Presentation is loading. Please wait.

Presentation is loading. Please wait.

AmadeusCybersecurity: the essentials12 th November 2014 Alex van Someren Family Office Forum 12 th November 2014, Zurich Cybersecurity: the essentials.

Similar presentations


Presentation on theme: "AmadeusCybersecurity: the essentials12 th November 2014 Alex van Someren Family Office Forum 12 th November 2014, Zurich Cybersecurity: the essentials."— Presentation transcript:

1 AmadeusCybersecurity: the essentials12 th November 2014 Alex van Someren Family Office Forum 12 th November 2014, Zurich Cybersecurity: the essentials

2 AmadeusCybersecurity: the essentials12 th November 2014 AGENDA 1.Understanding cyber risks 2.Cyber security market trends 3.State of the art: threats & defenses 4.Best practices in cyber security Cybersecurity: the essentials

3 AmadeusCybersecurity: the essentials12 th November Understanding cyber risks CYBERSECURITY: THE ESSENTIALS

4 AmadeusCybersecurity: the essentials12 th November 2014 UNDERSTANDING CYBER RISKS 4 The External attacker usually wants to: – Get access to files stored on the computer, or the local network – Copy Usernames & Passwords from users – Run programs on the computer to make it a ‘bot’ They can deliver some ‘Malware’ inside the computer to achieve this, by: – infecting it with a Virus, – getting the user to open an attachment – persuading the user to click through to an infected web page We also consider Internal attackers, i.e. employees as a possible threat Finally, disaster planning is also essential What exactly is the threat? 1

5 AmadeusCybersecurity: the essentials12 th November 2014 UNDERSTANDING CYBER RISKS 5 spam – Unwanted messages, also links & attachments Viruses/spyware/malware – Programs which can run on the receiving computer and do harm phishing – Targeted s, particularly asking for credentials Network intrusion/hacking – External attackers or programs trying to enter machines/networks Denial of Service attacks – Preventing systems/websites from operating What cybersecurity risks should be considered? - 1 Software & network risks 1

6 AmadeusCybersecurity: the essentials12 th November 2014 UNDERSTANDING CYBER RISKS 6 Theft of mobile devices – Both accidental, and targeted Theft of system hardware – Physical attacks on facilities Corporate espionage/whistleblowers – Data leakage & data theft Criminal damage – Not only physical, but also logical i.e. data deletion What cybersecurity risks should be considered? - 2 Physical & data loss risks 1

7 AmadeusCybersecurity: the essentials12 th November Cyber security market trends CYBERSECURITY: THE ESSENTIALS

8 AmadeusCybersecurity: the essentials12 th November External threats: who actually gets hit? 2.External threats: causes of data losses 3.Internal threats: causes of security breaches Cyber security market trends

9 AmadeusCybersecurity: the essentials12 th November 2014 External threats: who actually gets hit? CYBER SECURITY MARKET TRENDS Source: Kaspersky IT Risks Survey 2014 – n = 3,900 2

10 AmadeusCybersecurity: the essentials12 th November 2014 External threats: causes of data losses CYBER SECURITY MARKET TRENDS 10 Source: Kaspersky IT Risks Survey

11 AmadeusCybersecurity: the essentials12 th November 2014 Internal threats: causes of security breaches CYBER SECURITY MARKET TRENDS 11 Source: Kaspersky IT Risks Survey

12 AmadeusCybersecurity: the essentials12 th November State of the art: threats & defences CYBERSECURITY: THE ESSENTIALS

13 AmadeusCybersecurity: the essentials12 th November 2014 STATE OF THE ART: THREATS & DEFENCES There are three major goals of cyber security: – Confidentiality: Keep private information private Prevent data leakage, data loss – Integrity: Guarantee critical information is not altered/tampered Protect data – Availability: Ensure that critical information remains accessible Keep systems working, prevent internal attacks So, the “C.I.A.” is your friend! What are the goals of good cybersecurity? 3

14 AmadeusCybersecurity: the essentials12 th November 2014 STATE OF THE ART: THREATS & DEFENCES 14 The primary goal is to prevent malware from getting into computers – Employees are the source of greatest risk They sometimes click on stupid stuff They can sometimes be misled They sometimes steal data So: – train employees in cybersecurity basics – employ adequate cybersecurity technology to prevent damage & loss What are the risk mitigation strategies? 3

15 AmadeusCybersecurity: the essentials12 th November 2014 STATE OF THE ART: THREATS & DEFENCES 15 Network Firewalls – Control the flow of Internet traffic and prevent intrusions Anti-Spam filters/services – Minimise the amount of potentially dangerous arriving Anti-Virus software – Detect, search for & destroy malware on computers Data Loss Prevention – Detect and prevent the export of sensitive data Mobile Device Management – Allow mobile & ‘BYOD’ users to safely operate remotely What kind of basic cybersecurity defences are needed? 3

16 AmadeusCybersecurity: the essentials12 th November Best practices in cyber security CYBERSECURITY: THE ESSENTIALS

17 AmadeusCybersecurity: the essentials12 th November 2014 BEST PRACTICES IN CYBER SECURITY 17 1.Business managers must know where the most important data is held – On-site in desktops and servers, or in cloud services and mobile devices 2.Bad things happen to good businesses – Automate the secure data back-up process – How will business continue if the physical site becomes unavailable? 3.Train employees about the nature of today’s cyber-attacks – Cyber-criminals particularly target SMBs – Aiming to compromise the PCs used for online banking and payments 4.Deploy the security basics: – Firewalls for wireless and wired-based access points, – Anti-malware on endpoints and servers – Encrypt highly sensitive data at rest and in transit Adapted from Messmer/InfoWorld Oct Best practices - 1 4

18 AmadeusCybersecurity: the essentials12 th November 2014 BEST PRACTICES IN CYBER SECURITY 18 5.Define each individual’s access to data – Ideally use two-factor authentication – Systems administrators jobs give them huge power – Immediately de-provision access & credentials when an employee departs 6.Trust, but verify – Do background checks on prospective employees – Have SLAs for technology vendors/cloud service providers; visit data-centre 7.Remove & securely destroy hard disks – From all old computers – And any other devices that store data Best practices - 2 4

19 AmadeusCybersecurity: the essentials12 th November 2014 BEST PRACTICES IN CYBER SECURITY 19 8.Smartphones require different security requirements than older PCs and laptops – ‘BYOD’ raises important legal questions – Business data no longer held on a device owned directly by the business 9.Use physical access controls to keep unauthorized individuals from IT resources – That includes the office cleaners – Train staff to challenge unexpected visitors in a polite, but determined, way 10.Have an employee acceptable-use policy – Defining behavior online, how data is to be shared and restricted – Have them read and sign it – Making it clear if there will be monitoring of online activities – There should be possible penalties for non-compliance. Best practices - 3 4

20 AmadeusCybersecurity: the essentials12 th November 2014 Amadeus Capital Partners Alex van Someren, Managing Partner, Early Stage Funds https://www.amadeuscapital.com/ Global Technology Investors


Download ppt "AmadeusCybersecurity: the essentials12 th November 2014 Alex van Someren Family Office Forum 12 th November 2014, Zurich Cybersecurity: the essentials."

Similar presentations


Ads by Google