Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Cyber Security: Now and.

Published byMargery Richard Modified over 8 years ago

Similar presentations

Presentation on theme: "© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Cyber Security: Now and."— Presentation transcript:

1 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Cyber Security: Now and in the Future Dr Rhodri Davies / Feb 25, 2015

2 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 2 Current State HP research with Economist Intelligence unit – Only 33% of CEOs had a single view of information risk across their organization – Only 28% able to attribute monetary value to information assets HP & Ponemon – 70% of senior business leaders said exec level involvement needed in incident response process – Only 44% rater their breach response plan as mature and proactive. Need for Constant monitoring Effective response but shortage of experience and resource

3 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 3 Still too many one size fits all compliance exercises Compliance requirements and proofs in a cloud/leveraged service world need to be different from those for in-house/dedicated service Understand what data you give to service providers and how important it is. – Is data about your operations the same as information on your customers. – Compliance audit is the wrong stage to introduce data handling requirements

4 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Future: The digital dam has yet to burst.

5 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 5 Online growth 2010 32.7% online 2,270,000,000

6 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 6 77% online Online population growth = attack surface 2010 32.7% online 2,270,000,000 2020 60% online 4,800,000,000 0.25% = 1,000,000+ Potential new hackers 34% online 7.5% online

7 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Generation curious

8 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Generation now

9 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Digital natives

10 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 10 Future – Near Term Major mobile exploits Open source vulnerabilities Supply chain as a critical attack route Industry sector attacks and malware Privacy concerns drive legislation

11 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 11 Major Mobile Exploits Ubiquity of devices – Typically 3-5 devices per person – Wearable Merging of commercial and personal Concentration of data – NFC – Geolocation – health Cloud backed applications Unified development Thousands of applications Dynamic object code defeats analysis Recommendations Understand how users want to use devices Do the basics – Awareness – Authentication Enterprise identity and access gateways

12 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 12 Open Source Vulnerabilities Last 12 months: Shellshock and Heartbleed – Ghost Nothing magic about open source – Ability to audit code does not mean it was done Widely used, even in commercial software – C.f. common commercial libraries with issues. Recommendations Know what you have – Including as elements of commercial software

13 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 13 Supply Chain as critical attack route Where is the weakest link? Breadth and interconnectedness of supply chain Target, AutoNation, Lowes & AT&T incidents all linked to 3 rd parties Some 3 rd parties concentrate critical information A breach in one supplier may give access to multiple organizations Expansion of PCI scope Recommendations Supplier assurance programmes Threat intelligence – What are your peers experiencing Joint incident response – Make it easy for suppliers – Test often

14 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 14 Industry sector attacks and malware Adversary specialization – 2014 Dragonfly compaign against western energy companies Long term specialization in banking Focus on intellectual property from particular industries – Healthcare Recommendations Threat intelligence – understand your peers Adopt from leading sectors (finance etc.) Continuous active monitoring

15 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 15 Privacy concerns drive legislation Nation state attacks (real or otherwise) are raising government interest Public mood changing? – Generation gap – Public examples of data breaches Contrasting government snoopers charters BBC report showing online privacy as high on political agenda for 1 st time voters 90% if Americans think consumers have lost control of their personal data Balkanisation of Internet Recommendations Asses/understand data you hold – Not just an exercise in current compliance

16 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 16 Internet of Things Consumer driven product life cycles Large number of devices to manage Kinetic impact Data mining Interconnected world – things outside your control can affect you. Recommendations Start thinking about it now Policy for connecting to your network Network isolation

17 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 17 Security Technologies to watch Listing known bad will never be complete – Process on the basis of known good – Behavior based Software defined infrastructure Information sharing buses Security intelligence – More an issue of culture and relationships than technology – Cooperation and collaboration La Brea style capabilities

18 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Thank you

Download ppt "© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Cyber Security: Now and."

Similar presentations

FIA Prague Preparation February 6, 2008. Scenario planning approach We cannot predict the future We cannot predict the future We do understand the drivers.

FIA Prague Preparation February 6, Scenario planning approach We cannot predict the future We cannot predict the future We do understand the drivers.
1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC

1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC
Top of Content Box Line Subtitle Line Title Line Right Margin Line Wearables: Panacea or Pandora’s Box – A Security Perspective Gary Davis | Chief Consumer.

Top of Content Box Line Subtitle Line Title Line Right Margin Line Wearables: Panacea or Pandora’s Box – A Security Perspective Gary Davis | Chief Consumer.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Security Services Svetlana.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Security Services Svetlana.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Panel: Business Impact of Research.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Panel: Business Impact of Research.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Bluehat 2014 Looking back and driving forward Chris Betz Senior Director Microsoft Security Response Center.

Bluehat 2014 Looking back and driving forward Chris Betz Senior Director Microsoft Security Response Center.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
© 2011 IBM Corporation Smarter Software for a Smarter Planet The Capabilities of IBM Software Borislav Borissov SWG Manager, IBM.

© 2011 IBM Corporation Smarter Software for a Smarter Planet The Capabilities of IBM Software Borislav Borissov SWG Manager, IBM.
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1 Buying factors – HP.

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1 Buying factors – HP.
Information Security Issues at Casinos and eGaming

Information Security Issues at Casinos and eGaming
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Unify and Simplify: Security Management

Unify and Simplify: Security Management
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.

Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
© Copyright 2011 Hewlett-Packard Development Company, L.P. 1 Sundara Nagarajan (“SN”) CLOUD SYSTEMS AUTOMATION.

© Copyright 2011 Hewlett-Packard Development Company, L.P. 1 Sundara Nagarajan (“SN”) CLOUD SYSTEMS AUTOMATION.
Isdefe ISXXXX-090000-1XX 5.10.2010 Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.

Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.

1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.

Similar presentations

Ads by Google