Despite a security landscape now embracing: People; Companies; Governments; Devices; Networks; Services; Vehicles; Properties; LAND; SEA; AIR; SPACE; CYBER and INFORMATION, people and organisations still tend to see all this as someone else problem. In reality, it concerns all of us. Governments can no longer protect their citizens and nor can any company IT/Security Dept! “In an ideal world: responses to Cyber and Terror would be automated and immediate” The Dark Side has grown rich and powerful by investing in R&D and the latest technology; adopting distributed team working and a global market for talent and resources; and they are winning this war with an estimated $1.5Tn income in 2019. We have to adopt the same strategies to survive let alone win. Global sharing and cooperation are key along with people, staff, management, board, NED and Chairman education/training/involvement. At this time it is rare to find a ‘Cyber Seat’ on the main board of any organization, but it is a new and critical essential!

1. Managing Cyber Security
p e t e r c o c h r a n e . c o m
B e y o n d I T G e e k d o m s !
P e t e r C o c h r a n e O B E
CyberCluster Sept 2019

2. B I G G E S T T H R E AT
People: innocent, naive, careless
“Most don’t see security as their
problem or responsibility””

3. B i gg est D a n g e r
C h a i r m a n , B o a rd a n d N E D s
“Why do you need $$$
for security when we
don’t have a problem ?”
HR
Finance
Legal
PR
“No Security position
on the board and a
very poor grasp of
technology”

4. technophobes
I hate all this tech stuff !
“Unwilling to try to learn &
understand the most basic
of tools that children now
consider to be the norm”
A dying breed - but if they
are in positions of power
and control they can inflict
serious damage!
Silly, Naive, Foolish
Reckless, Careless
Innocent, Ignorant
Arrogant, Negative
Close Minded +++

5. M B A B U B B L ES
C l o u d e d b y m a n y m y t h s
• I know everything about business
• I can manage/lead any kind of enterprise
• I don’t need to understand the technology
• All businesses are fundamentally the same
• I don’t need detailed understanding of ‘X’
• The principles I know are sufficient
• All problems are essentially simple
• My job is one of control
“Isn’t Hubris a
Breakfast cereal ?”

6. W h y ( s e c u r i t y )
T h i n g s
F a i l !
“Not understanding IT basics
make people an ideal/soft
target for all forms of social
and tech based cyber attack”
Putting an organisation
at increased risk through
wilful ignorance is on a par with no
understanding the principles of the law!

7. I T D E P T I s o l a t i o n
Time to change relationships & language
“It is no use complaining that everyone ‘just
doesn’t get IT’ - all support teams are duty bound
to help staff/employees/contractors understand
and learn by whatever means necessary”

8. c y b e r s e c u r i t y
Abandon all the omnipotence
“The problem is much bigger than
you are and collaboration with all
suppliers and other
companies is now
essential”
No country or company
is and island and no one
can go-it-alone in this
Cyber War - we have
to collaborate and
share to survive

9. !
N o A n t i c i p at i o n - n o p l a n
Y o u w o u l d n o t r u n a b u s i n e s s t h i s w a y !
Talk to me people
WTF is happening?
“A r e a l l y u n c o m f o r t a b l e &
f r i g h t e n i n g p l a c e t o b e ”

10. R o g u e S t a t e s
C r i m i n a l s
G r o u p s
Hackers
A m a t e u r s
O p p o r t u n i s t s
F u n d i n g
R e s o u r c i n g
N e t w o r k i n g
P r o f i t a b i l i t y
R & D / S h a r i n g
M a r k e t P l a c e
C o o r d i n a t i o n
The big contrast
Networking/organised Hackers
C a p a b i l t y
T h r e a t
C u r v e
Motivated by $$$$
without constraint
or boundaries
Well planned &
fully resourced
attacks focused
o n m a x i m i s i n g
the ROI

11. R o g u e S t a t e s
C r i m i n a l s
G r o u p s
Hackers
A m a t e u r s
O p p o r t u n i s t s
F u n d i n g
R e s o u r c i n g
N e t w o r k i n g
P r o f i t a b i l i t y
R & D / S h a r i n g
M a r k e t P l a c e
C o o r d i n a t i o n
The big contrast
Networking/organised Hackers
C a p a b i l t y
T h r e a t
C u r v e
Motivated by $$$$
without constraint
or boundaries
Well planned &
fully resourced
attacks focused
o n m a x i m i s i n g
the ROI
Y
O
UN
G
ER
M
O
RE
SK
ILLED
BETTER
O
RG
A
N
ISED
FA
R
M
O
RE
O
F
THEM
THA
N
Y
O
UR
TEA
M

