DSS @SFK International Conference - March 2014 - Quantifying Business Value of Information Security

822 views
702 views

Published on

DSS delivered overall presentation about cyber security threats in today's fast developing world of digital technology.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
822
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
3
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

DSS @SFK International Conference - March 2014 - Quantifying Business Value of Information Security

  1. 1. Quantifying Business Value of Information Security Andris Soroka 21st of March, 2014 Riga, Latvia
  2. 2. We have something to share…
  3. 3. We have something to share…
  4. 4. About speaker
  5. 5. “Data Security Solutions” business card Specialization – IT Security IT Security services (consulting, audit, pen-testing, market analysis, system testing and integration, training and technical support) Solutions and experience portfolio with more than 20 different technologies – cyber-security global market leaders from more than 10 countries Trusted services provider for banks, insurance companies, government and private companies (critical infrastructure etc.)
  6. 6. Role of DSS in Cyber-security Development in Baltics Cyber-Security Awareness Raising Technology and knowledge transfer Most Innovative Portfolio Trusted Advisor to its Customers
  7. 7. Cybersecurity Awareness Raising Own organized conference “DSS ITSEC” 5th annual event this year More than 400 visitors and more than 250 online live streaming watchers from LV, EE, LT 4 parallel sessions with more than 40 international speakers, including Microsoft, Oracle, Symantec, IBM, Samsung and many more – everything free of charge Participation in other events & sponsorship CERT & ISACA conferences RIGA COMM exhibition & conferences Roadshows and events in Latvia / Lithuania / Estonia (f.i. Vilnius Innovation Forum, Devcon, ITSEC HeadLight, SFK, business associations) Participation in cyber security discussions, strategy preparations, seminaries, publications etc.
  8. 8. Innovations – technology & knowledge transfer Innovative Technology Transfer Number of unique projects done with different technology global leadership vendors Knowledge transfer (own employees, customers – both from private & public, other IT companies) Areas include: Endpoint Security Network Security Security Management Application Security Mobile Security Data Security Cyber-security Security Intelligence
  9. 9. Our portfolio is most innovative in Baltics!
  10. 10. Some just basic ideas
  11. 11. AGENDA – IT Security basics in 20 min Introduction of DSS and speaker Prologue: Digital World 2014 The Saga begins – Cyber Criminals Introduction & business card Business behind Examples The Story Continues – Targets of Cyber Criminals Individuals Business Owners Government Value of Information Security for business Risk management Technology Conclusion Q&A (if time allows)
  12. 12. Prologue: The Digital World 2014 - future
  13. 13. Prologue: Some new technologies 3D Printers Google Glasses (“glassh**es) Cloud Computing Big Data & Supercomputers Mobile Payment & Virtual Money Robotics and Intraday Deliveries Internet of things Augmented Reality Extreme development of Aps Digital prototyping Gadgets (devices) & Mobility Technology replace jobs Geo-location power Biometrics Health bands and mHealth Electronic cars Avegant Glymph and much, much more
  14. 14. Prologue: Mobility & Gadgets
  15. 15. Digital Agenda for European Union
  16. 16. New EU Data Protection reform (March’14)
  17. 17. New EU Data Protection reform (March’14) The same rules for all companies – regardless of their establishment: Today European companies have to adhere to stricter standards than their competitors established outside the EU but also doing business on our Single Market. With the reform, companies based outside of Europe will have to apply the same rules. European regulators will be equipped with strong powers to enforce this: data protection authorities will be able to fine companies who do not comply with EU rules with up to 2% of their global annual turnover. European companies with strong procedures for protecting personal data will have a competitive advantage on a global scale at a time when the issue is becoming increasingly sensitive. Source: http://europa.eu/rapid/press-release_MEMO-14-186_en.htm
  18. 18. The Sage Continues: Cybercriminals
  19. 19. True or fake? In fact this isn’t funny...
  20. 20. Best «success story» describing hackers..
  21. 21. No changes in that perspective
  22. 22. Disaster in software world - NSA
