DSS @ Digital ERA 2014 - Security in the digital world
Upcoming SlideShare
Loading in...5
×
 

DSS @ Digital ERA 2014 - Security in the digital world

on

  • 355 views

2012, 2013, 2014, IT security, ITSEC, infosec, Latvia, Lithuania, Estonia, Compliance, data, protection, network, governance, identity, cloud, virtualization, antivirus, firewall, device control, ...

2012, 2013, 2014, IT security, ITSEC, infosec, Latvia, Lithuania, Estonia, Compliance, data, protection, network, governance, identity, cloud, virtualization, antivirus, firewall, device control, application control, SIEM, security event and information management, log, risk, encryption, IPS, IDS, DdoS, DOS, IBM, Forescout, Lumension, McAfee, Symantec, Sophos, Q1 Labs, Radware, WAF, vulnerability, hacker, Avecto, Balabit, Checkpoint, Varonis, Guardium, Appscan, DLP, data leak protection, Mobile, MDM, MAM, MobileIron, Centrify, Cyberoam, HP, PCI DSS, Cobit, ITIL, SOX, BASEL, anomaly detection, prevention, cert, enisa, observeIT, microsoft, oracle, samsung, accelliion, ipoque, DPA, ExtremeNetworks, Cadence, Opticom, Datakom, VARAM, The Baltic States, Baltics, IBM, Security intelligence, Qradar, Guardium, MioSoft, BeyondTrust, Retina, Critical infrastructure, ISACA

Statistics

Views

Total Views
355
Views on SlideShare
340
Embed Views
15

Actions

Likes
1
Downloads
22
Comments
0

4 Embeds 15

http://mangastorytelling.tistory.com 10
http://www.hanrss.com 2
http://www.slideee.com 2
https://twitter.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

DSS @ Digital ERA 2014 - Security in the digital world DSS @ Digital ERA 2014 - Security in the digital world Presentation Transcript

