SlideShare a Scribd company logo

2022 - Killer Bunny - TPRA Conference.pptx

Download as PPTX, PDF
C
Chris Roberts

Talk around what IS happening in the industry AND what we need to change!

Technology
1 of 93
Welcome to the Dark Side We have ALL your cookies
Who’s The Hairy Thing? Geek & Dr. Dark Web Researcher Hacker Dad Chris.roberts@boomsupersonic.co m @Sidragon1 (LinkedIn AND Twitter) Boom Supersonic
Agenda • Pat on the back? • Y’all got a nice tick in the box... • Why THIS talk? • Isn’t everything ok? • Audits • Breeding like rabbits • Choice • Choice IS good, too much choice corrupts • You • The authorities... • The businesses • Passing the cost along • So, what next? • ...
Congratulations
You Ticked The Boxes...  You have a security posture  You integrate your teams  You have digital cybersurveillance  You‘ve passed audits  You’ve done your awareness training  You have a trustworthy system  You use encryption You have good security folks..
Feeling Nice, Warm, AND Fuzzy? Good, hold onto that...
You KNOW the bunny get’s it...
Let’s Talk Reality...
Why THIS Talk?
We give ourselves awards FOR What? Losing 22.5 million records a day
All we wanted was a tick in the box!
Tick NOT D...
Apparently, we “have to” answer questions...
And more questions, and more boxes...
Really Why?
Now we have more boxes from LOTS of sources
Each one telling me they want more
Each one building their own empires...
Incident Response Companies Be Like… “Your Turn, I Just Ate A Ransomware Attack…”
With their own “select” solutions and bodies...
And ALL I want is to tick the bloody box!
Now I have: 10 flavors of AI 25 options for ML 30 frameworks 100 boxes to tick How many QSA’s? 7,000 vendors...
Business Is Booming!!
I MEAN Booming!! • The global average mean time to identify a data breach is 197 days. • The mean time to recover from a data breach is around 70 days. • 76% of organizations were targeted by a phishing attack in the past 12 months. • 75% companies say a data breach has caused a material disruption to business processes. • The global average cost of a breach is around $4m. • We are losing an average of 22.5 million records a DAY. • Statistically you now have a 33% chance of being breached in the next 24 months. • USA is still the most popular target, 57% of breaches, 97% of the data...
Cybercrime damages expected to hit $6 trillion
And more code, more systems, clouds, etc...
More platforms, more suppliers, vendors, etc...
I HAD 3 layers, now I have 53!!
It’s ok, AI will save us!
With adversarial machine learning, pigs CAN fly!
Squirrel moment over...
Can I PLEASE just tick the bloody box?
What do you mean the box isn’t secure?
So, I tick the bloody box and I get breached?!?
YOU told me if I ticked the box, I’d be safe!
YOU are meant to stop this!
What do you mean you can’t?
Why IS someone inside my house?
What do you mean I can’t retaliate?
Hang on! You get more $ for doing what?!?
YOU hassle, ignore, prosecute those helping you?!
YOUR red tape is in the way of my tick in the box!
So, lets talk insurance...
Dammit, more than one tick in a box now?
So, I just charge more for my goods? Got it...
Do I still need to tick that box? Doesn’t seem so?
Oh, hang on, what do you mean they check?!?
Congress and crocodile tears you say?
Let’s talk about the InfoSec trifecta (racketeering)
Ignoring the tick in the box...
Is this sustainable?
What IF we decided to change, what DO we do?
Accept Change
What DO We Do About It?
So STFU and Listen Please
Reality! • It takes 1 minute to convince you to hand me your email… • It takes 1 free offer to get your phone number… • It takes 1 time to get you to click an email… • It takes 1 connection with your Bluetooth or wireless… • It takes 1 guess to work out you re-use your passwords… • It takes 1 minute with your unattended electronics… • It takes 1 connection on your social media networks… YET… • It takes 7-20 times to get through to you about awareness
Soft Skills...
Communication: Take time to exchange ideas with each other… Cooperation: Independent goals, with an aim to share data Coordination: ALL rowing in same direction for once… Collaboration: The whole is greater than the sum of its parts
Different Approach
Use language OTHERS understand
Ask MORE questions
DevSecOps
Share BEFORE it’s too late
Understand YOUR surroundings
Observe, Orient, Decide, Act Before It’s Too Late...
Choose Wisely
I AM the 24*7*365
Ever vigilant…
Help!!!
Well, he looks trustworthy…
Baubles AND Blinky Lights
Assets, what do you have? Assets, where are they? Who’s got access to them, and why? What DO they do, what is their purpose? What’s on them? Which ones do you need to care about?
When NOT What if… “…million-to-one chances… crop up nine times out of ten.”
Closing “I know you won't believe me, but the highest form of Human Excellence is to question oneself and others.”
Feeling left out? Feeling helpless? Feeling like you want in? THEN TALK WITH PEOPLE.. Anyone around you! Everyone close to you! ALL the people...
“We may have all come on different ships, but we’re in the same boat now” Martin LutherKing, Jr.
I will fail We will succeed
Thank You ALL For Listening Now, Let’s Actually DO Something...
ASK More Questions! Chris@hillbillyhitsquad.com @Sidragon1 (LinkedIn AND Twitter)

