SlideShare a Scribd company logo

Breach Fixation: How Breaches Distort Reality And How We Should Respond- John Dickson, Principal at Denim Group, Ltd

Download as PPTX, PDF
EC-Council
EC-Council

John Dickson is an internationally recognized security leader, entrepreneur and Principal at Denim Group, Ltd. He has nearly 20 years hands-on experience in intrusion detection, network security and application security in the commercial, public and military sectors. As a Denim Group Principal, he helps executives and Chief Security Officers (CSO’s) of Fortune 500 companies and government organizations launch and expand their critical application security initiatives. His leadership has been instrumental in Denim Group being honored by Inc. Magazine as one of the fastest growing companies in the industry for five years in a row.

Technology
1 of 24
BREACH FIXATION HOW BREACHES DISTORT REALITY AND HOW WE SHOULD RESPOND
MY BACKGROUND • 20+ Year Security Professional • Denim Group Principal • MBA Strategy Guy • ISSA Distinguished Fellow • Security Conference Speaker • Dark Reading Columnist • Twitter: @johnbdickson
DENIM GROUP | COMPANY BACKGROUND • Trusted advisor on all matters of software risk • External application & network assessments • Web, mobile, and cloud • Software development lifecycle development (SDLC) consulting • Network and infrastructure where applications reside • Secure development services: • Secure application development & remediation • Managed security services • Developed ThreadFix
ANYBODY REMEMBER THIS GUY? 4
HIS NEW HOME 5
WHY IS THIS IMPORTANT? 6 The day security became important to business executives
BREACH FIXATION OVERVIEW 7 • What is Breach Fixation? • How Does Breach Fixation Manifest Itself? • How you can Use Breach Fixation to Your Advantage
BREACH FIXATION OVERVIEW 8
BREACH FIXATION 9 • A phenomena created by media fixation on breach stories • Breach Fixation distorts reality by putting most of the focus on external activities that we don’t control… • At the expense of internal security activities that we do • Affects strategy and resource allocation in a potentially negative way • Takes focus away from addressing the root cause while treating the symptom
WHAT DRIVES MEDIA CONSUMPTION? 10
BREACH FIXATION 11 • Does anyone know the top security stories consumed by readers of the major security publications?
A RUBBERNECKING CULTURE? 12
WHAT’S HOT IN SECURITY 13 • Breaches • APT & Zero Days • External Threats • Cyberwar • Russians, Chinese, Iranians, oh my! • Finding Vulnerabilities
WHAT’S NOT… 14 • Internal Security Practices • Coding Standards • Patch Management • User Awareness • Actually Fixing Vulnerabilities
WHAT DOES THAT CREATE? 15 • A Situation Where Basic Security Blocking & Tackling Remains Problematic • Window of Exposure of Application Vulnerabilities Remains Egregious • Well-known Security Weaknesses Continue to be an Avenue of Approach for Attackers • Outside the largest and most sophisticated organizations, security only covers a subset of the enterprise
WHAT DOES THAT CREATE? 16 • A Situation Where External Threats Might Distract Security Focus • Whipsawed by #ToD (Threat of the Day) or #YABS (Yet Another Breach Story) • “Incumbent Spend” around FW, Endpoint, AV, dwarf other areas • Focus on latest outwardly-focuses security “shiny rock” technologies as panaceas
THE RISK? 17 • Returning to a FUD Culture…
EXAMPLES OF IMPACT 18 • Press DDoS on speaker by the entire media • Gartner: By 2020, 60% of enterprise information security budgets will be allocated for rapid detection and response approaches, up from less than 20% in 2015. • EY: A Shift to “Active Defense” and its implications • A cautionary tale: State of Texas Public Utilities Commission war story
HOW CAN YOU ADDRESS BREACH FIXATION 19 • Recognize Breach Fixation When a Layperson (e.g., “Executive”) References it. • The First Step to Recovery is Admitting you have a Problem!
HOW CAN YOU ADDRESS BREACH FIXATION 20 • Constantly Quantify Internal Security Posture • Measure, measure, measure
HOW TO USE BREACH FIXATION TO YOUR ADVANTAGE 21 • Use the Positive Force from the Attack Side & Map to Your Strategy
OTHER STRATEGIES USE BREACH FIXATION… 22
WRAP UP 23 • Breach Fixation distorts reality by putting most of the focus on external security activities that we don’t control at the expense of internal security that we do. • Sophisticated security practitioners understand how Breach Fixation can help or hurt them, if not managed • Once recognized, there are several basic strategies that one can use to take advantage of Breach Fixation
QUESTIONS AND ANSWERS John B. Dickson, CISSP @johnbdickson

