SlideShare a Scribd company logo

presCyberNISC2015

Denis Philippe
Denis Philippe
1 of 23
Download to read offline
Jersey Financial Services Commission The Impact of an Evolving Cyber Landscape in an e-Enabled Commission
The Impact of an Evolving Cyber Landscape in an e-Enabled Commission Denis Philippe Deputy Director - ICT Introduction Presentation What is the landscape? Who are we protection against? What is changing? What can we control? What are we doing? What about the local aspect? Summary Questions Agenda Introduction
What is the landscape? The Impact of an Evolving Cyber Landscape in an e-Enabled Commission
The Impact of an Evolving Cyber Landscape in an e-Enabled Commission A general increase in the volume and complexity of risks across threat actors. You can beat the bad things if you train for it. Protection is going to cost and some one has to pay. Standards and collaboration are going to be key. Escalation is starting to occur with a move from theft to destruction. Most organisations have little response capability Most have NOTHING in the recovery capability We operate on technology that was built in the age of trust, for scientific purposes. There is no embedded security risk mitigation. Increasing Complexity What is the landscape?
The Impact of an Evolving Cyber Landscape in an e-Enabled Commission Subjected to approximately 3,800 network security attack attempts DAILY Processes over 5,000 emails per day. With up to 34% of inbound traffic being rejected due to identified threats. Website screening prevents access to high risk content. (< 0.1% traffic) What Happens To The Commission What is the landscape?
Who are we protecting against? The Impact of an Evolving Cyber Landscape in an e-Enabled Commission
The Impact of an Evolving Cyber Landscape in an e-Enabled Commission “Al Qaeda have called for terror attacks on the financial services sector.” “They are not very good at it but they are getting better.” John P Carlin Assistant Attorney General for National Security, US DoJ State Actors Political tool – Low cost, low impact (at present) Corporate Actors Intellectual property theft and market manipulation FBI have identified that IP theft at $100B per year Criminal Actors Fraud / Terrorism / Hacktivists The Actors Who are we protecting against?
The Impact of an Evolving Cyber Landscape in an e-Enabled Commission Sony Attack 2014 Sony were initially seen as the bad guys. After attribution the sentiment was deflected to the suspected attacker. Who attacked you? Knowing who attacked you is important It is becoming easier to identify the source Understanding what they wanted or did Attribution Who are we protecting against?
What is changing? The Impact of an Evolving Cyber Landscape in an e-Enabled Commission
The Impact of an Evolving Cyber Landscape in an e-Enabled Commission Everything… 25 years ago, what we valued was 98% physical. Today, what we value is 99% digital. We went forward without thinking of the consequences. Historically most targets have been Intellectual Property or Financial Theft. Significant shift to physical threats. The risk to air travel isn’t liquids, it’s now devices. Privacy vs Security. Personal data held by private entities far outstrips that of government. What is changing?
The Impact of an Evolving Cyber Landscape in an e-Enabled Commission 80 – 90% of attacks can be prevented by patching. Breaches take time to detect, 60% of data loss occurs within the first few hours of a breach. A change in mind set is required. Stop using fear as a lever to getting funding. Stop spending 90% on front facing security measures. Security as a business benefit. Security resilience – can you detect an intrusion and contain and stop it before they achieve their objective. Collaboration and sharing on incidents and approaches will improve the success when defending systems and digital assets. Technology What is changing?
What can we control? The Impact of an Evolving Cyber Landscape in an e-Enabled Commission
The Impact of an Evolving Cyber Landscape in an e-Enabled Commission Using the internal network as a sensor, to assist with detecting internal threats. Building a network environment where technologies work together not in isolation. Perimeter Network Environments Systems Our Own Environment - Technology What can we control?
The Impact of an Evolving Cyber Landscape in an e-Enabled Commission Information Management based on ISO 27001 Lord Chancellors Code of Practice on the management of records issued under section 476 of the Freedom of Information Act 2000 Best practices built into a new EDRMS Preparing for FOI Opportunity to understand our data assets Dispose of information that we no longer need Our Own Environment - Processes What can we control? Create Use Dispose Archive Records
The Impact of an Evolving Cyber Landscape in an e-Enabled Commission Dispelling the myth that the IT department sort it all out with technology. There are multiple threat vectors, all need defending. Threat Awareness Understanding what can happen and how. Data Leakage Awareness of the responsibility. Social Engineering How they may be targeted. Testing Are they effective security assets. Our Own Environment - People What can we control?
What are we doing? The Impact of an Evolving Cyber Landscape in an e-Enabled Commission
The Impact of an Evolving Cyber Landscape in an e-Enabled Commission Building Add image here Building with security as a base requirement. Designing new portals with interoperable user authentication and authorisation tools. Revising security model to align with ISO27032. What are we doing?
The Impact of an Evolving Cyber Landscape in an e-Enabled Commission Building What are we doing? Developing a new platform environment with security baked in from the start. Delivering joined up services. Delivering new Registers from a common platform. (SIR, JAR) Move to more services online. Increased surface area requires a different approach to security.
The Impact of an Evolving Cyber Landscape in an e-Enabled Commission Maintaining Complacency is a major threat. Continual evolution and horizon scanning is necessary to keep up, let alone get ahead! Upgrading infrastructure Patching networks and systems (no 1 threat is unpatched systems) Monitoring activity and alerts Trend analysis What are we doing?
The Impact of an Evolving Cyber Landscape in an e-Enabled Commission Educating & Supporting Complexity is frightening people to the point of disempowerment. We need to support and promote understanding and simplification. Training technical team members Training end users on information management risk Testing the training – reinforcing the learning with testing Providing advice What are we doing?
What about the local aspect? The Impact of an Evolving Cyber Landscape in an e-Enabled Commission
The Impact of an Evolving Cyber Landscape in an e-Enabled Commission With an eye on the digital future of Jersey. Is there a need to ensure that cyber security is embedded as a pre-requisite to doing business? Is there a place for cyber in the regulatory framework? Who should set and monitor any local standards? Should the standards be scalable? Key discussion points: An agreed cyber standard for financial services sector. Apply existing international standards. Guidelines for consumers and industry. The need for a minimum standard. Build a collaborative environment to discuss real-time cyber incidents and issues. Island Opportunity What about the local aspect?
The Impact of an Evolving Cyber Landscape in an e-Enabled Commission Questions

