Upload File

the future of computer security and cybercrime

13

Click here to load reader

Upload: craig-heath

Post on 12-Apr-2017

456 views

Category:

Technology


0 download

Report

TRANSCRIPT

Page 1: The Future of Computer Security and Cybercrime

Franklin Heath Ltd

London Futurists: The Future of Computer Security and “Cybercrime” Craig Heath

@heathcr

09 January 2016

Page 2: The Future of Computer Security and Cybercrime

© Franklin Heath Ltd c b CC BY 3.0

lawyer lawyer ✗

mathematician mathematician ✗

computer scientist ✓

security engineer ✓

futurist ?

Craig Heath

09 January 2016 2

Page 3: The Future of Computer Security and Cybercrime

© Franklin Heath Ltd c b CC BY 3.0

“Cyber”

09 January 2016 3

Image Credit: “DarkAngelDTB” from DeviantArt Image Credit: Colin Foran (DeviantArt: “nathantwist”)

Page 4: The Future of Computer Security and Cybercrime

© Franklin Heath Ltd c b CC BY 3.0

How to Predict the Future (vaguely scientifically)

09 January 2016 4

Considering trends + thought experiments Where I’m looking for trends: my experience First job in software 1977 computer security specialist since 1988

history of information security Kerckhoffs 1883 Bletchley Park 1939-45

How far away is the horizon?

Page 5: The Future of Computer Security and Cybercrime

© Franklin Heath Ltd c b CC BY 3.0

Computer Security vs. Cybercrime

09 January 2016 5

Computers used to commit “traditional” crimes Roswell Steffen 1973 (embezzlement > $1.5M)

Unauthorised use of computers Stephen Gold, Robert Schiffreen 1985 Kevin Mitnick 1987

Breaching computer security has itself become defined as a new type of crime UK Computer Misuse Act 1990 US Digital Millennium Copyright Act 2000

Page 6: The Future of Computer Security and Cybercrime

© Franklin Heath Ltd c b CC BY 3.0

Trends: What Has Stayed the Same?

09 January 2016 6

Information theory & computer science Kerckhoffs 1883 Turing 1936 Shannon 1948 Saltzer & Schroeder 1975

Passwords easy to understand and implement

Social engineering attacks c.f. “rubber-hose cryptanalysis”

Page 7: The Future of Computer Security and Cybercrime

© Franklin Heath Ltd c b CC BY 3.0

Trends: What Has Changed?

09 January 2016 7

Number of devices, connectivity and bandwidth (109) billions, always-on with multiple Mbps

“Classic” crimes have moved online e.g. confidence tricks -> phishing

“Beta culture” continual enhancement and patching

Magnification of capabilities and consequences a fix can be rolled out to millions of users a single attacker can harm millions of users

The “attribution problem” nation state or a kid in a cyber café?

Page 8: The Future of Computer Security and Cybercrime

© Franklin Heath Ltd c b CC BY 3.0

Is Computer Security Getting Better or Worse?

09 January 2016 8

I don’t know any computer security professional who would argue it’s getting significantly better

I don’t know anyone who has stopped using the Internet because it’s getting significantly worse

Hypothesis: did we reach a sort of equilibrium in the 1990s that is acceptable to society, now maintained by governments and market forces?

Page 9: The Future of Computer Security and Cybercrime

© Franklin Heath Ltd c b CC BY 3.0

What Influences Might Tip the Balance? – 1. Downside

09 January 2016 9

Increasing complexity of computer systems if you don’t understand it, you can’t fix it

Increasing value available to attackers transaction limits increase ever more data goes online

Increasing ability to affect the real world “Cyber Physical Systems”

Better policing of non-computer crimes bad guys usually follow the path of least resistance

Page 10: The Future of Computer Security and Cybercrime

© Franklin Heath Ltd c b CC BY 3.0

What Influences Might Tip the Balance? – 2. Upside

09 January 2016 10

Market forces consumer awareness but see “The Market for Lemons” (Akerlof 1970)

risk of reputational damage cost of breaches and/or conditions of business insurance

Legal forces regulation (c.f. building regulations) licensing (c.f. chartered civil engineers) fines or compensation awards for affected consumers

Page 11: The Future of Computer Security and Cybercrime

© Franklin Heath Ltd c b CC BY 3.0

How Serious is Reputational Damage for a Company?

09 January 2016 11

The “Ratner Effect”

Ratner Group value:

1991 £680M

1992 £49M

...

2016 £7454M

Image Credit: “EG Focus” from Flickr

Page 12: The Future of Computer Security and Cybercrime

© Franklin Heath Ltd c b CC BY 3.0

Why I Don’t Believe Breach Cost Estimates

09 January 2016 12

2011 Detica report: “cost of cyber crime to the UK ... £27bn per annum” approx. £540 per year for each adult in the UK

Detailed response from Ross Anderson et al.: “Measuring the Cost of Cybercrime”, 2012 doesn’t venture a bottom line figure, but...

