We manage security through either leadership or crisis. In the absence of leadership, we are left with crisis. The document discusses trends in cyber security threats, challenges faced by organizations, and the need for strategic leadership in cyber security. It outlines a defense in depth approach using layered security technologies and controls. Key risks like increasing attacks and data aggregation are addressed. Innovation on both sides of attacks and protections is also covered.
Similaire à Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Helsinki, Matthew Rosenquist Cyber Security Strategist 2014 public
Security Testing for Testing ProfessionalsTechWell
Similaire à Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Helsinki, Matthew Rosenquist Cyber Security Strategist 2014 public (20)
3. We manage securitythrough
We manage security through
either leadershipor crisis.
either leadership or crisis.
In the absence of leadership,
of leadership,
In the absence
we are left with crisis.
we are left with crisis.
4. Discussion
• Trends and Landscape
• Challenges of Cyber Security
• Strategic Leadership
• 3 Eminent Risks and Controls
• Summary, Questions, Discussion
5. Industry Trends and Landscape Drives
Security
The risks-of-loss continues to rise as the cyber security
industry grows in size, intensity, and complexity
6. Leading Metrics & Trends
~50%
Increase of
‘signed’ malware
Source: McAfee Threat Report Q3 2013
Source: McAfee Threat Report Q3 2013
Source: F-Secure Mobile Threat Report Jul-Sept 2013
200k New Malware/day
172m+ Total
1.5m Total
‘signed’ Samples
Android Malware
Growth
~32%
50%
93%
Worldwide
computers infected
in 2012
Online adults victims
of cybercrime or
negative situations
Organizations
suffering a data
breach in 2013
Source: Panda Labs
Global Infection Rates
Source: Symantec 2013 Norton Report
1M+ Adults Victims each day
(12 per second)
Source: UK Government BIS Survey
40% Increase
in Data Breaches
7. 2013 H1 Sampling of Security Incidents
Source: IBM X-Force 2013 Mid-Year Trend and Risk Report
Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses
High percentage of ‘Unknowns’. Shows the difficulty in identifying attack methods
Broad range of different targets. No segment is immune
Only includes reported data. Not the complete picture, which is much larger
8. Industry Impacts & Trends
“Cyberrisk has moved
from position 12
(malicious) and 19
(non-malicious) in 2011
to the worlds number
three risk.”
“Malicious cyberactivity
may cost the US
economy $100 billion
and as many as
508,000 US jobs
annually.”
Cybersecurity should
be seen as an
occupation and not a
profession because the
rate of change is too
great to consider
professionalization”
Lloyds Risk Index 2013
Center for Strategic and International Studies (CSIS)
US National Academy of Sciences
Risks Increase
Costs and Jobs are Impacted
Highly Variable Industry
Worldwide concerns
grow for privacy,
surveillance, cyber
warfare, regulations,
and the rise in
offensive security
Cybercrime costs
~$500 billion globally.
Driving growth of dark
economies, IP loss,
service downtime,
reputation impacts,
fraud, and theft
April 2013 a fake Tweet
caused a temporary
market flash-crash of
140 points, equivalent
to ~$200 billion
Center for Strategic and International Studies (CSIS)
Advanced Actors Rise
Money Fuels Innovation
IBM X-Force 2013 Risk Report
Unpredictable Extreme
Impacts
9. Challenges – Business Value Aspects
Businesses must
find a balance
through tradeoffs.
Optimal security is
the right balance
of cost, user
experience, and
risk.
10. Challenges – Operational Aspects
Security technology, people, data, and services are
intertwined in complex ways
Achieving security objectives requires comprehensive and
well thought out solutions
Infrastructure
& Business
Processes
Threats
Trusted
Users
Data
11. We manage security through
Leadership is key in organizing
either leadership or crisis.
resources to achieve and
In the absence of leadership,
maintain an optimal level of
we are left with crisis.
security value
12. Strategic Leadership: Defense in Depth
A strong process strategy will enable operational flexibility, while driving cost
efficiency, and effectiveness
13. Tactical Security Technology
Integration: Layered Defense
Multiple layers are necessary for comprehensiveness
• Firewalls, demilitarized zones, data loss prevention,
ID management, traffic & content filters
NETWORK
PLATFORM
APPLICATION
FILE
AND
DATA
• Antivirus software, patching, minimum
security specifications for systems
• Secure coding, testing,
security specifications
• File and data
encryption,
enterprise rights
management
14. 3 Eminent Risks and Controls
Risks:
1. Scale and adaptation of attacks, enlargement of the attack
surface
2. Increase and complexity of attackers, technology/behaviors,
organized and funded threat agents
3. Massive data aggregation, leveraged for targeting and attacks
Controls:
1. Better threat modeling, greater financial investment, secure
product designs, evolving IT security controls/solutions
2. Improved platform and network based preventative security
3. Stronger response (ex. DDOS), investigations (ex. forensics),
interdiction (ex. bounties & arrests)
15. Innovations to Attack:
End-Points Example
Attackers are adapting by moving down the stack:
Attacks disable
security products,
steal and control
applications
Less
Difficulty
Attacks against
hardware and
firmware affect
the root-of-trust
Operating System
Virtual Machine
More
Compromise
virtual
machine
Applications
Hardware
(Optional)
Traditional attacks:
Focused primarily on
the application layer
OS infected:
Threats are hidden
from security
products
New stealth
attacks:
Embed themselves
below the OS and
Virtual Machine, so
they can evade
current solutions
16. Innovations to Protect:
Security below the OS
•
•
Sensors under the OS to detect stealth malware
Passes data to Anti-Malware software to block, and remove
End-Points Example
Faster and Stronger Encryption
• Hardware acceleration of encryption algorithms (up to 4x faster)
improves user experience and productivity, while protecting data
Whole-disk
Encryption
Internet
Security
File Storage Encryption
Whole-disk
Encryption
Strengthening Data-Center Security & Control Hardware Enhanced Authentication
•
•
Attestation of VM and cloud security
Out-of-Band security monitoring, management, and recovery
•
•
Eliminating the need for separate hardware tokens
Faster software VPN login, for improved user experience and
productivity
Stronger user ID
and Authentication
Software VPN tokens
instead of user
passwords
VPN Client SW
Traditional hardware
token integrated
into PC
Defenders respond to attackers and develop capabilities to mitigate impactful exploits,
make security more user-friendly, and improve the cost structure.
17. Two types of victims exist: those
We manage security through
with something of or crisis.
either leadershipvalue and
those who are easy targets
In the absence of leadership,
we are left with an easy
Therefore: Don’t be crisis.
target, and protect your valuables
18. Summary
A well thought out cyber strategy is necessary
to secure assets, operations, reputation, and
competiveness
Strive to achieve and maintain the optimal
balance of security for your organization
Executive commitment and support is a
prerequisite to success