Recommended

Voting Systems - ISSA Chicago Presentation 2020
Voting Systems - ISSA Chicago Presentation 2020Voting Systems - ISSA Chicago Presentation 2020
Voting Systems - ISSA Chicago Presentation 2020
Chris Roberts
 
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecuritySpecial Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Michael Rushanan
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and Concerns
PINT Inc
 
Red vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsRed vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 years
EC-Council
 
Hackers contemplations
Hackers contemplationsHackers contemplations
Hackers contemplations
Chris Roberts
 
Dec2018 istanbul-2
Dec2018 istanbul-2Dec2018 istanbul-2
Dec2018 istanbul-2
Chris Roberts
 
protecting your digital personal life
protecting your digital personal lifeprotecting your digital personal life
protecting your digital personal life
Nathan Lesser
 
5G and the Invisible Interface
5G and the Invisible Interface5G and the Invisible Interface
5G and the Invisible Interface
Experience UX
 

Recommended

Voting Systems - ISSA Chicago Presentation 2020
Voting Systems - ISSA Chicago Presentation 2020Voting Systems - ISSA Chicago Presentation 2020
Voting Systems - ISSA Chicago Presentation 2020
Chris Roberts
 
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecuritySpecial Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Michael Rushanan
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and Concerns
PINT Inc
 
Red vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsRed vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 years
EC-Council
 
Hackers contemplations
Hackers contemplationsHackers contemplations
Hackers contemplations
Chris Roberts
 
Dec2018 istanbul-2
Dec2018 istanbul-2Dec2018 istanbul-2
Dec2018 istanbul-2
Chris Roberts
 
protecting your digital personal life
protecting your digital personal lifeprotecting your digital personal life
protecting your digital personal life
Nathan Lesser
 
5G and the Invisible Interface
5G and the Invisible Interface5G and the Invisible Interface
5G and the Invisible Interface
Experience UX
 
Zoomer Show Presentation_October 31-2015
Zoomer Show Presentation_October 31-2015Zoomer Show Presentation_October 31-2015
Zoomer Show Presentation_October 31-2015
David Cooper
 
Grace's technology power point
Grace's technology power pointGrace's technology power point
Grace's technology power point
Marq2014
 
Gunning for granny
Gunning for grannyGunning for granny
Gunning for granny
Chris Roberts
 
Cyber security - Trend Micro
Cyber security - Trend MicroCyber security - Trend Micro
Cyber security - Trend Micro
Auckland Salesforce User Group
 
Security is dead, Long live the Hacker
Security is dead, Long live the HackerSecurity is dead, Long live the Hacker
Security is dead, Long live the Hacker
Stuart Coulson
 
Privacy and libraries
Privacy and librariesPrivacy and libraries
Privacy and libraries
Dorothea Salo
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side... Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Steve Poole
 
