SlideShare a Scribd company logo

Cyber Resilience

Ian-Edward Stafrace
Ian-Edward Stafrace

Cyber Resilience presented at the Malta Association of Risk Management (MARM) Cybercrime Seminar of 24 June 2013 by Mr Donald Tabone. Mr Tabone, Associate Director and Head of Information Protection and Business Resilience Services at KPMG Malta, presented a six-point action plan corporate entities can follow in order to reach a sustainable level of cyber resilience.

BusinessTechnologyNews & Politics
1 of 29
Download to read offline
Cyber Resilience Malta Association of Risk Management (MARM) Donald Tabone 24 June 2013
Agenda 1 Where are we coming from? 2 Cybercrime and threat actors 3 What the stats say 4 Who‟s being targeted? 5 Cause for concern? 6 Cyber resilience defined 7 A six-point plan to becoming resilient 1
Where are we coming from? The foundations • ‟62 J.C. R. Licklider introduced the idea of an „Intergalactic Network‟ • „76 Dr. Robert Metcalfe invented Ethernet, coaxial cables • „78 Gary Thuerek – first spam email sent to 400 users of ARPANET • „84 Dr. Jon Postel described his idea for .com, .org, .gov etc. In a series of papers published by the IETF • „89 The World was the first ISP to offer commercial dial up internet • ‟92 The Corporation for Education and Research Network (CREN) released the world wide web The beginning of eCommerce • „94 Pizza hut offered online ordering through their website • „95 Pierre Omidyar released AuctionWeb which later became eBay • „96 Hotmail was launched. The following year Microsoft bought it out for $400m • „98 Google received funding to become Google Technology Incorporated. • „99 The Internet consisted of 19.5m hosts and over 1m websites 2
Where are we coming from? The Dot-com bubble • „00 The Dot-com bubble burst • „03 Apple launched the iTunes store with 200,000 songs • „03 The hacktivisit group Anonymous was born • „04 Google launched Gmail with 1Gb of storage • ‟05 YouTube is launched. The following year Google bought it out for $1.6b • „06 Twitter and Facebook came around • „06 There are an estimated 92m websites online 40 years from its inception • ‟09 Mobile data traffic exceeds voice traffic every single month • „09 Cloud-based file hosting from the likes of Dropbox came around • „10 Facebook announces it reached 400m active members • „10 Syria and China attempt to control Internet access • „10 The Wikileaks drama ensues whilst Anonymous conduct several cyber attacks on government, religious and corporate websites • „11 Interest in virtualisation and cloud computing reach their highest peak • „13 The interest in BYOD and Big Data has reached a new high 3
Opportunity for crime www Cybercrime & Cyber criminals Our dependence As a result, we face new challenges related to.. • Our online privacy, • The confidentiality and integrity of the data we entrust to online entities, and • Our ability to conduct business on the net through the use of ecommerce web applications Because of the nature of how the net works, accountability is also a challenge! 4
Threat actors..1 Organised Crime • Traditionally based in former Soviet Republics (Russia, Belarus, Ukraine) • Common attacks: Theft of PII for resale and misuse or resources for hosting of illicit material • Occasionally employ blackmail in terms of availability (Threats of denial of service attacks to companies and threats of exposing individuals to embarrassment) 5
Threat actors..2 State Sponsored • Nations where commercial and state interests are very aligned • Military or Intelligence assets deployed in commercial environments • Limitless resources? • Main aim to achieve competitive advantage for business • Theft of commercial secrets (Bid information, M&A details) 6
Just this week 7
Hacktivism Will attack companies, organizations and individuals who are seen as being unethical or not doing the right thing Hacking for fun… seriously! Entire nations can be taken down (Estonia) 8
Stolen information • 18.5m people have been affected by PC theft • 75% of data loss incidents in Retail were attributed to Hacking • 96% of data loss incidents in Media were attributed to Hacking Source: 2012 KPMG Data Loss Barometer 9
2012 KPMG cybercrime survey Source: KPMG A nuanced perspective on cybercrime, shifting viewpoints – call for action. The results were based on over 170 responses from CIOs/CISOs or professionals in related professions in the Netherlands. 10
