Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

PITA Technical and Business Session: Cybersecurity outside the office

189 vues

Publié le

APNIC Security Specialist Jamie Gillespie gives a presentation at the PITA Technical and Business session, held online on 10 Juen 2020, on 'Cybersecurity outside the office' on the changes to traditional cybersecurity, the challenges around technology, and the less-discussed threats around the people and processes, and how those need to adapt as well.

Publié dans : Internet
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

PITA Technical and Business Session: Cybersecurity outside the office

  1. 1. 1 Cybersecurity Outside the Office Jamie Gillespie, APNIC PITA Technical and Business Forum – 10 June 2020
  2. 2. Layers of Cybersecurity 2 PEOPLE PROCESS TECHNOLOGY
  3. 3. Layers of Cybersecurity 3 PEOPLE PROCESS TECHNOLOGY
  4. 4. Technology • Easiest one to think about: routers, firewalls, VPN • Authentication also critical, as we can no longer rely upon the local office network as a sign of being “trusted” – 2 Factor Authentication (2FA) vs Multi Factor Authentication (MFA) • U2F, FIDO, Yubikey • Google Authenticator, TOTP • SMS • Why is this important? – haveibeenpwned.com 4
  5. 5. Have YOU been pwned? 5
  6. 6. Technology • Exposed services on public IP addresses – Remote Desktop Protocol (RDP) – SSH (with password authentication) – Previously internal-only servers • Centralised security solutions, but distributed workers – Need to rethink how to protect computers outside the office – VPN may allow this, but what about when they’re not connected? 6
  7. 7. Technology • Cybersecurity is sometimes viewed as a sliding scale • During a crisis, some changes are implemented for usability of staff and customers • These changes may need improvements or even rollback once the smoke clears 7
  8. 8. Layers of Cybersecurity 8 PEOPLE PROCESS TECHNOLOGY
  9. 9. Process • You had a Business Continuity Plan…. right? 9
  10. 10. Process • Some office processes don’t translate to remote working – Walk-up questions for IT and Cybersecurity – Face to face approvals for business and finance • Policies and procedures can lag behind during major changes to working conditions, especially during a crisis • Flagging tactical decisions for strategic review later 10
  11. 11. Layers of Cybersecurity 11 PEOPLE PROCESS TECHNOLOGY
  12. 12. People • Under additional stress when moving to working remotely • It’s harder to check up on the mental health of staff • Working from home feels different to working in an office • Less physical oversight, less IT monitoring • Confused with new and changing systems or procedures 12
  13. 13. People • People have their own working procedures, and they usually aren’t documented, communicated, or approved – Who prints off every email? – Who saves important documents on their laptop? – Who uses Skype/Teams/Zoom/WebEx/Hangouts/WhatsApp/……? – Who uses their personal phone or computer for work? – Who lets their family and friends use their work laptop? 13
  14. 14. Summary • Remote working has been getting easier and more common • Rethink securing your networks and data • Keep your policies and procedures current • Rethink managing and monitoring your users • Re-review all changes, and don’t be afraid to make adjustments or roll back • Get an external review of your security, from all angles – People, Process, Technology 14
  15. 15. Questions? https://NFH.APNIC.NET Oceania conference on 4 August 2020 15