12. !
F o rt r ess M a n a g e m e n t
T h e e n e m y c a n i n n o v a t e f a s t e r t h a n y o u !
“It only took the invention of
one new weapon to put an
end to this regime”
“Most companies are
engaged in repeating this
history but in the ICT domain”

13. !
F o rt r ess M a n a g e m e n t
T h e e n e m y c a n i n n o v a t e f a s t e r t h a n y o u !
“It only took the invention of
one new weapon to put an
end to this regime”
“Most companies are
engaged in repeating this
history but in the ICT domain”
Attackers
Advantaged by surprise
Exploit your weaknesses
Unbounded in their actions
Employ unanticipated techniques
Choose the time and methodology
Approach from unexpected directions
Fundamentally without morals or ethics

14. !
G o o d d e f e n d e r s
W e r e o n c e g o o d a t t a c k e r s
“ T h i n k i n g l i k e t h e e n e m y a n d
a n t i c i p a t i n g t h e i r n e x t
m o v e i s e s s e n t i a l ”
To b e e f f e c t i v e t h e y n e e d
t o b e p a r t o f a g l o b a l
t e a m … i n d i v i d u a l s
& s t a n d a l o n e
t e a m s h a v e
l i t t l e o r n o
c h a n c e !
“ C a p a b i l i t y i m p a c t e d
b y m a n a g e m e n t
s t y l e & f u n d i n g ”

15. “Being continually exposed to threats,
& subject to attack from any direction
by any means at any time poses an
unacceptable risk”
P E R S P E C T I V E
It is hard to understate the risk

16. T H E T H R E A T L a n d s c a p e
T h e p ro - a c t i ve g ro u p s c o n s t i t u t i n g T h e D a r k S i d e
Fun
Fame
Notoriety
Vandalism
Limited Skills
Limited Resources
Tend to be Sporadic
Rogue States
Criminals
Hacker Groups
Hacktivist
Amateurs
Money
Sharing
Organic
Dispersed
Unbounded
Huge Effort
Progressive
Cooperatives
Self Organising
Vast Resources
Massive Market
Aggregated Skills
Semi-Professional
Substantial Networks
Skilled
Political
Idealists
Emotional
Relentless
Dedicated
Cause Driven
Vast Networks
Varied Missions
Targeted Attacks
Evolving Community
Drugs
Fraud
Global
Extreme
Extortion
Business
Unbounded
Professional
Well Managed
Well Organised
Ahead of the Curve
Orchestrated Effort
Extremely Profitable
Syndicated Resources
Massive Attack Surface
Vast up-to-date Abilities
Covert
Money
WarFare
Influence
Pervasive
Disruption
Espionage
Professional
Sophisticated
Well Organised
Extreme Creativity
Orchestrated Effort
Political Influencers
~Unlimited Resources
Tech/Thought Leaders
Regime Destabilisation
Population Manipulation
Military and Civil Domains
“Most attacks/attack-types/info-corruption
/security failures can be traced back
to human fallibility”

17. P E R S P E C T I V E
A growing people problem/crisis 2019 Security Survey and Report

18. P E R S P E C T I V E
Technology only a partial solution 2019 Security Survey and Report
https://www.accenture.com/us-en/insights/security/cost-cybercrime-study

19. P E R S P E C T I V E
No sector or organisation is safe 2019 Security Survey and Report
https://www.accenture.com/us-en/insights/security/cost-cybercrime-study

20. P E R S P E C T I V E
Attack damage costs are rising 2019 Security Survey and Report
Source Site: https://www.accenture.com/us-en/insights/security/cost-cybercrime-study

21. C Y B E R C R I M E
G r o w i n g g l o b a l b u s i n e s s
Crime
Online Black/Grey Markets
IP Theft
Data Exchange/Trading
CrimeWare
RansomeWare
Total Revenues
Revenues
$900 Bn
$500 Bn
$200 Bn
$2.0 Bn
$1.5 Bn
>$1600
Dark Side Employee Earnings
Hacker ~ $30k/job = $80 - 170 k/year
Team Leader ~ $2M/year
Data derived from numerous published reports including:
https://www.thesslstore.com/blog/2018-cybercrime-statistics/
Networked global teams operating in an open
market of sharing groups that invest in people
R&D and highly adaptive/cooperative innovation

