Post on 15-May-2020
© 2015 IBM Corporation
Juliet Grout
Cybersecurity the billion pound problem
2 ©2015IBMCorpora/on
AgendaWhatistheCybersecurityproblem?DataBreaches/ACacksSecurityModelDataGrowthACackSourcesPasswordsACacktypes–Ransomware,ManintheMiddle,SpearPhishingNoMagicBulletWhat’snext?
3 ©2015IBMCorpora/onSource Ponemon Institute 2016 Cost of Cyber Crime Study & the Risk of Business Innovation
WhatistheCybersecurityproblem?Criminalac/vityconductedviatheInternetfromstealingIP,data,crea/nganddistribu/ngvirus,confiden/alinforma/on,disrup/ngacountry'scri/calna/onalinfrastructure.DirectcostsIndirectcostsOpportunitycostsUKcompaniesgreaterthan1000employees,averagecostofcybercrimeperorganisa/onwas$7.21millionfor2016.
4 ©2015IBMCorpora/onhttps://www.ncsc.gov.uk/content/files/protected_files/news_files/The%20Cyber%20Threat%20to%20UK%20Business%20%28b%29.pdf
CybercrimeisseenasaCrac/veop/onforcriminals,highROIes/matesabove1000%formalwarecampaign.Interpoles/matescybercrimalac/vityhascost750billioneurosperyearinEurope.
5 ©2015IBMCorpora/onhttps://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/a-rundown-of-the-biggest-cybersecurity-incidents-of-2016#UkrainianPowerGrid
DataBreaches/ACacksInthepast18monthsmoredatabreacheshavehadmorerealworldimpact
MalwarecausedpoweroutageinUkraineDec2015
BangladeshBankheistFeb2016$81millionwasstolenthroughfraudulenttransac/onssentviaSWIFT
April201611.5millionleakeddocumentsfromPanamanianlawformknownasthePanamaPapers
MiraiwormNov2016900,000customersofGermanISPDeutscheTelekom(DT)knockedoffline.
6 ©2015IBMCorpora/on
SecurityModelConfiden/ality–informa/onisnotmadeavailableordisclosedtounauthorizedindividuals,en//esorprocessesIntegrity–ismaintainingandassuringtheaccuracyandcompletenessofdataoveritsen/relife-cycleAvailability–dataisavailableHowtoimproveSecurityPeopleProcessTechnology
7 ©2015IBMCorpora/onsource http://mylio.com/true-stories/tech-today/how-many-digital-photos-will-be-taken-2017-repost
DataGrowthPredic/ngdatagrowthinworldwheredataisresidinginmoreplacesthanever,ischallenging.OnewaytoillustratethegrowthindataistolookatthegrowthindigitalphotographstakenintheworldBusinessperspec/vedatausedtoresideinaserverroom,nowwithgrowthofapps,newbusinessmodelsdataismuchmoredistributed
8 ©2015IBMCorpora/on
ACackSources
https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=WGL03140USEN&
9 ©2015IBMCorpora/on
Passwords
https://blog.keepersecurity.com/2017/01/13/most-common-passwords-of-2016-research-study/
Keeperresearchteamanalyzedover10millionpasswordsavailableonthepublicwebNearly17%ofusershavethetoppassword–123456Thetop25passwordscons/tuteover50%ofthe10Millionpasswordsanalyzed
Password)psAvoiddic/onaryterms–usepassphraseinsteadUseavarietyofcharactersUseapasswordmanagerUsedifferentpasswordsforeachsite/applica/on
10 ©2015IBMCorpora/on Source: IBM X force Research Ransomware: How consumers and businesses value their data
RansomwareIsatypeofmalicioussohware,designedtoblockaccess(egencrypt)toacomputersystemun/lasumofmoneyispaid.
11 ©2015IBMCorpora/on
ManinthemiddleaCackThisisanaCackwhichinterceptscommunica/onbetweentwosystems.70+iOSappsintheapplestorearevulnerabletomaninthemiddleaCacks,es/matesarethattheseappshavebeendownloadedmorethan18million/mes.Technicalbestprac/cescanensureriskislimitedfromcompaniesusingVPN,usingendpointauthen/ca/on.Whatcanyoudo?LimituseofpublicnetworksandbeawareofwhatdatayouaretransferringusingthembesuspicioushCp://www.theinquirer.net/inquirer/news/3004099/70-something-ios-apps-are-vulnerable-to-man-in-the-middle-aCacks
12 ©2015IBMCorpora/onhttp://www.bbc.co.uk/news/business-35250678
SpearPhishingThisisthefraudulentprac/ceofsendingemailsandothercommunica/onthatappeartobefromaknownontrustedsenderinordertoinducetargetedindividualstorevealconfiden/alinforma/on.Ohenverytargeted,incorpora/onswilltargetfinancialpersonnel
13 ©2015IBMCorpora/on
No Magic Bullet
People, Process and Technology all three need to be consistently improving to stay ahead of the Cyber security problem.
14 ©2015IBMCorpora/on
What’snext?
! Data Growth increase with adoption of IOT, cheap to adopt for companies who are non technology at their core. Gartner predict that by 2020 there will be 21 billion connected devices.
! GDPR – General Data Protection Regulation, new EU regulation biggest shake up in 20 years of Data privacy comes into force May 2018
! NCSC – National Cyber Security Centre – part of GCHQ launched by government in 2016
! Biometrics - Mastercard storing biometric data on card’s chip launched April 2017 after successful pilot