Your SlideShare is downloading. ×
0
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen

1,395

Published on

Recent presentation on Cyber Threats and Cyber Security - Dublin, Ireland …

Recent presentation on Cyber Threats and Cyber Security - Dublin, Ireland

Jared Carstensen - Deloitte & Touche

Published in: Technology, Business
0 Comments
6 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,395
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
6
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Cyber Threats – Are you ready?Jared Carstensen SSCP, CISSP, CRISC, CCSKSecurity & ForensicsDeloittejcarstensen@deloitte.ie15th March 2012 ©2011 Deloitte LLP. All rights reserved.
  • 2. Cyber SecurityAgenda 1 What is Cyber Security? 2 Why should I care? 3 What can I do? 4 Q&A “Were not as prepared as we should be, as a government or as a country.” Barack Obama, President of the United States2 Cyber Security – Will you be ready? ©2011 Deloitte LLP. All rights reserved.
  • 3. What is Cyber Security?A formal definition “The change in focus from reactive to pre-emptive intelligent security measures to address the dynamic targeted external threat to an organisations digital assets and operations.”3 Cyber Security – Will you be ready? ©2011 Deloitte LLP. All rights reserved.
  • 4. What is Cyber Security?A formal definition “The change in focus from reactive to pre-emptive intelligent security measures to address the dynamic targeted external threat to an organisations digital assets and operations.”Cyber Security is defence against:• Targeted external threats• To your online systems and operations4 Cyber Security – Will you be ready? ©2011 Deloitte LLP. All rights reserved.
  • 5. What is Cyber Security?It‟s happening nowThreat evolution• Increasing sophistication of attackers• Commoditisation of exploitation• “Lower barrier to entry” for attackerRisk and reward• Low risk (detection, capture, penalty)• Potential for significant reward for success• New motivationsIt is a hot topic• Intense and prolific media coverage• High exposure for affected organisations5 Cyber Security – Will you be ready? ©2011 Deloitte LLP. All rights reserved.
  • 6. What is Cyber Security?Common attack themesRecent attacks highlighted in the media:• Targeted• Sophisticated• Originate from overseas• Involved several steps, suggesting intelligent• Conducted over an extended period of time6 Cyber Security – Will you be ready? ©2011 Deloitte LLP. All rights reserved.
  • 7. What is Cyber Security?Lifecycle of an attack Compromise Asset capture Asset discovery Initial invasion Fast and noisy Info gathering Slow and quiet7 Cyber Security – Will you be ready? ©2011 Deloitte LLP. All rights reserved.
  • 8. What is Cyber Security?The actorsAttacker Sophistication State-sponsored Cyber Warfare Disgruntled ex-IT Organised Crime Administrator Lone Hacker / Hacker Competitor Hobbyist Collectives Business Disgruntled Cyber Malware Partner Customer Terrorism Accidental Disgruntled Discovery Insider „Script kiddy‟ „Hacktivism‟ ex-Employee Attacker Determination8 Cyber Security – Will you be ready? ©2011 Deloitte LLP. All rights reserved.
  • 9. Cyber SecurityAgenda 1 What is Cyber Security? 2 Why should I care? 3 What can I do? 4 Q&A “Last year alone, the US logged over 300,000 virus attacks on their networks and noted that organised crime now makes more money from cyber crime than any other activity.” Professor John Williams, Director of the MIT Geospatial Data Centre9 Cyber Security – Will you be ready? ©2011 Deloitte LLP. All rights reserved.
  • 10. Why should I care?Business ImpactPotential significant business impact:• Revenue• Financial losses• Share price• Regulatory• Costs of remediation / investigation• Brand / reputation10 Cyber Security – Will you be ready? ©2011 Deloitte LLP. All rights reserved.
  • 11. Why should I care?Organisational response under examinationCommon criticism of organisations following recentattacks regarding their public response:• Defences inadequate• Intelligence of attack lacking• Executive understanding low• Cyber priority at Board level inappropriate• Response to attacks very slow & vague11 Cyber Security – Will you be ready? ©2011 Deloitte LLP. All rights reserved.