Recommended

EVOLVE to demand. demand to evolve by Igor Volovich
EVOLVE to demand. demand to evolve by Igor VolovichEVOLVE to demand. demand to evolve by Igor Volovich
EVOLVE to demand. demand to evolve by Igor VolovichEC-Council
 
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezThe Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezEC-Council
 
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye, Inc.
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
Strategies for cyber resilience - Everyone has a Role
Strategies for cyber resilience - Everyone has a RoleStrategies for cyber resilience - Everyone has a Role
Strategies for cyber resilience - Everyone has a RoleKevin Duffey
 
CEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber AttackCEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber AttackKevin Duffey
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitKevin Duffey
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecuritycentralohioissa
 

Recommended

EVOLVE to demand. demand to evolve by Igor Volovich
EVOLVE to demand. demand to evolve by Igor VolovichEVOLVE to demand. demand to evolve by Igor Volovich
EVOLVE to demand. demand to evolve by Igor VolovichEC-Council
 
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezThe Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezEC-Council
 
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye, Inc.
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
Strategies for cyber resilience - Everyone has a Role
Strategies for cyber resilience - Everyone has a RoleStrategies for cyber resilience - Everyone has a Role
Strategies for cyber resilience - Everyone has a RoleKevin Duffey
 
CEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber AttackCEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber AttackKevin Duffey
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitKevin Duffey
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecuritycentralohioissa
 
Backups and Disaster Recovery for Nonprofits
Backups and Disaster Recovery for NonprofitsBackups and Disaster Recovery for Nonprofits
Backups and Disaster Recovery for NonprofitsCommunity IT Innovators
 
CRI Cyber Board Briefing
CRI Cyber Board Briefing CRI Cyber Board Briefing
CRI Cyber Board Briefing OCTF Industry Engagement
 
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19Citrin Cooperman
 
Be Angry - why CEOs should join the coalition against cyber crime
Be Angry - why CEOs should join the coalition against cyber crimeBe Angry - why CEOs should join the coalition against cyber crime
Be Angry - why CEOs should join the coalition against cyber crimeKevin Duffey
 
IT Security for Nonprofits
IT Security for NonprofitsIT Security for Nonprofits
IT Security for NonprofitsCommunity IT Innovators
 
The Security Director's Practical Guide to Cyber Security
The Security Director's Practical Guide to Cyber SecurityThe Security Director's Practical Guide to Cyber Security
The Security Director's Practical Guide to Cyber SecurityKevin Duffey
 
Social Engineering the CEO
Social Engineering the CEOSocial Engineering the CEO
Social Engineering the CEOKevin Duffey
 
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19Citrin Cooperman
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber SecurityFireEye, Inc.
 
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...Citrin Cooperman
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceSymantec
 
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Tripwire
 
Cyber Heroes of tomorrow's world
Cyber Heroes of tomorrow's worldCyber Heroes of tomorrow's world
Cyber Heroes of tomorrow's worldKevin Duffey
 
MCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk ManagementMCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk ManagementWilliam McBorrough
 
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemIBM Security
 
Cyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate BoardsCyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate BoardsCheffley White
 
A Hacker's Playground - Cyber Risks During COVID-19
A Hacker's Playground - Cyber Risks During COVID-19A Hacker's Playground - Cyber Risks During COVID-19
A Hacker's Playground - Cyber Risks During COVID-19Citrin Cooperman
 
Journey to cyber resilience
Journey to cyber resilienceJourney to cyber resilience
Journey to cyber resilienceAndrew Bycroft
 
