, business associations)
Memebr of Latvian IT Cluster un LIKTA
Participation in Cybersecurity discussions, strategy development, seminaries, publications, etc.
Don’t want to predict the future. It is hard and easily can go wrong. It is present. 1000000 aps on Apstore, 1000000 aps on google store.
http://www.youtube.com/watch?v=cCyGEzzZhTQ