Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The Future of Cyber Security - Matthew Rosenquist


Published on

Presented at Nexterday North 2015 conference in Helsinki Finland by Matthew Rosenquist, Cybersecurity Strategist from Intel Corp

Published in: Technology
  • Be the first to comment

The Future of Cyber Security - Matthew Rosenquist

  1. 1. Matthew Rosenquist Cybersecurity Strategist and Evangelist Intel Corporation November 10th, 2015
  2. 2. Biography 2 Matthew Rosenquist Cybersecurity Strategist and Evangelist Intel Corp Matthew benefits from 20+ years in the field of security, specializing in strategy, threats, operations, crisis management, measuring value, communicating industry changes, and developing cost effective capabilities which deliver the optimal level of security. As a cybersecurity strategist, he works to understand and communicate the future of security and drive industry collaboration to tackle challenges and uncover opportunities to significantly improve global computing security. Mr. Rosenquist built and managed Intel’s first global 24x7 Security Operations Center, overseen internal platform security products and services, was the first Incident Commander for Intel’s worldwide IT emergency response team, and managed security for Intel’s multi-billion dollar worldwide mergers and acquisitions activities. He has conducted investigations, defended corporate assets, established policies, developed strategies to protect Intel’s global manufacturing, and owned the security playbook for the PC strategic planning group. Most recently, Matthew worked to identify the synergies of Intel and McAfee as part of the creation of the Intel Security Group, one of the largest security product organizations in the world. Twitter @Matt_Rosenquist LinkedIn: MatthewRosenquist Blogs Intel IT Peer Network
  3. 3. Agenda 3 The Emerging Future of Cybersecurity Changing Digital World Cybersecurity Forecast 1. More sophisticated attackers 2. New targets and methods 3. Integrity attacks emerge 4. Relevance of the cumulative impact emerges 5. Cybersecurity expectations rise, resources don’t keep pace Recommendations
  4. 4. The Emerging Futrue of Cybersecurity 4 Why Identify Important Trends? To understand the challenges and opportunities Why does it matter? Allows us to prepare and make good choices tactically and strategically What must we do? Think ahead, plan, and lead Let’s explore and discuss…
  5. 5. Changing Digital World 5  Growing Number of Users: 4B connected people More Users New Devices Innovative Usages Generating Vast Data Sensitive Functions Increased Target Value  New Devices Types: 200B IoT devices  Innovative Usages and Access: 25M+ applications  Creation of Vast Amounts of Data: 50T gigabytes  Critical Functionality: Infrastructure, Defense, Transportation Creates Targets with Increased Value
  6. 6. 6
  7. 7. Attacker Sophistication 7  Nation states: technology reuse by others Attackers increase in numbers and capability, allowing for more advanced attacks across a broader spectrum of targets.  Organized criminals: success and gains encourage further campaigns  Specialization: Crime-as-a-Service, hacking, ID, data, validation, mules  Cooperation: across geo’s, sharing technology, dark markets  Resources: increase and reinvested to target more and new areas
  8. 8. Attack Methods 8  Ransom & Malware: Rapidly on the Rise New methods emerge, successful methods are improved. The easiest victims and targets with high value are at greatest risk.  Malware-as-a-Service: Pay for technical expertise and access  Digital Credentials: Stolen & Misused Certificates, ID/Passwords  Vulnerability Markets: Research is on the rise, with better tools  Contextual Social Engineering: Aggregation of data to hack people  Data Breaches Expand: healthcare, legal, government, social media, and other digital services
  9. 9. Integrity Attacks Emerge 9  Integrity Based Attack: Selectively altering specific transactions to achieve a malicious goal. Joins Confidentiality (Data Breaches) and Availability (DDOS) based attacks Security solutions are not prepared for Integrity based attacks Difficult to prevent, detect, and effectively recover  Banking: Carbanak $300m-$1B  Crypto-Ransomware: CryptoWall $18M (2014) to $325M (2015)  State sponsored malware: Stuxnet, Duqu, Flame, Gauss family  Transportation: Vehicle attacks & exploitation proof-of-concepts
  10. 10. Relevance of Cumulative Impact 10  Viewed as a set of tactical problems Industry currently fails to see the overall impact. New emphasis will emerge to understand the systemic costs of cybersecurity risks.  What does cybersecurity cost? + Security solutions spending, human talent costs, audit and compliance + Incident response, repair of reputation, legal, and recovery + Secure design/test, customer apprehension. Delays in product release, tech adoption, and diversion of investments for growth $400B, $3T, $12T, $90T, more? Strategically, it is systemic and must be addressed at an ecosystem level
  11. 11.  Enterprises: shift to accept the market and reputation impacts of digital security Cybersecurity Expectations Rise 11  Regulations: growing in complexity and risk of being an impediment to innovation Expectations of cybersecurity will rise, but the resources and capabilities will not keep pace. Leadership is key!  Market: demands for more connectivity, devices, architectures, and applications  Consumers: expect security “their way” with access anywhere to anything, while keeping them safe  Hiring Security Pro’s: resource pool empty, with 1.5M needed
  12. 12. 12 The challenges and implications for digital services and telecommunications
  13. 13. 13 Challenges and Opportunities “Two types of victims exist: Those with something of value and those who are easy targets. ” 1. You are a rich target, expect all levels and manners of attacks  Don’t be the easy target. At a minimum follow industry best practices  Establish advanced capabilities based upon the threats you face  Identify and vigorously protect your valuable assets and capabilities
  14. 14. 14 Challenges and Opportunities “Without leadership, we are left with crisis” 2. Lead and be smart  Have a leader, a plan, and the means to deliver  Be realistic, seek an optimal level of security  Establish a strategic capability plan to sustainably manage security
  15. 15. 15 Challenges and Opportunities “Trust is earned in drips and lost in buckets” 3. Build security and trust into the business  Address risks of 3rd party vendors, suppliers, and partners  Design new infrastructures and products with security  Maintain vigilance with focus, expectations, and prioritization on security
  16. 16. 16 Intel, the Intel logo, and McAfee are trademarks of Intel Corporation in the United States and other countries. *Other names and brands may be claimed as the property of others. Copyright © 2015 Intel Corporation. All Rights Reserved