Tackling today's cyber security challenges - WISER Services & Solutions

WISER “WIDE-IMPACT CYBER SECURITY RISK FRAMEWORK”www.cyberwiser.eu @cyberwiser

Co-funded by the European CommissionHorizon 2020 – Grant # 653321

Antonio Álvarez RomeroAtos Spain

Tackling today's cyber security challenges - WISER Services & Solutions

Riga – 27th October, 2016Presentation at DSS ITSEC

1

http://www.cyberwiser.eu/

2

Outline

Business on the Internet: Cyber landscape

Cyber security as a challenge

CyberWISER as a solution

CyberWISER services portfolio

Conclusions

© WISER 2016 www.cyberwiser.eu - @cyberwiser

3

Outline





Conclusions


4

Business on the Internet: Cyber landscapeThe global adoption of the Internet


World population (2016 est.) 7,340,093,380Internet users (as of 30/06) 3,611,375,813% Penetration (world) 49.2Internet users (end 2000) 360,993,184% growth 2000-2016 900.4

Being on the Internet means to have near 4000 million of potential customers!

internetworldstats.com

Business on the Internet: Cyber landscapeInternet as a mean to make business

© WISER 2016 www.cyberwiser.eu - @cyberwiser 5

According to a study from McAfee, Internet economy generates between $2 and $3 trillion a year.

The share of the global economy is expected to grow rapidly

The U.S. e-commerce economy is worth $349 billion while China´s is worth $562 billion

https://hostingfacts.com/internet-facts-stats-2016/Very huge turnover directly related to the Internet



Very huge turnover directly related to the Internet

B2C e-commerce sales worldwide from 2012 to 2018(in billion U.S. dollars)



40% of Internet users (more than 1 billion people) have bought products or goods online

8 out of 10 consumers will shop online if offered free shipping

Internet is not only about accessing huge amounts of information, it is transforming the consumption habits



There are around 966 million websites in the world todayThe average e-commerce site takes

7.12 seconds avg to load in Internet Explorer 97.15 seconds avg to load in Firefox 77.59 seconds avg to load in Google Chrome

40% of web users will abandon a website if it takes longer than 3 seconds to load and 60% will not return to the site51% of U.S. online shoppers say slow site loading is a top reason to abandon a purchase

Slow loading websites cost the U.S. e-commerce market more than $500 billion annually.38% of British consumers say social media interaction was one of the reasons for visiting a retailer website

The competition is fierce: websites must be reliable, visible and highly responsive

9

Business on the Internet: cyber landscapeInternet as a mean to make business


Call centers Chat centers Trading companies

Retail businesses

Service firms Financial institutions News Media Restaurants

Internet Marketing

Web hosting companies

Insurance providers

Medical centers

Several kinds of businesses are 100% dependent on the InternetThe dependence is sort of dramatic

VoIP dependentNo Internet, no reps workingLong wait time, angry clients

No Internet, no agents working

Quick loss of businessClients get no feedback

Based on speedBad latency means no businessLoss of trading opportunities

Sales software dependentReal-time access for inventoryCredit card payments rely on terminals

Teams cannot work togetherNo access to repositoriesNo interraction with clients

Dependent on central systemsBranches need reliable connectionNo connection, no data, no biz

Need to be the first for storytellingPictures taken on-site and live feedsNo Internet impacts competitiveness

Need Internet for paymentsNeed Internet for orderingOn-line or phone orders management

Social media managementViral campaigns managementCommunication with clients

Need to minimize downtimesDowntimes means losses

Clients´web must be live Access to claims databaseAccess to history info for pricingManagement of clients

Patient information managementOnline format replaces physicalCritical patients care

https

://w

ww

.mus

hroo

mne

twor

ks.c

om/b

log/

2015

/12/

03/is

-you

r-bus

ines

s-in

tern

et-d

epen

dent

-15-

busin

esse

s-th

at-n

eed-

relia

ble-

inte

rnet

/

https://www.mushroomnetworks.com/blog/2015/12/03/is-your-business-internet-dependent-15-businesses-that-need-reliable-internet/



So… Internet is one of the biggest successes everBut, as everything, there is a flip side or, in this case…

an evil side

Outline





Conclusions


Cybersecurity as a challengeWhat is cybercrime?


