SlideShare une entreprise Scribd logo

Clear and present danger: Cyber Threats and Trends 2017

M
Morakinyo Animasaun

Cyber threats and trends that you cannot afford to overlook in 2018. revised presentation from Clear and Present Danger - an Enterprsie Security event hosted by Netplus

Technologie
1  sur  30
CLEAR AND PRESENT DANGERCLEAR AND PRESENT DANGERCLEAR AND PRESENT DANGERCLEAR AND PRESENT DANGER By: Morakinyo Animasaun morakinyo@netplusng.com NETPLUS LIMITED By: Morakinyo Animasaun morakinyo@netplusng.com NETPLUS LIMITED
IntroductionIntroduction •Clear and Present Danger is a concept of proximity, likelihood and gravity of a dangerous event •Clear and Present Danger is a test to determine whether the “thing” or threat at hand would produce an undesirable situation or consequenceproduce an undesirable situation or consequence that your organisation would want to prevent. •High-level overview of what to consider in the battle against cyber criminals and foundation for the solutions and technologies that can help you win the battle.
Cyber Security RiskCyber Security Risk • WHOSE RISK? • In the past, cyber security risk was an IT Risk. – If it is still so, in your organisation, you– If it is still so, in your organisation, you are living in the past • CYBER SECURITY RISK is no longer just an IT Risk • CYBER SECURITY RISK is now a Business Risk
Cyber Crime ISCyber Crime IS………… • WARFARE – Cyber criminals do not take any prisoners – Everyone is a target, no one is safe: 62% of businesses are being attacked at leastof businesses are being attacked at least weekly, while 30% are attacked daily and 10% hourly or continuously. – Data breach is still a common objective; but growing trend of business disruption.
Cyber Crime ISCyber Crime IS………… • BUSINESS • ORGANISED - Cyber criminals, hackers and malware developers are no longer hobbyists but now part of organised crime syndicates that invest heavily in R&D (Lazarus Group, NCPH, Carbanak etc) • BIG – Over $1billion was stolen from a bank using the Carbanak exploit. More than $850 million in fraudulent SWIFT network transactions from Bangladesh Central Bank, of which $80 million has still notfrom Bangladesh Central Bank, of which $80 million has still not been recovered. – According to widely accepted estimates, cybercrime costs the world economy the sum of US $ 500 billion, only slightly less than the GDP of Nigeria (521.8 billion dollars), the largest economy in Africa. – Cybercrime estimated to cost the Nigerian economy between $ 450m - $ 500m per annum. • REWARDING - Ransomware attacks in 2016 fetched $1billion. Risk – Reward ratio is very favourable. Risk is often low and reward high
Cyber criminals followCyber criminals follow:: • Money – Opportunity, Reward, ROI • People/ Users – the more, the merrier • Systems/Devices – the more generic, the betterbetter • Vulnerabilities – the weaker, the easier • IT trends – leverage advancement in technologies and take advantage of new trends. Cyber crime has gone cloud, mobile, blockchain and fintech.
GlobalGlobal IT TrendsIT Trends
The Threat EnvironmentThe Threat Environment • Threat landscape is constantly evolving • Perimeter is being redefined • Attack surface is increasing • Cyber criminals capabilities are improving• Cyber criminals capabilities are improving • Cyber criminals are getting better access to technology and resources • Cyber Security teams are overwhelmed and lagging behind
Current RealitiesCurrent Realities • Volume – Over 340,000 new exploits are released in the wild daily. • Speed – Agility, quickness of cyber criminals in taking advantage of vulnerabilities, new developments, trends and technologies. Day 1 vulnerabilities more widespread than Day 0. • Sophistication – Advanced, Complex e.g. polymorhpic malware • Collaboration – Unholy alliances, Dark Web, Cloud, MaaS, AaaS, FaaS• Collaboration – Unholy alliances, Dark Web, Cloud, MaaS, AaaS, FaaS • Innovation – Cyber criminals are investing part of their loot on R & D • Severity – in losses and damages • Customisation – Targetted attacks, customised malware, spear phishing, increase in banking malwares • Persistence – continuos attack on some businesses • Anonymity – Obfuscation, Stealth, TOR, Cryptocurrency,
