DSS @ Digital ERA 2014 - Security in the digital world

726 views
612 views

Published on

2012, 2013, 2014, IT security, ITSEC, infosec, Latvia, Lithuania, Estonia, Compliance, data, protection, network, governance, identity, cloud, virtualization, antivirus, firewall, device control, application control, SIEM, security event and information management, log, risk, encryption, IPS, IDS, DdoS, DOS, IBM, Forescout, Lumension, McAfee, Symantec, Sophos, Q1 Labs, Radware, WAF, vulnerability, hacker, Avecto, Balabit, Checkpoint, Varonis, Guardium, Appscan, DLP, data leak protection, Mobile, MDM, MAM, MobileIron, Centrify, Cyberoam, HP, PCI DSS, Cobit, ITIL, SOX, BASEL, anomaly detection, prevention, cert, enisa, observeIT, microsoft, oracle, samsung, accelliion, ipoque, DPA, ExtremeNetworks, Cadence, Opticom, Datakom, VARAM, The Baltic States, Baltics, IBM, Security intelligence, Qradar, Guardium, MioSoft, BeyondTrust, Retina, Critical infrastructure, ISACA

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
726
On SlideShare
0
From Embeds
0
Number of Embeds
26
Actions
Shares
0
Downloads
37
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

DSS @ Digital ERA 2014 - Security in the digital world

  1. 1. Data protection in digital era Andris Soroka 7th of April, 2014 Riga, Latvia
  2. 2. The Saga Begins – Scared vs. Informed
  3. 3. About speaker
  4. 4. “Data Security Solutions” business card Specialization – IT Security IT Security services (consulting, audit, pen-testing, market analysis, system testing and integration, training and technical support) Solutions and experience portfolio with more than 20 different technologies – cyber-security global market leaders from more than 10 countries Trusted services provider for banks, insurance companies, government and private companies (critical infrastructure etc.)
  5. 5. Role of DSS in Cyber-security Development in Baltics Cyber-Security Awareness Raising Technology and knowledge transfer Most Innovative Portfolio Trusted Advisor to its Customers
  6. 6. Cybersecurity Awareness Raising Own organized conference “DSS ITSEC” 5th annual event this year More than 400 visitors + more than 250 online live streaming watchers from LV, EE, LT 4 parallel sessions with more than 40 international speakers, including Microsoft, Oracle, Symantec, IBM, Samsung and many more – everything free of charge Participation in other events & sponsorship CERT & ISACA conferences & events RIGA COMM, HeadLight, IBM Pulse Las vegas Roadshows and events in Latvia / Lithuania / Estonia (f.i. Vilnius Innovation Forum, Devcon, ITSEC HeadLight, SFK, business associations) Participation in cyber security discussions, strategy preparations, seminaries, publications etc.
  7. 7. Innovations – technology & knowledge transfer Innovative Technology Transfer Number of unique projects done with different technology global leadership vendors Knowledge transfer (own employees, customers – both from private & public, other IT companies in LV, EE, LT) Specialization areas include: Endpoint Security Network Security Security Management Application Security Mobile Security Data Security Cyber-security Security Intelligence
  8. 8. Some just basic ideas
  9. 9. AGENDA – IT Security basics in ~ 40 mins Introduction of DSS and speaker Prologue: Digital World 2014 The Saga begins – Cyber Criminals Introduction & business card Business behind Examples The Story Continues – Targets of Cyber Criminals Individuals Business Owners Government Value of Information Security for business Risk management Technology Conclusion Q&A (if time allows)
  10. 10. Prologue: The Digital World 2014 & future
  11. 11. Prologue: Some new technologies 3D Printers Google Glasses (“glassh**es) Cloud Computing Big Data & Supercomputers Mobile Payment & Virtual Money Robotics and Intraday Deliveries Internet of things Augmented Reality Extreme development of Aps Digital prototyping Gadgets (devices) & Mobility Technology replaced jobs (automation) Geo-location power Biometrics Health bands and mHealth Electronic cars Avegant Glymph and much, much more
  12. 12. Prologue: Mobility & Gadgets Multi-OS
  13. 13. Millions of mobile applications
  14. 14. Digital Agenda for European Union
  15. 15. Personal data concerns of EU digital agenda
  16. 16. The Sage Continues: Cybercriminals
  17. 17. Weakest link is always the most important Source: IBM X-Force annual report 2013
  18. 18. True or fake? In fact this isn’t funny...
  19. 19. Best «success story» describing hackers..
  20. 20. No changes in that perspective
  21. 21. Privacy is gone?
  22. 22. Disaster in software world - NSA
  23. 23. Disaster in technology world - NSA Governments write malware and exploits (USA started, others follow..) Cyber espionage Sabotage Cyber wars Infecting own citizens Surveillance Known NSA “partners” Microsoft (incl. Skype) Apple Adobe Facebook Google Many, many others Internet is changing!!! USA thinks that internet is their creation and foreign users should think of USA as their masters…
  24. 24. Disaster in software world - NSA
  25. 25. Privacy is gone?
  26. 26. War on privacy is still on! At least in EU! ICO fines Midlothian Council £140K for data breaches Monday 30 January 2012 09:58
