SlideShare a Scribd company logo

Cyber Resilience

Ian-Edward Stafrace
Ian-Edward Stafrace

Cyber Resilience presented at the Malta Association of Risk Management (MARM) Cybercrime Seminar of 24 June 2013 by Mr Donald Tabone. Mr Tabone, Associate Director and Head of Information Protection and Business Resilience Services at KPMG Malta, presented a six-point action plan corporate entities can follow in order to reach a sustainable level of cyber resilience.

BusinessTechnologyNews & Politics
1 of 29
Download to read offline
Cyber Resilience Malta Association of Risk Management (MARM) Donald Tabone 24 June 2013
Agenda 1 Where are we coming from? 2 Cybercrime and threat actors 3 What the stats say 4 Who‟s being targeted? 5 Cause for concern? 6 Cyber resilience defined 7 A six-point plan to becoming resilient 1
Where are we coming from? The foundations • ‟62 J.C. R. Licklider introduced the idea of an „Intergalactic Network‟ • „76 Dr. Robert Metcalfe invented Ethernet, coaxial cables • „78 Gary Thuerek – first spam email sent to 400 users of ARPANET • „84 Dr. Jon Postel described his idea for .com, .org, .gov etc. In a series of papers published by the IETF • „89 The World was the first ISP to offer commercial dial up internet • ‟92 The Corporation for Education and Research Network (CREN) released the world wide web The beginning of eCommerce • „94 Pizza hut offered online ordering through their website • „95 Pierre Omidyar released AuctionWeb which later became eBay • „96 Hotmail was launched. The following year Microsoft bought it out for $400m • „98 Google received funding to become Google Technology Incorporated. • „99 The Internet consisted of 19.5m hosts and over 1m websites 2
Where are we coming from? The Dot-com bubble • „00 The Dot-com bubble burst • „03 Apple launched the iTunes store with 200,000 songs • „03 The hacktivisit group Anonymous was born • „04 Google launched Gmail with 1Gb of storage • ‟05 YouTube is launched. The following year Google bought it out for $1.6b • „06 Twitter and Facebook came around • „06 There are an estimated 92m websites online 40 years from its inception • ‟09 Mobile data traffic exceeds voice traffic every single month • „09 Cloud-based file hosting from the likes of Dropbox came around • „10 Facebook announces it reached 400m active members • „10 Syria and China attempt to control Internet access • „10 The Wikileaks drama ensues whilst Anonymous conduct several cyber attacks on government, religious and corporate websites • „11 Interest in virtualisation and cloud computing reach their highest peak • „13 The interest in BYOD and Big Data has reached a new high 3
Opportunity for crime www Cybercrime & Cyber criminals Our dependence As a result, we face new challenges related to.. • Our online privacy, • The confidentiality and integrity of the data we entrust to online entities, and • Our ability to conduct business on the net through the use of ecommerce web applications Because of the nature of how the net works, accountability is also a challenge! 4
Threat actors..1 Organised Crime • Traditionally based in former Soviet Republics (Russia, Belarus, Ukraine) • Common attacks: Theft of PII for resale and misuse or resources for hosting of illicit material • Occasionally employ blackmail in terms of availability (Threats of denial of service attacks to companies and threats of exposing individuals to embarrassment) 5
Threat actors..2 State Sponsored • Nations where commercial and state interests are very aligned • Military or Intelligence assets deployed in commercial environments • Limitless resources? • Main aim to achieve competitive advantage for business • Theft of commercial secrets (Bid information, M&A details) 6
Just this week 7
Hacktivism Will attack companies, organizations and individuals who are seen as being unethical or not doing the right thing Hacking for fun… seriously! Entire nations can be taken down (Estonia) 8
Stolen information • 18.5m people have been affected by PC theft • 75% of data loss incidents in Retail were attributed to Hacking • 96% of data loss incidents in Media were attributed to Hacking Source: 2012 KPMG Data Loss Barometer 9
2012 KPMG cybercrime survey Source: KPMG A nuanced perspective on cybercrime, shifting viewpoints – call for action. The results were based on over 170 responses from CIOs/CISOs or professionals in related professions in the Netherlands. 10
3 Common Attacks Traditional crime, redefined? Network based attacks Spear phishing attacks Human based attacks • Identify a target website • Conduct network reconnaissance / mapping • Engage in DDoS attacks to deny accessibility • The result is direct loss of business • Identify a target individual • Build a profile / biography • Directly target with a personal email • Trick user into accessing a malicious website • Implant malware and gain control of a device • Use a compromised machine to obtain otherwise confidential information • Human error incidents • Inside users become the target as they are often trusted users • Scorned / disgruntled employees The reality is that cyber attackers and organised crime perpetuators often use a combination of attack avenues to profile a target and map out their internal systems – the information is readily available! Competitive edge is eroded Organisation secrets are stolen Corporate reputations are damaged Source: 2012 KPMG Cyber Vulnerability Index 11
Who are they targeting? Increased attack sophistication Inappropriate business response = UNCERTAINITY One study* conducted in the UK showed that small businesses suffer an estimated loss of £800m a year, averaging nearly £4000 per business • 30% of its members were victims of fraud as a result of virus infections • 50% hit by malware • 8% victims of hacking • 5% suffered security breaches As a consequence, a second recent cybercrime study** revealed that • 53% of the British public is worried about the damage of cyber attacks • 40% feel more vulnerable to cyber attacks now than a year ago • 38% feel that their personal data exchanged with organisations they do business with may already have been compromised Sources: * The study was carried out by the Federation of Small Businesses in the UK and is based on its 20000 members, http://www.fsb.org.uk/News.aspx?loc=pressroom&rec=8083, accessed 12/6/2013 ** The study was conducted by PollOne in April 2013 for Tripwire on 1000 users, http://www.tripwire.com/company/research/survey-half-uk-population-worried-about-nation-state-cyber-attacks/, accessed 12/6/2013 12
In the US The unverified losses that victims claimed in 2012 jumped 8.3% from $485m the previous year Losses Complaints Sources: SC Magazine and Internet Crime Complaint Center 13
Meanwhile in a non-descript building … … just outside of Shanghai, “Unit 61398” of the Peoples Liberation Army is the alleged source of Chinese hacking attacks… Source: Businessweek.com … although the Chinese government consistently denies its involvement in such activities claiming that such allegations are “irresponsible and unprofessional” Why should you be concerned? Source: Hello, Unit 61398, The Economist. 19 February 2013, accessed 13/06/2013 14
