The online adult entertainment industry understands cyber security better than most due to the "war zone" nature of their business online. They embrace new technologies, rigorously follow security best practices, and implement strict security policies to protect sensitive customer data and their systems from constant attacks. Other industries can learn important cyber security lessons around processes, people and technologies from how the online adult industry approaches security.
2. A simple, easy to use, online, B2B procurement
portal for purchasing products and services to
identify, minimise and manage the security
threat to business data.
www.riskfactory.com
3. Legal Disclaimer
The information contained in this presentation is for general guidance on matters of interest only. The application and impact of laws can vary widely based on the specific facts involved. Given the
changing nature of laws, rules and regulations, and the inherent hazards of electronic communication, there may be delays, omissions or inaccuracies in information contained in this presentation.
Accordingly, the information on this presentation is provided with the understanding that the audience is not herein engaged in rendering law enforcement, legal, accounting, tax, or other
professional advice and services. Before making any decision or taking any action, you should consult a professional.
While we have made every attempt to ensure that the information contained in this presentation has been obtained from reliable sources, Orthus is not responsible for any errors or omissions, or for
the results obtained from the use of this information. All information in this presentation is provided "as is", with no guarantee of completeness, accuracy, timeliness or of the results obtained from
the use of this information, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, merchantability and fitness for a particular purpose. In no
event will Orthus its related partnerships or corporations, or the partners, agents or employees thereof be liable to you or anyone else for any decision made or action taken in reliance on the
information in this presentation or for any consequential, special or similar damages, even if advised of the possibility of such damages. Certain links in this presentation connect to other
presentations maintained by third parties over whom Orthus has no control. Orthus makes no representations as to the accuracy or any other aspect of information contained in the speaker's
words.
This statement explains how we may collect and use information about you through our presentation. If you have any questions about our privacy policies, want to exercise your right to see a copy
of the information that we hold about you, or think that information we hold about you may need to be corrected, please click here to send an email to our solicitor
As you would expect, we monitor visits to our presentation, principally so that we can make sure that it is easy to navigate, identify the areas that are of particular interest to visitors and generally
improve the presentation and our services. The information that we collect in this process will not identify you as an individual, however - we do not seek to identify individual visitors unless they
volunteer their contact details through one of the forms on the presentation. In some circumstances our records will identify organisations visiting our presentation and we may use that information
in managing our relationship with those organisations - for example, in considering how to develop the services that we offer them. In common with most presentations, our presentation uses
cookies - small data files which are downloaded to your computer so that we can recognise that your computer has presentation the presentation before. We do not use cookies to identify you, just
to improve your experience of the presentation - for example, by allowing the presentation to remember your bookmarks and language preference. You can if you wish set your Internet browser so
that it will not automatically download cookies - this will not prevent you from using our presentation. The exact steps necessary to block cookies vary from browser to browser. They are generally
explained in the "Help" section of the browser. Various forms on our presentation invite you to submit your contact details and other information about yourself or your organisation, or to send us
emails which will, of course, also identify you. In each case, the purpose for which you are invited to give us information is clear and we also indicate which of the requested information is essential
for the relevant purpose and which is optional - fields for essential information are marked with an asterisk. If we propose to use your details to send you information from Orthus about events or
legal developments which we believe may be of interest to you (other than information that you have specifically requested), we give you an opportunity to tell us that you do not wish to receive
such information by ticking a box. We will not use your information for purposes that are not clear when you provide your details, and will not disclose it outside Orthus, except in very limited
circumstances - for example, with your agreement or where we are legally obliged to do so.
Orthus operates as a single firm, but it works through various local legal entities. These entities, which are all ultimately controlled by the same group of partners, are identified in the Locations
section of our presentation. When you provide information through the presentation you will be providing it to Orthus as a whole, and should be aware that it may be accessed from countries whose
laws provide various levels of protection for personal data, not always equivalent to the level of protection that may be provided in your own country.
The information materials and opinions contained on this presentation are for general information purposes only, are not intended to constitute legal or other professional advice, and should not be
relied on or treated as a substitute for specific advice relevant to particular circumstances. Neither Orthus not any other Orthus entity accepts any responsibility for any loss which may arise from
reliance on information or materials published on this presentation. If you wish to find out more about the information in the materials published, please contact a Orthus partner.
Certain parts of this presentation link to external internet presentations, and other external internet presentations may link to this presentation. Orthus is not responsible for the content of any
external internet presentations. The materials contained on this web presentation are provided for general information purposes only and do not constitute legal or other professional advice. Neither
Orthus nor any other Orthus entity accepts any responsibility for any loss which may arise from reliance on information published on this presentation.
The materials published on this presentation are unless otherwise stated the copyright works of Orthus. You may make copies of materials published which are of interest to you for your own
personal use and you may also provide occasional copies to others for information purposes only provided that you do so free of charge and the copies do not comprise substantial parts of the
presentation. When you do make copies for yourself or others, the content of the published material and the copyright notices must remain intact, your communication of the content must not be
misleading or inaccurate and a copy of this notice must accompany any copies of the materials which you provide to others. No other use of the materials published on this presentation is permitted
without the express prior written consent of Orthus."
4. Agenda
"On the internet, you're either our client - or
our enemy."
CIO - U.K. 2nd Largest On-Line Adult Entertainment Provider
5. Sex Sells
The global on-line adult
entertainment industry
revenue in 2009 was
estimated at over:
97 billion dollars US
6. Really Sells
Last year alone more than 80,000 major adult
web sites each generated profits more than 1
billon.