Definition of cybercrimeCybercrime is the use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities or violating privacy

Enciclopaedia Britannica

Cybersecurity as a challengeSome facts about cybercrime


An estimated 37,000 websites are hacked every day.

Cyber insurance market has grown from $1 billion to $2.5 billion over the last two yearsVery focused on the U.S

Measuring the annual cost of cybercrime worldwide is a major challenge.McAfee dared to do that: they say that the losses are of $445 billion per year, what means around 20% of the Internet economy value

http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime2.pdfLloyd´s estimated $400 billion per year.

http://fortune.com/2015/01/23/cyber-attack-insurance-lloyds/

Cybercrime costs are kind of a very high tax paid to criminals that hinders the growth of the global economy

http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime2.pdf




Biggest online data breaches worldwide



Cyber attackers´ preferred targets are large corporate businesses, critical infrastructures and small enterprises

Research shows that small businesses were on average the victims of around 7 million cybercrimes a year in 2014 and 2015

UK Federation of Small Businesses: Cyber Resilience: How To Protect Small Firms In The Digital Economy (June 2016)

The University of Oxford tries to profile the cyber criminalInternal disgruntled technical employeeInterested in theft of personal information, money and intellectual propertyInterested in extorting the company and clients

Profiling the Cyber criminal, University of Oxford, https://www.sbs.ox.ac.uk/cybersecurity-capacity/content/profiling-cybercriminal



Cyber threats have evolved from targeting and harming computer, networks and smartphones, to targeting people, cars, railways, planes, powergrids and anything with a heartbeat or an electronic pulse

The more connected the world is, the more varied the targets for cyber attacks become

Cybersecurity as a challengeCyberattacks among the top global risks(according to 2016 Global Risk Report by the World Economic Forum)

Cybersecurity as a challengeCyberattacks connections to other kinds of risks(according to 2016 Global Risk Report by the World Economic Forum)

Cyberattacks Ilicit tradeState collapse or crisis

Data frauds or theft

Interstate conflict

Failure of financial mechanism or

institution

Terrorist attacks

Failure of national governance

Failure of critical infrastructure


Background


Cybercrime in press

Cybersecurity as a challengeThe unbalanced battle: hackers vs institutions


Black-Hat hackers are motivated by money, espionage, notoriety and malicious intent. They are faster, more daring and more experienced than White-Hats, who are constrained by boundaries and rules

Putting in place the appropriate barriers to prevent attackers from succeeding is currently expensive in terms of time, skills, hardware and software resources needed

EU Legislation & National Strategies

WISER EU National Strategies watchTracking capacity building & business initiatives: Important updates to ENISA interactive map & BSA Dashboard (data collected in 2014)Analysis & interviews with CERTs/National Cyber Security CentresIdentification of best practices & innovative approaches

Interactive free tool available online at:www.cyberwiser.eu/cartography

21© WISER 2016 www.cyberwiser.eu - @cyberwiser

How EU is addressing Cyber Crime

http://www.cyberwiser.eu/cartography

Cybersecurity as a challengeThe unbalanced battle: failing solutions


Sophisticated solutions do exist, but they usually combine an IT side with a risk management framework strategy.

Only large companies can afford it

The risk management methodologies and framework fail to address increasingly complex security needs

The IT monitoring systems fail to offer useful decision support to decision makers

Cybersecurity as a challengeThe unbalanced battle: lack of resources to draw an strategy


Despite the fact that more and more companies start searching for solutions to strengthen their cyber resilience, they struggle to draw their own cyber security strategy due to the lack of economic and human resources

This is particularly true for SMEs, which constitute the backbone of the European economy

Cybersecurity as a challengeThe unbalanced battle: lack of awareness


Despite abundance of security products, breach response typically takes months

2 out of 3 organizations don´t define and update their breach response plans to account for changing threat landscapeWith proper technology and expertise, detection to response times may be reduced by 90%.