Convictions? The fight against cybercrime seems to be ongoing 41 MONTHS • Romanian hacker Cezar Butu – 21 months in prison for compromising systems credit card processing • Darnell Albert-El, 53 – 27 months in prison for hacking • Steven Kim, 40 – 12 months in prison for stealing personal data • Bruce Raisley, 48 – 24 months in prison for creating a botnet virus to launch DDoS atacks • Shawn Reilly, 34 – 33 months in prison for committing 84 fraudulent wire transfers • Eduard Arakelyan, 21 and Arman Vardanyan, 23 – 36 months in prison for theft of credit card Why should you be concerned? information and committed bank fraud • Sonya Martin, 45 – 30 months in prison for being part of a gang to evade encryption Sources: ValueWork, Help Net Security, SC Magazine 15
Next generation cybercrime threat? What if hackers hijacked a key satellite? Could space be cybercrime's new frontier? FACT #1 We have an overwhelming reliance on space technology for vital streams of information FACT #2 Satellites are frightfully vulnerable to collisions and there are over 5500 redundant ones at the moment ! Makes us acutely vulnerable! Source: The Independent, Space : the new cybercrime frontier, http://www.independent.co.uk/life-style/gadgets-and-tech/news/space-the-new-cyber-crime-frontier8194801.html accessed 16/2/2013 16
Juggling the risks Examine threats Determine the risk level Risk Assessment AIM: reduce organisational risk Risk Assumption Risk Alleviation Risk Avoidance Risk Limitation Risk Planning Risk Transference • With appropriate due diligence, management accept the potential risk and continue operating • Management approve the implementation of controls to lower risk to an acceptable level • Eliminate the process that could cause the risks • Management limit the risk exposure by putting controls to limit the impact of a threat • A process to manage risk by developing an architecture that prioritises, implements and maintains controls • Management transfer the risk by using other options to compensate for a loss – e.g. Purchasing an insurance policy 17
Risk Transference Bespoke insurance products providing tailor made policies targeting key professional liability exposures for technology companies 18
Becoming resilient – a six point action plan Cyber Resilience “ The ability of a system or a domain to withstand attacks or failures and in such events to re-establish itself quickly ” – Nigel Inkster, International Institute of Strategic Studies 1. Organizational Readiness 2. Situational awareness 3. Cyber defence 4. Detection 5. Mitigation and containment 6. Recovery 19
#1 - Organisational Readiness Corporate awareness Ownership at the C-level Assign the role and responsibility for information security oversight Understand your business risks Focus on your information and reputation Share intelligence and experiences 20
#2 - Situational intelligence Hacking for fame & glory Cybercrime moved into monetisation Disruption Criminal gangs Protest hacktivism Corporate espionage Anonymous & Lulzsec target corporate infrastructures Specialist knowledge Know your information assets Keep abreast of the latest advanced threats Classify your information assets “ One of the problems is that we all tend to be technology professionals weathered by our experiences rather than looking at new ways of managing risk and gaining or using new sources of intelligence ” - Pat Brady, Information Security Manager, National Australia Group 21
#3 – Cyber defence Get a grip on infrastructure and access security Assert the levels of staff awareness Define strict access control and remote access control Ensure strong visitor procedures for key buildings Keep your basic security controls in sight e.g. Password change policy Infrastructure changes should trigger network configuration changes allowing you to move the shape of the target 22
#4 – Detection Develop the ability to detect attacks Ensure you have an effective internal & external monitoring process Scan outbound messages for abnormal volumes and patterns Early recognition of a compromise is key to early reaction 23
#5 – Mitigation and containment The aim is to limit the damage to your services and reputation Continuity of Operations Plan Limit the impact / shutdown the source Disaster Recovery Plan Being prepared is the key IT / Network Contingency Plans Contingency planning – define and review your plans Crisis Communication Plan Ensure adequate testing of business continuity plans Prepared PR statements Cyber Incident Plan Occupant Emergency Plan 24
#6 – Recovery You need to develop the ability to re-establish normal service  Your survival as a business depends on it Apply the lessons learnt Give feedback to senior executives Here’s what happened to us This is how we reacted This is what we’ve done to mitigate / prevent it 25
Conclusions Some final thoughts.. • The cyber crime threat is actual and here to stay • It’s NOT a question of IF but WHEN IT Service Continuity Management functions Business Continuity • Be prepared for incidents • Ensure security awareness between departments Cyber Resiliency • Protect your information assets, regardless of where are being held • Ensure adequate crisis management between departments Awareness • Align individual goals with the organisations‟ cyber security ambitions Knowledge • Cyber risk teams need to consist of flexible people who can build relationships across departments • Take a pragmatic approach to investing in your defences – overinvesting is a real danger Controls Detection Mitigation Recovery BEING PROACTIVE IS THE NAME OF THE GAME 26
References Andrew Auernheimer, http://en.wikipedia.org/wiki/Weev Bandit Country, Amir Singh, Chartech March/April 2013 Cyber Crime Study Reveals Uncertainty, http://www.tripwire.com/state-of-security/it-security-data-protection/cyber-security/viewpoints-oncyber-crime-reveal-uncertainty/ Eight cyber crooks who got less prison time than Andrew Auernheimer, http://www.scmagazine.com/here-are-eight-cyber-crooks-who-gotless-prison-time-than-andrew-auernheimer/article/284928/ KPMG data loss barometer 2012, http://www.kpmg.com/uk/en/services/advisory/risk-consulting/pages/data-loss-barometer-2012.aspx KPMG seven ways to beat cyber crime, http://www.kpmg.com/UK/en/IssuesAndInsights/ArticlesPublications/Documents/PDF/Advisory/seven-ways-beat-cyber-crime-nov2012.pdf KPMG shifting viewpoints - A nuanced perspective on cybercrime, http://www.kpmg.com/NL/en/Issues-AndInsights/ArticlesPublications/Pages/Shifting-viewpoints.aspx Microsoft and FBI disrupt global cybercrime ring, http://www.net-security.org/malware_news.php?id=2511 Most small businesses can't restore all data after a cyber attack, http://www.net-security.org/secworld.php?id=15012 Operation cyber taskforce, Gerry O’Neill, Chartech March/April 2013 Space: the new cyber crime frontier, http://www.independent.co.uk/life-style/gadgets-and-tech/news/space-the-new-cyber-crime-frontier8194801.html The cost of cybercrime, http://securityaffairs.co/wordpress/14628/cyber-crime/cost-of-cybercrime-for-uk-small-businesses.html 27
Thank you! Donald Tabone B.Sc. (Hons), LL.M. (Strath)  donaldtabone@kpmg.com.mt

