SlideShare a Scribd company logo
1 of 68
Download to read offline
"Cyber" security - all
good, no need to worry?
Ian Amit	

Director of Services, IOActive
¡Hola
Source: datalossdb.org
Incidents by Business Type - All Time

Biz

Gov

Med

Source: datalossdb.org

Edu
Incidents by Business Type - All Time

52%

Biz

Gov

Med

Source: datalossdb.org

Edu
Incidents by Business Type - All Time

52%

18%

Biz

Gov

Med

Source: datalossdb.org

Edu
Incidents by Business Type - All Time

16%
52%

18%

Biz

Gov

Med

Source: datalossdb.org

Edu
Incidents by Business Type - All Time

14%

16%
52%

18%

Biz

Gov

Med

Source: datalossdb.org

Edu
Source: datalossdb.org
Incidents by Vector - All Time

Outside
Inside

Inside - Accidental

Inside - Malicious

Source: datalossdb.org

Unknown
Incidents by Vector - All Time

57%

Outside
Inside

Inside - Accidental

Inside - Malicious

Source: datalossdb.org

Unknown
Incidents by Vector - All Time

57%
20%

Outside
Inside

Inside - Accidental

Inside - Malicious

Source: datalossdb.org

Unknown
Incidents by Vector - All Time

10%

57%
20%

Outside
Inside

Inside - Accidental

Inside - Malicious

Source: datalossdb.org

Unknown
Incidents by Vector - All Time

7%
10%

57%
20%

Outside
Inside

Inside - Accidental

Inside - Malicious

Source: datalossdb.org

Unknown
Incidents by Vector - All Time

7%

6%

10%

57%
20%

Outside
Inside

Inside - Accidental

Inside - Malicious

Source: datalossdb.org

Unknown
DataLossDB.org Incidents Over Time
1800
1621

1350
1091

1048

900

829

775

728

695

644

450
157
43

0

2004

2005

2006

2007

2008

2009

2010

2011

2012

2013
Problem ✓
Problem ✓
Solution?
What would CISO do?
What would CISO do?
WTF?
RISK	

MANAGEMENT
We need to get back to BASICS
insert crowd pic here
Prioritize
!

Based on risk,
impact,
potential cost,
and cost of
remediation
Summary
1. Stop throwing money on products	

2. Identify assets, processes, technology, threats.	

3. Assess your current posture. Identify gaps.	

4. Address gaps based on priority and
relevance. Consider cost (of impact, of fixing).	

5. Test effectiveness.	

6. Back to 2.
REMEMBER!
• You are not fighting off pentesters. 


You are fighting off actual adversaries.	


• You are not fighting off auditors. 


You keep your organization working.	


• You are not fighting off regulators. 


You are trying to keep yourself out of jail.
Thank You!
¡gracias
Ian Amit	

Director of Services, IOActive	

ian.amit@ioactive.com	

Twitter: @iiamit

More Related Content

Viewers also liked (6)

Internet safety and cyber bulling final
Internet safety and cyber bulling finalInternet safety and cyber bulling final
Internet safety and cyber bulling final
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.ppt
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
 
Cybercrime presentation
Cybercrime presentationCybercrime presentation
Cybercrime presentation
 

Similar to "Cyber" security - all good, no need to worry?

Cyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile WorldCyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile World
University of Hertfordshire
 

Similar to "Cyber" security - all good, no need to worry? (20)

15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years
 
Managing Corporate Information Security Risk in Financial Institutions
Managing Corporate Information Security Risk in Financial InstitutionsManaging Corporate Information Security Risk in Financial Institutions
Managing Corporate Information Security Risk in Financial Institutions
 
DevSecOps: A New Hope for Security in CI/CD
DevSecOps: A New Hope for Security in CI/CDDevSecOps: A New Hope for Security in CI/CD
DevSecOps: A New Hope for Security in CI/CD
 
Epikdave datapreso-2011
Epikdave datapreso-2011Epikdave datapreso-2011
Epikdave datapreso-2011
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years
 
Vodqa why cybersecurity
Vodqa   why cybersecurityVodqa   why cybersecurity
Vodqa why cybersecurity
 
BIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special EditionBIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special Edition
 
BIG DEAL: CYBER SECURITY AND SMALL BUSINESS
BIG DEAL: CYBER SECURITY AND SMALL BUSINESSBIG DEAL: CYBER SECURITY AND SMALL BUSINESS
BIG DEAL: CYBER SECURITY AND SMALL BUSINESS
 
Navigating uncertainty: The art and science of learning and doing 10x in a te...
Navigating uncertainty: The art and science of learning and doing 10x in a te...Navigating uncertainty: The art and science of learning and doing 10x in a te...
Navigating uncertainty: The art and science of learning and doing 10x in a te...
 