My experience: Costs of loss of IP are routinely vastly overstated Fraud losses are a normal cost of banks’ business

Page 13: The Future of Computer Security and Cybercrime

© Franklin Heath Ltd c b CC BY 3.0

Crystal Ball: Will the Equilibrium Hold?

09 January 2016 13

If security defenders just keep doing the same things, attackers will overtake us

Penetration testing and code inspection isn’t going to take us much further

Fundamentals need to be, and can be, improved better product development process better platforms better tools better developers


SECURITY SERVICES AND CYBERCRIME TRENDS - …schd.ws/hosted_files/creditunioninfosecurityconf2017/b0/CyberCrime... · SECURITY SERVICES AND CYBERCRIME TRENDS ... Cerber (early March)

Ethical and Legal Aspects of Computer Security. Computer Crime/Cybercrime “Computer crime, or cybercrime, is a term used broadly to describe criminal

Cybercrime- Computer & Internet Fraud (Fin Present)

Smartphone Cybercrime & Security – How to use your mobile

Cybercrime and the Law: Computer Fraud and Abuse Act …

Emerging Risks, Cybercrime...ASIS Thailand Chapter Security Event Emerging Risks, Cybercrime and terrorism a˜ecting security and supply chain in Southeast Asia. Registration Fee:

Security Awareness News - October 2020 - The Cybercrime Issue

COMPUTER HACKING Cybercrime (1). Table of Contents What is Computer Hacking? Types of Computer Hackers

Cybercrime and Computer Hacking

Cyber Security - · PDF fileCyber Security Cyber Crime Cybercrime, or computer related crime, is crime that involves a computer and a network. The computer may have been used in

Director, Cybercrime & Security Innovation Centre Dr Z ......Director, Cybercrime & Security Innovation Centre. Offensive security helps to develop the security mindset Hands-on experience

Cybercrime (Computer Hacking)

Beating cybercrime: Security Program Management - Ernst & Young

Cyber security & Cybercrime Strategies Sri Lankan Experience

Computer Crime and Cybercrime Bill - Techzim...Computer Crime and Cybercrime Bill A Bill to criminalize offences against computers and communications infrastructure networks related

Introduction to Security Cyberspace, Cybercrime and ... · PDF fileComputer crime, or cybercrime, is any crime that involves a computer and a network. The computer may have been used

BA 572 - J. Galván1 COMPUTER CRIME Cybercrime, Cyberterrorism, and Cyberwarfare

Future Threats: Computer security in the age of cybercrime and cyberwar

Irish Information Security and Cybercrime Survey 2013 · 2019-10-27 · Deloitte, in association with EMC, presents the second annual Irish Information Security and Cybercrime Survey

2012 NORTON CYBERCRIME REPORTnow-static.norton.com/now/en/pu/images/Promotions/2012/cybercrime... · 2012 norton cybercrime report . ... agree that unless their computer rashes or

Cybercrime & Security

Cyber Security and Cybercrime in ASEAN · PDF fileCyber Security and Cybercrime ... Cambodia 15,957,223 6,000 4,100,000 25.7 % ... B.3.6.iii Promote law enforcement training on cyber

Cybercrime - ICT Security 2010

CARICOM Cyber Security and Cybercrime Action Plan Final Ver3

Lezione 06 20-3-2013 Cybercrime Computer Crimes

CYBER-SECURITY, CYBERCRIME CRIMINAL LAW: A SHORT AND …

MSc Forensic Computing & Why study at UCD? Cybercrime ......• Computer Forensics • Network Investigations • Introduction to Programming for Cybercrime Investigators Optional

Computer Crime and CyberCrime Why we need Computer Forensics

Cybercrime Security Risks and Challenges Facing Business East... · 2015-05-02 · Cybercrime – Security Risks and Challenges Facing Business Sven Hansen Technical Manager – South

Cyber Security and Cybercrime in ASEAN - Law for ASEAN

THE FUTURE OF CYBERCRIME & SECURITYTHE FUTURE OF CYBERCRIME & SECURITY Key Takeaways & Juniper Leaderboard 1.3 Cybercrime Breaches Forecasts With an increasing number of businesses

Introduction to Computer Security - Course Introduction to Computer Security Course Introduction ... Cybercrime, monetary gain ... Introduction to Computer Security - Course IntroductionAuthors:

Cyber Resilience Investigation sistemi... · •Computer crime, or cybercrime, is crime that involves a computer and a network. (Wikipedia) •Cybercrime –high income for relatively

Cybercrime Fighting cybercrime...Cybercrime Part II Tyler Moore Computer Science & Engineering Department, SMU, Dallas, TX Lecture 12 Fighting cybercrime Measuring cybercrime The cost

CyberCrime: Background and Motivation Computer Forensics BACS 371