7. Got the Time Sailor?
Every second: £3,975.24 is being spent on pornography
Every second: 79,258 Internet users are viewing
pornography
Every second: 872 Internet users are typing adult
search terms into search engines
Every 39 minutes: A new pornographic video is created
in the United States
8. Looking for Love
The number one search
term used in search engine
sites =
9. Open All Night
52% internet users view
porn
35% of all downloads are
pornographic
Last count there were 4.2
million websites offering
adult content (472 million
pages of content)
An estimated 2.8 billion emails are sent daily
(Averaging 4.5 per user per day)
10. Men Love It
69% visitors to adult sites are men
20% of men admit to accessing porn at work
20% of men admit they may be addicted to
porn
11. Women Love It
31% visitors to adult
sites are women
13% of women admit to
accessing porn at work
17% of women admit
they may be addicted
to porn
70% of women keep
their cyber activities
secret
12. "A" Levels
63% of University students admitted to
having sex in front of live web cams and
using live chat rooms
87% of University
students admitted to
routinely accessing
adult content sites
13. Skin in the Game
Recognised as the first industry to understand
how to generate and sustain revenue from the
internet
The on-line adult
entertainment
industry has grew
twenty fold since
1999
14. The Good
Direct:
Broadband
Streaming media
Fee based services
Geo location software
Segmented content
3G mobile apps
Indirect:
VHS Video Players
Camcorders
DVDs
Pay per View
Satellite TV
Interactive TV
15. Agenda
Porn drives each new "convenient" visual
technology
Each high-tech advance takes porn closer to
solving their big marketing problem:
The Shame Factor
Porn: Demand high Technology: Driven
but doesn't travel by demand
well
16. The Bad
SPAM
Viruses
Trojans
Botnets
Spyware
Key loggers
Adware
Worms
Pop-up adverts
Redirects
JavaScript catchers
18. The Price of Popularity
“As an industry, adult entertainment
websites are the most prominent and
lucrative targets for freelance hackers
today and attract the largest number of
organised vigilante cyber groups on line”.
Associated Press 2010
23. Indecent Exposure
California State Senate Bill 1386
mandated public disclosure of the
loss of personal data as of April 20,
2005 (name, sex, DOB, address
etc…)
Subsequently adopted more than 40 States
27. 1st Lesson
It’s a war out there!
• The Internet is a battle field
• No rules of war
• You must adapt the mind set of a soldier
• Training is key to understand how you will act
under fire
• All fire is “live” fire
• Don't show up to a gun fight with a knife
• Assume your adversary is a professional
• Prepare accordingly
• Only the strong survive
28. Lesson 2
Embrace technology
• Mind set of technology pioneers
• Not afraid to try/use new technology
• New technology = harder target
• New technology = security asset
• If they don’t see it in the market, they
build it
• Dual technology security devices /
defences
• Security starts at the application
• Testing freaks!
29. Lesson 3
They're called "fundamentals" for a reason
• Rigidly apply best practices, 0 tolerance
• Process over product
• Load balance, fail over, DR sites
• Button downed, routinely tested
architectures
• First adopters of 24/7/365 VA scanning
• SDLC zealots
• Change management a security
responsibility
• Patch management mission critical
30. Lesson 4
Protect the crown jewels
• Client data = crown jewels
• Data discovery 24/7
• Real time network mapping
• One server - one function
• Practice network separation and
segmentation
• Implement honey pot architectures
• Triple DMZ architectures
• Encrypted databases at rest – prohibit
mobility
• Real time IPS’
• First adopters of attacking the attackers
31. Lesson 5
Good fences make good neighbours
• No remote connections
• No third party connections
• No remote PC
• No peer to peer connections
• No file sharing
• No remote system maintenance
• No VPN connections to back office systems
• No wireless subnets…
• All 3rd party agreements levy corporate
security policies/procedures
32. Lesson 6
Trust no one
• Openly acknowledged
• Flat lined security program: One size fits
all
• No one holds universal privileges
• Three man rule for admin or policy changes
• Employee pre-screening and post checks
(credit / criminal checks)
• Active & intense employee monitoring
• Post employment confidentiality
agreements
33. Lesson 7
Top down security
• Lead by example
• Entire Board rated on security
• Corporate culture realised
• Security is an “asset” rather than a liability
• All policies tied to people
• People tied to policies and product (site)
• Strong and consistent security awareness
programs
• One strike and you’re out
34. Lesson 8
Pay your people well
• Employees “extremely” well paid
• Developers and Administrators well above
• At least 25% above market rate
• Pay for training
• Pay for certifications
• Bonuses for identifying potential problems
• Bonuses for identifying solutions
• Bonuses for zero losses
• Performance bonuses
35. Lesson 9
Do not write a policy you can’t enforce
• If you talk the talk you have to walk the
walk
• Security program transparent
• Stripped down polices focus the mind
• Compliance required by employment
contract
• Monitor ALL employees
• Remove violators
• Practice the “walk of shame”
• Prosecute violators
36. Lesson 10
If it ain’t broke, don’t fix it!
• Take time to quantify a security issue
• What are we trying to protect? Why? Can
we protect it? What happens if we fail?
• Not worried about “nuisances”
• Don't look to the market to tell you the
threats to your business
• Don’t rush out to by point products
• All security spend is benchmarked against
quantifiable ROI to the business mission
• If you can’t measure it, it doesn’t exist
37. Homework
1. It’s a war zone
2. Embrace technology
3. Fundamentals for a reason
4. Protect the crown jewels
5. Fences make good neighbours
6. Trust no one
7. Top down security
8. Pay your people well
9. Don’t write a policy you can’t enforce
10. If it ain't broke, don't fix it.