Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
"Cyber" security - all good, no need to worry? Ian Amit Director of Services, IOActive
¡Hola
Source: datalossdb.org
Incidents by Business Type - All Time Biz Gov Med Source: datalossdb.org Edu
Incidents by Business Type - All Time 52% Biz Gov Med Source: datalossdb.org Edu
Incidents by Business Type - All Time 52% 18% Biz Gov Med Source: datalossdb.org Edu
Incidents by Business Type - All Time 16% 52% 18% Biz Gov Med Source: datalossdb.org Edu
Incidents by Business Type - All Time 14% 16% 52% 18% Biz Gov Med Source: datalossdb.org Edu
Source: datalossdb.org
Incidents by Vector - All Time Outside Inside Inside - Accidental Inside - Malicious Source: datalossdb.org Unknown
Incidents by Vector - All Time 57% Outside Inside Inside - Accidental Inside - Malicious Source: datalossdb.org Unkn...
Incidents by Vector - All Time 57% 20% Outside Inside Inside - Accidental Inside - Malicious Source: datalossdb.org ...
Incidents by Vector - All Time 10% 57% 20% Outside Inside Inside - Accidental Inside - Malicious Source: datalossdb....
Incidents by Vector - All Time 7% 10% 57% 20% Outside Inside Inside - Accidental Inside - Malicious Source: dataloss...
Incidents by Vector - All Time 7% 6% 10% 57% 20% Outside Inside Inside - Accidental Inside - Malicious Source: dat...
DataLossDB.org Incidents Over Time 1800 1621 1350 1091 1048 900 829 775 728 695 644 450 157 43 0 2004 2005 20...
Problem ✓
Problem ✓ Solution?
What would CISO do?
What would CISO do?
WTF?
RISK MANAGEMENT
We need to get back to BASICS
insert crowd pic here
Prioritize ! Based on risk, impact, potential cost, and cost of remediation
Summary 1. Stop throwing money on products 2. Identify assets, processes, technology, threats. 3. Assess your current ...
REMEMBER! • You are not fighting off pentesters. 
 You are fighting off actual adversaries. • You are not fighting off au...
Thank You! ¡gracias Ian Amit Director of Services, IOActive ian.amit@ioactive.com Twitter: @iiamit
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
Upcoming SlideShare
Loading in …5
×

"Cyber" security - all good, no need to worry?

2,702 views

Published on

Published in: Technology, Business
no profile picture user

  • Be the first to like this

"Cyber" security - all good, no need to worry?

  1. 1. "Cyber" security - all good, no need to worry? Ian Amit Director of Services, IOActive
  2. 2. ¡Hola
  3. 3. Source: datalossdb.org
  4. 4. Incidents by Business Type - All Time Biz Gov Med Source: datalossdb.org Edu
  5. 5. Incidents by Business Type - All Time 52% Biz Gov Med Source: datalossdb.org Edu
  6. 6. Incidents by Business Type - All Time 52% 18% Biz Gov Med Source: datalossdb.org Edu
  7. 7. Incidents by Business Type - All Time 16% 52% 18% Biz Gov Med Source: datalossdb.org Edu
  8. 8. Incidents by Business Type - All Time 14% 16% 52% 18% Biz Gov Med Source: datalossdb.org Edu
  9. 9. Source: datalossdb.org
  10. 10. Incidents by Vector - All Time Outside Inside Inside - Accidental Inside - Malicious Source: datalossdb.org Unknown
  11. 11. Incidents by Vector - All Time 57% Outside Inside Inside - Accidental Inside - Malicious Source: datalossdb.org Unknown
  12. 12. Incidents by Vector - All Time 57% 20% Outside Inside Inside - Accidental Inside - Malicious Source: datalossdb.org Unknown
  13. 13. Incidents by Vector - All Time 10% 57% 20% Outside Inside Inside - Accidental Inside - Malicious Source: datalossdb.org Unknown
  14. 14. Incidents by Vector - All Time 7% 10% 57% 20% Outside Inside Inside - Accidental Inside - Malicious Source: datalossdb.org Unknown
  15. 15. Incidents by Vector - All Time 7% 6% 10% 57% 20% Outside Inside Inside - Accidental Inside - Malicious Source: datalossdb.org Unknown
  16. 16. DataLossDB.org Incidents Over Time 1800 1621 1350 1091 1048 900 829 775 728 695 644 450 157 43 0 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013
  17. 17. Problem ✓
  18. 18. Problem ✓ Solution?
  19. 19. What would CISO do?
  20. 20. What would CISO do?
  21. 21. WTF?
  22. 22. RISK MANAGEMENT
  23. 23. We need to get back to BASICS
  24. 24. insert crowd pic here
  25. 25. Prioritize ! Based on risk, impact, potential cost, and cost of remediation
  26. 26. Summary 1. Stop throwing money on products 2. Identify assets, processes, technology, threats. 3. Assess your current posture. Identify gaps. 4. Address gaps based on priority and relevance. Consider cost (of impact, of fixing). 5. Test effectiveness. 6. Back to 2.
  27. 27. REMEMBER! • You are not fighting off pentesters. 
 You are fighting off actual adversaries. • You are not fighting off auditors. 
 You keep your organization working. • You are not fighting off regulators. 
 You are trying to keep yourself out of jail.
  28. 28. Thank You! ¡gracias Ian Amit Director of Services, IOActive ian.amit@ioactive.com Twitter: @iiamit

×