Recommended

Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilienceChristophe Foulon, CISSP
 
What is cyber resilience?
What is cyber resilience?What is cyber resilience?
What is cyber resilience?Aaron Clark-Ginsberg
 
Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?John Gilligan
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Critical infrastructure
Critical infrastructureCritical infrastructure
Critical infrastructureProf. David E. Alexander (UCL)
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber ResiliencePeter Wood
 

Recommended

Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilienceChristophe Foulon, CISSP
 
What is cyber resilience?
What is cyber resilience?What is cyber resilience?
What is cyber resilience?Aaron Clark-Ginsberg
 
Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?John Gilligan
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Critical infrastructure
Critical infrastructureCritical infrastructure
Critical infrastructureProf. David E. Alexander (UCL)
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber ResiliencePeter Wood
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comAravind R
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber SecurityNikunj Thakkar
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptxSandeepK707540
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Cyber security
Cyber securityCyber security
Cyber securityManjushree Mashal
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceAndreas Sfakianakis
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesLearningwithRayYT
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015ITSM Academy, Inc.
 
EU Onshore Insurance Protected Cells - Captives on a Budget
EU Onshore Insurance Protected Cells - Captives on a BudgetEU Onshore Insurance Protected Cells - Captives on a Budget
EU Onshore Insurance Protected Cells - Captives on a BudgetIan-Edward Stafrace
 

More Related Content

What's hot

Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comAravind R
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber SecurityNikunj Thakkar
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptxSandeepK707540
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceAndreas Sfakianakis
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesLearningwithRayYT
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 

What's hot (20)

Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.com
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber Security
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptx
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Cyber security
Cyber securityCyber security
Cyber security
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
Information security
Information securityInformation security
Information security
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat Intelligence
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research Sources
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 

Viewers also liked

Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015ITSM Academy, Inc.
 
EU Onshore Insurance Protected Cells - Captives on a Budget
EU Onshore Insurance Protected Cells - Captives on a BudgetEU Onshore Insurance Protected Cells - Captives on a Budget
EU Onshore Insurance Protected Cells - Captives on a BudgetIan-Edward Stafrace
 
Cyber Resilience Summit Briefing
Cyber Resilience Summit Briefing Cyber Resilience Summit Briefing
Cyber Resilience Summit Briefing John Weiler
 
Journey to cyber resilience
Journey to cyber resilienceJourney to cyber resilience
Journey to cyber resilienceAndrew Bycroft
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceSymantec
 
Cyber Crime & Big Data Webinar -- 10-16-13
Cyber Crime & Big Data Webinar -- 10-16-13Cyber Crime & Big Data Webinar -- 10-16-13
Cyber Crime & Big Data Webinar -- 10-16-13MedillNSZ
 
2016 Canadian CEO Outlook
2016 Canadian CEO Outlook2016 Canadian CEO Outlook
2016 Canadian CEO OutlookStradablog
 
ASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & Risques
ASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & RisquesASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & Risques
ASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & RisquesCyber Security Alliance
 
EC-Council Computer Hacking Forensic Investigator v9
EC-Council Computer Hacking Forensic Investigator v9EC-Council Computer Hacking Forensic Investigator v9
EC-Council Computer Hacking Forensic Investigator v9ITpreneurs
 