Gartner Security & Risk Management Summit Brochure
Gartner Security & Risk Management Summit BrochureGartner Security & Risk Management Summit Brochure
Gartner Security & Risk Management Summit Brochuretrunko
 
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatData Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatResilient Systems
 
IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Securityinside-BigData.com
 
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDCDefending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDCCloudflare
 

More Related Content

What's hot

Backups and Disaster Recovery for Nonprofits
Backups and Disaster Recovery for NonprofitsBackups and Disaster Recovery for Nonprofits
Backups and Disaster Recovery for NonprofitsCommunity IT Innovators
 
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19Citrin Cooperman
 
Be Angry - why CEOs should join the coalition against cyber crime
Be Angry - why CEOs should join the coalition against cyber crimeBe Angry - why CEOs should join the coalition against cyber crime
Be Angry - why CEOs should join the coalition against cyber crimeKevin Duffey
 
The Security Director's Practical Guide to Cyber Security
The Security Director's Practical Guide to Cyber SecurityThe Security Director's Practical Guide to Cyber Security
The Security Director's Practical Guide to Cyber SecurityKevin Duffey
 
Social Engineering the CEO
Social Engineering the CEOSocial Engineering the CEO
Social Engineering the CEOKevin Duffey
 
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19Citrin Cooperman
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber SecurityFireEye, Inc.
 
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...Citrin Cooperman
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceSymantec
 
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Tripwire
 
Cyber Heroes of tomorrow's world
Cyber Heroes of tomorrow's worldCyber Heroes of tomorrow's world
Cyber Heroes of tomorrow's worldKevin Duffey
 
MCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk ManagementMCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk ManagementWilliam McBorrough
 
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemIBM Security
 
Cyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate BoardsCyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate BoardsCheffley White
 
A Hacker's Playground - Cyber Risks During COVID-19
A Hacker's Playground - Cyber Risks During COVID-19A Hacker's Playground - Cyber Risks During COVID-19
A Hacker's Playground - Cyber Risks During COVID-19Citrin Cooperman
 
Journey to cyber resilience
Journey to cyber resilienceJourney to cyber resilience
Journey to cyber resilienceAndrew Bycroft
 
Gartner Security & Risk Management Summit Brochure
Gartner Security & Risk Management Summit BrochureGartner Security & Risk Management Summit Brochure
Gartner Security & Risk Management Summit Brochuretrunko
 
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatData Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatResilient Systems
 

What's hot (20)

Backups and Disaster Recovery for Nonprofits
Backups and Disaster Recovery for NonprofitsBackups and Disaster Recovery for Nonprofits
Backups and Disaster Recovery for Nonprofits
 
CRI Cyber Board Briefing
CRI Cyber Board Briefing CRI Cyber Board Briefing
CRI Cyber Board Briefing
 
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19
 
Be Angry - why CEOs should join the coalition against cyber crime
Be Angry - why CEOs should join the coalition against cyber crimeBe Angry - why CEOs should join the coalition against cyber crime
Be Angry - why CEOs should join the coalition against cyber crime
 
IT Security for Nonprofits
IT Security for NonprofitsIT Security for Nonprofits
IT Security for Nonprofits
 
The Security Director's Practical Guide to Cyber Security
The Security Director's Practical Guide to Cyber SecurityThe Security Director's Practical Guide to Cyber Security
The Security Director's Practical Guide to Cyber Security
 
Social Engineering the CEO
Social Engineering the CEOSocial Engineering the CEO
Social Engineering the CEO
 
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber Security
 
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber Resilience
 
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
 
Cyber Heroes of tomorrow's world
Cyber Heroes of tomorrow's worldCyber Heroes of tomorrow's world
Cyber Heroes of tomorrow's world
 
MCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk ManagementMCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk Management
 
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
 
Cyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate BoardsCyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate Boards
 
A Hacker's Playground - Cyber Risks During COVID-19
A Hacker's Playground - Cyber Risks During COVID-19A Hacker's Playground - Cyber Risks During COVID-19
A Hacker's Playground - Cyber Risks During COVID-19
 
Journey to cyber resilience
Journey to cyber resilienceJourney to cyber resilience
Journey to cyber resilience
 
