IT security focused on protecting systems, while cybersecurity is a paradigm shift that recognizes threats can come from anywhere on the internet. The cybersecurity kill chain describes the steps hackers use, from initial reconnaissance to maintaining access. While some see cyber threats as a myth, over 110 million Americans had personal data exposed in the past year, and advanced persistent threats from nation-states pose serious risks. To counter attacks, organizations should develop new approaches through education and creativity, rather than relying on fear, and aim to make security practices inherently more secure.
Cyber security the cybersecurity kill chan - myth or threat
1.
2. Today’s Menu
Few words on background
And of course… a disclaimer!
Moving from IT Security to Cybersecurity
Is it just a “wording” change?
The Cybersecurity Kill Chain
What’s this?
So… Threat or Myth?
Obvious answer?
If threats there are…what are the scariest ones?
Trends / Tendencies?!?!... Not really!
To counter-attack you have to think like…
You already know the answer! Or maybe…
4. I express my own opinion as a Cybersecurity expert!
&
My legal department did not review my slides!
&
Yes, I know “a bit” about Cybersecurity!
but
I learn everyday so please… give me inputs!
14. “About 110 million Americans
— equivalent to about 50% of
U.S. adults — have had their
personal data exposed in
some form in the past year”
Tim Pawlenty, president of the Financial Services Roundtable
and the former governor of Minnesota.
15. The Truth is out there!
But it’s bigger than you think…
19. Fear as a tool
is going blunt rapidly
Think once, act many
Create practices inherently more secure
20. Have your people win the game
Education,
gamification,
out-of-the-box creativity
Editor's Notes
Hackers inside… hackers outside… what should we do…
Teaching Cybersecurity is also a fundamental issue…
Did it work Results in 2016...
Geekland, Challenges, Whitehats V.S. Blackhats.
Security world was quite “simple”…challenging the traditional IT world with STANDARD tools and CONVENTIONAL weapons.
No more challenges Business first!
Hackers moved from the Whitehats V.S. Blackhats fights to a “next-generation” cybermob style.
Money is driving but we are currently seeing a drastic change into the threat landscape:
Ransomeware and Cryptolockers
Zero-Day black-market
Contract-based attacks
State-sponsored attacks
IoT Security
Etc.
From a pure evolution perspective, Security is just going through its own digital transformation
You have to classify your incidents… You have to align with risks
And so many others… waiting for so many more…
Real threats = targeted attacks and state-sponsored attack.
Cloud for sure! Already happened.
Car hacking is already there.
Nuclear plant???
Challenges are Silent attacks… APTs…
Path is easy to describe but the roads to take are a mess. Attacks are complex…leave to complexity to hackers… Focus on pragmatism and simplification.
Keep it simple
Keep IT simple
Keep IT simple and stupid
Keep IT simple and secure
