I delivered a talk to the Northern Ireland Business Continuity Forum on Cybersecurity Threats on 12 November 2014. This is a sanitised version of the slide deck that I used.

1. CYBER SECURITY | THREATS
12TH NOVEMBER 2014
DAVID CROZIER – TECHNICAL MARKETING MANAGER
@DAVID_CROZIER

2. David Crozier
Technical Marketing Manager at QUB’s Centre for Secure Information Technologies (CSIT)
Responsible for marketing of commercial R&D, IP, MSc and membership programmes and planning
its annual World Cyber Security Technology Research Summit.
Currently advise the Northern Ireland Organised Crime Task Force on cyber and cyber enabled crime.
Holds a BSc Computer Science and MSc Innovation & Entrepreneurship from the University of Ulster.

3. Vision
Our vision is to establish a
global innovation hub for
cyber security, to accelerate
new value creation, drive new
venture creation and build
capacity for the cyber security
industry, whilst not
compromising on research
excellence
GLOBAL
INNOVATION
HUB FOR
CYBER
SECURITY

4. CSIT within the Innovation landscape
TRLs
SBRI, KTP,
Innovation Voucher
EPSRC–
Responsive Mode
Research CASE, PhDs
Horizon 2020
Collaborative R&D
Technology
Deployed,
Spinouts
EPSRC Innovate UK
Contract Development
CSIT - IKC
VCs, Angels etc.
SMART
1 2 3 4 5 6 7 8 9

5. Open Innovation Model

6. THINK

7. How much is your data worth?
Perception
Trending to zero

8. How much is your data worth?
$20 per user
Google 2006
$30 per user
Facebook 2012
$42 per user
Facebook 2014
Reality

9. What are they after?

10. Categories of Threats
CCoorrppoorraattiioonnss,,
Individuals
Corporations,
Individuals
Corporations,
Individuals,
Governments
N/A
Retailers,
Financial
Services,
Individuals
Intellectual
Property,
Negotiation
positions, Legal
posture, R&D,
Weapons
Low Low-Med Low-Med Low-Med High High
Phishing,
Malware
Destruction,
Theft
DDOS,
Anonymous,
Wikileaks, Lulzsec
Al-Qaeda Sites,
ISIS Recruitment
Carding,
ACH, PII
Chinese
Hackers, APTs,
ICS SCADA
Targets
Skill Level
Example
Objective
Financial
Gain
Revenge,
Monetary Gain
Defamation,
Notoriety
Fundraising,
Propaganda,
Recruitment
Financial
Gain
Economic,
Political
Advantage
Viruses
Worms, Spam
Insider threat,
Insider sabotage
Hacktivists Terrorists
Organised
Crime
State Sponsored
Amended from original and used with permission from – Paul C Dwyer, Cyber Risk International Ltd

11. The Insider Threat
“A person who exploits, or has the intention to exploit, their legitimate
access to an organisation’s assets for unauthorised purposes.”
Gender: 82% Male, 18% Female
Age: 49% 41-45 Years Old
Contract: 88% Permanent Staff
Job Type: Customer Service (20%), Financial (11%), Security 11%)
Role: 45% Managers, 49% Administrative/Support Roles
Duration: 6 Months (41%), 5+ Years (11%)
Time in Service: 5 Years (60%)
CPNI Insider Data Collection Study 2013

12. Detecting The Insider Threat
Threat Indicators:
Anomaly Detection
• Physical/Remote Access Patterns
• Data Access Patterns
• Communication Channels (Email, Phone, IM)
IT Observables
• Data Exfiltration
• Resource Usage (Systems, Printers, Data Storage)
• Access Violations (Resource Probing)
Evidential Reasoning
• Criminology Profiles (Immature, Self-Esteem, Impulsive)
• Motivation Analysis (Grievances, HR Reports)
• Behavioural Evidence (Stressed, Adverse Life Events)

13. The Increasing Network Perimeter
Multiple Access Points
Distributed Corporate Systems
Third-party IT Providers
Wireless Connectivity Support
3G/4G Pervasiveness
BYOD Support
Collaborative Data Sharing Tools

14. Compliance and certification is enough – Right?
Wrong!
• Payment Card Industry Data Security Standard (PCI DSS)
• ISO 27001:2013
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Ethical Hacker (CEH)
These are only a starting point, baselines.
You need to aim for Compliance
Plus+ in relation to cyber security.

15. Cyber Security is not just ITs problem
CEO
CIO CFO COO CMO
Not knowing is not good enough anymore

16. If, not when.
Protect
Prepare
Detect
Analyse
Containment,
eradication
and
Remediation
Post-mortem

17. Threat Intelligence Sharing
The Cyber-security Information Sharing Partnership (CiSP), part of
CERT-UK, is a joint industry government initiative to share cyber threat
and vulnerability information in order to increase overall situational
awareness of the cyber threat and therefore reduce the impact on UK
business.
CiSP members receive enriched cyber threat and vulnerability
information from the ‘Fusion Cell’, a joint industry and government
analytical team who examine, analyse and feedback cyber information
from a wide variety of data sources.
600 Organisations and 1700 Individuals signed up for this free service
as of summer 2014.

18. Incident Reporting
• Significant under-reporting in Northern Ireland
• New reporting portal for industry only being tested
• Will support business case for further investigative resources
• PSNI are mindful of reputational damage.
• Investigation processes updated accordingly to minimise negative
commercial impact.

19. Growth Prospects
• Global Cybersecurity market size:
• £136Bn (K-Matrix, May 2013)
• £51Bn (Markets and Markets, 2012)
• UK Cybersecurity market size:
• £4.3Bn (K-Matrix, May 2013)
• £2.8Bn growing to £3.4Bn by 2017 (PAC, 2013)
• Importance to UK
• National Cybersecurity Strategy
• Major Businesses (BAE Systems, Thales UK, QinetiQ, BT), specialist
consultants (KPMG, PwC), UK based FDI (IBM, Intel, Microsoft,
Lockheed Martin, CGI) and numerous SMEs
• Cyber Growth Partnership
• Government have targeted £2Bn by 2016 for exports (£850M in 2012)
• 135% Growth

20. Emergent Industry

21. MSc in Cyber Security
Industry Informed Work Placement Opportunities
• Feedback incorporated into course structure module content
• McAfee providing lecture material to support Malware module
• Invited seminars and special guest lectures from industry experts
• Internship and work placement opportunities will be open to students
accepted for enrolment on the MSc in Cyber Security

22. @DAVID_CROZIER
QA