• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Lessons learned from a global cybercrime fighter
 

Lessons learned from a global cybercrime fighter

on

  • 770 views

Cloud Asia Singapore 15 May 2013

Cloud Asia Singapore 15 May 2013

Statistics

Views

Total Views
770
Views on SlideShare
770
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Lessons learned from a global cybercrime fighter Lessons learned from a global cybercrime fighter Presentation Transcript

    • Lessons Learned from aGlobal Cybercrime Fighter1Dave Cullinane, CISSPChairmanCloud Security AllianceCSA APAC Congress 2013Singapore
    • CSA APAC Congress Singapore 20132We Need to Change the WorldWe – meaning us!
    • CSA APAC Congress Singapore 2013Our World is Changing• Increased External Threat• Malware Volume, Sophistication and APM• Sophistication of Threat and Adversary• Global communications capability• Mature technologies = continued risk• Web apps – of 6 most exploited vulns, 4 are exclusive to Webapps• Total Vuln disclosures increased 19% in 2012• Complexity is killing us – systems, networks, software• Targeted Malware attacks – 42% increase• Cybercrime process - design, build, exploit, sell• Cyber Extortion
    • CSA APAC Congress Singapore 2013• Mobile Explosion - mobile malware families increased 58%– New threats and old ones (XSS) on new platforms– Mobile app security – building and ensuring– NFC (Near Field Communication) in mobile and chip cards• Consumerization– Key to hiring, retention, and below• Agility & Innovation– Enable the Business to grow rapidly– Need to rethink Security• ROI on Clouds (3-5x)• Transformational timeOur World is Changing
    • CSA APAC Congress Singapore 2013What to do?• Adversary collaborates, but we try to deal with a global adversaryalone??• SMB’s increasingly victimized• Governments need to secure critical infrastructure – but aretaking a National approach to an international problem• Investigations and attribution problems• Assume you are a target and will be breached.• Due Care, Defense in depth, etc.• Effective Incident Response in a global world of agility,consumerization, smartphones, tablets, and clouds• Need to share attack data and collaborate on investigations.• Intelligence Based Security• New Types of Analysis - Hadoop
    • CSA APAC Congress Singapore 2013CISO Toolkit• Be more agile and innovative than the business• Risk Management as a key discipline– AUA– KRI’s and KPI’s• Intelligence Based Security– What keeps you awake?– Requires accurate quantification of risk– Identification and Measurement of threat– Allocate resources to mitigate greatest risks• Metrics and Reporting– ROI = Risk Reduction– “Protect to Enable”
    • CSA APAC Congress Singapore 2013Questions?7Sources:+ Symantec Internet Security Threat Report 2013, Vol 18.+ HP 2012 Cyber Risk Report+ Friends and Colleagues