Rise of MobileRise of Mobile Malware andMalware and RansomwareRansomware • Mobile financial threats written with the intention of stealing money are among the top 10 malware exploits. • 638 million ransomware attacks in 2016. In 2017, Kaspersky detected programs ofIn 2017, Kaspersky detected programs of this sort in over 200 countries and territories. • Africa, with the rapid growth of its mobile banking sector, is particularly vulnerable to this sort of evolution.
What to expect in 2018? ATM AttacksATM Attacks Social EngineeringSocial EngineeringHighHigh--end mobileend mobile malwaremalware FraudFraud--asas--aa--ServiceServiceData BreachesData Breaches
What to expect in 2018? • More, More, More and New. – Sophisticated, complex attacks – Targetted attacks – Business disruption – Data breaches – Ransomware– Ransomware – Social engineering – Account takeover – Cyber crime collaboration – Cyber crime innovation – Fraud-as-a-Service – ATM attacks • 2017 on a greater scale
RECOMMENDED APPROACH TO CYBER SECURITY
• What is clear to the EAGLE may not be clear to the BAT • What is clear to the SnellenSnellen ChartChart • What is clear to the EAGLE during the day may not be so clear at NIGHT
Ability toAbility to See/ VisibilitySee/ Visibility
Situational AwarenessSituational Awareness
The Hawk and the Mother HenThe Hawk and the Mother Hen • Can your organisation recognise the manoeuvres of cyber criminals before the attempt is made? • Every organisation needs to acquire or develop ability to correctly interpretdevelop ability to correctly interpret threat data and activity logs • You need DETECTION, PREDICTIVE and RESPONSE capabilities in order to survive and avoid becoming a victim in the current threat landscape.
Game of Chess or War Game?Game of Chess or War Game?
Ability to PredictAbility to Predict Who wins?Who wins?
Is your InfoSec organisation comparable to Who wins?Who wins? Is your InfoSec organisation comparable to the majority of chess players, a good chess player or a grandmaster? Do you have the ability to PREDICT your opponent’s next move, DETECT an attack and RESPOND to PREVENT disruptions or losses.
Winning Approach to Cyber SecurityWinning Approach to Cyber Security •Stay a step ahead of cyber threats •Multi-pronged, multi-layer security •Adaptive Security oPredictoPredict oPrevent oDetect oRespond •Collaborative •Responsive
RecommendationsRecommendations Gain visibility into your Infrastructure and the threat environment you are operating in. Leverage the combined power of human and machines by using AI, ML and DL with the deep expertise of a global research and analysis team. Kaspersky Lab has aglobal research and analysis team. Kaspersky Lab has a unique approach called Hu-machine. Train the eyes that are looking Incident response – Incident Response Planning, Incident response Drill, Incident Response Automation, Incident Response review - delay can be costly
SolutionsSolutions • Intelligence Services: Threat Feeds • Intelligence Services: Cybersecurity Education • Intelligence Services: Incident investigation • Intelligence Services: Botnet Threat Tracking • Anti-APT• Anti-APT • SOC Security Operations Centre • Security Awareness Training • Penetration Testing • Vulnerability Assessment
KasperskyKaspersky SolutionsSolutions • EDR - Kaspesrky Endpoint Detection and Response • KATA - Kaspersky Anti-Targetted Attack • SoC – Security Operations Centre• SoC – Security Operations Centre • Encryption Security • Security for Virtualisation • Security for Storage • Threat Intelligence
Other SolutionsOther Solutions • Wombat interactive training modules for Information Security Awareness programme • Educating Users to Improve Awareness, Change Behaviors, and Reduce risk to your organization – help your employees understand security threats andthreats and – make the right decisions when face-to-face with security threats • Assess, Educate, Reinforce, Measure. • The training modules can be used independently and serve as the centerpiece of your Security Awareness programme
Other SolutionsOther Solutions • GigaSECURE • GigaVUE – help your organisations gain visibility and insight into your infrastructure and securityinsight into your infrastructure and security threats
ConclusionConclusion • Let’s talk about your Cyber Security challenges, needs etc. • Contact Netplus - answers@netplusng.com as your Information Security partner • www.netplus.ng
Thank YouThank YouThank YouThank You www.netplus.ng