Ethics in Data Science and Machine Learning
Ethics in Data Science and Machine LearningEthics in Data Science and Machine Learning
Ethics in Data Science and Machine Learning
HJ van Veen
 
Youth and technology_r1
Youth and technology_r1Youth and technology_r1
Youth and technology_r1
Sneha Patil
 
Chimps and Jelly: Thoughts on influencing colleagues and clients
Chimps and Jelly: Thoughts on influencing colleagues and clientsChimps and Jelly: Thoughts on influencing colleagues and clients
Chimps and Jelly: Thoughts on influencing colleagues and clients
Workplace Trends
 
Integrity AI and Geospatial Keynote 2023
Integrity AI and Geospatial Keynote 2023Integrity AI and Geospatial Keynote 2023
Integrity AI and Geospatial Keynote 2023
Ed Morrissey
 
April27 dyc
April27 dycApril27 dyc
April27 dyc
Alex Wills
 
Foundations In the Age of Social Media
Foundations In the Age of Social MediaFoundations In the Age of Social Media
Foundations In the Age of Social Media
Jereme Bivins
 
IAC21: Shedding Light on Dark Patterns.pdf
IAC21: Shedding Light on Dark Patterns.pdfIAC21: Shedding Light on Dark Patterns.pdf
IAC21: Shedding Light on Dark Patterns.pdf
Noreen Whysel
 
Future Kids Future Customers v2
Future Kids Future Customers v2Future Kids Future Customers v2
Future Kids Future Customers v2
Andy Hadfield
 
Digital Citizenship (2016)
Digital Citizenship (2016)Digital Citizenship (2016)
Digital Citizenship (2016)
Daniel Budd
 
Jax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerJax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developer
Steve Poole
 
Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)
Justin Bull
 
Technology Report By Noah Coffman
Technology Report By Noah CoffmanTechnology Report By Noah Coffman
Technology Report By Noah Coffman
Marq2014
 
Openbar Leuven // Ethics in technology - Laurens Somers
Openbar Leuven // Ethics in technology - Laurens Somers Openbar Leuven // Ethics in technology - Laurens Somers
Openbar Leuven // Ethics in technology - Laurens Somers
Openbar
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
apidays
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

More Related Content

Similar to 2022 - Killer Bunny - TPRA Conference.pptx

Zoomer Show Presentation_October 31-2015
Zoomer Show Presentation_October 31-2015Zoomer Show Presentation_October 31-2015
Zoomer Show Presentation_October 31-2015
David Cooper
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side... Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Steve Poole
 
Youth and technology_r1
Youth and technology_r1Youth and technology_r1
Youth and technology_r1
Sneha Patil
 
Future Kids Future Customers v2
Future Kids Future Customers v2Future Kids Future Customers v2
Future Kids Future Customers v2
Andy Hadfield
 
Jax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerJax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developer
Steve Poole
 

Similar to 2022 - Killer Bunny - TPRA Conference.pptx (20)

Zoomer Show Presentation_October 31-2015
Zoomer Show Presentation_October 31-2015Zoomer Show Presentation_October 31-2015
Zoomer Show Presentation_October 31-2015
 
Grace's technology power point
Grace's technology power pointGrace's technology power point
Grace's technology power point
 
Gunning for granny
Gunning for grannyGunning for granny
Gunning for granny
 
Cyber security - Trend Micro
Cyber security - Trend MicroCyber security - Trend Micro
Cyber security - Trend Micro
 
Security is dead, Long live the Hacker
Security is dead, Long live the HackerSecurity is dead, Long live the Hacker
Security is dead, Long live the Hacker
 
Privacy and libraries
Privacy and librariesPrivacy and libraries
Privacy and libraries
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side... Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
 
Ethics in Data Science and Machine Learning
Ethics in Data Science and Machine LearningEthics in Data Science and Machine Learning
Ethics in Data Science and Machine Learning
 
Youth and technology_r1
Youth and technology_r1Youth and technology_r1
Youth and technology_r1
 