Gartner Security & Risk Management Summit Brochure
Gartner Security & Risk Management Summit BrochureGartner Security & Risk Management Summit Brochure
Gartner Security & Risk Management Summit Brochure
 
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatData Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
 

Similar to Breach Fixation: How Breaches Distort Reality And How We Should Respond- John Dickson, Principal at Denim Group, Ltd

IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Securityinside-BigData.com
 
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDCDefending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDCCloudflare
 
The Great Disruption No One Planned For: COVID-19
The Great Disruption No One Planned For: COVID-19The Great Disruption No One Planned For: COVID-19
The Great Disruption No One Planned For: COVID-19Emile Sayegh
 
NATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsNATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsBenjamin Rohé
 
SMi Group's 5th annual Oil & Gas Cyber Security 2015
SMi Group's 5th annual Oil & Gas Cyber Security 2015SMi Group's 5th annual Oil & Gas Cyber Security 2015
SMi Group's 5th annual Oil & Gas Cyber Security 2015Dale Butler
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsIBM Security
 
Cyber Security at CTX15, London
Cyber Security at CTX15, LondonCyber Security at CTX15, London
Cyber Security at CTX15, LondonJohn Palfreyman
 
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...Outpost24
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyMighty Guides, Inc.
 
Let's TOC: Navigate the Cybersecurity Conversation with Dominique Singer
Let's TOC: Navigate the Cybersecurity Conversation with Dominique SingerLet's TOC: Navigate the Cybersecurity Conversation with Dominique Singer
Let's TOC: Navigate the Cybersecurity Conversation with Dominique SingerSaraPia5
 
4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon Brady4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon BradyStarttech Ventures
 
BIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special EditionBIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special EditionCBIZ, Inc.
 
AusCERT 2016 - An Unlikely Romance: The Current State of Bug Bounties
AusCERT 2016 - An Unlikely Romance: The Current State of Bug BountiesAusCERT 2016 - An Unlikely Romance: The Current State of Bug Bounties
AusCERT 2016 - An Unlikely Romance: The Current State of Bug BountiesCasey Ellis
 
Carbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksCarbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksMighty Guides, Inc.
 
Carbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityCarbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityMighty Guides, Inc.
 
2019 10-22 axio - taking control of cyber risk - grid-seccon
2019 10-22 axio - taking control of cyber risk - grid-seccon2019 10-22 axio - taking control of cyber risk - grid-seccon
2019 10-22 axio - taking control of cyber risk - grid-secconAxio
 
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyStephanie McVitty
 
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Enterprise Management Associates
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022PECB
 

Similar to Breach Fixation: How Breaches Distort Reality And How We Should Respond- John Dickson, Principal at Denim Group, Ltd (20)

IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Security
 
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDCDefending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
 
The Great Disruption No One Planned For: COVID-19
The Great Disruption No One Planned For: COVID-19The Great Disruption No One Planned For: COVID-19
The Great Disruption No One Planned For: COVID-19
 
NATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsNATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-Ups
 
SMi Group's 5th annual Oil & Gas Cyber Security 2015
SMi Group's 5th annual Oil & Gas Cyber Security 2015SMi Group's 5th annual Oil & Gas Cyber Security 2015
SMi Group's 5th annual Oil & Gas Cyber Security 2015
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
 
Cyber Security at CTX15, London
Cyber Security at CTX15, LondonCyber Security at CTX15, London
Cyber Security at CTX15, London
 
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
 
Let's TOC: Navigate the Cybersecurity Conversation with Dominique Singer
Let's TOC: Navigate the Cybersecurity Conversation with Dominique SingerLet's TOC: Navigate the Cybersecurity Conversation with Dominique Singer
Let's TOC: Navigate the Cybersecurity Conversation with Dominique Singer
 
4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon Brady4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon Brady
 
BIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special EditionBIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special Edition
 
AusCERT 2016 - An Unlikely Romance: The Current State of Bug Bounties
AusCERT 2016 - An Unlikely Romance: The Current State of Bug BountiesAusCERT 2016 - An Unlikely Romance: The Current State of Bug Bounties
AusCERT 2016 - An Unlikely Romance: The Current State of Bug Bounties
 
Carbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksCarbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down Attacks
 
Carbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityCarbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint Security
 
2019 10-22 axio - taking control of cyber risk - grid-seccon
2019 10-22 axio - taking control of cyber risk - grid-seccon2019 10-22 axio - taking control of cyber risk - grid-seccon
2019 10-22 axio - taking control of cyber risk - grid-seccon
 
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
 
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022
 

More from EC-Council

CyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber WorldCyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber WorldEC-Council
 
Cloud Security Architecture - a different approach
Cloud Security Architecture - a different approachCloud Security Architecture - a different approach
Cloud Security Architecture - a different approachEC-Council
 
Phases of Incident Response
Phases of Incident ResponsePhases of Incident Response
Phases of Incident ResponseEC-Council
 
Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James EC-Council
 
Hacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith TurpinHacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith TurpinEC-Council
 
Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee
Hacking Diversity – Hacker Halted . 2019 – Marcelle LeeHacking Diversity – Hacker Halted . 2019 – Marcelle Lee
Hacking Diversity – Hacker Halted . 2019 – Marcelle LeeEC-Council
 
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverCloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverEC-Council
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...EC-Council
 
Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico
Data in cars can be creepy – Hacker Halted 2019 – Andrea AmicoData in cars can be creepy – Hacker Halted 2019 – Andrea Amico
Data in cars can be creepy – Hacker Halted 2019 – Andrea AmicoEC-Council
 
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel NaderBreaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel NaderEC-Council
 
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanAre your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanEC-Council
 
War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019EC-Council
 
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...EC-Council
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...EC-Council
 
Alexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes WidnerAlexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes WidnerEC-Council
 
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law EnforcementHacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law EnforcementEC-Council
 
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...EC-Council
 
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...EC-Council
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...EC-Council
 
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...EC-Council
 

More from EC-Council (20)

CyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber WorldCyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber World
 
Cloud Security Architecture - a different approach
Cloud Security Architecture - a different approachCloud Security Architecture - a different approach
Cloud Security Architecture - a different approach
 
Phases of Incident Response
Phases of Incident ResponsePhases of Incident Response
Phases of Incident Response
 
Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James
 
Hacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith TurpinHacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith Turpin
 
Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee
Hacking Diversity – Hacker Halted . 2019 – Marcelle LeeHacking Diversity – Hacker Halted . 2019 – Marcelle Lee
Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee
 
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverCloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
 
Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico
Data in cars can be creepy – Hacker Halted 2019 – Andrea AmicoData in cars can be creepy – Hacker Halted 2019 – Andrea Amico
Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico
 
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel NaderBreaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
 
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanAre your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
 
War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019
 
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
 
Alexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes WidnerAlexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes Widner
 
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law EnforcementHacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
 
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
 
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
 
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
 

Recently uploaded

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 

Recently uploaded (20)

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 

Breach Fixation: How Breaches Distort Reality And How We Should Respond- John Dickson, Principal at Denim Group, Ltd