Recommandé

Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber Resilience
Darren Argyle
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Syed Peer
 
Think Cyber Think Resilience | William Barker | March 2016
Think Cyber Think Resilience | William Barker | March 2016Think Cyber Think Resilience | William Barker | March 2016
Think Cyber Think Resilience | William Barker | March 2016
Anna Fenston
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015
ITSM Academy, Inc.
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber Resilience
Symantec
 
ISF Congress 2016 - Session 7.2_Kukreja
ISF Congress 2016 - Session 7.2_KukrejaISF Congress 2016 - Session 7.2_Kukreja
ISF Congress 2016 - Session 7.2_Kukreja
Puneet Kukreja
 
Backups and Disaster Recovery for Nonprofits
Backups and Disaster Recovery for NonprofitsBackups and Disaster Recovery for Nonprofits
Backups and Disaster Recovery for Nonprofits
Community IT Innovators
 
Big 4 W's of Big Threat Hunting
Big 4 W's of Big Threat HuntingBig 4 W's of Big Threat Hunting
Big 4 W's of Big Threat Hunting
Eguardian Global Services
 

Recommandé

Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber Resilience
Darren Argyle
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Syed Peer
 
Think Cyber Think Resilience | William Barker | March 2016
Think Cyber Think Resilience | William Barker | March 2016Think Cyber Think Resilience | William Barker | March 2016
Think Cyber Think Resilience | William Barker | March 2016
Anna Fenston
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015
ITSM Academy, Inc.
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber Resilience
Symantec
 
ISF Congress 2016 - Session 7.2_Kukreja
ISF Congress 2016 - Session 7.2_KukrejaISF Congress 2016 - Session 7.2_Kukreja
ISF Congress 2016 - Session 7.2_Kukreja
Puneet Kukreja
 
Backups and Disaster Recovery for Nonprofits
Backups and Disaster Recovery for NonprofitsBackups and Disaster Recovery for Nonprofits
Backups and Disaster Recovery for Nonprofits
Community IT Innovators
 
Big 4 W's of Big Threat Hunting
Big 4 W's of Big Threat HuntingBig 4 W's of Big Threat Hunting
Big 4 W's of Big Threat Hunting
Eguardian Global Services
 
Beating Sophisticated Attackers at Their Game Using AWS
Beating Sophisticated Attackers at Their Game Using AWSBeating Sophisticated Attackers at Their Game Using AWS
Beating Sophisticated Attackers at Their Game Using AWS
Amazon Web Services
 
Security on a budget
Security on a budget Security on a budget
Security on a budget
nCircle - a Tripwire Company
 
How to build a cyber threat intelligence program
How to build a cyber threat intelligence programHow to build a cyber threat intelligence program
How to build a cyber threat intelligence program
Mark Arena
 
Cyber Attacks aren't going away - including Cyber Security in your risk strategy
Cyber Attacks aren't going away - including Cyber Security in your risk strategyCyber Attacks aren't going away - including Cyber Security in your risk strategy
Cyber Attacks aren't going away - including Cyber Security in your risk strategy
James Mulhern
 