The Internet Is a Dog-Eat-Dog World, and Your App Is Clad in Milk-Bone Underwear
The Internet Is a Dog-Eat-Dog World, and Your App Is Clad in Milk-Bone UnderwearThe Internet Is a Dog-Eat-Dog World, and Your App Is Clad in Milk-Bone Underwear
The Internet Is a Dog-Eat-Dog World, and Your App Is Clad in Milk-Bone Underwear
 
Productivity 3.0
Productivity 3.0Productivity 3.0
Productivity 3.0
 
Overcoming Cyber Attacks
Overcoming Cyber AttacksOvercoming Cyber Attacks
Overcoming Cyber Attacks
 
STKI Summit 1/2021 - REUT
STKI Summit 1/2021 - REUTSTKI Summit 1/2021 - REUT
STKI Summit 1/2021 - REUT
 
Cyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile WorldCyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile World
 
Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 Survey
 
AI for Finance
AI for FinanceAI for Finance
AI for Finance
 
Internet of things
Internet of thingsInternet of things
Internet of things
 
2014 State of Backup for SMBs
2014 State of Backup for SMBs2014 State of Backup for SMBs
2014 State of Backup for SMBs
 
What does it take to engage employees and customers?
What does it take to engage employees and customers?What does it take to engage employees and customers?
What does it take to engage employees and customers?
 
SecureWorld - Communicating With Your CFO
SecureWorld - Communicating With Your CFOSecureWorld - Communicating With Your CFO
SecureWorld - Communicating With Your CFO
 

More from Iftach Ian Amit

Passwords good badugly181212-2
Passwords good badugly181212-2Passwords good badugly181212-2
Passwords good badugly181212-2
Iftach Ian Amit
 
Cheating in Computer Games
Cheating in Computer GamesCheating in Computer Games
Cheating in Computer Games
Iftach Ian Amit
 
Telecommunication basics dc9723
Telecommunication basics dc9723Telecommunication basics dc9723
Telecommunication basics dc9723
Iftach Ian Amit
 

More from Iftach Ian Amit (20)

Cyber Risk Quantification - CyberTLV
Cyber Risk Quantification - CyberTLVCyber Risk Quantification - CyberTLV
Cyber Risk Quantification - CyberTLV
 
Devsecops at Cimpress
Devsecops at CimpressDevsecops at Cimpress
Devsecops at Cimpress
 
BSidesTLV Closing Keynote
BSidesTLV Closing KeynoteBSidesTLV Closing Keynote
BSidesTLV Closing Keynote
 
Social Media Risk Metrics
Social Media Risk MetricsSocial Media Risk Metrics
Social Media Risk Metrics
 
ISTS12 Keynote
ISTS12 KeynoteISTS12 Keynote
ISTS12 Keynote
 
From your Pocket to your Heart and Back
From your Pocket to your Heart and BackFrom your Pocket to your Heart and Back
From your Pocket to your Heart and Back
 
Painting a Company Red and Blue
Painting a Company Red and BluePainting a Company Red and Blue
Painting a Company Red and Blue
 
Armorizing applications
Armorizing applicationsArmorizing applications
Armorizing applications
 
Seeing Red In Your Future?
Seeing Red In Your Future?Seeing Red In Your Future?
Seeing Red In Your Future?
 
Hacking cyber-iamit
Hacking cyber-iamitHacking cyber-iamit
Hacking cyber-iamit
 
Passwords good badugly181212-2
Passwords good badugly181212-2Passwords good badugly181212-2
Passwords good badugly181212-2
 
Bitcoin
BitcoinBitcoin
Bitcoin
 
Sexy defense
Sexy defenseSexy defense
Sexy defense
 
Cyber state
Cyber stateCyber state
Cyber state
 
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done itAdvanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
 
Infecting Python Bytecode
Infecting Python BytecodeInfecting Python Bytecode
Infecting Python Bytecode
 
Exploiting Second life
Exploiting Second lifeExploiting Second life
Exploiting Second life
 
Dtmf phreaking
Dtmf phreakingDtmf phreaking
Dtmf phreaking
 
Cheating in Computer Games
Cheating in Computer GamesCheating in Computer Games
Cheating in Computer Games
 
Telecommunication basics dc9723
Telecommunication basics dc9723Telecommunication basics dc9723
Telecommunication basics dc9723
 

Recently uploaded

Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
 

Recently uploaded (20)

Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
The Metaverse: Are We There Yet?
The  Metaverse:    Are   We  There  Yet?The  Metaverse:    Are   We  There  Yet?
The Metaverse: Are We There Yet?
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAK
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
THE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in  GERMANY for 2024: IPTVreelTHE BEST IPTV in  GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreel
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 

"Cyber" security - all good, no need to worry?