3 Common Attacks Traditional crime, redefined? Network based attacks Spear phishing attacks Human based attacks • Identify a target website • Conduct network reconnaissance / mapping • Engage in DDoS attacks to deny accessibility • The result is direct loss of business • Identify a target individual • Build a profile / biography • Directly target with a personal email • Trick user into accessing a malicious website • Implant malware and gain control of a device • Use a compromised machine to obtain otherwise confidential information • Human error incidents • Inside users become the target as they are often trusted users • Scorned / disgruntled employees The reality is that cyber attackers and organised crime perpetuators often use a combination of attack avenues to profile a target and map out their internal systems – the information is readily available! Competitive edge is eroded Organisation secrets are stolen Corporate reputations are damaged Source: 2012 KPMG Cyber Vulnerability Index 11
Who are they targeting? Increased attack sophistication Inappropriate business response = UNCERTAINITY One study* conducted in the UK showed that small businesses suffer an estimated loss of £800m a year, averaging nearly £4000 per business • 30% of its members were victims of fraud as a result of virus infections • 50% hit by malware • 8% victims of hacking • 5% suffered security breaches As a consequence, a second recent cybercrime study** revealed that • 53% of the British public is worried about the damage of cyber attacks • 40% feel more vulnerable to cyber attacks now than a year ago • 38% feel that their personal data exchanged with organisations they do business with may already have been compromised Sources: * The study was carried out by the Federation of Small Businesses in the UK and is based on its 20000 members, http://www.fsb.org.uk/News.aspx?loc=pressroom&rec=8083, accessed 12/6/2013 ** The study was conducted by PollOne in April 2013 for Tripwire on 1000 users, http://www.tripwire.com/company/research/survey-half-uk-population-worried-about-nation-state-cyber-attacks/, accessed 12/6/2013 12
In the US The unverified losses that victims claimed in 2012 jumped 8.3% from $485m the previous year Losses Complaints Sources: SC Magazine and Internet Crime Complaint Center 13
Meanwhile in a non-descript building … … just outside of Shanghai, “Unit 61398” of the Peoples Liberation Army is the alleged source of Chinese hacking attacks… Source: Businessweek.com … although the Chinese government consistently denies its involvement in such activities claiming that such allegations are “irresponsible and unprofessional” Why should you be concerned? Source: Hello, Unit 61398, The Economist. 19 February 2013, accessed 13/06/2013 14
Convictions? The fight against cybercrime seems to be ongoing 41 MONTHS • Romanian hacker Cezar Butu – 21 months in prison for compromising systems credit card processing • Darnell Albert-El, 53 – 27 months in prison for hacking • Steven Kim, 40 – 12 months in prison for stealing personal data • Bruce Raisley, 48 – 24 months in prison for creating a botnet virus to launch DDoS atacks • Shawn Reilly, 34 – 33 months in prison for committing 84 fraudulent wire transfers • Eduard Arakelyan, 21 and Arman Vardanyan, 23 – 36 months in prison for theft of credit card Why should you be concerned? information and committed bank fraud • Sonya Martin, 45 – 30 months in prison for being part of a gang to evade encryption Sources: ValueWork, Help Net Security, SC Magazine 15
Next generation cybercrime threat? What if hackers hijacked a key satellite? Could space be cybercrime's new frontier? FACT #1 We have an overwhelming reliance on space technology for vital streams of information FACT #2 Satellites are frightfully vulnerable to collisions and there are over 5500 redundant ones at the moment ! Makes us acutely vulnerable! Source: The Independent, Space : the new cybercrime frontier, http://www.independent.co.uk/life-style/gadgets-and-tech/news/space-the-new-cyber-crime-frontier8194801.html accessed 16/2/2013 16
Juggling the risks Examine threats Determine the risk level Risk Assessment AIM: reduce organisational risk Risk Assumption Risk Alleviation Risk Avoidance Risk Limitation Risk Planning Risk Transference • With appropriate due diligence, management accept the potential risk and continue operating • Management approve the implementation of controls to lower risk to an acceptable level • Eliminate the process that could cause the risks • Management limit the risk exposure by putting controls to limit the impact of a threat • A process to manage risk by developing an architecture that prioritises, implements and maintains controls • Management transfer the risk by using other options to compensate for a loss – e.g. Purchasing an insurance policy 17
Risk Transference Bespoke insurance products providing tailor made policies targeting key professional liability exposures for technology companies 18