Why_TG
Why_TGWhy_TG
Why_TG
TOP GUN
 
Proactive Counterespionage & Business Continuity / Resiliency
Proactive Counterespionage & Business Continuity / ResiliencyProactive Counterespionage & Business Continuity / Resiliency
Proactive Counterespionage & Business Continuity / Resiliency
Dr. Lydia Kostopoulos
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomware
marketingunitrends
 
IT Security for Nonprofits
IT Security for NonprofitsIT Security for Nonprofits
IT Security for Nonprofits
Community IT Innovators
 
InfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AInfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 A
Ward Pyles
 
Cyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksCyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber Shocks
Phil Huggins FBCS CITP
 
ISC2014 Beijing Keynote
ISC2014 Beijing KeynoteISC2014 Beijing Keynote
ISC2014 Beijing Keynote
Cyphort
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
Ian-Edward Stafrace
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
Resilience is the new cyber security
Resilience is the new cyber securityResilience is the new cyber security
Resilience is the new cyber security
Phil Huggins FBCS CITP
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
PECB
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat Landscape
Melbourne IT
 
Cyber Security Awareness Month 2017-Wrap-Up
Cyber Security Awareness Month 2017-Wrap-UpCyber Security Awareness Month 2017-Wrap-Up
Cyber Security Awareness Month 2017-Wrap-Up
Chinatu Uzuegbu
 
Keeping Secrets on the Internet of Things - Mobile Web Application Security
Keeping Secrets on the Internet of Things - Mobile Web Application SecurityKeeping Secrets on the Internet of Things - Mobile Web Application Security
Keeping Secrets on the Internet of Things - Mobile Web Application Security
Kelly Robertson
 
Detecting Stopping Advanced Attacks
Detecting Stopping Advanced AttacksDetecting Stopping Advanced Attacks
Detecting Stopping Advanced Attacks
Envision Technology Advisors
 
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
Shawn Tuma
 
Scot Secure 2017
Scot Secure 2017Scot Secure 2017
Scot Secure 2017
Ray Bugg
 
The Rise of Ransomware As a Service
The Rise of Ransomware As a ServiceThe Rise of Ransomware As a Service
The Rise of Ransomware As a Service
Veriato
 

Contenu connexe

Tendances

InfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AInfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 A
Ward Pyles
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
PECB
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat Landscape
Melbourne IT
 

Tendances (20)

Beating Sophisticated Attackers at Their Game Using AWS
Beating Sophisticated Attackers at Their Game Using AWSBeating Sophisticated Attackers at Their Game Using AWS
Beating Sophisticated Attackers at Their Game Using AWS
 
Security on a budget
Security on a budget Security on a budget
Security on a budget
 
How to build a cyber threat intelligence program
How to build a cyber threat intelligence programHow to build a cyber threat intelligence program
How to build a cyber threat intelligence program
 
Cyber Attacks aren't going away - including Cyber Security in your risk strategy
Cyber Attacks aren't going away - including Cyber Security in your risk strategyCyber Attacks aren't going away - including Cyber Security in your risk strategy
Cyber Attacks aren't going away - including Cyber Security in your risk strategy
 
Why_TG
Why_TGWhy_TG
Why_TG
 
Proactive Counterespionage & Business Continuity / Resiliency
Proactive Counterespionage & Business Continuity / ResiliencyProactive Counterespionage & Business Continuity / Resiliency
Proactive Counterespionage & Business Continuity / Resiliency
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomware
 
IT Security for Nonprofits
IT Security for NonprofitsIT Security for Nonprofits
IT Security for Nonprofits
 
InfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AInfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 A
 
Cyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksCyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber Shocks
 
ISC2014 Beijing Keynote
ISC2014 Beijing KeynoteISC2014 Beijing Keynote
ISC2014 Beijing Keynote
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
 
Resilience is the new cyber security
Resilience is the new cyber securityResilience is the new cyber security
Resilience is the new cyber security
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat Landscape
 