Technician Wisdom_June 2010
Technician Wisdom_June 2010Technician Wisdom_June 2010
Technician Wisdom_June 2010Springboard Labs
 
Behavioural Economics and Finance
Behavioural Economics and FinanceBehavioural Economics and Finance
Behavioural Economics and FinanceIan-Edward Stafrace
 
FERMA Risk Management Benchmarking Survey 2014
FERMA Risk Management Benchmarking Survey 2014FERMA Risk Management Benchmarking Survey 2014
FERMA Risk Management Benchmarking Survey 2014Ian-Edward Stafrace
 
Driving higher performance from Google AdWords by applying Behavioural Economics
Driving higher performance from Google AdWords by applying Behavioural EconomicsDriving higher performance from Google AdWords by applying Behavioural Economics
Driving higher performance from Google AdWords by applying Behavioural Economicspaulsbooth
 
The Power of Cognitive Interviewing... and what qualitative research can lear...
The Power of Cognitive Interviewing... and what qualitative research can lear...The Power of Cognitive Interviewing... and what qualitative research can lear...
The Power of Cognitive Interviewing... and what qualitative research can lear...Merlien Institute
 
Tom ewing behavioural economics - 2012
Tom ewing behavioural economics - 2012Tom ewing behavioural economics - 2012
Tom ewing behavioural economics - 2012Ray Poynter
 
Operationalizing Safety II - Resilience Learning Network - January 10, 2013
Operationalizing Safety II - Resilience Learning Network - January 10, 2013Operationalizing Safety II - Resilience Learning Network - January 10, 2013
Operationalizing Safety II - Resilience Learning Network - January 10, 2013Springboard Labs
 
Risk and Internal Audit Synergies
Risk and Internal Audit SynergiesRisk and Internal Audit Synergies
Risk and Internal Audit SynergiesIan-Edward Stafrace
 

Viewers also liked (20)

Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015
 
EU Onshore Insurance Protected Cells - Captives on a Budget
EU Onshore Insurance Protected Cells - Captives on a BudgetEU Onshore Insurance Protected Cells - Captives on a Budget
EU Onshore Insurance Protected Cells - Captives on a Budget
 
El negocio
El negocioEl negocio
El negocio
 
Cyber Resilience Summit Briefing
Cyber Resilience Summit Briefing Cyber Resilience Summit Briefing
Cyber Resilience Summit Briefing
 
Cyber Resilience @ Dundee & Angus College
Cyber Resilience @ Dundee & Angus CollegeCyber Resilience @ Dundee & Angus College
Cyber Resilience @ Dundee & Angus College
 
Journey to cyber resilience
Journey to cyber resilienceJourney to cyber resilience
Journey to cyber resilience
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber Resilience
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber Resilience
 
Cyber Crime & Big Data Webinar -- 10-16-13
Cyber Crime & Big Data Webinar -- 10-16-13Cyber Crime & Big Data Webinar -- 10-16-13
Cyber Crime & Big Data Webinar -- 10-16-13
 
2016 Canadian CEO Outlook
2016 Canadian CEO Outlook2016 Canadian CEO Outlook
2016 Canadian CEO Outlook
 
ASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & Risques
ASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & RisquesASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & Risques
ASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & Risques
 
EC-Council Computer Hacking Forensic Investigator v9
EC-Council Computer Hacking Forensic Investigator v9EC-Council Computer Hacking Forensic Investigator v9
EC-Council Computer Hacking Forensic Investigator v9
 
Technician Wisdom_June 2010
Technician Wisdom_June 2010Technician Wisdom_June 2010
Technician Wisdom_June 2010
 
Behavioural Economics and Finance
Behavioural Economics and FinanceBehavioural Economics and Finance
Behavioural Economics and Finance
 
FERMA Risk Management Benchmarking Survey 2014
FERMA Risk Management Benchmarking Survey 2014FERMA Risk Management Benchmarking Survey 2014
FERMA Risk Management Benchmarking Survey 2014
 
Driving higher performance from Google AdWords by applying Behavioural Economics
Driving higher performance from Google AdWords by applying Behavioural EconomicsDriving higher performance from Google AdWords by applying Behavioural Economics
Driving higher performance from Google AdWords by applying Behavioural Economics
 
The Power of Cognitive Interviewing... and what qualitative research can lear...
The Power of Cognitive Interviewing... and what qualitative research can lear...The Power of Cognitive Interviewing... and what qualitative research can lear...
The Power of Cognitive Interviewing... and what qualitative research can lear...
 
Tom ewing behavioural economics - 2012
Tom ewing behavioural economics - 2012Tom ewing behavioural economics - 2012
Tom ewing behavioural economics - 2012
 
Operationalizing Safety II - Resilience Learning Network - January 10, 2013
Operationalizing Safety II - Resilience Learning Network - January 10, 2013Operationalizing Safety II - Resilience Learning Network - January 10, 2013
Operationalizing Safety II - Resilience Learning Network - January 10, 2013
 
Risk and Internal Audit Synergies
Risk and Internal Audit SynergiesRisk and Internal Audit Synergies
Risk and Internal Audit Synergies
 

Similar to Cyber Resilience

Risks and Security of Internet and System
Risks and Security of Internet and SystemRisks and Security of Internet and System
Risks and Security of Internet and SystemParam Nanavati
 
Preventing Cybercrime in Libraries
Preventing Cybercrime in LibrariesPreventing Cybercrime in Libraries
Preventing Cybercrime in LibrariesMary Rayme
 