Becoming resilient – a six point action plan Cyber Resilience “ The ability of a system or a domain to withstand attacks or failures and in such events to re-establish itself quickly ” – Nigel Inkster, International Institute of Strategic Studies 1. Organizational Readiness 2. Situational awareness 3. Cyber defence 4. Detection 5. Mitigation and containment 6. Recovery 19
#1 - Organisational Readiness Corporate awareness Ownership at the C-level Assign the role and responsibility for information security oversight Understand your business risks Focus on your information and reputation Share intelligence and experiences 20
#2 - Situational intelligence Hacking for fame & glory Cybercrime moved into monetisation Disruption Criminal gangs Protest hacktivism Corporate espionage Anonymous & Lulzsec target corporate infrastructures Specialist knowledge Know your information assets Keep abreast of the latest advanced threats Classify your information assets “ One of the problems is that we all tend to be technology professionals weathered by our experiences rather than looking at new ways of managing risk and gaining or using new sources of intelligence ” - Pat Brady, Information Security Manager, National Australia Group 21
#3 – Cyber defence Get a grip on infrastructure and access security Assert the levels of staff awareness Define strict access control and remote access control Ensure strong visitor procedures for key buildings Keep your basic security controls in sight e.g. Password change policy Infrastructure changes should trigger network configuration changes allowing you to move the shape of the target 22
#4 – Detection Develop the ability to detect attacks Ensure you have an effective internal & external monitoring process Scan outbound messages for abnormal volumes and patterns Early recognition of a compromise is key to early reaction 23
#5 – Mitigation and containment The aim is to limit the damage to your services and reputation Continuity of Operations Plan Limit the impact / shutdown the source Disaster Recovery Plan Being prepared is the key IT / Network Contingency Plans Contingency planning – define and review your plans Crisis Communication Plan Ensure adequate testing of business continuity plans Prepared PR statements Cyber Incident Plan Occupant Emergency Plan 24
#6 – Recovery You need to develop the ability to re-establish normal service  Your survival as a business depends on it Apply the lessons learnt Give feedback to senior executives Here’s what happened to us This is how we reacted This is what we’ve done to mitigate / prevent it 25
Conclusions Some final thoughts.. • The cyber crime threat is actual and here to stay • It’s NOT a question of IF but WHEN IT Service Continuity Management functions Business Continuity • Be prepared for incidents • Ensure security awareness between departments Cyber Resiliency • Protect your information assets, regardless of where are being held • Ensure adequate crisis management between departments Awareness • Align individual goals with the organisations‟ cyber security ambitions Knowledge • Cyber risk teams need to consist of flexible people who can build relationships across departments • Take a pragmatic approach to investing in your defences – overinvesting is a real danger Controls Detection Mitigation Recovery BEING PROACTIVE IS THE NAME OF THE GAME 26
References Andrew Auernheimer, http://en.wikipedia.org/wiki/Weev Bandit Country, Amir Singh, Chartech March/April 2013 Cyber Crime Study Reveals Uncertainty, http://www.tripwire.com/state-of-security/it-security-data-protection/cyber-security/viewpoints-oncyber-crime-reveal-uncertainty/ Eight cyber crooks who got less prison time than Andrew Auernheimer, http://www.scmagazine.com/here-are-eight-cyber-crooks-who-gotless-prison-time-than-andrew-auernheimer/article/284928/ KPMG data loss barometer 2012, http://www.kpmg.com/uk/en/services/advisory/risk-consulting/pages/data-loss-barometer-2012.aspx KPMG seven ways to beat cyber crime, http://www.kpmg.com/UK/en/IssuesAndInsights/ArticlesPublications/Documents/PDF/Advisory/seven-ways-beat-cyber-crime-nov2012.pdf KPMG shifting viewpoints - A nuanced perspective on cybercrime, http://www.kpmg.com/NL/en/Issues-AndInsights/ArticlesPublications/Pages/Shifting-viewpoints.aspx Microsoft and FBI disrupt global cybercrime ring, http://www.net-security.org/malware_news.php?id=2511 Most small businesses can't restore all data after a cyber attack, http://www.net-security.org/secworld.php?id=15012 Operation cyber taskforce, Gerry O’Neill, Chartech March/April 2013 Space: the new cyber crime frontier, http://www.independent.co.uk/life-style/gadgets-and-tech/news/space-the-new-cyber-crime-frontier8194801.html The cost of cybercrime, http://securityaffairs.co/wordpress/14628/cyber-crime/cost-of-cybercrime-for-uk-small-businesses.html 27
Thank you! Donald Tabone B.Sc. (Hons), LL.M. (Strath)  donaldtabone@kpmg.com.mt