Cyber Security Awareness Month 2017-Wrap-Up
Cyber Security Awareness Month 2017-Wrap-UpCyber Security Awareness Month 2017-Wrap-Up
Cyber Security Awareness Month 2017-Wrap-Up
 
Keeping Secrets on the Internet of Things - Mobile Web Application Security
Keeping Secrets on the Internet of Things - Mobile Web Application SecurityKeeping Secrets on the Internet of Things - Mobile Web Application Security
Keeping Secrets on the Internet of Things - Mobile Web Application Security
 
Detecting Stopping Advanced Attacks
Detecting Stopping Advanced AttacksDetecting Stopping Advanced Attacks
Detecting Stopping Advanced Attacks
 
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
 

Similaire à Clear and present danger: Cyber Threats and Trends 2017

Scot Secure 2017
Scot Secure 2017Scot Secure 2017
Scot Secure 2017
Ray Bugg
 
The Rise of Ransomware As a Service
The Rise of Ransomware As a ServiceThe Rise of Ransomware As a Service
The Rise of Ransomware As a Service
Veriato
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
Empired
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)
OnRamp
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
Intergen
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
 
BIS "Is Your Company at Risk for a Security Breach?"
BIS "Is Your Company at Risk for a Security Breach?"BIS "Is Your Company at Risk for a Security Breach?"
BIS "Is Your Company at Risk for a Security Breach?"
ChristiAKannapel
 
SOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptxSOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptx
TamaOlan1
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Stephanie McVitty
 

Similaire à Clear and present danger: Cyber Threats and Trends 2017 (20)

Scot Secure 2017
Scot Secure 2017Scot Secure 2017
Scot Secure 2017
 
The Rise of Ransomware As a Service
The Rise of Ransomware As a ServiceThe Rise of Ransomware As a Service
The Rise of Ransomware As a Service
 
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
 
2015 Cyber Security
2015 Cyber Security2015 Cyber Security
2015 Cyber Security
 
Ashley Pillay- Navigating Through Cyber Security During a Cyber Pandemic
Ashley Pillay- Navigating Through Cyber Security During a Cyber PandemicAshley Pillay- Navigating Through Cyber Security During a Cyber Pandemic
Ashley Pillay- Navigating Through Cyber Security During a Cyber Pandemic
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)
 
13734729.ppt
13734729.ppt13734729.ppt
13734729.ppt
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party RiskUsing SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
 
Declaration of malWARe
Declaration of malWAReDeclaration of malWARe
Declaration of malWARe
 
BIS "Is Your Company at Risk for a Security Breach?"
BIS "Is Your Company at Risk for a Security Breach?"BIS "Is Your Company at Risk for a Security Breach?"
BIS "Is Your Company at Risk for a Security Breach?"
 
Anatomy of a Ransomware Event
Anatomy of a Ransomware EventAnatomy of a Ransomware Event
Anatomy of a Ransomware Event
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
 
Quantifying Cyber Risk, Insurance and The Value of Personal Data
Quantifying Cyber Risk, Insurance and The Value of Personal DataQuantifying Cyber Risk, Insurance and The Value of Personal Data
Quantifying Cyber Risk, Insurance and The Value of Personal Data
 
SOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptxSOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptx
 
SecurityOperations
SecurityOperationsSecurityOperations
SecurityOperations
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016
 

Dernier

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 

Dernier (20)