And many, many companies simply don´t have a clue of thisThey are completely unaware of what is threatening them!

Cybersecurity as a challengeThe unbalanced battle: bad performance as for cyber resilience


Enterprises having a formally defined ICT security policy

Cybersecurity as a challenge

Loss of revenuesDamage to valuable assets

Intellectual propertyCritical infrastructure

Job lossesLoss of investment confidence

Damage to brand image and company reputation

Closure of companiesLoss of well-being of the populationMoral damage (child pornography)Human casualties


Some cybercrime likely consequences

Cybersecurity as a challengeA stronger and stronger problem against a weak solution

Strong problem Weak solution

Cybercrime is a flourishing business

Cybercriminals are using ever more sophisticated methods

Cybercrime slows down the growth of the Digital Single Market

Cybercrime is a clear obstacle for European economies to strive

Cybercrime targets sensitive information and critical infrastructures

Cyberterrorists are cybercriminals capable of performing attacks that may lead to loss of human lives

Cyber risk detection and assessment is usually a manual process

Cyber risk detection and assessment is mostly a process performed periodically.

Current approach is static and iterative

Cyber risk detection and assessment usually focus on the ICT side, not considering business or societal impact

No support for decision-making of mitigating measures

Stronger solutions are not in place yet due to the lack of awareness on the issue.


Cybersecurity as a challenge


The challenge is clear…How can we contribute to solve the problem?

29

Outline

Business on the Internet: cyber landscape




Conclusions


CyberWISER as a solutionWhat is CyberWISER?


CyberWISER is a framework of resilient cyber security risk assessment services providing the following features

Multi-level cyber risk assessment, focusing not only on ICT systems, but also on the meaning they have for the corporate business processes

Real-time cyber risk assessment providing an updated view of the risk level

Real-time cyber risk monitoring tool supporting decision-making to manage risks

Decision support tools to facilitate selection of mitigation options to face unacceptable risksThe CyberWISER Risk Management Framework will put your company

in control with a smart ‘DYI’ approach and will ensure that cyber security becomes part of the business process

CyberWISER as a solutionOur consortium


CyberWISER as a solutionHow CyberWISER meets the requirements


Cybersecurity challenge CyberWISER answer

The risk management methodologies and framework fail to address increasingly complex security needs

CyberWISER sensoring techniques are able to detect a wide spectrum of incidents as well as vulnerabilities in the ICT infrastructure likely to be exploited by attackers

The IT monitoring systems fail to offer useful decision support to decision makers

CyberWISER direct language is aimed to ease the decision-making support. CyberWISER provides decision-making tools

Cybersecurity is unaffordable and restricted to large companies CyberWISER offers an agile and easy-to-implement risk management methodology, without the need of high security budget, complex and time-consuming procedures, or dedicated teams of external consultants

Lack of awareness CyberWISER considers the prevention and the creation of a cybersecurity culture with user-friendly services

CyberWISER main objective is the democratisation of cybersecurity, with a strong focus on SMEs

CyberWISER as a solutionThe WISER approach


CyberWISER as a solutionThe WISER approach: configuration inputs


Some examples of configuration inputsIndustry sector to which the company belongsOrganization sizeYearly revenuesGeographical area where the company has officesGeographical area where the company makes businessInternal organization of the company: roles and responsibilitiesCyber security corporate cultureVolume of sensitive information handled by the companyBusiness impact analysis:

Focused on the value the information stored by the digital assets have

CyberWISER as a solutionThe WISER approach: monitoring inputs


The monitoring infrastructure has two layers

The resource layerIt consists of collectors installed on the client´s infrastructureThe collectors continuously observe numerous network and application-level parametersThe collectors are able to detect several types of attacks and anomalies in the network infrastructure and in applications installed on the client´s premisesThis information is sent to the provider layer