  27. 27. Advertisement break
  28. 28. Bright future of the internet way ahead.. 1995 – 2005 1st Decade of the Commercial Internet 2005 – 2015 2nd Decade of the Commercial InternetMotive Script-kiddies or hackers Insiders Organized crime Competitors, hacktivists National Security Infrastructure Attack Espionage Political Activism Monetary Gain Revenge Curiosity
  29. 29. Many countries are in the game now…
  30. 30. Many countries are in the game now…
  31. 31. Many countries are in the game now…
  32. 32. Global statistics
  33. 33. Examples: Hackers searching tool
  34. 34. Mobility & Security...
  35. 35. Mobility and Security (cont.) McAfee 2013 Q1 Threats Report Federal Reserve Survey March 2013 Mobile Malware Explodes Mobile banking adoption rising End users fall victim to mobile attacks
  36. 36. Some examples of incidents (DDoS)
  37. 37. Cyberwars going on!
  38. 38. Examples: Hackers searching tool
  39. 39. Examples: Hackers searching tool
  40. 40. Examples (continued)
  41. 41. Examples: Whistleblowers should be careful Source: Juris Pūce, Analytica IT Security
  42. 42. Examples (continued)
  43. 43. Examples: Hacker is watching / listening
  44. 44. Google maps helped hacked incercept calls..
  45. 45. The Sage: Simplicity
  46. 46. Some examples of incidents
  47. 47. Hacking business services... Current prices on the Russian underground market: Hackingcorporatemailbox: $500 Winlockerransomware: $10-$20 Unintelligentexploitbundle: $25 Intelligentexploitbundle: $10-$3,000 Basiccrypter(forinsertingroguecodeintobenignfile): $10-$30 SOCKSbot(togetaroundfirewalls): $100 Hiringa DDoSattack: $30-$70/day,$1,200/month Botnet: $200for2,000bots DDoSBotnet: $700 ZeuSsourcecode: $200-$250 Windowsrootkit(forinstallingmaliciousdrivers): $292 HackingFacebookorTwitteraccount: $130 HackingGmailaccount: $162 Emailspam: $10per onemillionemails Emailscam(usingcustomerdatabase): $50-$500per onemillionemails
  48. 48. Examples: Advanced Persistent Threat
  49. 49. Lets summarize The Saga told
  50. 50. The value of a hacked computer… Source: Brian Crebs IT security blog
  51. 51. Why hackers might want to “contact” You? Business Commercial espionage (financial, business and personal data) An attack can stop the business, services (competition) You are spam target Your home page could be damaged They can control and monitor you They can change data in systems Home page cross-scripting Private person You have the infrastructure for tests of new viruses and robots You have server where to store illegal stuff (programs, files etc.) They can do criminal (or any) activities using your computer WiFi – they can just borrow the internet You have the information which could be sold in black market “The results” of damage Financial loss (costs, data, market, value) Reputation (customer, partner, HR) Development and competitiveness loss
  52. 52. Conclusion: The Saga will continue anyway
  53. 53. Conclusion: The Saga will continue anyway For many companies security is like salt, people just sprinkle it on top.
  54. 54. Smart ones act smart way – risk mgmt.
  55. 55. Think security first & Where are You here? Organizations Need an Intelligent View of Their Security Posture Proactive AutomatedManual Reactive Optimized Organizations use predictive and automated security analytics to drive toward security intelligence Proficient Security is layered into the IT fabric and business operations Basic Organizations employ perimeter protection, which regulates access and feeds manual reporting
  56. 56. New game, new rules.. Productivity Security
  57. 57. Challenge for business ahead.. DROŠĪBAS PASĀKUMI Costs Security costs Optimum? Remaining part of risk Security actions Risks New optimum? Source: Māris Gabaliņš, The Art Of The Systems
  58. 58. Take-Away as conclusion Security Maturity Develop a Risk-aware Security Strategy 49% of C level executives have no measure of the effectiveness of their security efforts 31% of IT professionals have no risk strategy 2012 Forrester Research Study, 2013 Global Reputational Risk & IT Study, IBM
  59. 59. Costs for business from cybercrime
  60. 60. Return of Investment
  61. 61. “DSS” is here for You! Just ask for… Si vis pacem, para bellum. (Lat.)
  62. 62. Remedy against the poison
  63. 63. Some just basic ideas Policy and real time control Of devices and applications Of people and IT stuff Of data leak protection Of internet usage Of any access Of employees training Of…. Encryption of data.. Mobile phones Voice calls and text messages eMails Computers and devices Data bases …
  64. 64. Some just basic ideas Multifaceted strategy is required Layers of controls (tech and non-tech) Awareness / Prevention Educate workforce (social engineering+) Segmentation What if intrusion happen? (modeling) Critical assets definition & action plan Roles, responsibilities, access rules Risk analysis Business continuity Continuous real time monitoring, identification and disruption All data, all users, all systems Anomaly detection and analysis Intelligence
  65. 65. Prologue of prologue…
  66. 66. Think security first www.dss.lv andris@dss.lv +371 29162784
  67. 67. Think security first

×