SlideShare utilise les cookies pour améliorer les fonctionnalités et les performances, et également pour vous montrer des publicités pertinentes. Si vous continuez à naviguer sur ce site, vous acceptez l’utilisation de cookies. Consultez nos Conditions d’utilisation et notre Politique de confidentialité.
SlideShare utilise les cookies pour améliorer les fonctionnalités et les performances, et également pour vous montrer des publicités pertinentes. Si vous continuez à naviguer sur ce site, vous acceptez l’utilisation de cookies. Consultez notre Politique de confidentialité et nos Conditions d’utilisation pour en savoir plus.
Andrew: Cyber security has become one of the leading boardroom issues. Today, cyberattacks are having direct impacts upon the reputation, revenue and customer trust for organizations. Attacks on computer operating systems run by a large number of businesses around the world could cause losses amounting to billions in terms of their financial, economic and insurance impact. The nature and scale of cyber threats is changing so fast that traditional security solutions on their own are no longer enough to provide adequate protection. <next slide>
Andrew: As companies increasingly join wider ecosystems and have direct links to the world around them, they open up potential new security vulnerabilities. So how do we secure information wherever it sits or goes? Please join me in welcoming our panel of experts here at Fujitsu Forum in Munich today to discuss this issue facing organizations all over the world (introduction of panellists)
Andrew: So, gentlemen: is it really that bad out there? Or are we exaggerating?
Quentyn: In the past, it was the high-tech companies that were most vulnerable and investing in IT security, today… Quentyn: Difference between IT and InfoSec (game man vs. programmed bot/predictable machine, man vs unpredictable human determined to break security)
Paul Fisher: It used to an IT issue, but nowadays, it is an “everybody-issue” Paul Fisher: Shadow IT is a huge problem for security – who is making the decisions in larger organizations. IT is loosing the battle, businesses (or lines within the businesses) are making the decisions.
John/Paul McEvatt: That depends on the business, as well. Some digital organizations have embraced the fact that other business units are leading IT. They are enabling that and working with them. If you fight it, you will loose.
Andrew: So, the statement is not a cliché then? (for the group) <next slide>
Andrew: So how do non-tech companies protect themselves then? (For the group): Briefly list some examples of companies that do not see themselves as tech companies and do not consider cyber security to be part of their risk factor (not only tech media present, business media as well)
John: there is no silver bullet to the threats we are talking about… John/Paul McEvatt: Lifecycle approach, using threat intelligence (the point between thinking and understanding) Quentyn: Cyber-hygiene is not something only tech companies do…, if companies do not understand the technology, then they have a legal duty of care to bring in somebody who does…
Andrew: In today’s security landscape, intelligence and insight are required to combat these increasingly sophisticated threats. <next slide>
Andrew: So, a number of services offer advanced threat intelligence – how can organizations use these effectively?
John/Paul McEvatt: Organizations need to be able to understand the data and be able to do something meaningful with it – and that’s the real challenge. (give specific examples of how FJ helps customers consume CTI before, during and after) John/Paul McEvatt: talk about threat-hunting services, proactive activities
Andrew: The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. It is designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy. …much of the attention has been on the penalties for non-compliance, but what constitutes personal data? And how do you see this working out once the deadline has passed?
Paul Fisher: Even if have done nothing so far, its not too late…. Talk about use of anonymized data. Quentyn: It is in effect already, just the fines start in May….The right to be forgotten is not absolute – there are reasons such as fraud prevention/issues around warranties John: The NIS Directive is also coming (the first piece of EU-wide legislation on cybersecurity). It provides legal measures to boost the overall level of cybersecurity in the EU. Perhaps highlight how the NIS Directive provides legal measures to boost the overall level of cybersecurity in the EU by ensuring a culture of security across sectors which are vital for our economy and society and moreover rely heavily on ICTs, such as energy, transport, water, banking, financial market infrastructures, healthcare and digital infrastructure. Businesses in these sectors that are identified by the Member States as operators of essential services will have to take appropriate security measures and to notify serious incidents to the relevant national authority move on from GDPR.
Andrew: What will the future look like. What will organizations need to be on the lookout for as companies increasingly join wider ecosystems and have direct links to the world around them?
Quentyn: we can make predictions: more data will be lost – threats will only increase. Without risk, there is no profit. Get to the point where basic threats do not affect you (this is 95%). Paul Fisher: I am actually quite excited – businesses have never had such possibilities in terms of availability of services to transform their business. John/Paul McEvatt: People are not prepared – many of the (future) unsophisticated attacks can be prevented. There are so many ways in (identity theft, etc.) Risk is really relevant (making a risk assessment on where to prioritize) / balance of risk and opportunity: understanding of risk and grasping of opportunities…increasingly complex the digital environment we live, so security needs to become more systematic ….more automation, more less likely to suffer such highly publicized breaches
Andrew (last slide before Q&A) move to engage media to ask questions. <next slide>
1 Copyright 2017 FUJITSU
Cyber Threat Intelligence
Head of Security Offerings EMEIA,
Security & Privacy
Pierre Audoin Consultants
Moderator: Andrew Davidson
Director of Information Security,
2 Copyright 2017 FUJITSU
A cyberattack today could potentially take out all core
systems. As a result, cyber security is now business-
3 Copyright 2017 FUJITSU
Attacks cannot be completely avoided – preparation and
how you cope with them makes the difference.
4 Copyright 2017 FUJITSU
Prevention alone is not enough: Shifting from defense to
detection and intelligent response.
5 Copyright 2017 FUJITSU
GDPR-driven improvements will enable organizations
to protect all of their sensitive information, not just
6 Copyright 2017 FUJITSU
How will the future look like? How are trends influencing
new ways of working?