The provider layerIt has a Monitoring Engine that filters and correlates information coming from the collectors, producing alarms which are part of the inputs received by the Risk Assessment Engine

CyberWISER as a solutionThe WISER approach: monitoring inputs


Some examples of attack types detected by CyberWISER monitoring capabilities

Monitoring of DNS requests to detect patterns of traffic potentially belonging to botnetsNetwork reconnaissance attemptsMalware signaturesDenial of Service attacksVirusesAnomalies in operation of core OS services and user applications

Honeypots are also used to attract attackers and detect their presence

CyberWISER as a solutionThe WISER approach: testing inputs


The testing information is collected by means of an automatic vulnerability scanning service which helps to identify security vulnerabilities in the client´s ICT infrastructure

CyberWISER as a solutionThe WISER approach: modelling inputs and Risk Assessment Engine


Models are machine-readable risk asessment algorithmsSuch algorithms are composed by a set of modelling rulesModelling rules establish associations among the different types of information presented before

Configuration information, obtained from the userMonitoring information, network layer, obtained from the collectorsMonitoring information, application layer, obtained from the collectorsTesting information, obtained from the vulnerability scanners

The models can be qualitative or quantitative

The model algorithms are executed by the Risk Assessment Engine

CyberWISER as a solutionThe WISER approach: support to decision-making


CyberWISER not only evaluates the cyber risk faced by the company, it also proposes mitigation measures

Since budgets are limited, WISER offers the user support to prioritize the measures to be actually applied

The comparison, ranking and prioritisation of measures is done basing on cost-benefit analysis with data provided by the user by filling out a template

CyberWISER as a solutionThe WISER risk management cycle


CyberWISER as a solutionCyberWISER pragmatic vision for cybersecurity

STEP 1 – Acquire awareness through self-assessment of your cyber risks and vulnerabilities of your IT system.STEP 2 - Evaluate your exposure levels (€€€ + reputation) STEP 3 - Evaluate cyber insurance.STEP 4 – Develop a mitigation plan.STEP 5 – Monitor in real-time.

Higher cyber security levels are directly connected to greater awareness and effectiveness of data protection & privacy


Cyber WISER as a solution


Cyber resilience is a journey, not a destinationHow can CyberWISER help you to become more cyber resilient?

Let´s take a look to CyberWISER Services

Outline





Conclusions




Registration and basic data required to Clients

WISER tests vulnerabilities from the outside

Provides basic benchmarking

Detailed business and IT infrastructure data required

Model selection based on WISER suggestion or tailored

Sensors installation at the network layer level

Real time exposure calculation

Monitoring Mitigation options

considered WISER team limited support

Detailed business and IT infrastructure data required

Possibility to implement Client’s models

Possibility to perform cost/benefit analysis on the base of Client’s indications

Sensors installation at the application layer level

RequiredInteraction

Real time exposure calculation Monitoring Mitigation cost benefit

calculations WISER team full involvement

Complexity of WISER Operating Model



Non-intrusive mode No need to install anything on the client´s infrastructureOffers a very early assessment of the situation of the client´s IT infrastructure with respect to cyber riskThe client fills a short questionnaire, and basing on the answers, a first evaluation is done by means of a simple algorithm

No need to register

Optionally, the client can run a vulnerability scanner against the IT infrastructure in a not intrusive way

This needs registration

Quick feedbackReport easy to understand and aimed especially at top managersMain areas of improvement are highlightedNo need for external assistance and minimum time investment



Incorporates real-time monitoringSensors are deployed on the target infrastructureSensors only gather information belonging to the network layerEnhanced vulnerability scan featureMore detailed and specific questionnaires to gather configuration informationModelling techniques incorporated to assess the cyber riskMitigation measures suggested along with the cyber risk assessmentIt incorporates a tool to evaluate the societal impact of the cyber risk faced by the companyComplete dashboard to show the resultsLimited consulting service offered by WISER Service provider