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 

Clear and present danger: Cyber Threats and Trends 2017

  • 1. CLEAR AND PRESENT DANGERCLEAR AND PRESENT DANGERCLEAR AND PRESENT DANGERCLEAR AND PRESENT DANGER By: Morakinyo Animasaun morakinyo@netplusng.com NETPLUS LIMITED By: Morakinyo Animasaun morakinyo@netplusng.com NETPLUS LIMITED
  • 2. IntroductionIntroduction •Clear and Present Danger is a concept of proximity, likelihood and gravity of a dangerous event •Clear and Present Danger is a test to determine whether the “thing” or threat at hand would produce an undesirable situation or consequenceproduce an undesirable situation or consequence that your organisation would want to prevent. •High-level overview of what to consider in the battle against cyber criminals and foundation for the solutions and technologies that can help you win the battle.
  • 3. Cyber Security RiskCyber Security Risk • WHOSE RISK? • In the past, cyber security risk was an IT Risk. – If it is still so, in your organisation, you– If it is still so, in your organisation, you are living in the past • CYBER SECURITY RISK is no longer just an IT Risk • CYBER SECURITY RISK is now a Business Risk
  • 4. Cyber Crime ISCyber Crime IS………… • WARFARE – Cyber criminals do not take any prisoners – Everyone is a target, no one is safe: 62% of businesses are being attacked at leastof businesses are being attacked at least weekly, while 30% are attacked daily and 10% hourly or continuously. – Data breach is still a common objective; but growing trend of business disruption.
  • 5. Cyber Crime ISCyber Crime IS………… • BUSINESS • ORGANISED - Cyber criminals, hackers and malware developers are no longer hobbyists but now part of organised crime syndicates that invest heavily in R&D (Lazarus Group, NCPH, Carbanak etc) • BIG – Over $1billion was stolen from a bank using the Carbanak exploit. More than $850 million in fraudulent SWIFT network transactions from Bangladesh Central Bank, of which $80 million has still notfrom Bangladesh Central Bank, of which $80 million has still not been recovered. – According to widely accepted estimates, cybercrime costs the world economy the sum of US $ 500 billion, only slightly less than the GDP of Nigeria (521.8 billion dollars), the largest economy in Africa. – Cybercrime estimated to cost the Nigerian economy between $ 450m - $ 500m per annum. • REWARDING - Ransomware attacks in 2016 fetched $1billion. Risk – Reward ratio is very favourable. Risk is often low and reward high
  • 6. Cyber criminals followCyber criminals follow:: • Money – Opportunity, Reward, ROI • People/ Users – the more, the merrier • Systems/Devices – the more generic, the betterbetter • Vulnerabilities – the weaker, the easier • IT trends – leverage advancement in technologies and take advantage of new trends. Cyber crime has gone cloud, mobile, blockchain and fintech.
  • 8.
  • 9. The Threat EnvironmentThe Threat Environment • Threat landscape is constantly evolving • Perimeter is being redefined • Attack surface is increasing • Cyber criminals capabilities are improving• Cyber criminals capabilities are improving • Cyber criminals are getting better access to technology and resources • Cyber Security teams are overwhelmed and lagging behind
  • 10. Current RealitiesCurrent Realities • Volume – Over 340,000 new exploits are released in the wild daily. • Speed – Agility, quickness of cyber criminals in taking advantage of vulnerabilities, new developments, trends and technologies. Day 1 vulnerabilities more widespread than Day 0. • Sophistication – Advanced, Complex e.g. polymorhpic malware • Collaboration – Unholy alliances, Dark Web, Cloud, MaaS, AaaS, FaaS• Collaboration – Unholy alliances, Dark Web, Cloud, MaaS, AaaS, FaaS • Innovation – Cyber criminals are investing part of their loot on R & D • Severity – in losses and damages • Customisation – Targetted attacks, customised malware, spear phishing, increase in banking malwares • Persistence – continuos attack on some businesses • Anonymity – Obfuscation, Stealth, TOR, Cryptocurrency,
  • 11. Rise of MobileRise of Mobile Malware andMalware and RansomwareRansomware • Mobile financial threats written with the intention of stealing money are among the top 10 malware exploits. • 638 million ransomware attacks in 2016. In 2017, Kaspersky detected programs ofIn 2017, Kaspersky detected programs of this sort in over 200 countries and territories. • Africa, with the rapid growth of its mobile banking sector, is particularly vulnerable to this sort of evolution.