  • 1. BREACH FIXATION HOW BREACHES DISTORT REALITY AND HOW WE SHOULD RESPOND
  • 2. MY BACKGROUND • 20+ Year Security Professional • Denim Group Principal • MBA Strategy Guy • ISSA Distinguished Fellow • Security Conference Speaker • Dark Reading Columnist • Twitter: @johnbdickson
  • 3. DENIM GROUP | COMPANY BACKGROUND • Trusted advisor on all matters of software risk • External application & network assessments • Web, mobile, and cloud • Software development lifecycle development (SDLC) consulting • Network and infrastructure where applications reside • Secure development services: • Secure application development & remediation • Managed security services • Developed ThreadFix
  • 6. WHY IS THIS IMPORTANT? 6 The day security became important to business executives
  • 7. BREACH FIXATION OVERVIEW 7 • What is Breach Fixation? • How Does Breach Fixation Manifest Itself? • How you can Use Breach Fixation to Your Advantage
  • 9. BREACH FIXATION 9 • A phenomena created by media fixation on breach stories • Breach Fixation distorts reality by putting most of the focus on external activities that we don’t control… • At the expense of internal security activities that we do • Affects strategy and resource allocation in a potentially negative way • Takes focus away from addressing the root cause while treating the symptom
  • 11. BREACH FIXATION 11 • Does anyone know the top security stories consumed by readers of the major security publications?
  • 13. WHAT’S HOT IN SECURITY 13 • Breaches • APT & Zero Days • External Threats • Cyberwar • Russians, Chinese, Iranians, oh my! • Finding Vulnerabilities
  • 14. WHAT’S NOT… 14 • Internal Security Practices • Coding Standards • Patch Management • User Awareness • Actually Fixing Vulnerabilities
  • 15. WHAT DOES THAT CREATE? 15 • A Situation Where Basic Security Blocking & Tackling Remains Problematic • Window of Exposure of Application Vulnerabilities Remains Egregious • Well-known Security Weaknesses Continue to be an Avenue of Approach for Attackers • Outside the largest and most sophisticated organizations, security only covers a subset of the enterprise
  • 16. WHAT DOES THAT CREATE? 16 • A Situation Where External Threats Might Distract Security Focus • Whipsawed by #ToD (Threat of the Day) or #YABS (Yet Another Breach Story) • “Incumbent Spend” around FW, Endpoint, AV, dwarf other areas • Focus on latest outwardly-focuses security “shiny rock” technologies as panaceas
  • 17. THE RISK? 17 • Returning to a FUD Culture…
  • 18. EXAMPLES OF IMPACT 18 • Press DDoS on speaker by the entire media • Gartner: By 2020, 60% of enterprise information security budgets will be allocated for rapid detection and response approaches, up from less than 20% in 2015. • EY: A Shift to “Active Defense” and its implications • A cautionary tale: State of Texas Public Utilities Commission war story
  • 19. HOW CAN YOU ADDRESS BREACH FIXATION 19 • Recognize Breach Fixation When a Layperson (e.g., “Executive”) References it. • The First Step to Recovery is Admitting you have a Problem!
  • 20. HOW CAN YOU ADDRESS BREACH FIXATION 20 • Constantly Quantify Internal Security Posture • Measure, measure, measure
  • 21. HOW TO USE BREACH FIXATION TO YOUR ADVANTAGE 21 • Use the Positive Force from the Attack Side & Map to Your Strategy
  • 22. OTHER STRATEGIES USE BREACH FIXATION… 22
  • 23. WRAP UP 23 • Breach Fixation distorts reality by putting most of the focus on external security activities that we don’t control at the expense of internal security that we do. • Sophisticated security practitioners understand how Breach Fixation can help or hurt them, if not managed • Once recognized, there are several basic strategies that one can use to take advantage of Breach Fixation
  • 24. QUESTIONS AND ANSWERS John B. Dickson, CISSP @johnbdickson

Editor's Notes

  1. Have done a tremendous amount of mobile testing for our clients, including Fortune 500 and sensitive Have assessed MDM systems And made recommendation to sensitive .gov and .mil clients surrounding application testing
  2. TJX hacker Albert Gonzalez was sentenced to 20 years and a day
  3. The Leavenworth Federal Maximum Security Prison, Leavenworth, Kansas!
  4. - More and more sensational stories.. Press doesn’t understand – or want to understand – the very hard business of security in an organization Now front and center to popular and business press – consumed by executives and boards of directors Vendor marketing campaigns also add to the hype
  5. Share Dark Reading click-through stories
  6. But is critically important….
  7. Sources: WhiteHat Security 2015 Website Security Statistics Report Veracode 2015 State of Software Security Verizone 2015 Data Breach Investigations Report Eye is not on the prize! Security posture built on buying the shiny object….security ADHD – limited patience and or dilligence to do what’s necessary to reduce risk.
  8. Sources: WhiteHat Security 2015 Website Security Statistics Report Veracode 2015 State of Software Security Verizone 2015 Data Breach Investigations Report
  9. Texas PUC moved its two cybersecurity staff working on Smart Meter security to the State’s Emergency Operations Center. No backfill Source: "Shift Cybersecurity Investment to Detection and Response,” Ayal Tirosh & Paul E. Proctor, Gartner, January 2016. Source: “Global Information Security Survey 2015” EY