Presentation is loading. Please wait.

Presentation is loading. Please wait.

Preparing for the cyber landscape of 2020

Published byMaximilian Norman Walsh Modified over 5 years ago

Similar presentations

Presentation on theme: "Preparing for the cyber landscape of 2020"— Presentation transcript:

1 Preparing for the cyber landscape of 2020
Daniel Weis Lead Penetration Tester Head of Security Services Kiandra IT The future of cyber crime. What’s next for cyber / crime Preparing for the cyber landscape of 2020

2 Who is this guy? Lead Pentester at Kiandra IT
I get paid to break into company and government networks for a living 23 years in various IT roles, both here and internationally 8 years in security consulting 6 years as a pentester 1 of first 10 people globally to become a Certified Ethical Hacker 23 certifications Trainer of upcoming CEHs.

3 Disclaimer The content presented today contains tools, techniques and resources used for hacking and illegal activities The content is for education purposes only Hacking is illegal. You MUST have written permission from the associated target/party(s) The underground sites presented today should not be visited and are monitored by federal authorities Kiandra does not condone illegal hacking or malicious activities. The content presented today contains tools, techniques and resources used for hacking & illegal activities The content is for education purposes only Hacking is illegal. You MUST have written permission from the associated target/party(s) The underground sites presented today should not be visited and are monitored by federal authorities Kiandra does not condone illegal hacking or malicious activities.

4 THE THREAT LANDSCAPE

5 2017 stats 1,906 7.3bln+ 2.51 BREACH incidents In the US, 48 major breaches in Australia in 2017 7,345,936,503 52% Million Breached records in 2017 The Ponemon Institute Cost of Cybercrime 2017 study shows on average cybercrime costs an Australian organisation anywhere from $900,000 to $6.600,000 per breach. Average is 2.51 million! 4720 UNKNOWN In 52% of Australian breaches the number of records compromised was UNKNOWN Reported breaches 90 breaches per week reported stats are accurate as of 06/12/2017 and other disclosed breaches

6 And the media makers…

7 Yes it gets worse every year…

8 This is 2021 Based on the trend data, this is what 2021 looks like…
80 trillion breached records 28,000 reported breaches

9 Looking beyond 2018 Old vulnerabilities only recently coming to light
Meltdown & Spectre - CPU vulnerabilities affecting EVERY CPU since 1995 (mobiles, PC’s & cloud)! Allows reading of content from memory, like passwords and s Wannacry & Petra Ransomware – Leveraged eternal blue vulnerability used by the NSA in SMBv1 - used since Windows XP (2001)! Affected 400,000 machines, 150 countries So….what does this mean? THERE’S MORE TO COME!

10 Looking beyond 2018 What will be the new emerging threats?
Vulnerabilities – new vulnerabilities discovered every day, each more sophisticated and severe than the last IoT – 29% of organisations have adopted IoT, estimate 46 trillion connected devices by 2021 Botnets leveraging IoT – DDoS attacks Better malware – Harder to detect, more destructive then ever before State sponsored threats – China, North Korea, Russia Explosion of new devices – All internet connected, all expose risk No more corporate networks – Cloud, BYoD, flexibility Spiceworks –

11 The same tactics will work
You can spend all the money you have on ‘security devices’ BUT: People will continue to do stupid things Humans are ALWAYS the weakest link – on average 20% click on our phishing s, 25% give us their passwords USB Wireless Passwords IT not doing the right thing.

12 Looking beyond 2018 Breaches will still happen and continue to increase The same vulnerabilities and exposures that I have seen for the past 6 years will still be there More dumps of data online Darknet will continue to expand. Wannacry decimated the world it compromised 400,000 machines across 150 countries

13 Demo time DEMO

14 The next 3 years Have to disclose under law that a breach has occurred – Mandatory Breach Notifications start next month! Still have to have the necessary protections (Firewalls, IPS, filtering etc.) Governments are investing heavily, so should you! Staff training and regular testing Cyber insurance Assume you WILL be hacked Become cyber resilient. Add in GDPR stuff.

15 Cyber resiliency Your customers/stakeholders will judge you based on how you handle a breach Be prepared for Mandatory Breach Reporting Incident response plans in place – documented and tested! Alert, contain and neutralise the threat Know how to respond to your customers Seconds and minutes matter Do your due diligence. Your customers know a breach will happen eventually The customer will forgive you as long as you respond well Documented and tested incident response plans in place Make sure you have measures and IR plans in place to detect, alert, contain, neutralise and sanitize the environment Seconds and minutes matter Ensure that you have done your due diligence, you have put in all the measures you can to prevent a cyber event.

16 What do you need to do now?
Allocate budget and invest in cyber security, put in security controls Show you have done your due diligence Get those staff trained! Keep training them regularly Incident response plans and processes in place Make sure IT are doing the right thing Get regular Penetration Tests performed to ensure that the same issues I see every day are not present. Allocate and invest in cyber security, ensure you can show you have done your due diligence: Firewalls IPS NextGen AV Whitelisting Detection and alerting systems Get those staff trained! Keep training them regularly Incident response plans and processes in place Make sure IT are doing the right thing Get regular Penetration Tests performed to ensure that the same issues I see every day are not present.

17 Remember Every organisation has something that someone else wants.

18 Thank you Want to have a chat?
For more info, feel free to grab me after the presentation Drop an to Grab one of my business cards! Track me down on social networking Visit our website: kiandra.com.au

Download ppt "Preparing for the cyber landscape of 2020"

Similar presentations

Black, White, Grey Hat Hackers Not all hackers are bad…which one’s which?

Black, White, Grey Hat Hackers Not all hackers are bad…which one’s which?
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Wonga example Register Question- What risks do you think businesses face due to IT developments?

Wonga example Register Question- What risks do you think businesses face due to IT developments?
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
InformationWeek 2014 Strategic Security Survey Research Findings © 2014 Property of UBM Tech; All Rights Reserved.

InformationWeek 2014 Strategic Security Survey Research Findings © 2014 Property of UBM Tech; All Rights Reserved.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.

Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.

E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
© 2015 ForeScout Technologies, Page 2 Source: Identity Theft Resource Center Annual number of data breaches Breaches reported Average annual cost of security.

© 2015 ForeScout Technologies, Page 2 Source: Identity Theft Resource Center Annual number of data breaches Breaches reported Average annual cost of security.
Phishing scams Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal.

Phishing scams Phishing is the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal.
In the Crossfire International Cooperation and Computer Crime Stewart Baker.

In the Crossfire International Cooperation and Computer Crime Stewart Baker.
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
Friday, October 23, 2015. Jacqueline Harris, CPM®, CCIM® Director of Training & Administration Digital Realty Jacqueline Harris, CPM®, CCIM® Director.

Friday, October 23, Jacqueline Harris, CPM®, CCIM® Director of Training & Administration Digital Realty Jacqueline Harris, CPM®, CCIM® Director.
CYBER RESILIENCE BEST PRACTICE. To Discuss Why cyber risk management is increasingly challenging How everyone has a role to play in your cyber risk management.

CYBER RESILIENCE BEST PRACTICE. To Discuss Why cyber risk management is increasingly challenging How everyone has a role to play in your cyber risk management.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. State of Network Security.

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. State of Network Security.
MANAGED SECURITY TESTING PROACTIVELY MANAGING VULNERABILITIES.

MANAGED SECURITY TESTING PROACTIVELY MANAGING VULNERABILITIES.

Similar presentations

Ads by Google