Your SlideShare is downloading. ×
  • Like
  • Save
Lessons learned from a global cybercrime fighter
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Lessons learned from a global cybercrime fighter


Cloud Asia Singapore 15 May 2013

Cloud Asia Singapore 15 May 2013

Published in Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On SlideShare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. Lessons Learned from aGlobal Cybercrime Fighter1Dave Cullinane, CISSPChairmanCloud Security AllianceCSA APAC Congress 2013Singapore
  • 2. CSA APAC Congress Singapore 20132We Need to Change the WorldWe – meaning us!
  • 3. CSA APAC Congress Singapore 2013Our World is Changing• Increased External Threat• Malware Volume, Sophistication and APM• Sophistication of Threat and Adversary• Global communications capability• Mature technologies = continued risk• Web apps – of 6 most exploited vulns, 4 are exclusive to Webapps• Total Vuln disclosures increased 19% in 2012• Complexity is killing us – systems, networks, software• Targeted Malware attacks – 42% increase• Cybercrime process - design, build, exploit, sell• Cyber Extortion
  • 4. CSA APAC Congress Singapore 2013• Mobile Explosion - mobile malware families increased 58%– New threats and old ones (XSS) on new platforms– Mobile app security – building and ensuring– NFC (Near Field Communication) in mobile and chip cards• Consumerization– Key to hiring, retention, and below• Agility & Innovation– Enable the Business to grow rapidly– Need to rethink Security• ROI on Clouds (3-5x)• Transformational timeOur World is Changing
  • 5. CSA APAC Congress Singapore 2013What to do?• Adversary collaborates, but we try to deal with a global adversaryalone??• SMB’s increasingly victimized• Governments need to secure critical infrastructure – but aretaking a National approach to an international problem• Investigations and attribution problems• Assume you are a target and will be breached.• Due Care, Defense in depth, etc.• Effective Incident Response in a global world of agility,consumerization, smartphones, tablets, and clouds• Need to share attack data and collaborate on investigations.• Intelligence Based Security• New Types of Analysis - Hadoop
  • 6. CSA APAC Congress Singapore 2013CISO Toolkit• Be more agile and innovative than the business• Risk Management as a key discipline– AUA– KRI’s and KPI’s• Intelligence Based Security– What keeps you awake?– Requires accurate quantification of risk– Identification and Measurement of threat– Allocate resources to mitigate greatest risks• Metrics and Reporting– ROI = Risk Reduction– “Protect to Enable”
  • 7. CSA APAC Congress Singapore 2013Questions?7Sources:+ Symantec Internet Security Threat Report 2013, Vol 18.+ HP 2012 Cyber Risk Report+ Friends and Colleagues