  23. 23. Disaster in technology world - NSA Governments write malware and exploits (USA started, others follow..) Cyber espionage Sabotage Infecting own citizens Surveillance Known NSA “partners” Microsoft (incl. Skype) Apple Adobe Facebook Google Many, many others Internet is changing!!! Questions, questions, questions! USA thinks that internet is their creation and foreign users should think of USA as their masters…
  24. 24. Disaster in software world - NSA
  25. 25. Bright future of the internet way ahead.. 1995 – 2005 1st Decade of the Commercial Internet 2005 – 2015 2nd Decade of the Commercial InternetMotive Script-kiddies or hackers Insiders Organized crime Competitors, hacktivists National Security Infrastructure Attack Espionage Political Activism Monetary Gain Revenge Curiosity
  26. 26. Global statistics
  27. 27. Mobility & Security...
  28. 28. Mobility and Security (cont.) McAfee 2013 Q1 Threats Report Federal Reserve Survey March 2013 Mobile Malware Explodes Mobile banking adoption rising End users fall victim to mobile attacks
  29. 29. Mobile Malware increases all the time..
  30. 30. Some examples of incidents (DDoS)
  31. 31. Cyberwars going on!
  32. 32. Examples: Whistleblowers should be careful Source: Juris Pūce, Analytica IT Security
  33. 33. Examples: Hacker is watching / listening
  34. 34. Examples (continued)
  35. 35. Examples (continued)
  36. 36. Google maps helped hacked incercept calls..
  37. 37. Examples: Advanced Persistent Threat
  38. 38. The Sage: Simplicity
  39. 39. Some examples of incidents
  40. 40. Hacking business services... Current prices on the Russian underground market: Hackingcorporatemailbox: $500 Winlockerransomware: $10-$20 Unintelligentexploitbundle: $25 Intelligentexploitbundle: $10-$3,000 Basiccrypter(forinsertingroguecodeintobenignfile): $10-$30 SOCKSbot(togetaroundfirewalls): $100 Hiringa DDoSattack: $30-$70/day,$1,200/month Botnet: $200for2,000bots DDoSBotnet: $700 ZeuSsourcecode: $200-$250 Windowsrootkit(forinstallingmaliciousdrivers): $292 HackingFacebookorTwitteraccount: $130 HackingGmailaccount: $162 Emailspam: $10per onemillionemails Emailscam(usingcustomerdatabase): $50-$500peronemillionemails
  41. 41. Weakest link is always the most important Source: IBM X-Force annual report 2013
  42. 42. Lets summarize The Saga told
  43. 43. The Sage Continues: Targets National Security Nation-state actors Stuxnet Espionage, Activism Competitors and Hacktivists Aurora Monetary Gain Organized crime Zeus Revenge, Curiosity Insiders and Script-kiddies Code Red
  44. 44. Think security first Source: Brian Crebs IT security blog
  45. 45. Why hackers might want to “contact” You? Business Commercial espionage (financial, business and personal data) An attack can stop the business, services (competition) You are spam target Your home page could be damaged They can control and monitor you They can change data in systems Home page cross-scripting Private person You have the infrastructure for tests of new viruses and robots You have server where to store illegal stuff (programs, files etc.) They can do criminal activities using your computer WiFi – they can just borrow the internet You have the information which could be sold in black market The results of damage Financial (costs, data, market, value) Reputation (customer, partner, HR) Development and competitiveness
  46. 46. Conclusion: The Saga will continue anyway For many companies security is like salt, people just sprinkle it on top.
  47. 47. Smart ones act smart way – risk mgmt.
  48. 48. Think security first & Where are You here? Organizations Need an Intelligent View of Their Security Posture Proactive AutomatedManual Reactive Optimized Organizations use predictive and automated security analytics to drive toward security intelligence Proficient Security is layered into the IT fabric and business operations Basic Organizations employ perimeter protection, which regulates access and feeds manual reporting
  49. 49. New game, new rules.. Productivity Security
  50. 50. Challenge for business ahead.. DROŠĪBAS PASĀKUMI Costs Security costs Optimum? Remaining part of risk Security actions Risks New optimum? Source: Māris Gabaliņš, The Art Of The Systems
  51. 51. Take-Away as conclusion Security Maturity Develop a Risk-aware Security Strategy 49% of C level executives have no measure of the effectiveness of their security efforts 31% of IT professionals have no risk strategy 2012 Forrester Research Study, 2013 Global Reputational Risk & IT Study, IBM
  52. 52. Costs for business from cybercrime
  53. 53. Return of Investment
  54. 54. “DSS” is here for You! Just ask for… Si vis pacem, para bellum. (Lat.)
  55. 55. Think security first www.dss.lv andris@dss.lv +371 29162784
  56. 56. Think security first

×