Chimps and Jelly: Thoughts on influencing colleagues and clients
Chimps and Jelly: Thoughts on influencing colleagues and clientsChimps and Jelly: Thoughts on influencing colleagues and clients
Chimps and Jelly: Thoughts on influencing colleagues and clients
 
Integrity AI and Geospatial Keynote 2023
Integrity AI and Geospatial Keynote 2023Integrity AI and Geospatial Keynote 2023
Integrity AI and Geospatial Keynote 2023
 
April27 dyc
April27 dycApril27 dyc
April27 dyc
 
Foundations In the Age of Social Media
Foundations In the Age of Social MediaFoundations In the Age of Social Media
Foundations In the Age of Social Media
 
IAC21: Shedding Light on Dark Patterns.pdf
IAC21: Shedding Light on Dark Patterns.pdfIAC21: Shedding Light on Dark Patterns.pdf
IAC21: Shedding Light on Dark Patterns.pdf
 
Future Kids Future Customers v2
Future Kids Future Customers v2Future Kids Future Customers v2
Future Kids Future Customers v2
 
Digital Citizenship (2016)
Digital Citizenship (2016)Digital Citizenship (2016)
Digital Citizenship (2016)
 
Jax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerJax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developer
 
Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)
 
Technology Report By Noah Coffman
Technology Report By Noah CoffmanTechnology Report By Noah Coffman
Technology Report By Noah Coffman
 
Openbar Leuven // Ethics in technology - Laurens Somers
Openbar Leuven // Ethics in technology - Laurens Somers Openbar Leuven // Ethics in technology - Laurens Somers
Openbar Leuven // Ethics in technology - Laurens Somers
 

Recently uploaded

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Recently uploaded (20)