Recommended

Cyber Secuirty Visualization
Cyber Secuirty VisualizationCyber Secuirty Visualization
Cyber Secuirty VisualizationDoug Cogswell
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?PECB
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistancePaul-Charife Allen
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesAlex Rudie
 
Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?PECB
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet accenture
 
Halvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber WebinarHalvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber WebinarHalvorsen on Risk
 
Models of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber ConflictModels of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber ConflictZsolt Nemeth
 

Recommended

Cyber Secuirty Visualization
Cyber Secuirty VisualizationCyber Secuirty Visualization
Cyber Secuirty VisualizationDoug Cogswell
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?PECB
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistancePaul-Charife Allen
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesAlex Rudie
 
Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?PECB
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet accenture
 
Halvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber WebinarHalvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber WebinarHalvorsen on Risk
 
Models of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber ConflictModels of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber ConflictZsolt Nemeth
 
Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Don Grauel
 
OS17 Brochure
OS17 BrochureOS17 Brochure
OS17 BrochureDominic Vogel
 
Disaster Risk Management in the Information Age
Disaster Risk Management in the Information AgeDisaster Risk Management in the Information Age
Disaster Risk Management in the Information Ageglobal
 
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...Papadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD
 
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final ReportPhil Agcaoili
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexIBM Security
 
Auckland (ISC)2 Chapter - Building the ‘Bob Semple Cyber Tank'
Auckland (ISC)2 Chapter - Building the ‘Bob Semple Cyber Tank'Auckland (ISC)2 Chapter - Building the ‘Bob Semple Cyber Tank'
Auckland (ISC)2 Chapter - Building the ‘Bob Semple Cyber Tank'Chris Hails
 
