• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Cybersecurity 3 cybersecurity costs and causes
 

Cybersecurity 3 cybersecurity costs and causes

on

  • 201 views

Explains why it is difficult to estimate the costs of cyberattacks and discusses some fundamental causes for cybersecurity vulnerabilities

Explains why it is difficult to estimate the costs of cyberattacks and discusses some fundamental causes for cybersecurity vulnerabilities

Statistics

Views

Total Views
201
Views on SlideShare
201
Embed Views
0

Actions

Likes
0
Downloads
7
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Cybersecurity 3 cybersecurity costs and causes Cybersecurity 3 cybersecurity costs and causes Presentation Transcript

    • Cybersecurity: costs and causes Introduction to cybersecurity, 2013 Slide 1
    • The cybersecurity problem • How big a problem is cybersecurity for individuals, businesses and nations? • Why is it difficult to make networked systems secure? Introduction to cybersecurity, 2013 Slide 2
    • The scale of the problem • It’s a big problem • How big ? We really do not know • Many surveys on cyber-security related losses but very wide variations and different methodologies Introduction to cybersecurity, 2013 Slide 3
    • Individuals • Cyber fraud • Identity theft • Cyber bullying and cyber stalking Introduction to cybersecurity, 2013 Slide 4
    • © The Guardian 2013 Introduction to cybersecurity, 2013 Slide 5
    • Introduction to cybersecurity, 2013 Slide 6
    • Businesses • Differing estimates: – The extent of losses depends on how these losses are measured and what data is collected • Industry reluctant to release figures but when they do, they tend to overvalue assets Introduction to cybersecurity, 2013 Slide 7
    • © The Scotsman 2013 © deadline.co.uk 2012 Introduction to cybersecurity, 2013 Slide 8
    • © The IET 2013 Introduction to cybersecurity, 2013 Slide 9
    • Nations • Cyberattacks on critical infrastructures are seen as a critical economic risk by all countries • Significant resources now being devoted to cyberdefence Introduction to cybersecurity, 2013 Slide 10
    • © Wall Street Journal, 2013 Introduction to cybersecurity, 2013 Slide 11
    • Introduction to cybersecurity, 2013 © World Affairs Journal 2013 Slide 12
    • • Why has cybersecurity become such a major problem – Scale and ubiquity of the internet – Lower level of physical risk to criminals – Fundamental business and technical reasons for insecurity Introduction to cybersecurity, 2013 Slide 13
    • Business reasons • Connection of computers to the internet can cut costs, improve the efficiency and responsiveness of business processes and open up new opportunities for interaction. Therefore business has focused on connectivity rather than security Introduction to cybersecurity, 2013 Slide 14
    • • Security is inconvenient and slows down transactions. Businesses have decided to prioritise convenience and usability over security. • Accepting the cost of losses through cyber fraud may be a cost-effective strategy Introduction to cybersecurity, 2013 Slide 15
    • Internet vulnerabilities • The Internet was invented in the 1970s as a network between organisations that were trustworthy and which trusted each other • The information maintained on their computers was non-commercial and not thought to be of interest to others Introduction to cybersecurity, 2013 Slide 16
    • • Consequently, security was not a factor in the design of internet protocols, practices and equipment. • Security slows things down so efficiency was prioritized Introduction to cybersecurity, 2013 Slide 17
    • • These protocols made it easy for the Internet to be universally adopted in the 1990s • However, the problems can only be properly addressed by a complete redesign of Internet protocols, which is probably commercially impractical. Introduction to cybersecurity, 2013 Slide 18
    • Internet vulnerabilities • Unencypted traffic by default • Packets can be intercepted and the contents read by anyone who intercepts these packets Introduction to cybersecurity, 2013 Slide 19
    • Internet vulnerabilities • DNS system – Possible to divert traffic from legitimate to malicious addresses – Easy to hide where traffic has come from • Domain name servers vulnerable to DoS attacks Introduction to cybersecurity, 2013 Slide 20
    • Internet vulnerabilities • Mail protocol – No charging mechanism for mail – Hence spam is possible Introduction to cybersecurity, 2013 Slide 21
    • Technology is not the only problem • Internet vulnerabilities make possible some kinds of cyber-attack but it is important to remember that cybersecurity is a socio-technical systems problem • Problems almost always stem from a mix of technical, human and Introduction to cybersecurity, 2013 Slide 22
    • Risk classification • Risks due to actions of people • Risks due to hardware or software • Risks due to organisational processes Introduction to cybersecurity, 2013 Slide 23
    • Actions of people • Deliberate or accidental exposure of legitimate credentials to attackers • Failure to maintain secure personal computers and devices Introduction to cybersecurity, 2013 Slide 24
    • • Insider corruption or theft of data • Preference for convenience and usability over security – Weak passwords set because they are easy to remember and quick to type Introduction to cybersecurity, 2013 Slide 25
    • Hardware and software • Misconfigured firewalls and mail filters • Programming errors and omissions in software lead to malicious penetration – Buffer overflow attacks – SQL poisoning attacks Introduction to cybersecurity, 2013 Slide 26
    • Organisational processes • No established process and checks for updating and patching software • Lack of security auditing • Lack of systematic backup processes Introduction to cybersecurity, 2013 Slide 27
    • Summary • Cyber attacks are a major cost for business, government and individuals. But quantifying this cost is difficult. – The Internet was not designed as a secure network and making it secure is practically impossible – To make systems useable, people take actions that introduce vulnerabilities into sociotechnical systems. Introduction to cybersecurity, 2013 Slide 28