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 

2022 - Killer Bunny - TPRA Conference.pptx

Editor's Notes

  1. Good Morning, thank you for having me, and welcome to a slightly different approach to explaining what IS going on in the industry AND world around us all. You ARE going to have a LOT of people talk with you about ALL sorts of issues from maritime, to smart weapons, to EMP’s and how the world is basically wanting to take us down.... HOWEVER FIRST we have to solve OUR OWN problems, the fact that WE are doing a piss poor job of looking after ourselves AND each other... THE Fight within....
  2. This isn’t going to be nice; it’ll be blunt, informative and should make you think about things the next time you go near a keyboard...
  3. Moby Dick: Because MOST of the security industry is chasing “around” 31,000 larger enterprise sized companies for their business. The list is well known, circulated and targets are on the backs of ALL the C-Suite, most of the technical folks and the MSP/VARS that support them.
  4. Yes... This IS a thing.... We now apparently pat ourselves on the back for being bloody unicorns...
  5. The global average mean time to identify a data breach is 197 days. The mean time to recover from a data breach is around 70 days. 76% of organizations were targeted by a phishing attack in the past 12 months. 75% companies say a data breach has caused a material disruption to business processes. The global average cost of a breach is around $4m. We are losing an average of 22.5 million records a DAY. Statistically you now have a 33% chance of being breached in the next 24 months. USA is still the most popular target, 57% of breaches, 97% of the data in last 24 months
  6. Welcome to the root of ALL.. The humble tick in the box
  7. You know the ones... Do you have a firewall? NOT is it out of the shrink wrap or anything
  8. Dammit, now they want to know IF it’s actually turned on
  9. The Security industry circles them like packs of hyena or vultures waiting for one of them to fall, get breached, or for a vendor to be thrown out… pouncing on the fresh kill with glee…
  10. SOX, SOX2, Healthcare, PCI, FERC, NERC, NIST, CMMC, Etc.
  11. One wants to know IF we have something, the other wants to know what color it is, and CMMC want’s to know IF it’s plugged into the Pentagon...
  12. PC can only use QSA’s SOX needs accountants and lawyers CMMC wants it’s own folks FERC and NERC needs wizards with magic misslies Etc.
  13. You can only join OUR club if you “fit” or pay enough.... Elitist anyone?
  14. Sorry, not enough time to tick the box, have to build our auditing empire and take over all the others......
  15. Welcome to the bastard children spawned from Vulture capitalism and DEFCON
  16. We’re short millions of people We’re minting millionaires daily We’re attracting millions in investment weekly Etc.
  17. 2021 anticipated numbers....
  18. Not content with keeping stuff in one place, we have devised MORE ways to spread it all over the place, now we hide it all over the planet consuming great quantities of energy (BitCoin alone consumes enough energy to almost make it into the top 10 country list of energy consumers)
  19. Where one goes, the others follow soon after, think of us as a plague of locust.
  20. Used to be web-app-database.
  21. hahahahahahah
  22. An example of adversarial perturbation attack (deviation) used to evade classifiers… (other include cats to dogs, and STOP signs to SPEED signs…) We modified 0.005% of the data in the image.
  23. AND with about an hour inside YOUR environment I can turn Javelin, Carbon Black, AND Clownstrike against themselves and DoS your own systems.... (2018/2019)
  24. Each of those layers has it’s own tick boxes, own challenges, own regulatory bodies and ways that they need to be used/adhered to/worked with/managed/reported on....
  25. Ah, yep, this one… IF I speak nice words to it OR sacrifice the odd intern to the computer room it’ll all be ok?!? This ISN’T going to work, you can’t ignore that Windows 95 system OR BYOD any longer.
  26. Oh yea, incase anyone forgot Compliance does NOT equal security, it’s a fallacy and one we sell to companies AL the time
  27. Yup Even though you purchased the EDR, XDR, EIGRP, NAS, NAC, IDS/IPS, DLP, HIDS, Heck you got acronym soup and your shit’s still insecure.....
  28. Who us? We might have mentioned 100% protection BUT if you read the fine print you’d realize that only IS the case in a controlled environment.... Which means IF you turn the computer on you’ve voided the warranty Accountability anyone?
  29. Ah, well what we say and what we do ARE two different things.... CAN I offer you hostage (I mean ransomware) negotiation services? How about Incident response prepay? Or a discount on your next hacker proof piece of software?
  30. No perimeter No barriers No control No asset management No basics No chance.
  31. Because...
  32. Attribution sucks. Bad attribution is brinkmanship Really bad attribution is war (although we’re already AT war, just nobody want’s to tell the Internet)
  33. Why get a pittance for bug bounties when I can make bank selling the exploits to our own government (or someone elses)
  34. You don’t listen You are a ONE way street The intel you share is stale AND the very people whom you SHOULD listen to, you alienate for the most part Your field offices are a joke
  35. Hi, this is the FBI, look we’ve been watching your computes for a while, they got breached and we’ve been using them to gather evidence, hope you don’t mind leaving them on...... Really?!? You care about prosecutions and headlines, not helping.
  36. Might as well get some, nothing else is going to help, so at least WHEN I get breached I can go drown my sorrows in good whisky and bourbon OR tea.