Cert adli wahid_iisf2011
Cert adli wahid_iisf2011Cert adli wahid_iisf2011
Cert adli wahid_iisf2011Directorate of Information Security | Ditjen Aptika
 
Maritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
Maritime Cyber Security-Κυβερνοασφάλεια και ΝαυτιλίαMaritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
Maritime Cyber Security-Κυβερνοασφάλεια και ΝαυτιλίαPapadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD
 
December ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security PresentationDecember ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security Presentationwhmillerjr
 
Cyber Influence Operations
Cyber Influence OperationsCyber Influence Operations
Cyber Influence OperationsPapadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to knowNathan Desfontaines
 
IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Securityinside-BigData.com
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsEnergySec
 
2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew Rosenquist2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew RosenquistMatthew Rosenquist
 
Six Irrefutable Laws of Information Security
Six Irrefutable Laws of Information SecuritySix Irrefutable Laws of Information Security
Six Irrefutable Laws of Information SecurityIT@Intel
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Hamisi Kibonde
 
Pivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityPivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityMatthew Rosenquist
 
Cyber security
Cyber securityCyber security
Cyber securityVaibhav Jain
 
Why Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityWhy Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityHackerOne
 
Alexander Gelman and influences
Alexander Gelman and influencesAlexander Gelman and influences
Alexander Gelman and influencesKaitlin Hanger, Ph.D.
 
Gestalt &amp; single image composition for designers
Gestalt &amp; single image composition for designersGestalt &amp; single image composition for designers
Gestalt &amp; single image composition for designersKaitlin Hanger, Ph.D.
 

More Related Content

What's hot

Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Don Grauel
 
Disaster Risk Management in the Information Age
Disaster Risk Management in the Information AgeDisaster Risk Management in the Information Age
Disaster Risk Management in the Information Ageglobal
 
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final ReportPhil Agcaoili
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexIBM Security
 
Auckland (ISC)2 Chapter - Building the ‘Bob Semple Cyber Tank'
Auckland (ISC)2 Chapter - Building the ‘Bob Semple Cyber Tank'Auckland (ISC)2 Chapter - Building the ‘Bob Semple Cyber Tank'
Auckland (ISC)2 Chapter - Building the ‘Bob Semple Cyber Tank'Chris Hails
 
December ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security PresentationDecember ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security Presentationwhmillerjr
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to knowNathan Desfontaines
 
IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Securityinside-BigData.com
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsEnergySec
 
2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew Rosenquist2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew RosenquistMatthew Rosenquist
 
Six Irrefutable Laws of Information Security
Six Irrefutable Laws of Information SecuritySix Irrefutable Laws of Information Security
Six Irrefutable Laws of Information SecurityIT@Intel
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Hamisi Kibonde
 
Pivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityPivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityMatthew Rosenquist
 
Why Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityWhy Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityHackerOne
 

What's hot (20)

Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012
 
OS17 Brochure
OS17 BrochureOS17 Brochure
OS17 Brochure
 
Disaster Risk Management in the Information Age
Disaster Risk Management in the Information AgeDisaster Risk Management in the Information Age
Disaster Risk Management in the Information Age
 
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
 
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence Index
 
Auckland (ISC)2 Chapter - Building the ‘Bob Semple Cyber Tank'
Auckland (ISC)2 Chapter - Building the ‘Bob Semple Cyber Tank'Auckland (ISC)2 Chapter - Building the ‘Bob Semple Cyber Tank'
Auckland (ISC)2 Chapter - Building the ‘Bob Semple Cyber Tank'
 
Cert adli wahid_iisf2011
Cert adli wahid_iisf2011Cert adli wahid_iisf2011
Cert adli wahid_iisf2011
 
Maritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
Maritime Cyber Security-Κυβερνοασφάλεια και ΝαυτιλίαMaritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
Maritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
 
December ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security PresentationDecember ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security Presentation
 
Cyber Influence Operations
Cyber Influence OperationsCyber Influence Operations
Cyber Influence Operations
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to know
 
IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Security
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
 
2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew Rosenquist2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew Rosenquist
 
Six Irrefutable Laws of Information Security
Six Irrefutable Laws of Information SecuritySix Irrefutable Laws of Information Security
Six Irrefutable Laws of Information Security
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)
 
Pivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityPivotal Role of HR in Cybersecurity
Pivotal Role of HR in Cybersecurity
 
Cyber security
Cyber securityCyber security
Cyber security
 
Why Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityWhy Executives Underinvest In Cybersecurity
Why Executives Underinvest In Cybersecurity
 

Viewers also liked

Gestalt &amp; single image composition for designers
Gestalt &amp; single image composition for designersGestalt &amp; single image composition for designers
Gestalt &amp; single image composition for designersKaitlin Hanger, Ph.D.
 
Spender eden seminar cph sept 2013 v1
Spender eden seminar cph sept 2013 v1Spender eden seminar cph sept 2013 v1
Spender eden seminar cph sept 2013 v1jcspnder
 
Javascriptの入り口
Javascriptの入り口Javascriptの入り口
Javascriptの入り口Ai Takita
 
Cyber Security April 2016 Presentation
Cyber Security April 2016 PresentationCyber Security April 2016 Presentation
Cyber Security April 2016 PresentationDenis Philippe
 

Viewers also liked (8)

Alexander Gelman and influences
Alexander Gelman and influencesAlexander Gelman and influences
Alexander Gelman and influences
 
Gestalt &amp; single image composition for designers
Gestalt &amp; single image composition for designersGestalt &amp; single image composition for designers
Gestalt &amp; single image composition for designers
 
Spender eden seminar cph sept 2013 v1
Spender eden seminar cph sept 2013 v1Spender eden seminar cph sept 2013 v1
Spender eden seminar cph sept 2013 v1
 
Branding is
Branding isBranding is
Branding is
 
Composition
CompositionComposition
Composition
 
Social media
Social mediaSocial media
Social media
 
Javascriptの入り口
Javascriptの入り口Javascriptの入り口
Javascriptの入り口
 
Cyber Security April 2016 Presentation
Cyber Security April 2016 PresentationCyber Security April 2016 Presentation
Cyber Security April 2016 Presentation
 

Similar to presCyberNISC2015

Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatuChinatu Uzuegbu
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Rishi Singh
 
20101012 isa larry_clinton
20101012 isa larry_clinton20101012 isa larry_clinton
20101012 isa larry_clintonCIONET
 
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...Cyber Security Alliance
 
Cyber security for Developers
Cyber security for DevelopersCyber security for Developers
Cyber security for Developerstechtutorus
 
Internet threats- How to protect the Africa consumer
Internet threats- How to protect the Africa consumer Internet threats- How to protect the Africa consumer
Internet threats- How to protect the Africa consumer Self
 
Information security trends and concerns
Information security trends and concernsInformation security trends and concerns
Information security trends and concernsJohn Napier
 
Cyber Security: Most Important Aspect of a Successful Business
Cyber Security: Most Important Aspect of a Successful BusinessCyber Security: Most Important Aspect of a Successful Business
Cyber Security: Most Important Aspect of a Successful BusinessFibonalabs
 
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)Andris Soroka
 
European Cyber Security Perspectives 2016
European Cyber Security Perspectives 2016European Cyber Security Perspectives 2016
European Cyber Security Perspectives 2016Omer Coskun
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
 
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdfRakeshPatel583282
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy finalIndian Air Force
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyEnergySec
 
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09Tammy Clark
 
Future Watch: Cybersecurity market in South Africa
Future Watch: Cybersecurity market in South Africa Future Watch: Cybersecurity market in South Africa
Future Watch: Cybersecurity market in South Africa Team Finland Future Watch
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of securityMatthew Pascucci
 

Similar to presCyberNISC2015 (20)

Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatu
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
 
20101012 isa larry_clinton
20101012 isa larry_clinton20101012 isa larry_clinton
20101012 isa larry_clinton
 
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
 
Cyber security for Developers
Cyber security for DevelopersCyber security for Developers
Cyber security for Developers
 
Showreel ICSA Technology Conference
Showreel ICSA Technology ConferenceShowreel ICSA Technology Conference
Showreel ICSA Technology Conference
 
Internet threats- How to protect the Africa consumer
Internet threats- How to protect the Africa consumer Internet threats- How to protect the Africa consumer
Internet threats- How to protect the Africa consumer
 
Information security trends and concerns
Information security trends and concernsInformation security trends and concerns
Information security trends and concerns
 
Cyber Security: Most Important Aspect of a Successful Business
Cyber Security: Most Important Aspect of a Successful BusinessCyber Security: Most Important Aspect of a Successful Business
Cyber Security: Most Important Aspect of a Successful Business
 
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
 
European Cyber Security Perspectives 2016
European Cyber Security Perspectives 2016European Cyber Security Perspectives 2016
European Cyber Security Perspectives 2016
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy final
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, Anecdotally
 
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
 
Future Watch: Cybersecurity market in South Africa
Future Watch: Cybersecurity market in South Africa Future Watch: Cybersecurity market in South Africa
Future Watch: Cybersecurity market in South Africa
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
 