"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!amit_shanu
 
A Survey On Cyber Crime Information Security
A Survey On Cyber Crime Information SecurityA Survey On Cyber Crime Information Security
A Survey On Cyber Crime Information SecurityMichele Thomas
 
Info Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsInfo Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsGDSCCVR
 
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017SurfWatch Labs
 
Business under cyberassault
Business under cyberassaultBusiness under cyberassault
Business under cyberassaultMohammad Husain
 
CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin OCTF Industry Engagement
 
kevin's powerpoint chapt 6
kevin's powerpoint chapt 6kevin's powerpoint chapt 6
kevin's powerpoint chapt 6kkajairo
 
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...Tech and Law Center
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security ProtectionShawn Crimson
 
Cybercrime trends in last five years
Cybercrime trends in last five yearsCybercrime trends in last five years
Cybercrime trends in last five yearsSABBY GILL
 
Cybercrime
CybercrimeCybercrime
CybercrimeSERCOD
 

Similar to Cyber Resilience (20)

Risks and Security of Internet and System
Risks and Security of Internet and SystemRisks and Security of Internet and System
Risks and Security of Internet and System
 
Preventing Cybercrime in Libraries
Preventing Cybercrime in LibrariesPreventing Cybercrime in Libraries
Preventing Cybercrime in Libraries
 
"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!
 
A Survey On Cyber Crime Information Security
A Survey On Cyber Crime Information SecurityA Survey On Cyber Crime Information Security
A Survey On Cyber Crime Information Security
 
Info Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsInfo Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study Jams
 
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
 
Business under cyberassault
Business under cyberassaultBusiness under cyberassault
Business under cyberassault
 
CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin
 
kevin's powerpoint chapt 6
kevin's powerpoint chapt 6kevin's powerpoint chapt 6
kevin's powerpoint chapt 6
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
Mis chapter 9
Mis chapter 9Mis chapter 9
Mis chapter 9
 
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security Protection
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cybercrime trends in last five years
Cybercrime trends in last five yearsCybercrime trends in last five years
Cybercrime trends in last five years
 
Cyber security lifting the veil of hacking webinar
Cyber security lifting the veil of hacking webinarCyber security lifting the veil of hacking webinar
Cyber security lifting the veil of hacking webinar
 
Cyber security
Cyber securityCyber security
Cyber security
 
CRI Retail Cyber Threats
CRI Retail Cyber ThreatsCRI Retail Cyber Threats
CRI Retail Cyber Threats
 
Hacking
Hacking Hacking
Hacking
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 

More from Ian-Edward Stafrace

The Core Competencies of a Professional Risk Manager
The Core Competencies of a Professional Risk ManagerThe Core Competencies of a Professional Risk Manager
The Core Competencies of a Professional Risk ManagerIan-Edward Stafrace
 
Reasons to attend FERMA Risk Magament Forum 2017
Reasons to attend FERMA Risk Magament Forum 2017Reasons to attend FERMA Risk Magament Forum 2017
Reasons to attend FERMA Risk Magament Forum 2017Ian-Edward Stafrace
 
Improving risk-return and resilience through Enterprise Risk Management — Jul...
Improving risk-return and resilience through Enterprise Risk Management — Jul...Improving risk-return and resilience through Enterprise Risk Management — Jul...
Improving risk-return and resilience through Enterprise Risk Management — Jul...Ian-Edward Stafrace
 
15 March 2017 Half Day Seminar - Obtaining More Value From Risk & Actuarial F...
15 March 2017 Half Day Seminar - Obtaining More Value From Risk & Actuarial F...15 March 2017 Half Day Seminar - Obtaining More Value From Risk & Actuarial F...
15 March 2017 Half Day Seminar - Obtaining More Value From Risk & Actuarial F...Ian-Edward Stafrace
 
EU Insurance Protected Cells - Captives on a Budget
EU Insurance Protected Cells - Captives on a BudgetEU Insurance Protected Cells - Captives on a Budget
EU Insurance Protected Cells - Captives on a BudgetIan-Edward Stafrace
 

More from Ian-Edward Stafrace (7)

The Core Competencies of a Professional Risk Manager
The Core Competencies of a Professional Risk ManagerThe Core Competencies of a Professional Risk Manager
The Core Competencies of a Professional Risk Manager
 
Reasons to attend FERMA Risk Magament Forum 2017
Reasons to attend FERMA Risk Magament Forum 2017Reasons to attend FERMA Risk Magament Forum 2017
Reasons to attend FERMA Risk Magament Forum 2017
 
Improving risk-return and resilience through Enterprise Risk Management — Jul...
Improving risk-return and resilience through Enterprise Risk Management — Jul...Improving risk-return and resilience through Enterprise Risk Management — Jul...
Improving risk-return and resilience through Enterprise Risk Management — Jul...
 
15 March 2017 Half Day Seminar - Obtaining More Value From Risk & Actuarial F...
15 March 2017 Half Day Seminar - Obtaining More Value From Risk & Actuarial F...15 March 2017 Half Day Seminar - Obtaining More Value From Risk & Actuarial F...
15 March 2017 Half Day Seminar - Obtaining More Value From Risk & Actuarial F...
 
