tim burnett - it’s not sexy being over exposed
TRANSCRIPT
It’s Not Sexy Being Over-Exposed
Tim Burnett
Tim BurnettCyber Security Architecture & Design Manager
Atos Big Data & Security
It’s Not Sexy Being Over-Exposed
www.linkedin.com/tpburnett
@tritim
UK Cybercrime Soars 20% in Two Years
Information Security Magazine, 25 Feb 2016
Hackers behind Ukraine power cuts,
says US reportBBC News, 26 Feb 2016
Cybercrime in the News
Baidu apps found to be 'leaking' personal
dataBBC News, 26 Feb 2016Cybercrime Looms As
Biggest ‘Disruptive Threat’ To Finance
MarketsForbes, 25 Feb 2016
Los Angeles hospital returns to faxes and paper charts after
cyberattackGuardian, 16 Feb 2016
Nissan suspends Leaf app after electric car
hackedTelegraph, 25 Feb 2016
UK businesses battling huge rise
in cybercrimeGuardian, 25 Feb 2016
Some stat’s…
98%of tested web
app’s are vulnerable to
attack
93%of DPA breaches
are caused by human error
144%increase in successful
cyber attacks on businesses
Source: ITGovernance.co.uk, June 2015
90%of large
organisations reported suffering a
security breach
61%of organisations say
data theft and cybercrime
are the greatest threatsto their reputation
70%of security execs
are concerned about cloud and mobile
security
16Mmobile devices are
now affected bymobile malware
A few more…
Source: NTT Com Security, Feb 2016
65%of businesses
expect to suffer an Information
Security Breach
75%of directors are not
involved in the review of cyber security risks
and yet…
Script Kiddie
Cyber Threat Landscape
Malicious Insider
Hacktivism
Organised Cybercrime
Cyber Terrorism State Sponsored
Office Hours?
…extremely large data sets that may be analysed computationally to reveal patterns,
trends, and associations, especially relating to human behaviour and interactions
…data sets with sizes beyond the ability of commonly used software tools to capture, curate, manage, and process data within a
tolerable elapsed time
…any voluminous amount of structured, semi-structured and unstructured data that has the
potential to be mined for information
BI / Analytics – “Big Data”Definition
:
Today’s corporate network
Today’s corporate network
What to do with all this data?
Image: Google
Privacy
Insight Systems• Billions of connected
“things”• Exabytes (1018 bytes) of
data• Prescriptive analysis• Autonomous systems
Determine the future• Artificial
intelligence?
Beyond Big Data?
Big Data •millions of customers•petabytes (1015 bytes) of data•predictive analytics
Predict the future• based on what we
know now
Automated trading…
Haven’t we seen this before,
somewhere?
Cloud
“Somebody else’s computer”– Graham Cluley, 2013
Cloud
Mobile businessMobile workforce
Mobile
Easy to change cloud providers Data cleanse?
Mobile business
Mobile users
Mobile users
“FREE”
Is it a tablet or a ‘phone?
Source: bbc.co.uk/news, 22 Feb 2016
…or is it a PC?
Digital is much more than just technology and software.
For any organization, becoming truly digital requires a different mindset and increased flexibility.
It requires a redefinition of corporate structures, bodies and roles and use of new technologies to make innovation happen in the 4 core domains.
Customer Experience
Trust & Compliance
Operational Excellence
Business Reinvention
Digital Transformation
Every new aspect of ‘connectivity’ or
‘integration’ widens the Attack Surface
Challenges
Your data
Challenges
Your data Your Customers’ data
Infrastructure & Data Centre
“Re-perimeterisation”
Enterprise Resource Planning / Customer Relationship Management
Supply Chain Vulnerabilities
Industry Specific Applications
Networking / Voice / Data Communications
CryptoLocker
CryptoLocker
Solutions?
“First, I do not think there is any silver bullet to solving the technology side of the security equation.”
John W. Thompson
Risk
Questions to ask…
Do the basics well
Understand the RISK know where your “crown jewels” really are
Use up-to-date software; patch regularly Know where your perimeters are Educate users Secure the Information
Emerging Approaches to Security
Evolution of Security
Today Tomorrow Perimeter is now porous Simple monitoring is insufficient Can’t afford to watch business burn
Protect the data Faster, broader monitoring & analysis Threat intelligence Cyber skills and automation
…
www.linkedin.com/tpburnett @tritim
Do the Basics
Understand the Risk
Protect your Data