presCyberNISC2015

  • 1. Jersey Financial Services Commission The Impact of an Evolving Cyber Landscape in an e-Enabled Commission
  • 2. The Impact of an Evolving Cyber Landscape in an e-Enabled Commission Denis Philippe Deputy Director - ICT Introduction Presentation What is the landscape? Who are we protection against? What is changing? What can we control? What are we doing? What about the local aspect? Summary Questions Agenda Introduction
  • 3. What is the landscape? The Impact of an Evolving Cyber Landscape in an e-Enabled Commission
  • 4. The Impact of an Evolving Cyber Landscape in an e-Enabled Commission A general increase in the volume and complexity of risks across threat actors. You can beat the bad things if you train for it. Protection is going to cost and some one has to pay. Standards and collaboration are going to be key. Escalation is starting to occur with a move from theft to destruction. Most organisations have little response capability Most have NOTHING in the recovery capability We operate on technology that was built in the age of trust, for scientific purposes. There is no embedded security risk mitigation. Increasing Complexity What is the landscape?
  • 5. The Impact of an Evolving Cyber Landscape in an e-Enabled Commission Subjected to approximately 3,800 network security attack attempts DAILY Processes over 5,000 emails per day. With up to 34% of inbound traffic being rejected due to identified threats. Website screening prevents access to high risk content. (< 0.1% traffic) What Happens To The Commission What is the landscape?
  • 6. Who are we protecting against? The Impact of an Evolving Cyber Landscape in an e-Enabled Commission
  • 7. The Impact of an Evolving Cyber Landscape in an e-Enabled Commission “Al Qaeda have called for terror attacks on the financial services sector.” “They are not very good at it but they are getting better.” John P Carlin Assistant Attorney General for National Security, US DoJ State Actors Political tool – Low cost, low impact (at present) Corporate Actors Intellectual property theft and market manipulation FBI have identified that IP theft at $100B per year Criminal Actors Fraud / Terrorism / Hacktivists The Actors Who are we protecting against?
  • 8. The Impact of an Evolving Cyber Landscape in an e-Enabled Commission Sony Attack 2014 Sony were initially seen as the bad guys. After attribution the sentiment was deflected to the suspected attacker. Who attacked you? Knowing who attacked you is important It is becoming easier to identify the source Understanding what they wanted or did Attribution Who are we protecting against?
  • 9. What is changing? The Impact of an Evolving Cyber Landscape in an e-Enabled Commission
  • 10. The Impact of an Evolving Cyber Landscape in an e-Enabled Commission Everything… 25 years ago, what we valued was 98% physical. Today, what we value is 99% digital. We went forward without thinking of the consequences. Historically most targets have been Intellectual Property or Financial Theft. Significant shift to physical threats. The risk to air travel isn’t liquids, it’s now devices. Privacy vs Security. Personal data held by private entities far outstrips that of government. What is changing?
  • 11. The Impact of an Evolving Cyber Landscape in an e-Enabled Commission 80 – 90% of attacks can be prevented by patching. Breaches take time to detect, 60% of data loss occurs within the first few hours of a breach. A change in mind set is required. Stop using fear as a lever to getting funding. Stop spending 90% on front facing security measures. Security as a business benefit. Security resilience – can you detect an intrusion and contain and stop it before they achieve their objective. Collaboration and sharing on incidents and approaches will improve the success when defending systems and digital assets. Technology What is changing?
  • 12. What can we control? The Impact of an Evolving Cyber Landscape in an e-Enabled Commission
  • 13. The Impact of an Evolving Cyber Landscape in an e-Enabled Commission Using the internal network as a sensor, to assist with detecting internal threats. Building a network environment where technologies work together not in isolation. Perimeter Network Environments Systems Our Own Environment - Technology What can we control?
  • 14. The Impact of an Evolving Cyber Landscape in an e-Enabled Commission Information Management based on ISO 27001 Lord Chancellors Code of Practice on the management of records issued under section 476 of the Freedom of Information Act 2000 Best practices built into a new EDRMS Preparing for FOI Opportunity to understand our data assets Dispose of information that we no longer need Our Own Environment - Processes What can we control? Create Use Dispose Archive Records
  • 15. The Impact of an Evolving Cyber Landscape in an e-Enabled Commission Dispelling the myth that the IT department sort it all out with technology. There are multiple threat vectors, all need defending. Threat Awareness Understanding what can happen and how. Data Leakage Awareness of the responsibility. Social Engineering How they may be targeted. Testing Are they effective security assets. Our Own Environment - People What can we control?
  • 16. What are we doing? The Impact of an Evolving Cyber Landscape in an e-Enabled Commission
  • 17. The Impact of an Evolving Cyber Landscape in an e-Enabled Commission Building Add image here Building with security as a base requirement. Designing new portals with interoperable user authentication and authorisation tools. Revising security model to align with ISO27032. What are we doing?
  • 18. The Impact of an Evolving Cyber Landscape in an e-Enabled Commission Building What are we doing? Developing a new platform environment with security baked in from the start. Delivering joined up services. Delivering new Registers from a common platform. (SIR, JAR) Move to more services online. Increased surface area requires a different approach to security.
  • 19. The Impact of an Evolving Cyber Landscape in an e-Enabled Commission Maintaining Complacency is a major threat. Continual evolution and horizon scanning is necessary to keep up, let alone get ahead! Upgrading infrastructure Patching networks and systems (no 1 threat is unpatched systems) Monitoring activity and alerts Trend analysis What are we doing?
  • 20. The Impact of an Evolving Cyber Landscape in an e-Enabled Commission Educating & Supporting Complexity is frightening people to the point of disempowerment. We need to support and promote understanding and simplification. Training technical team members Training end users on information management risk Testing the training – reinforcing the learning with testing Providing advice What are we doing?
  • 21. What about the local aspect? The Impact of an Evolving Cyber Landscape in an e-Enabled Commission
  • 22. The Impact of an Evolving Cyber Landscape in an e-Enabled Commission With an eye on the digital future of Jersey. Is there a need to ensure that cyber security is embedded as a pre-requisite to doing business? Is there a place for cyber in the regulatory framework? Who should set and monitor any local standards? Should the standards be scalable? Key discussion points: An agreed cyber standard for financial services sector. Apply existing international standards. Guidelines for consumers and industry. The need for a minimum standard. Build a collaborative environment to discuss real-time cyber incidents and issues. Island Opportunity What about the local aspect?
  • 23. The Impact of an Evolving Cyber Landscape in an e-Enabled Commission Questions