information security 2018: evolution/cost reduction paradox...title: sector_2018_info security and...

10/13/18

1

Copyright © 2018 Symantec Corporation SYMANTEC CONFIDENTIAL – INTERNAL USE ONLY

Information Security 2018: Evolution/Cost Reduction Paradox

SECTOR 2018

Ajay K. Sood@akssecure


Organizations in 2018…

2

…now collect and are store more data than ever…

… in more places than they’ve ever had it.

Creating a “follow the data” problem

ServersSecure Data

Centres

Cloud Applications

10/13/18

2


Follow the Data…

3

All this data needs to be:

… SECURELY

Created / Collected Stored Controlled Destroyed


Follow the Data…

4

• The human and financial costs of creating, storing, destroying and following this data are greater than they have ever been

• Increased threat sophistication and persistence targeting data, exposing weaknesses in data security infrastructure and processes

• Movement toward cloud infrastructure simplifies IT, while complicating the problem

• This evolving data footprint is compounded by numerous evolution trends in cybercrime

10/13/18

3


Evolution…

5

Infrastructure Attacks Cyber-Capitalization Countermeasures Regulatory

Climate


Direct Connect Creates Expanded Networks to ProtectThe Expanding Network

RegionalOffice

Headquarters Data Center

RoamingUsers

Security StackSSL Encryption

6

SSL Encryption

SSL Encryption

10/13/18

4


Evolution… of Attacks

7

Infrastructure(DDoS, Websites,

Networks)

Data(Database Dumps,

Destruction, Disclosure)

Individual(Identity Theft,Spear Phishing)


Multi-Phased and Multi-Staged Attacks

RegionalOffice

Headquarters Data Center

RoamingUsers

Security Stack

SSL Encryption

SSL Encryption

SSL Encryption

8

10/13/18

5


Evolution… of Capitalization

9

Financial Intellectual Political Personal / Human


Evolution… of Countermeasures

10

Tools Human-basedEyes on glass

SOCS

ModernIntelligence

Analytics/Big DataAI

10/13/18

6


Evolution… of Regulatory Climate

11

Breaches Lawsuits Legislation (GDPR, DPA)

Trial by social media


Less Money, More Problems

12

• Rising IT and data centre costs• Rare and expensive IT Security personnel• Training Costs• Certification Costs• Turnover

• Push to Cloud / MSP• Increased threat sophistication and persistence targeting data, exposing weaknesses in

data security infrastructure and processes

10/13/18

7


Less Money, More Problems

13

Gartner's experience is that many organizations simply do not know their security budget. This is partly because few cost accounting systems break out security as a separate line item, and many security-relevant processes are carried out by staff who are not devoted full-time to security, making

it impossible to accurately account for security personnel. In most instances, the chief information security officer (CISO) does not have

insight into security spending throughout the enterprise.

‘‘

‘‘


The Paradox

14

How do organizations succeed ?

More threats

More data

More attack vectors

(Email, Social, Mobile, App)

More regulation

More complex

data footprint

Less budget

Less time

Less staff

10/13/18

8


Accept the Paradox

15

• Accept Cybersecurity in the executive boardroom

• Accept the inevitability of failure• Explore Cyber-Armageddon

• Have appropriate response plans/teams

• Red team/Executive table-top

• Accept the adversary is formidable

• Intelligence – Consume only what you understand

• Outsource carefully and appropriately• Understand the (shared) responsibility

• Understand the output

• Augment your team and abilities – not replace


Thank you!

Ajay K. Sood@akssecure

information security 2018: evolution/cost reduction paradox...title: sector_2018_info security and...

Documents