  37. Let’s have a frank discussion… this IS where many of you are at!
  38. Another work of fiction coming up......
  39. Take a leaf out of the Visa/MasterCard book of business, charge the banks, who charge the companies, and they in turn charge the consumers for all this additional overhead.... At the end of the day the patsy/sorry customer will pay, they don’t have a choice.
  40. Apparently MANY of you don’t think you do... OR that the cost OF putting that tick in the box is too high, so might as well just fly under the radar OR respond to ALL the requests with “working on it” and send the same plan to everyone, after all who the hell checks....
  41. Don’t even THINK of playing this game!!
  42. Welcome to 2021, the insurance companies have woken up and are finally NOT always simply believing your SAQ works of fiction... That checkbox is now going to be examined and woe betide you if you’ve lied..... Although, lets face it lying IS part of commerce apparently
  43. Got found out? Got breached? Got a smack on the wrist coming up? LEARN how to cry in public and apologize (or appear contrite) Free first lesson, heck we know you’ll be back.
  44. Money talks, and in the trifecta of our industry nothing talks louder than reoccurring revenues. What better way to generate those venture capital multipliers than to lock an entire population up and subject them to a battery of tests, exams, checks, probes, assessments, along with reams of paperwork? What’s better? Not just to do it once BUT do it quarterly, heck even monthly in some cases. Oh, while we’re at it lets increase the revenue streams by dividing the pie up... we can call it data, show folks how each different element needs its own set of checks, balances, and folks crawling ALL over your systems on a regular basis. We ALL win, heck even the consumer wins... They get free credit reporting for life!!
  45. Lets face it, YOU aren’t going to change a damm thing by chasing one criminal at a time, YOU won’t fix anything by hassling US the hackers, and you won’t stop taking people’s money... So yea, go ahead and ignore the tick in the box, nothings REALLY going to happen TO you. Heck even GDPR can’t get its shit together and we has high hopes for that.... There’s a queue of folks waiting to be assessed and not enough hands to go round...
  46. Good question, the general population’s not woken up The industry’s making bank (360 billionaires and counting) You’re not making progress The adversaries appear to be happy to just bleed us slowly and not kill us (yet) So, yea, probably, at least until I retire, then someone else can deal with it...
  47. Let’s look at some options....
  48. Stop bloody fighting it with red tape, compliance regulations, and bullshit that slows things down
  49. Best Buy? MicroCentre? Craigslist? Or go out onto the job market to compete for talent, or bring in an MSP/MSSP? How do you even benchmark them when there’s no Angie’s list to even evaluate them against? What questions DO you ask, HOW do you contact them, choose one, and what the hell is a bake off? Let’s face it, that’s not likely to solve ALL the issues, so how DO we change things?
  50. This is one of the core one, you get sold that perfect solution ONLY to find when things go wrong it’s NOT their fault, have you EVER read that agreement, that software license OR the contract that basically says it’s all YOUR fault, we get you coming, going AND in the middle AND then when it all breaks, we charge you twice as much to fix it all back up and start you again…
  51. NOTHING is 100% NOBODY can “keep you secure” ALL we can do (IF you listen and/or accept help) is to reduce your risk ALL we can do is educate
  52. We HAVE to reduce the complexity within our offerings! Too many screens Too many things to go wrong Too many things to forget AND not enough hands to go round let alone catch it when it all comes crashing down
  53. In our industry we are great at talking, at explaining ourselves AND we do it in a way that nobody understands ½ the time…. Talk in English or your native language Listen with BOTH ears AND shut up once in a while.
  54. 360,000 NEW pieces of malware, viruse, trojan, programs every day.....
  55. Kali is the Hindu goddess (or Devi) of death, time, and doomsday and is often associated with sexuality and violence but is also considered a strong mother-figure and symbolic of motherly-love
  56. Don’t feel like spending days or weeks dealing with assessments, vendors or other things, how about a nice simple game of D&D for business… How about throwing out a few scenario’s and seeing HOW you would fare?
  57. It doesn’t always end well, BUT at least it’s happening in a TAME environment!!
  58. I cannot over-emphasize this... Seriously the only way WE ALL win is if we work together!!
  59. FBI take fucking note!!
  60. Evaluate VENDORS BEFORE you bloody sign up!
  61. Because this IS how much some of them care about YOU!
  62. Yea, that “we consolidate into a single pane of glass...”
  63. You ARE allowed to taser vendors.
  64. SIMPLE THINGS!!!! STOP Complicating it, STOP wrapping it in red tape!!
  65. The Late Sir Terry Pratchett. It’s NEVER “what if” or ”never” or “maybe” it’s got to be a Plan for WHEN
  66. No matter what I say, what I’ve said, no matter how I’ve talked about it, many of you won’t do anything, some of you will do a little and hopefully ONE or two of you will do enough to NOT end up on the wrong side of an incident in the near future. For those of you who don’t do anything because security problems only happen to others, then I wish you luck, and will see you soon enough.
  67. Backups Patching MFA Awareness Question MORE
  68. Thanks to ALL for putting this on!