  • 12. Cyber SecurityAgenda 1 What is Cyber Security? 2 Why should I care? 3 What can I do? 4 Q&A “Protecting our interests in cyberspace is vital for the economic well-being of the UK and for our National Security.” Rt Hon Baroness Neville-Jones DCMG, Minister of State for Security and Counter-Terrorism12 Cyber Security – Will you be ready? ©2011 Deloitte LLP. All rights reserved.
  • 13. What can I do?Reduce the business riskFour key priorities:• Prepare• Aware Business Risk Reduction Pro-active threat• Respond management• Defend Prevention rather than detection Re-active compliance based security Time / Investment13 Cyber Security – Will you be ready? ©2011 Deloitte LLP. All rights reserved.
  • 14. What can I do?How can an organisation defend? Prepare Aware Respond Defend • Defence • External intelligence • Strategic • Employee • Communication • Internal intelligence • Communication • Targeting • Co-ordination • Consolidation • Risk assessment • Assets and risks • Capability • Technical • Detection14 Cyber Security – Will you be ready? ©2011 Deloitte LLP. All rights reserved.
  • 15. What can I do?Increasing sophisticated and determined attacker Risk AppetiteAttacker Sophistication State-sponsored Cyber Warfare Disgruntled ex-IT Organised Crime Administrator Lone Hacker / Hacker Competitor Hobbyist Collectives Business Disgruntled Cyber Malware Partner Customer Terrorism Accidental Disgruntled Discovery Insider „Script kiddy‟ „Hacktivism‟ ex-Employee Attacker Determination Defend Limit impact15 Cyber Security – Will you be ready? ©2011 Deloitte LLP. All rights reserved.
  • 16. What can I do?How does my organisation compare in maturity terms? Situational awareness End GoalRisk Mitigation Effectiveness Quality of Forensic Enabling intelligence and Actionable analysis depth of intelligence Capabilities capability distribution Protective Intelligence Event Operations threat Foundations collection correlation planning „Traditional‟ compliance-based IT and Network security16 Cyber Security – Will you be ready? ©2011 Deloitte LLP. All rights reserved.
  • 17. What can I do?5 rules of the road for the Non Executive Director• Challenge the board: make sure cyber security is on the board‟s agenda• Raise awareness of the business impact of a successful cyber attack• Identify competent and aware cyber security leaders• Ensure effectiveness of the organisation‟s cyber security defences• Provide increased senior management attention and oversight17 Cyber Security – Will you be ready? ©2011 Deloitte LLP. All rights reserved.
  • 18. SummaryThis is real and it could happen to youChallenge• Organisations are facing a perfect storm of: • Increasing numbers of vulnerabilities • That are more easily exploited • By people more willing to break the law• Attacks increasingly targeted• Attackers increasingly using multiple attack routes• It is very likely you will be subject to a successful Cyber AttackResponse• Actionable, relevant intelligence to focus resources• Change in focus from reactive controls to proactive preventative ones18 Cyber Security – Will you be ready? ©2011 Deloitte LLP. All rights reserved.
  • 19. Jared Carstensen SSCP, CISSP, CRISC, CCSKSecurity & ForensicsDeloittejcarstensen@deloitte.ie©2011 Deloitte LLP: The seminar and these accompanying handouts have been written in general terms and therefore cannot be relied on to coverspecific situations; furthermore, responses given in the seminar to questions are based on only an outline understanding of the facts andcircumstances of the cases and therefore do not form a substitute for considered specific advice tailored to your circumstances.Applications of the principles set out will depend on the particular circumstances involved and we recommend that you obtain professional advicebefore acting or refraining from acting on any of the contents of this seminar and these accompanying handouts. Deloitte LLP would be pleased toadvise readers on how to apply the principles set out in this handout to their specific circumstances. Please feel free to contact any partner.We would be pleased to advise you on the application of the principles demonstrated at the seminar to your specific circumstances but in the absenceof such specific advice cannot be responsible or liable to you for the content of our presentation.19 Cyber Security – Will you be ready? | The Deloitte Academy ©2011 Deloitte LLP. All rights reserved.

×