• Save
Lessons learned from a global cybercrime fighter
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Lessons learned from a global cybercrime fighter

  • 953 views
Uploaded on

Cloud Asia Singapore 15 May 2013

Cloud Asia Singapore 15 May 2013

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
953
On Slideshare
953
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Lessons Learned from aGlobal Cybercrime Fighter1Dave Cullinane, CISSPChairmanCloud Security AllianceCSA APAC Congress 2013Singapore
  • 2. CSA APAC Congress Singapore 20132We Need to Change the WorldWe – meaning us!
  • 3. CSA APAC Congress Singapore 2013Our World is Changing• Increased External Threat• Malware Volume, Sophistication and APM• Sophistication of Threat and Adversary• Global communications capability• Mature technologies = continued risk• Web apps – of 6 most exploited vulns, 4 are exclusive to Webapps• Total Vuln disclosures increased 19% in 2012• Complexity is killing us – systems, networks, software• Targeted Malware attacks – 42% increase• Cybercrime process - design, build, exploit, sell• Cyber Extortion
  • 4. CSA APAC Congress Singapore 2013• Mobile Explosion - mobile malware families increased 58%– New threats and old ones (XSS) on new platforms– Mobile app security – building and ensuring– NFC (Near Field Communication) in mobile and chip cards• Consumerization– Key to hiring, retention, and below• Agility & Innovation– Enable the Business to grow rapidly– Need to rethink Security• ROI on Clouds (3-5x)• Transformational timeOur World is Changing
  • 5. CSA APAC Congress Singapore 2013What to do?• Adversary collaborates, but we try to deal with a global adversaryalone??• SMB’s increasingly victimized• Governments need to secure critical infrastructure – but aretaking a National approach to an international problem• Investigations and attribution problems• Assume you are a target and will be breached.• Due Care, Defense in depth, etc.• Effective Incident Response in a global world of agility,consumerization, smartphones, tablets, and clouds• Need to share attack data and collaborate on investigations.• Intelligence Based Security• New Types of Analysis - Hadoop
  • 6. CSA APAC Congress Singapore 2013CISO Toolkit• Be more agile and innovative than the business• Risk Management as a key discipline– AUA– KRI’s and KPI’s• Intelligence Based Security– What keeps you awake?– Requires accurate quantification of risk– Identification and Measurement of threat– Allocate resources to mitigate greatest risks• Metrics and Reporting– ROI = Risk Reduction– “Protect to Enable”
  • 7. CSA APAC Congress Singapore 2013Questions?7Sources:+ Symantec Internet Security Threat Report 2013, Vol 18.+ HP 2012 Cyber Risk Report+ Friends and Colleagues