22. !
I g n o r a n c e & N o P l a n
A l w a y s r e s u l t s i n a r a p i d e s c a l a t i o n
“ E v e r y t h i n g h a p p e n i n g a n d
f a i l i n g f a s t e r t h a n a n y
h u m a n c a n t h i n k
a n d / o r a c t ”

23. !
IF Panic ensues
T h e n t h e g a m e i s o v e r
“ I r r a t i o n a l i t y a n d b a d
d e c i s i o n s e s c a l a t e t h e
w h o l e s i t u a t i o n a n d
t h e e n e m y h a s w o n ”
“ U n c e r t a i n t y a n d
i n d e c i s i o n o n l y s e r v e s
t o a m p l i f y t h e r i s k a n d
i n c r e a s e t h e c h a o s ”

24. W hat W e need to DO
To win, we have to be much smarter
!The Dark Side are 100% committed and see this war as
total; and a much wider conflict than CYBER alone…
We therefore have to be far more integrated & sharing
- a networked & virtualised workforce driven by the
greater good and loss/damage minimisation is needed…
We need to be better informed and alert to the latest
threat scenarios and solutions - and we have to rehearse
our response to all known forms of attack
We have to anticipate the innovations of the Dark Side: their
technologies, tools, tactics, modes of attack, and we really
have to start think as they do…

25. W hat W e need to DO
Involve everyone in the organisation
Board
People
Visitors
Suppliers
Managers
Customers
Contractors
Create an
eco-system of:
capable & aware;
networked & motivated;
supportive and skilled people,
groups, companies and organisation for the
sharing of data, experiences, solutions, resources

26. !
W hat W e need to DO
Add a Main Board ITC Cyber Security seat

27. W hat W e need to DO
Make cyber security a part of the culture
“Security
should not
be seen as an extra workload
but more like ‘breathing’ - a
necessary & subliminal function”

28. W hat W e need to DO
Look for attack/event pre- cursors
They are out there somewhere hidden
in day-to-day data/behaviours!

29. Looking for statistical
anomalies & exceptions
from
patterns of activity
of people, machines &
networks reveals many
hidden attack modes…
A new and
developing field
W hat W e need to DO
Automate as much as possible
Humans, nets & machines tend to be habitual
All attacks have precursors

30. B e i n g b l i n d
N o t a v i a b l e o p t i o n
“Being continually exposed to threats,
& subject to attack from any direction
by any means at any time poses an
unacceptable risk”

31. B e i n g b l i n d
N o t a v i a b l e o p t i o n
“Being continually exposed to threats,
& subject to attack from any direction
by any means at any time poses an
unacceptable risk”

32. B e i n g b l i n d
N o t a v i a b l e o p t i o n
“Being continually exposed to threats,
& subject to attack from any direction
by any means at any time poses an
unacceptable risk”
S
it
u
a
t
io
n
a
l
a
w
a
r
en
es
s
is
es
s
en
t
ia
l
in
a
ll
fo
r
m
s
o
f
W
a
r
fa
r
e
S
u
r
p
r
is
e
a
t
t
a
c
k
s
a
r
e
A
lm
o
s
t
Im
p
o
s
s
ib
le
t
o
c
o
u
n
t
er

33. !
m i l i ta ry - W a r G a m es
P l a y a l l d a y & o c c a s i o n a l l y f i g h t
“ T h e r e i s n o t h i n g q u i t e
l i k e b e i n g s h o t a t ”
A s s u m i n g t h e r o l e o f t h e a t t a c k e ra n d t h e n d e f e n d e r i s a
g a m e r i c h i n
e x p e r i e n c e s

34. !
m i l i ta ry - W a r G a m es
P l a y a l l d a y & o c c a s i o n a l l y f i g h t
The
m
ilitary
plaN
and
play
all
day
occasionally
they
go
to
w
ar
Com
panies
are
At
w
ar
everyday
but
never
plan
or
play

35. M O R E D E P T H
The technical detail is extensive
For a selection of overview and in depth presentations GOTO:
https://www.slideshare.net/PeterCochrane/it-and-systems-security-the-bigger-picture
https://www.slideshare.net/PeterCochrane/people-the-biggest-cyber-risk
https://www.slideshare.net/PeterCochrane/how-to-build-a-truth-engine
https://www.slideshare.net/PeterCochrane/sentient-cyber-security
https://www.slideshare.net/PeterCochrane/holistic-security
https://www.slideshare.net/PeterCochrane/the-iot-for-real

36. For a selection of overview and in depth presentations GOTO:
Thank You
https://petercochrane.com
Is this the main event or a subterfuge?
Is this the main event or a subterfuge?
Text
Is this the main event or a subterfuge?