Recommended

Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
Christophe Foulon, CISSP
 
What is cyber resilience?
What is cyber resilience?What is cyber resilience?
What is cyber resilience?
Aaron Clark-Ginsberg
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber Resilience
Peter Wood
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
ZaiffiEhsan
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
A. Shamel
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Prachi Mishra
 

Recommended

Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
Christophe Foulon, CISSP
 
What is cyber resilience?
What is cyber resilience?What is cyber resilience?
What is cyber resilience?
Aaron Clark-Ginsberg
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber Resilience
Peter Wood
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
ZaiffiEhsan
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
A. Shamel
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Prachi Mishra
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
WindstoneHealth
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
NTT Innovation Institute Inc.
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Corporater
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
Siemplify
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness
Michel Bitter
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
mohamed nasri
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
Mark Silver
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
McKonly & Asbury, LLP
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Cyber security
Cyber securityCyber security
Cyber security
Bhavin Shah
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
Paige Rasid
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
Radar Cyber Security
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
ADGP, Public Grivences, Bangalore
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
SlideTeam
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
PHISHING PROTECTION
PHISHING PROTECTIONPHISHING PROTECTION
PHISHING PROTECTION
Sylvain Martinez
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdf
slametarrokhim1
 
Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?
John Gilligan
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015
ITSM Academy, Inc.
 

More Related Content

What's hot

Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
WindstoneHealth
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
NTT Innovation Institute Inc.
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Corporater
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
Siemplify
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness
Michel Bitter
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
mohamed nasri
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
Mark Silver
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
McKonly & Asbury, LLP
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Cyber security
Cyber securityCyber security
Cyber security
Bhavin Shah
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
Paige Rasid
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
Radar Cyber Security
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
SlideTeam
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
PHISHING PROTECTION
PHISHING PROTECTIONPHISHING PROTECTION
PHISHING PROTECTION
Sylvain Martinez
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdf
slametarrokhim1
 

What's hot (20)

Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security Governance
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
PHISHING PROTECTION
PHISHING PROTECTIONPHISHING PROTECTION
PHISHING PROTECTION
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdf
 

Viewers also liked

Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?
John Gilligan
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015
ITSM Academy, Inc.
 