EU Insurance Protected Cells - Captives on a Budget
EU Insurance Protected Cells - Captives on a BudgetEU Insurance Protected Cells - Captives on a Budget
EU Insurance Protected Cells - Captives on a Budget
 
Risk Culture
Risk CultureRisk Culture
Risk Culture
 
Behavioural Economics Overview
Behavioural Economics OverviewBehavioural Economics Overview
Behavioural Economics Overview
 

Recently uploaded

BeMetals Investor Presentation_May 3, 2024.pdf
BeMetals Investor Presentation_May 3, 2024.pdfBeMetals Investor Presentation_May 3, 2024.pdf
BeMetals Investor Presentation_May 3, 2024.pdfDerekIwanaka1
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All TimeCall 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Timegargpaaro
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperityhemanthkumar470700
 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxRoofing Contractor
 
CROSS CULTURAL NEGOTIATION BY PANMISEM NS
CROSS CULTURAL NEGOTIATION BY PANMISEM NSCROSS CULTURAL NEGOTIATION BY PANMISEM NS
CROSS CULTURAL NEGOTIATION BY PANMISEM NSpanmisemningshen123
 
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAIGetting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAITim Wilson
 
Cracking the 'Career Pathing' Slideshare
Cracking the 'Career Pathing' SlideshareCracking the 'Career Pathing' Slideshare
Cracking the 'Career Pathing' SlideshareWorkforce Group
 
Falcon Invoice Discounting: Aviate Your Cash Flow Challenges
Falcon Invoice Discounting: Aviate Your Cash Flow ChallengesFalcon Invoice Discounting: Aviate Your Cash Flow Challenges
Falcon Invoice Discounting: Aviate Your Cash Flow Challengeshemanthkumar470700
 
Cannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 UpdatedCannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 UpdatedCannaBusinessPlans
 
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165meghakumariji156
 
Structuring and Writing DRL Mckinsey (1).pdf
Structuring and Writing DRL Mckinsey (1).pdfStructuring and Writing DRL Mckinsey (1).pdf
Structuring and Writing DRL Mckinsey (1).pdflaloo_007
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwaitdaisycvs
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptxnandhinijagan9867
 
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in OmanMifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Omaninstagramfab782445
 
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...ssuserf63bd7
 
TVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdf
TVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdfTVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdf
TVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdfbelieveminhh
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGpr788182
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1kcpayne
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizharallensay1
 

Recently uploaded (20)

BeMetals Investor Presentation_May 3, 2024.pdf
BeMetals Investor Presentation_May 3, 2024.pdfBeMetals Investor Presentation_May 3, 2024.pdf
BeMetals Investor Presentation_May 3, 2024.pdf
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All TimeCall 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptx
 
CROSS CULTURAL NEGOTIATION BY PANMISEM NS
CROSS CULTURAL NEGOTIATION BY PANMISEM NSCROSS CULTURAL NEGOTIATION BY PANMISEM NS
CROSS CULTURAL NEGOTIATION BY PANMISEM NS
 
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAIGetting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
 
Cracking the 'Career Pathing' Slideshare
Cracking the 'Career Pathing' SlideshareCracking the 'Career Pathing' Slideshare
Cracking the 'Career Pathing' Slideshare
 
Falcon Invoice Discounting: Aviate Your Cash Flow Challenges
Falcon Invoice Discounting: Aviate Your Cash Flow ChallengesFalcon Invoice Discounting: Aviate Your Cash Flow Challenges
Falcon Invoice Discounting: Aviate Your Cash Flow Challenges
 
Cannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 UpdatedCannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 Updated
 
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
 
Structuring and Writing DRL Mckinsey (1).pdf
Structuring and Writing DRL Mckinsey (1).pdfStructuring and Writing DRL Mckinsey (1).pdf
Structuring and Writing DRL Mckinsey (1).pdf
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in OmanMifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
 
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
 
TVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdf
TVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdfTVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdf
TVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdf
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
 