  • 12. What to expect in 2018? ATM AttacksATM Attacks Social EngineeringSocial EngineeringHighHigh--end mobileend mobile malwaremalware FraudFraud--asas--aa--ServiceServiceData BreachesData Breaches
  • 13. What to expect in 2018? • More, More, More and New. – Sophisticated, complex attacks – Targetted attacks – Business disruption – Data breaches – Ransomware– Ransomware – Social engineering – Account takeover – Cyber crime collaboration – Cyber crime innovation – Fraud-as-a-Service – ATM attacks • 2017 on a greater scale
  • 14.
  • 15. RECOMMENDED APPROACH TO CYBER SECURITY
  • 16. • What is clear to the EAGLE may not be clear to the BAT • What is clear to the SnellenSnellen ChartChart • What is clear to the EAGLE during the day may not be so clear at NIGHT
  • 17. Ability toAbility to See/ VisibilitySee/ Visibility
  • 19. The Hawk and the Mother HenThe Hawk and the Mother Hen • Can your organisation recognise the manoeuvres of cyber criminals before the attempt is made? • Every organisation needs to acquire or develop ability to correctly interpretdevelop ability to correctly interpret threat data and activity logs • You need DETECTION, PREDICTIVE and RESPONSE capabilities in order to survive and avoid becoming a victim in the current threat landscape.
  • 20. Game of Chess or War Game?Game of Chess or War Game?
  • 21. Ability to PredictAbility to Predict Who wins?Who wins?
  • 22. Is your InfoSec organisation comparable to Who wins?Who wins? Is your InfoSec organisation comparable to the majority of chess players, a good chess player or a grandmaster? Do you have the ability to PREDICT your opponent’s next move, DETECT an attack and RESPOND to PREVENT disruptions or losses.
  • 23. Winning Approach to Cyber SecurityWinning Approach to Cyber Security •Stay a step ahead of cyber threats •Multi-pronged, multi-layer security •Adaptive Security oPredictoPredict oPrevent oDetect oRespond •Collaborative •Responsive
  • 24. RecommendationsRecommendations Gain visibility into your Infrastructure and the threat environment you are operating in. Leverage the combined power of human and machines by using AI, ML and DL with the deep expertise of a global research and analysis team. Kaspersky Lab has aglobal research and analysis team. Kaspersky Lab has a unique approach called Hu-machine. Train the eyes that are looking Incident response – Incident Response Planning, Incident response Drill, Incident Response Automation, Incident Response review - delay can be costly
  • 25. SolutionsSolutions • Intelligence Services: Threat Feeds • Intelligence Services: Cybersecurity Education • Intelligence Services: Incident investigation • Intelligence Services: Botnet Threat Tracking • Anti-APT• Anti-APT • SOC Security Operations Centre • Security Awareness Training • Penetration Testing • Vulnerability Assessment
  • 26. KasperskyKaspersky SolutionsSolutions • EDR - Kaspesrky Endpoint Detection and Response • KATA - Kaspersky Anti-Targetted Attack • SoC – Security Operations Centre• SoC – Security Operations Centre • Encryption Security • Security for Virtualisation • Security for Storage • Threat Intelligence
  • 27. Other SolutionsOther Solutions • Wombat interactive training modules for Information Security Awareness programme • Educating Users to Improve Awareness, Change Behaviors, and Reduce risk to your organization – help your employees understand security threats andthreats and – make the right decisions when face-to-face with security threats • Assess, Educate, Reinforce, Measure. • The training modules can be used independently and serve as the centerpiece of your Security Awareness programme
  • 28. Other SolutionsOther Solutions • GigaSECURE • GigaVUE – help your organisations gain visibility and insight into your infrastructure and securityinsight into your infrastructure and security threats
  • 29. ConclusionConclusion • Let’s talk about your Cyber Security challenges, needs etc. • Contact Netplus - answers@netplusng.com as your Information Security partner • www.netplus.ng
  • 30. Thank YouThank YouThank YouThank You www.netplus.ng