Cybersecurity 3 cybersecurity costs and causes

382
-1

Published on

Discusses the costs to society of cybersecurity issues and why there are technical, human and organisational causes of cybersecurity vulnerabilities

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
382
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
23
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Cybersecurity 3 cybersecurity costs and causes

  1. 1. Introduction to cybersecurity, 2013 Slide 1 Cybersecurity: costs and causes
  2. 2. Introduction to cybersecurity, 2013 Slide 2 The cybersecurity problem • How big a problem is cybersecurity for individuals, businesses and nations? • Why is it difficult to make networked systems secure?
  3. 3. Introduction to cybersecurity, 2013 Slide 3 The scale of the problem • It’s a big problem • How big ? We really do not know • Many surveys on cyber-security related losses but very wide variations and different methodologies
  4. 4. Introduction to cybersecurity, 2013 Slide 4 Individuals • Cyber fraud • Identity theft • Cyber bullying and cyber stalking
  5. 5. Introduction to cybersecurity, 2013 Slide 5 © The Guardian 2013
  6. 6. Introduction to cybersecurity, 2013 Slide 6
  7. 7. Introduction to cybersecurity, 2013 Slide 7 Businesses • Differing estimates: – The extent of losses depends on how these losses are measured and what data is collected • Industry reluctant to release figures but when they do, they tend to overvalue assets
  8. 8. Introduction to cybersecurity, 2013 Slide 8 © The Scotsman 2013 © deadline.co.uk 2012
  9. 9. Introduction to cybersecurity, 2013 Slide 9 © The IET 2013
  10. 10. Introduction to cybersecurity, 2013 Slide 10 Nations • Cyberattacks on critical infrastructures are seen as a critical economic risk by all countries • Significant resources now being devoted to cyberdefence
  11. 11. Introduction to cybersecurity, 2013 Slide 11 © Wall Street Journal, 2013
  12. 12. Introduction to cybersecurity, 2013 Slide 12© World Affairs Journal 2013
  13. 13. Introduction to cybersecurity, 2013 Slide 13 • Why has cybersecurity become such a major problem – Scale and ubiquity of the internet – Lower level of physical risk to criminals – Fundamental business and technical reasons for insecurity
  14. 14. Introduction to cybersecurity, 2013 Slide 14 Business reasons • Connection of computers to the internet can cut costs, improve the efficiency and responsiveness of business processes and open up new opportunities for interaction. Therefore business has focused on connectivity rather than security
  15. 15. Introduction to cybersecurity, 2013 Slide 15 • Security is inconvenient and slows down transactions. Businesses have decided to prioritise convenience and usability over security. • Accepting the cost of losses through cyber fraud may be a cost-effective strategy
  16. 16. Introduction to cybersecurity, 2013 Slide 16 Internet vulnerabilities • The Internet was invented in the 1970s as a network between organisations that were trustworthy and which trusted each other • The information maintained on their computers was non-commercial and not thought to be of interest to others
  17. 17. Introduction to cybersecurity, 2013 Slide 17 • Consequently, security was not a factor in the design of internet protocols, practices and equipment. • Security slows things down so efficiency was prioritized
  18. 18. Introduction to cybersecurity, 2013 Slide 18 • These protocols made it easy for the Internet to be universally adopted in the 1990s • However, the problems can only be properly addressed by a complete redesign of Internet protocols, which is probably commercially impractical.
  19. 19. Introduction to cybersecurity, 2013 Slide 19 Internet vulnerabilities • Unencypted traffic by default • Packets can be intercepted and the contents read by anyone who intercepts these packets
  20. 20. Introduction to cybersecurity, 2013 Slide 20 Internet vulnerabilities • DNS system – Possible to divert traffic from legitimate to malicious addresses – Easy to hide where traffic has come from • Domain name servers vulnerable to DoS attacks
  21. 21. Introduction to cybersecurity, 2013 Slide 21 Internet vulnerabilities • Mail protocol – No charging mechanism for mail – Hence spam is possible
  22. 22. Introduction to cybersecurity, 2013 Slide 22 Technology is not the only problem • Internet vulnerabilities make possible some kinds of cyber-attack but it is important to remember that cybersecurity is a socio-technical systems problem • Problems almost always stem from a mix of technical, human and
  23. 23. Introduction to cybersecurity, 2013 Slide 23 Risk classification • Risks due to actions of people • Risks due to hardware or software • Risks due to organisational processes
  24. 24. Introduction to cybersecurity, 2013 Slide 24 Actions of people • Deliberate or accidental exposure of legitimate credentials to attackers • Failure to maintain secure personal computers and devices
  25. 25. Introduction to cybersecurity, 2013 Slide 25 • Insider corruption or theft of data • Preference for convenience and usability over security – Weak passwords set because they are easy to remember and quick to type
  26. 26. Introduction to cybersecurity, 2013 Slide 26 Hardware and software • Misconfigured firewalls and mail filters • Programming errors and omissions in software lead to malicious penetration – Buffer overflow attacks – SQL poisoning attacks
  27. 27. Introduction to cybersecurity, 2013 Slide 27 Organisational processes • No established process and checks for updating and patching software • Lack of security auditing • Lack of systematic backup processes
  28. 28. Introduction to cybersecurity, 2013 Slide 28 Summary • Cyber attacks are a major cost for business, government and individuals. But quantifying this cost is difficult. – The Internet was not designed as a secure network and making it secure is practically impossible – To make systems useable, people take actions that introduce vulnerabilities into sociotechnical systems.
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×