Cyber Resilience

  • 1. Cyber Resilience Malta Association of Risk Management (MARM) Donald Tabone 24 June 2013
  • 2. Agenda 1 Where are we coming from? 2 Cybercrime and threat actors 3 What the stats say 4 Who‟s being targeted? 5 Cause for concern? 6 Cyber resilience defined 7 A six-point plan to becoming resilient 1
  • 3. Where are we coming from? The foundations • ‟62 J.C. R. Licklider introduced the idea of an „Intergalactic Network‟ • „76 Dr. Robert Metcalfe invented Ethernet, coaxial cables • „78 Gary Thuerek – first spam email sent to 400 users of ARPANET • „84 Dr. Jon Postel described his idea for .com, .org, .gov etc. In a series of papers published by the IETF • „89 The World was the first ISP to offer commercial dial up internet • ‟92 The Corporation for Education and Research Network (CREN) released the world wide web The beginning of eCommerce • „94 Pizza hut offered online ordering through their website • „95 Pierre Omidyar released AuctionWeb which later became eBay • „96 Hotmail was launched. The following year Microsoft bought it out for $400m • „98 Google received funding to become Google Technology Incorporated. • „99 The Internet consisted of 19.5m hosts and over 1m websites 2
  • 4. Where are we coming from? The Dot-com bubble • „00 The Dot-com bubble burst • „03 Apple launched the iTunes store with 200,000 songs • „03 The hacktivisit group Anonymous was born • „04 Google launched Gmail with 1Gb of storage • ‟05 YouTube is launched. The following year Google bought it out for $1.6b • „06 Twitter and Facebook came around • „06 There are an estimated 92m websites online 40 years from its inception • ‟09 Mobile data traffic exceeds voice traffic every single month • „09 Cloud-based file hosting from the likes of Dropbox came around • „10 Facebook announces it reached 400m active members • „10 Syria and China attempt to control Internet access • „10 The Wikileaks drama ensues whilst Anonymous conduct several cyber attacks on government, religious and corporate websites • „11 Interest in virtualisation and cloud computing reach their highest peak • „13 The interest in BYOD and Big Data has reached a new high 3
  • 5. Opportunity for crime www Cybercrime & Cyber criminals Our dependence As a result, we face new challenges related to.. • Our online privacy, • The confidentiality and integrity of the data we entrust to online entities, and • Our ability to conduct business on the net through the use of ecommerce web applications Because of the nature of how the net works, accountability is also a challenge! 4
  • 6. Threat actors..1 Organised Crime • Traditionally based in former Soviet Republics (Russia, Belarus, Ukraine) • Common attacks: Theft of PII for resale and misuse or resources for hosting of illicit material • Occasionally employ blackmail in terms of availability (Threats of denial of service attacks to companies and threats of exposing individuals to embarrassment) 5
  • 7. Threat actors..2 State Sponsored • Nations where commercial and state interests are very aligned • Military or Intelligence assets deployed in commercial environments • Limitless resources? • Main aim to achieve competitive advantage for business • Theft of commercial secrets (Bid information, M&A details) 6
  • 9. Hacktivism Will attack companies, organizations and individuals who are seen as being unethical or not doing the right thing Hacking for fun… seriously! Entire nations can be taken down (Estonia) 8
  • 10. Stolen information • 18.5m people have been affected by PC theft • 75% of data loss incidents in Retail were attributed to Hacking • 96% of data loss incidents in Media were attributed to Hacking Source: 2012 KPMG Data Loss Barometer 9
  • 11. 2012 KPMG cybercrime survey Source: KPMG A nuanced perspective on cybercrime, shifting viewpoints – call for action. The results were based on over 170 responses from CIOs/CISOs or professionals in related professions in the Netherlands. 10
  • 12. 3 Common Attacks Traditional crime, redefined? Network based attacks Spear phishing attacks Human based attacks • Identify a target website • Conduct network reconnaissance / mapping • Engage in DDoS attacks to deny accessibility • The result is direct loss of business • Identify a target individual • Build a profile / biography • Directly target with a personal email • Trick user into accessing a malicious website • Implant malware and gain control of a device • Use a compromised machine to obtain otherwise confidential information • Human error incidents • Inside users become the target as they are often trusted users • Scorned / disgruntled employees The reality is that cyber attackers and organised crime perpetuators often use a combination of attack avenues to profile a target and map out their internal systems – the information is readily available! Competitive edge is eroded Organisation secrets are stolen Corporate reputations are damaged Source: 2012 KPMG Cyber Vulnerability Index 11
  • 13. Who are they targeting? Increased attack sophistication Inappropriate business response = UNCERTAINITY One study* conducted in the UK showed that small businesses suffer an estimated loss of £800m a year, averaging nearly £4000 per business • 30% of its members were victims of fraud as a result of virus infections • 50% hit by malware • 8% victims of hacking • 5% suffered security breaches As a consequence, a second recent cybercrime study** revealed that • 53% of the British public is worried about the damage of cyber attacks • 40% feel more vulnerable to cyber attacks now than a year ago • 38% feel that their personal data exchanged with organisations they do business with may already have been compromised Sources: * The study was carried out by the Federation of Small Businesses in the UK and is based on its 20000 members, http://www.fsb.org.uk/News.aspx?loc=pressroom&rec=8083, accessed 12/6/2013 ** The study was conducted by PollOne in April 2013 for Tripwire on 1000 users, http://www.tripwire.com/company/research/survey-half-uk-population-worried-about-nation-state-cyber-attacks/, accessed 12/6/2013 12
  • 14. In the US The unverified losses that victims claimed in 2012 jumped 8.3% from $485m the previous year Losses Complaints Sources: SC Magazine and Internet Crime Complaint Center 13
  • 15. Meanwhile in a non-descript building … … just outside of Shanghai, “Unit 61398” of the Peoples Liberation Army is the alleged source of Chinese hacking attacks… Source: Businessweek.com … although the Chinese government consistently denies its involvement in such activities claiming that such allegations are “irresponsible and unprofessional” Why should you be concerned? Source: Hello, Unit 61398, The Economist. 19 February 2013, accessed 13/06/2013 14