Most complex and advanced CyberWISER serviceSensors scope is expanded and application layer information is also gatheredMore detailed configuration questionnaires to be answered by the clientLarger quantity and variety of data available for analysisPossibility of putting in place customized sensors adapted to client´s infrastructure peculiaritiesPossibility of integrating sensors brought by the clientMitigation measures suggestion is supplemented with a cost-benefit analysis in order to prioritize which measure actually applyComplete dashboard to show the resultsFurther involvement of CyberWISER consultants

Outline





Conclusions


Innovation elements brought in by WISER

It is not simply about monitoring cyber incidents, it is about assessing the risks present within a companyThe risk assessment considers the potential damage to the ICT infrastructure and the damage to the business of the company, including various aspects, such as reputational implications – a multi-level assessmentThis risk evaluation evolves with the rapid dynamics that are inherent with the cyber “climate”This evaluation is performed by means of a novel methodology, to be elaborated in the projectModelling cyber risk, using patternsDefinition of mitigation measures according to the threats and attacks and ranking based on different criteriaUltimate goal: Make cyber risk assessment affordable, especially to SMEs

Going beyond the state of art


Innovative capabilities and featuresCyber risk assessment follow-upMonitoring: events and alarms detection and follow-upTesting: vulnerabilities scanning and follow-upModellingDecision Support

The WISER framework delivers capabilities that are unparalleled with respect to current offering. SMEs are enticed by means of “freemium” services

(i.e. the “CyberWISER-Light”)

Basic and detailed visualization of reportsGraphic dashboard with analytical featuresConfigurable alertsPeriodical execution of vulnerability scansBasic and detailed information of vulnerabilities foundAssistance to derive model rules from risk modelsAssistance to decide the most suitable risk model according to the business and ICT profile of the companyCost-benefit analysis of mitigation measuresQuality Criteria Assessment of risks


What next?

Start using CyberWISER Light today Register on www.cyberwiser.eu Take the questionnaire & download your personalised report. Take the vulnerability test to identify threats.Get the final full report.Take action to make cyber security part of your business processes

Need tech support or advice?Contact us at [email protected]

Want to get involved?Contact us at [email protected]

Start your cybersecurity journey today with CyberWISER Light51© WISER 2016 www.cyberwiser.eu - @cyberwiser

Join our community and stay up to date with new WISER releases:

@cyberwiser www.linkedin.com/in/cyber-wiser


mailto:[email protected]

mailto:[email protected]

https://twitter.com/cyberwiser



https://www.linkedin.com/in/cyber-wiser-04b382113

References


http://www.internetworldstats.com/stats.htmhttp://www.infodocket.com/2013/05/30/cisco-releases-latest-internet-usage-and-data-forecast-nearly-half-the-worlds-population-will-be-connected-to-the-internet-by-2017/http://www2.deloitte.com/us/en/pages/consumer-business/articles/navigating-the-new-digital-divide-retail.html?id=us:2el:3dp:diginf15:awa:retail:051315:ddhttp://www.smartinsights.com/mobile-marketing/mobile-marketing-analytics/mobile-marketing-statistics/http://www.statista.com/topics/779/mobile-internet/http://www.convinceandconvert.com/mobile/7-mobile-marketing-stats-that-will-blow-your-mind/http://www.internetlivestats.com/total-number-of-websites/http://www.speedawarenessmonth.com/slow-websites-cost-the-us-ecommerce-market-504-billion-in-2011/https://econsultancy.com/blog/10936-site-speed-case-studies-tips-and-tools-for-improving-your-conversion-rate/https://econsultancy.com/blog/66224-11-staggering-stats-from-around-the-digital-world/http://research.domaintools.com/statistics/tld-counts/http://w3techs.com/technologies/overview/top_level_domain/allhttps://en.wikipedia.org/wiki/List_of_most_expensive_domain_nameshttp://www.internetlivestats.com/http://www.statista.com/statistics/261245/b2c-e-commerce-sales-worldwide/http://www.statista.com/markets/413/e-commerce/http://www.remarkety.com/global-ecommerce-sales-trends-and-statistics-2015https://en.wikipedia.org/wiki/List_of_Internet_top-level_domainshttp://www3.weforum.org/docs/GRR/WEF_GRR16.pdfhttps://www.mushroomnetworks.com/blog/2015/12/03/is-your-business-internet-dependent-15-businesses-that-need-reliable-internet/https://www.statista.com/statistics/261245/b2c-e-commerce-sales-worldwide/http://www.forbes.com/sites/stevemorgan/2015/10/16/the-business-of-cybersecurity-2015-market-size-cyber-crime-employment-and-industry-statistics/2/#c3a6df84e683https://www.statista.com/statistics/290525/cyber-crime-biggest-online-data-breaches-worldwide/http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime2.pdfhttp://fortune.com/2015/01/23/cyber-attack-insurance-lloyds/UK Federation of Small Businesses: Cyber Resilience: How To Protect Small Firms In The Digital Economy (June 2016) Profiling the Cyber criminal, University of Oxford, https://www.sbs.ox.ac.uk/cybersecurity-capacity/content/profiling-cybercriminal

