Current & Emerging Cyber Security Threats
-
Upload
ncc-group -
Category
Technology
-
view
612 -
download
0
description
Transcript of Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security Threats
Agenda
• The threat actors
• Primary threats
• Common vectors
• Some realities
• Current threats
• Emerging threats
Before we begin.. Security is emotive
Before we begin.. Some stats
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/261674/bis-13-1293-ftse-350-cyber-governance-health-check-tracker-report.pdf
Before we begin.. Some more stats
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/261674/bis-13-1293-ftse-350-cyber-governance-health-check-tracker-report.pdf
The threat actors
Primary threats
Vectors
Causes
• Poorly designed and developed software and systems
• Lack of network segregation, access control & monitoring
• Level of user education and risk understanding / sense of
ownership & responsibility
• Security solutions / practices leading to poor UX
• Regulatory tick boxing / audit burden
Vendor hype leading to the wrong focus
Some realities
• Perimeter security alone has never been sufficient
• The definition of a perimeter has changed
• Asking people not to click on things is not sustainable
• Limiting the use of mobile does not work
• Security doesn’t come from free!
Current threats
// Internal
• Accidental data or device loss
• Deliberate data exfiltration
• Poor internal security practices
// External
• Collateral damage compromises
• Drive by compromise
• Targeted attacks
Emerging threats – BYOD
Emerging threats – data volumes
• How to tag data efficiently and effectively
• How to control access
• How to protectively monitor
• How to detect anomalous behaviour
• Aggregation of data
Emerging threats – tech evolution pace
• Evolution rate increasing
• Shorter product life spans
• Quicker time to market
• Sustaining older products from a security perspective
• Agile security engineering
Emerging threats – everyone’s a coder!
• A world where everyone is a developer
• Traditional security expertise in
development / engineering teams diluted
• We need better frameworks and platforms
Emerging threats – Internet of things
• Traditional patching goes away
• Exploitability doesn’t diminish
• Machine to machine interactions
• Compounded hidden I.T.
Final thoughts
• Cyber risk ownership can not be
outsourced
• Cyber security is just one element of
modern good business governance
• Investment should be always be proportional
• Events will occur! It shouldn’t be a drama..
UK Offices
Manchester - Head Office
Cheltenham
Edinburgh
Leatherhead
London
Milton Keynes
North American Offices
San Francisco
Atlanta
New York
Seattle
Austin
Australian Offices
Sydney
European Offices
Amsterdam - Netherlands
Munich – Germany
Zurich - Switzerland
Thanks? Questions?
Ollie Whitehouse