  • 16. Convictions? The fight against cybercrime seems to be ongoing 41 MONTHS • Romanian hacker Cezar Butu – 21 months in prison for compromising systems credit card processing • Darnell Albert-El, 53 – 27 months in prison for hacking • Steven Kim, 40 – 12 months in prison for stealing personal data • Bruce Raisley, 48 – 24 months in prison for creating a botnet virus to launch DDoS atacks • Shawn Reilly, 34 – 33 months in prison for committing 84 fraudulent wire transfers • Eduard Arakelyan, 21 and Arman Vardanyan, 23 – 36 months in prison for theft of credit card Why should you be concerned? information and committed bank fraud • Sonya Martin, 45 – 30 months in prison for being part of a gang to evade encryption Sources: ValueWork, Help Net Security, SC Magazine 15
  • 17. Next generation cybercrime threat? What if hackers hijacked a key satellite? Could space be cybercrime's new frontier? FACT #1 We have an overwhelming reliance on space technology for vital streams of information FACT #2 Satellites are frightfully vulnerable to collisions and there are over 5500 redundant ones at the moment ! Makes us acutely vulnerable! Source: The Independent, Space : the new cybercrime frontier, http://www.independent.co.uk/life-style/gadgets-and-tech/news/space-the-new-cyber-crime-frontier8194801.html accessed 16/2/2013 16
  • 18. Juggling the risks Examine threats Determine the risk level Risk Assessment AIM: reduce organisational risk Risk Assumption Risk Alleviation Risk Avoidance Risk Limitation Risk Planning Risk Transference • With appropriate due diligence, management accept the potential risk and continue operating • Management approve the implementation of controls to lower risk to an acceptable level • Eliminate the process that could cause the risks • Management limit the risk exposure by putting controls to limit the impact of a threat • A process to manage risk by developing an architecture that prioritises, implements and maintains controls • Management transfer the risk by using other options to compensate for a loss – e.g. Purchasing an insurance policy 17
  • 19. Risk Transference Bespoke insurance products providing tailor made policies targeting key professional liability exposures for technology companies 18
  • 20. Becoming resilient – a six point action plan Cyber Resilience “ The ability of a system or a domain to withstand attacks or failures and in such events to re-establish itself quickly ” – Nigel Inkster, International Institute of Strategic Studies 1. Organizational Readiness 2. Situational awareness 3. Cyber defence 4. Detection 5. Mitigation and containment 6. Recovery 19
  • 21. #1 - Organisational Readiness Corporate awareness Ownership at the C-level Assign the role and responsibility for information security oversight Understand your business risks Focus on your information and reputation Share intelligence and experiences 20
  • 22. #2 - Situational intelligence Hacking for fame & glory Cybercrime moved into monetisation Disruption Criminal gangs Protest hacktivism Corporate espionage Anonymous & Lulzsec target corporate infrastructures Specialist knowledge Know your information assets Keep abreast of the latest advanced threats Classify your information assets “ One of the problems is that we all tend to be technology professionals weathered by our experiences rather than looking at new ways of managing risk and gaining or using new sources of intelligence ” - Pat Brady, Information Security Manager, National Australia Group 21
  • 23. #3 – Cyber defence Get a grip on infrastructure and access security Assert the levels of staff awareness Define strict access control and remote access control Ensure strong visitor procedures for key buildings Keep your basic security controls in sight e.g. Password change policy Infrastructure changes should trigger network configuration changes allowing you to move the shape of the target 22
  • 24. #4 – Detection Develop the ability to detect attacks Ensure you have an effective internal & external monitoring process Scan outbound messages for abnormal volumes and patterns Early recognition of a compromise is key to early reaction 23
  • 25. #5 – Mitigation and containment The aim is to limit the damage to your services and reputation Continuity of Operations Plan Limit the impact / shutdown the source Disaster Recovery Plan Being prepared is the key IT / Network Contingency Plans Contingency planning – define and review your plans Crisis Communication Plan Ensure adequate testing of business continuity plans Prepared PR statements Cyber Incident Plan Occupant Emergency Plan 24
  • 26. #6 – Recovery You need to develop the ability to re-establish normal service  Your survival as a business depends on it Apply the lessons learnt Give feedback to senior executives Here’s what happened to us This is how we reacted This is what we’ve done to mitigate / prevent it 25
  • 27. Conclusions Some final thoughts.. • The cyber crime threat is actual and here to stay • It’s NOT a question of IF but WHEN IT Service Continuity Management functions Business Continuity • Be prepared for incidents • Ensure security awareness between departments Cyber Resiliency • Protect your information assets, regardless of where are being held • Ensure adequate crisis management between departments Awareness • Align individual goals with the organisations‟ cyber security ambitions Knowledge • Cyber risk teams need to consist of flexible people who can build relationships across departments • Take a pragmatic approach to investing in your defences – overinvesting is a real danger Controls Detection Mitigation Recovery BEING PROACTIVE IS THE NAME OF THE GAME 26
  • 28. References Andrew Auernheimer, http://en.wikipedia.org/wiki/Weev Bandit Country, Amir Singh, Chartech March/April 2013 Cyber Crime Study Reveals Uncertainty, http://www.tripwire.com/state-of-security/it-security-data-protection/cyber-security/viewpoints-oncyber-crime-reveal-uncertainty/ Eight cyber crooks who got less prison time than Andrew Auernheimer, http://www.scmagazine.com/here-are-eight-cyber-crooks-who-gotless-prison-time-than-andrew-auernheimer/article/284928/ KPMG data loss barometer 2012, http://www.kpmg.com/uk/en/services/advisory/risk-consulting/pages/data-loss-barometer-2012.aspx KPMG seven ways to beat cyber crime, http://www.kpmg.com/UK/en/IssuesAndInsights/ArticlesPublications/Documents/PDF/Advisory/seven-ways-beat-cyber-crime-nov2012.pdf KPMG shifting viewpoints - A nuanced perspective on cybercrime, http://www.kpmg.com/NL/en/Issues-AndInsights/ArticlesPublications/Pages/Shifting-viewpoints.aspx Microsoft and FBI disrupt global cybercrime ring, http://www.net-security.org/malware_news.php?id=2511 Most small businesses can't restore all data after a cyber attack, http://www.net-security.org/secworld.php?id=15012 Operation cyber taskforce, Gerry O’Neill, Chartech March/April 2013 Space: the new cyber crime frontier, http://www.independent.co.uk/life-style/gadgets-and-tech/news/space-the-new-cyber-crime-frontier8194801.html The cost of cybercrime, http://securityaffairs.co/wordpress/14628/cyber-crime/cost-of-cybercrime-for-uk-small-businesses.html 27
  • 29. Thank you! Donald Tabone B.Sc. (Hons), LL.M. (Strath)  donaldtabone@kpmg.com.mt