More Related Content
What's hot
What's hot (20)
Similar to Cloud & Cybersecurity
Similar to Cloud & Cybersecurity (20)
Recently uploaded
Recently uploaded (20)
Cloud & Cybersecurity
- 2. Cloud Management API Cloud Inter-connectivity Container Environments Orchestration Systems Users New Potential Attack Surfaces From Cloud Migration ➢ Through 2022, at least 95% of cloud security failures are user faults -Gartner
- 3. Shared Responsibility Model Customer’s Responsibilities: ▪ Data & Content ▪ Applications, Platforms, and User Management ▪ OS, Firewall, and Network settings and configuration ▪ Encryption & Network Traffic Protection Provider’s Responsibilities: • Storage • Network • Computing Power Cloud Security
- 4. IoT devices run on lightweight MQTT protocol. Additional TLS security is required IoT devices are universal Plug-and-Play. Need to configure permissions and protocols IoT devices exist within a larger ecosystem with varying levels of computing power IoT Security
- 5. Technologica l Refinement Mass Adoption Baseline Security Regulation Enforcement Market Differentiation We are here Rules for IoT Security: • Adequate Data Protection • Maintains User Experience Levels • Maintains Low Latency California Senate Bill 327: From January 2020, devices that connect directly or indirectly to the internet must incorporate “reasonable” security features to protect user’s data from unauthorised access, modification, or disclosure The FTC in July 2019 banned D-Link products from sale in the USA until it improved device security Timeline for IoT Security
- 6. Smart Buildings & Why They Are Easy Targets Critical Buildings: • Airports • Data Centres • Hospitals Smart Building Systems: • IoT Systems • Video Surveillance • Access Control • Elevators • HVAC • Smart Lighting Breaching Smart Buildings is CHEAP & EASY Weaknesses: • Combination of Legacy and Smart systems • Internal networks not well segmented • Firewall misconfiguration • Unwanted services and unsecure protocols enabled (Telnet, FTP, UPnP) • Unencrypted Traffic (FTP/FTSP & HTTP) • Use of devices with known vulnerabilities • Weak/Default passwords
- 7. With Shodan, you can search: ▪ Protocols for specific IoT devices ▪ Locations of IoT devices on a map ▪ Default passwords Shodan can potentially be used as a resource by Cyber attackers, together with other open- source software A Tool Used by Hackers
- 8. Machine Learning is used to identify and isolate threats from the trillions of user activities Recommendation: 1/10/60 Challenge Detect in 1 min Investigate in 10 min Remediate in 60min 2+ Trillion Activities Per Week 23 Million Hunting Leads 10,000 Suspicious 200 Alerts Follow-ups 7 AI Humans Source: Crowdstrike Benefits of AI: • 99.7% Effectiveness • 0.001% False Positives • Reduces Helpdesk Call by 98% • Lightweight • Extends Hardware Lifespan • Reduces Network Bandwidth Cybersecurity & AI
- 9. 3 Steps of Threat Hunting: Resolution • Incident response & mitigation • Feed data into AI for retrospective investigation Investigation • Use analytical frameworks to determine malicious/non- malicious (Statistical Analysis) Trigger • Threat analysts pinpoint a specific network sector or system to investigate • New detection method (Hypothesis Testing) Cybersecurity & AI
- 11. Types of AI Cyber security software: Endpoint Detection & Response (EDR) • Monitors endpoint and network activity • Logs into database Whitelisting • IP addresses, users Sandboxing • Full, OS, and VM Host Intrusion Protection System (HIPS) / Anti- Exploitation • Monitors and prevents major changes to system Cybersecurity & AI
- 12. As cybersecurity systems become smarter, attackers begin to target the weakest link: Users Even previously secure methods (Multi-Factor Authentication, One- Time Passwords) have been breached via Social Engineering Users also tend to use identical passwords across different sites and programs. A breach in a less secure site may lead to breaches in a user’s accounts elsewhere With the rise of social media, traditional security questions can be easily answered Cybersecurity
- 14. Singapore Cyber Attack Sources: 1. China 2. Russia 3. Eastern Europe 4. India Singapore Cyber Attack Industry Targets: 1. Media 2. Energy 3. Aerospace & Defence 4. Finance 5. Government State-Sponsored Agents tend to target industries that they want to learn from Fastest intrusion time recorded by Fortinet: 18 mins Cybersecurity
- 15. NOTES AND RESOURCES Acknowledgements: Parts of this presentation was adapted from the conferences at Cloud Asia Expo 2019: Fireside Chat: Best Practices in Cloud, by Raju C., Achim Granzen, Omer Wilson, and Kristiono Setyadi Other Useful Links: https://iot-analytics.com/how-5g-ai-and-iot-enable-intelligent-connectivity/ https://www.geospatialworld.net/news/huawei-cloud-gains-ground-in-global-markets-through-cloud-ai-5g-iot/ https://www.huawei.com/fr/about-huawei/publications/winwin-magazine/33/cloud-and-59-bring-the-reality- to-arvr
- 16. PRESENTED BY:
- 17. CONTACT US: enquiry@indsights.sg Email us @indsightsresearch Follow for more articles & presentations https://indsights.sg Read about our research summaries https://indsights.sg/subscribe Subscribe to weekly technology news articles from Singapore & around the world