  • Data protection in digital era Andris Soroka 7th of April, 2014 Riga, Latvia
  • The Saga Begins – Scared vs. Informed
  • About speaker
  • “Data Security Solutions” business card Specialization – IT Security IT Security services (consulting, audit, pen-testing, market analysis, system testing and integration, training and technical support) Solutions and experience portfolio with more than 20 different technologies – cyber-security global market leaders from more than 10 countries Trusted services provider for banks, insurance companies, government and private companies (critical infrastructure etc.)
  • Role of DSS in Cyber-security Development in Baltics Cyber-Security Awareness Raising Technology and knowledge transfer Most Innovative Portfolio Trusted Advisor to its Customers
  • Cybersecurity Awareness Raising Own organized conference “DSS ITSEC” 5th annual event this year More than 400 visitors + more than 250 online live streaming watchers from LV, EE, LT 4 parallel sessions with more than 40 international speakers, including Microsoft, Oracle, Symantec, IBM, Samsung and many more – everything free of charge Participation in other events & sponsorship CERT & ISACA conferences & events RIGA COMM, HeadLight, IBM Pulse Las vegas Roadshows and events in Latvia / Lithuania / Estonia (f.i. Vilnius Innovation Forum, Devcon, ITSEC HeadLight, SFK, business associations) Participation in cyber security discussions, strategy preparations, seminaries, publications etc.
  • Innovations – technology & knowledge transfer Innovative Technology Transfer Number of unique projects done with different technology global leadership vendors Knowledge transfer (own employees, customers – both from private & public, other IT companies in LV, EE, LT) Specialization areas include: Endpoint Security Network Security Security Management Application Security Mobile Security Data Security Cyber-security Security Intelligence
  • Some just basic ideas
  • AGENDA – IT Security basics in ~ 40 mins Introduction of DSS and speaker Prologue: Digital World 2014 The Saga begins – Cyber Criminals Introduction & business card Business behind Examples The Story Continues – Targets of Cyber Criminals Individuals Business Owners Government Value of Information Security for business Risk management Technology Conclusion Q&A (if time allows)
  • Prologue: The Digital World 2014 & future
  • Prologue: Some new technologies 3D Printers Google Glasses (“glassh**es) Cloud Computing Big Data & Supercomputers Mobile Payment & Virtual Money Robotics and Intraday Deliveries Internet of things Augmented Reality Extreme development of Aps Digital prototyping Gadgets (devices) & Mobility Technology replaced jobs (automation) Geo-location power Biometrics Health bands and mHealth Electronic cars Avegant Glymph and much, much more
  • Prologue: Mobility & Gadgets Multi-OS
  • Millions of mobile applications
  • Digital Agenda for European Union
  • Personal data concerns of EU digital agenda
  • The Sage Continues: Cybercriminals
  • Weakest link is always the most important Source: IBM X-Force annual report 2013
  • True or fake? In fact this isn’t funny...
  • Best «success story» describing hackers..
  • No changes in that perspective
  • Privacy is gone?
  • Disaster in software world - NSA
  • Disaster in technology world - NSA Governments write malware and exploits (USA started, others follow..) Cyber espionage Sabotage Cyber wars Infecting own citizens Surveillance Known NSA “partners” Microsoft (incl. Skype) Apple Adobe Facebook Google Many, many others Internet is changing!!! USA thinks that internet is their creation and foreign users should think of USA as their masters…
  • Disaster in software world - NSA
  • Privacy is gone?
  • War on privacy is still on! At least in EU! ICO fines Midlothian Council £140K for data breaches Monday 30 January 2012 09:58
  • Advertisement break
  • Bright future of the internet way ahead.. 1995 – 2005 1st Decade of the Commercial Internet 2005 – 2015 2nd Decade of the Commercial InternetMotive Script-kiddies or hackers Insiders Organized crime Competitors, hacktivists National Security Infrastructure Attack Espionage Political Activism Monetary Gain Revenge Curiosity
  • Many countries are in the game now…
  • Many countries are in the game now…
  • Many countries are in the game now…
  • Global statistics
  • Examples: Hackers searching tool
  • Mobility & Security...
  • Mobility and Security (cont.) McAfee 2013 Q1 Threats Report Federal Reserve Survey March 2013 Mobile Malware Explodes Mobile banking adoption rising End users fall victim to mobile attacks
  • Some examples of incidents (DDoS)
  • Cyberwars going on!
  • Examples: Hackers searching tool
  • Examples: Hackers searching tool
  • Examples (continued)
  • Examples: Whistleblowers should be careful Source: Juris Pūce, Analytica IT Security
  • Examples (continued)
  • Examples: Hacker is watching / listening
  • Google maps helped hacked incercept calls..
  • The Sage: Simplicity
  • Some examples of incidents
  • Hacking business services... Current prices on the Russian underground market: Hackingcorporatemailbox: $500 Winlockerransomware: $10-$20 Unintelligentexploitbundle: $25 Intelligentexploitbundle: $10-$3,000 Basiccrypter(forinsertingroguecodeintobenignfile): $10-$30 SOCKSbot(togetaroundfirewalls): $100 Hiringa DDoSattack: $30-$70/day,$1,200/month Botnet: $200for2,000bots DDoSBotnet: $700 ZeuSsourcecode: $200-$250 Windowsrootkit(forinstallingmaliciousdrivers): $292 HackingFacebookorTwitteraccount: $130 HackingGmailaccount: $162 Emailspam: $10per onemillionemails Emailscam(usingcustomerdatabase): $50-$500per onemillionemails
  • Examples: Advanced Persistent Threat
  • Lets summarize The Saga told
  • The value of a hacked computer… Source: Brian Crebs IT security blog
  • Why hackers might want to “contact” You? Business Commercial espionage (financial, business and personal data) An attack can stop the business, services (competition) You are spam target Your home page could be damaged They can control and monitor you They can change data in systems Home page cross-scripting Private person You have the infrastructure for tests of new viruses and robots You have server where to store illegal stuff (programs, files etc.) They can do criminal (or any) activities using your computer WiFi – they can just borrow the internet You have the information which could be sold in black market “The results” of damage Financial loss (costs, data, market, value) Reputation (customer, partner, HR) Development and competitiveness loss
  • Conclusion: The Saga will continue anyway
  • Conclusion: The Saga will continue anyway For many companies security is like salt, people just sprinkle it on top.
  • Smart ones act smart way – risk mgmt.
  • Think security first & Where are You here? Organizations Need an Intelligent View of Their Security Posture Proactive AutomatedManual Reactive Optimized Organizations use predictive and automated security analytics to drive toward security intelligence Proficient Security is layered into the IT fabric and business operations Basic Organizations employ perimeter protection, which regulates access and feeds manual reporting
  • New game, new rules.. Productivity Security
  • Challenge for business ahead.. DROŠĪBAS PASĀKUMI Costs Security costs Optimum? Remaining part of risk Security actions Risks New optimum? Source: Māris Gabaliņš, The Art Of The Systems
  • Take-Away as conclusion Security Maturity Develop a Risk-aware Security Strategy 49% of C level executives have no measure of the effectiveness of their security efforts 31% of IT professionals have no risk strategy 2012 Forrester Research Study, 2013 Global Reputational Risk & IT Study, IBM
  • Costs for business from cybercrime
  • Return of Investment
  • “DSS” is here for You! Just ask for… Si vis pacem, para bellum. (Lat.)
  • Remedy against the poison
  • Some just basic ideas Policy and real time control Of devices and applications Of people and IT stuff Of data leak protection Of internet usage Of any access Of employees training Of…. Encryption of data.. Mobile phones Voice calls and text messages eMails Computers and devices Data bases …
  • Some just basic ideas Multifaceted strategy is required Layers of controls (tech and non-tech) Awareness / Prevention Educate workforce (social engineering+) Segmentation What if intrusion happen? (modeling) Critical assets definition & action plan Roles, responsibilities, access rules Risk analysis Business continuity Continuous real time monitoring, identification and disruption All data, all users, all systems Anomaly detection and analysis Intelligence
  • Prologue of prologue…
  • Think security first www.dss.lv andris@dss.lv +371 29162784
  • Think security first