Recommended
More Related Content
What's hot
What's hot (20)
Similar to Cyber innovation without a new product to buy-Michael Boeckx - cybersec europe 2023.pdf
Similar to Cyber innovation without a new product to buy-Michael Boeckx - cybersec europe 2023.pdf (20)
Recently uploaded
Recently uploaded (20)
Cyber innovation without a new product to buy-Michael Boeckx - cybersec europe 2023.pdf
- 1. 1 C y b e r s e c u r i t y s e r v i c e s Cyber innovation Without a product to buy Michaël Boeckx, Chief Operations Officer infra NRB
- 2. 2 Security Governance Framework Identify Protect Detect Respond Recover Security is approached from two sides: • Legal and compliance: A view on security linked to legal frameworks and controls • Technology focused: A portfolio of tools and solutions that are implemented. A successful cybersecurity practice combines both viewpoints and link them closely together to be end to end successful. This is the ambition of the NRB security practice. Security Challenge Journey The Security Who are we?
- 3. 3 T h e C y b e r S t a t u s s l i d e : H o w t o b e a t i n f l a t i o n The next best thing: Invest in cybersecurity!! Source: www.statistica.com Financial impact YoY growth of 3 Trillion Third largest economy 97 victims per hour Hacker attack every 39 sec 11,500,000,000,000 230,000,000 What is Cybercrime: Damage or Destruction of data. Stolen money Lost Productivity Theft of IP Theft of personal or financial data Embezzlement Fraud Post-attack disruption Financial impact 97 victims per hour Hacker attack every 39 sec Journey The Security Setting the scene
- 4. 4 G e t t h e f e a r f a c t o r o u t o f t h e e q u a t i o n : o r g a n i z e i t b u t , … . K I S S i t ! Budget and Roadmap Use what you got! The DevOps Way: organise you’re shop. Budget in function of maturity ambition Impact Present Risks to your board not tools Explain the cost of reducing risk and increase maturity Report back continously Manage planned and unplanned work Implement a shop floor: ISO NIST or something else Build roadmap to increase your “shopfloor efficiency” overall linked to maturity. You already have tools, a lot of them, use them! For the rest excel is your friend! Get people, get help, not tools Journey The Security
- 5. 5 S o n o t o o l s , r e a l l y ? ? Multiple layers for identification in place both on cloud (home office) as in the office and both from outgoing as incoming mails. Identify Protect Detect Respond Recover Create a multilayered protection model both on your edge internally as at your end point: manage them and don’t forget Awareness In its basic form use XLS then move to a SIEM with ML features. Don’t by the SIEM tool buy the service you will not be able to do it alone Start using automated responses for basic actions. SOAR is the buzz word but automating will help free up time of you people to do valuable stuff. Start with table top exercises to recover from a cyber recovery attack. You want to be prepared on communication recovery approach and start practice! The Basics • Authentication everywhere multifactor • Inject thread feeds in your protection systems • AI and ML are already imbedded in your systems • Vulnerability and Path of least resistance • Cyber recovery is the new focus Technology innovations The Advanced stuff • IOT security is not that difficult • Multi party computation and encryption • Think about quantum safe and understand it • Supply chain attacks are real and cross border Ah by the way cloud is not more secure just different Journey The Security
- 6. 6 I S O c e r t i f i e d s o I a m o k . Regulatory and compliance Regulatory frameworks NIS GDPR BNB/CCB/MED Cloud Act Implementation frameworks Reputational Financial Human ISO27001 NIST ENISA Goverance Maturity Audit Translate legal to implementation It is there to protect you Its NOT Paper it is a system of work It will make risk visible It enables your company to increase Journey The Security
- 7. 7 Protect customers against Cyber attacks comming from inside and outside of their digital environment throug technology or human behaviour changes. Try to ethical hack a company or public entity to validate a good protection of their IT environment. Monitor and alert customers for abnormal behavior on their digital environment Assist in the recovery of victims of a cyber attack both existing customers or new customers. Create a compliancy framework linked to controls and technology for customers at each level of maturity of that customer. Service Examples • Awareness training • Ddos protection • Ramsomware protection • End user protection • Security operations center • Penetration testing • Vulnerability scanning Forensic analytics Recovery services Regulatory support (gdpr/compliance) CISO as a service GDPR as a service ISO27 audits and certification Risk management Business continuity management Prevent Detect Regulatory and compliance Recover Journey The Security How can we help? W e a r e h e r e t o s e r v e
- 8. 8 Securing our digital well-being 1 on 10 -18 year old harassed online 9 out 10 cyberattacks by mail phising @NRB +75% more mail block since the pandemic Millions of unpatched systems due to ignorance The digital well-being of a person is measured by the impact of his/her technology consumption on his/her social, mental and physical well-being. Securing the digital well-being of the Belgian citizens is at the heart of the NRB Group in line with its mission statement, technical competencies and industry knowledge. This concern is shared and supported by all affiliates of the NRB Group. Call to action The digital transformation is a fact ; cybersecurity is the enabler of mutual trust supporting that change and allowing society to interact digitally. Societal challenges • Interferences in democratic process • Online disinformation • Censoring, observing and repressing • Cyber-espionage and IP theft • Attacked critical infrastructure Individual challenges • Cyber harassment • Identity theft • Digital illiteracy • Financial extortion Journey The Security
- 9. 9 C y b e r s e c u r i t y s e r v i c e s www.nrb.be