http://www.internetworldstats.com/stats.htm

http://www.internetworldstats.com/stats.htm

http://www.infodocket.com/2013/05/30/cisco-releases-latest-internet-usage-and-data-forecast-nearly-half-the-worlds-population-will-be-connected-to-the-internet-by-2017/

http://www2.deloitte.com/us/en/pages/consumer-business/articles/navigating-the-new-digital-divide-retail.html?id=us:2el:3dp:diginf15:awa:retail:051315:dd

http://www.smartinsights.com/mobile-marketing/mobile-marketing-analytics/mobile-marketing-statistics/

http://www.statista.com/topics/779/mobile-internet/

http://www.convinceandconvert.com/mobile/7-mobile-marketing-stats-that-will-blow-your-mind/

http://www.internetlivestats.com/total-number-of-websites/

http://www.speedawarenessmonth.com/slow-websites-cost-the-us-ecommerce-market-504-billion-in-2011/

https://econsultancy.com/blog/10936-site-speed-case-studies-tips-and-tools-for-improving-your-conversion-rate/

https://econsultancy.com/blog/66224-11-staggering-stats-from-around-the-digital-world/

http://research.domaintools.com/statistics/tld-counts/

http://w3techs.com/technologies/overview/top_level_domain/all

https://en.wikipedia.org/wiki/List_of_most_expensive_domain_names

http://www.internetlivestats.com/

http://www.statista.com/statistics/261245/b2c-e-commerce-sales-worldwide/

http://www.statista.com/markets/413/e-commerce/

http://www.remarkety.com/global-ecommerce-sales-trends-and-statistics-2015

https://en.wikipedia.org/wiki/List_of_Internet_top-level_domains

https://en.wikipedia.org/wiki/List_of_Internet_top-level_domains

http://www3.weforum.org/docs/GRR/WEF_GRR16.pdf

http://www3.weforum.org/docs/GRR/WEF_GRR16.pdf



https://www.statista.com/statistics/261245/b2c-e-commerce-sales-worldwide/

https://www.statista.com/statistics/261245/b2c-e-commerce-sales-worldwide/

http://www.forbes.com/sites/stevemorgan/2015/10/16/the-business-of-cybersecurity-2015-market-size-cyber-crime-employment-and-industry-statistics/2/#c3a6df84e683

http://www.forbes.com/sites/stevemorgan/2015/10/16/the-business-of-cybersecurity-2015-market-size-cyber-crime-employment-and-industry-statistics/2/#c3a6df84e683

https://www.statista.com/statistics/290525/cyber-crime-biggest-online-data-breaches-worldwide/

https://www.statista.com/statistics/290525/cyber-crime-biggest-online-data-breaches-worldwide/





www.cyberwiser.eu @cyberwiser

Thank you for your attentions! Questions?

ContactAntonio Álvarez RomeroAtos [email protected]


Tackling today's cyber security challenges - WISER Services & Solutions

Internet

Transcript of Tackling today's cyber security challenges - WISER Services & Solutions