EU Onshore Insurance Protected Cells - Captives on a Budget
EU Onshore Insurance Protected Cells - Captives on a BudgetEU Onshore Insurance Protected Cells - Captives on a Budget
EU Onshore Insurance Protected Cells - Captives on a Budget
Ian-Edward Stafrace
 
Cyber Resilience Summit Briefing
Cyber Resilience Summit Briefing Cyber Resilience Summit Briefing
Cyber Resilience Summit Briefing
John Weiler
 
Cyber Resilience @ Dundee & Angus College
Cyber Resilience @ Dundee & Angus CollegeCyber Resilience @ Dundee & Angus College
Cyber Resilience @ Dundee & Angus College
College Development Network
 
Journey to cyber resilience
Journey to cyber resilienceJourney to cyber resilience
Journey to cyber resilience
Andrew Bycroft
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber Resilience
Symantec
 
Cyber Crime & Big Data Webinar -- 10-16-13
Cyber Crime & Big Data Webinar -- 10-16-13Cyber Crime & Big Data Webinar -- 10-16-13
Cyber Crime & Big Data Webinar -- 10-16-13
MedillNSZ
 
2016 Canadian CEO Outlook
2016 Canadian CEO Outlook2016 Canadian CEO Outlook
2016 Canadian CEO Outlook
Stradablog
 
ASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & Risques
ASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & RisquesASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & Risques
ASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & Risques
Cyber Security Alliance
 
EC-Council Computer Hacking Forensic Investigator v9
EC-Council Computer Hacking Forensic Investigator v9EC-Council Computer Hacking Forensic Investigator v9
EC-Council Computer Hacking Forensic Investigator v9
ITpreneurs
 
Technician Wisdom_June 2010
Technician Wisdom_June 2010Technician Wisdom_June 2010
Technician Wisdom_June 2010Springboard Labs
 
Behavioural Economics and Finance
Behavioural Economics and FinanceBehavioural Economics and Finance
Behavioural Economics and Finance
Ian-Edward Stafrace
 
FERMA Risk Management Benchmarking Survey 2014
FERMA Risk Management Benchmarking Survey 2014FERMA Risk Management Benchmarking Survey 2014
FERMA Risk Management Benchmarking Survey 2014
Ian-Edward Stafrace
 
Driving higher performance from Google AdWords by applying Behavioural Economics
Driving higher performance from Google AdWords by applying Behavioural EconomicsDriving higher performance from Google AdWords by applying Behavioural Economics
Driving higher performance from Google AdWords by applying Behavioural Economics
paulsbooth
 
The Power of Cognitive Interviewing... and what qualitative research can lear...
The Power of Cognitive Interviewing... and what qualitative research can lear...The Power of Cognitive Interviewing... and what qualitative research can lear...
The Power of Cognitive Interviewing... and what qualitative research can lear...
Merlien Institute
 
Tom ewing behavioural economics - 2012
Tom ewing behavioural economics - 2012Tom ewing behavioural economics - 2012
Tom ewing behavioural economics - 2012
Ray Poynter
 
Operationalizing Safety II - Resilience Learning Network - January 10, 2013
Operationalizing Safety II - Resilience Learning Network - January 10, 2013Operationalizing Safety II - Resilience Learning Network - January 10, 2013
Operationalizing Safety II - Resilience Learning Network - January 10, 2013Springboard Labs
 

Viewers also liked (20)

Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015
 
EU Onshore Insurance Protected Cells - Captives on a Budget
EU Onshore Insurance Protected Cells - Captives on a BudgetEU Onshore Insurance Protected Cells - Captives on a Budget
EU Onshore Insurance Protected Cells - Captives on a Budget
 
El negocio
El negocioEl negocio
El negocio
 
Cyber Resilience Summit Briefing
Cyber Resilience Summit Briefing Cyber Resilience Summit Briefing
Cyber Resilience Summit Briefing
 
Cyber Resilience @ Dundee & Angus College
Cyber Resilience @ Dundee & Angus CollegeCyber Resilience @ Dundee & Angus College
Cyber Resilience @ Dundee & Angus College
 
Journey to cyber resilience
Journey to cyber resilienceJourney to cyber resilience
Journey to cyber resilience
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber Resilience
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber Resilience
 
Cyber Crime & Big Data Webinar -- 10-16-13
Cyber Crime & Big Data Webinar -- 10-16-13Cyber Crime & Big Data Webinar -- 10-16-13
Cyber Crime & Big Data Webinar -- 10-16-13
 
2016 Canadian CEO Outlook
2016 Canadian CEO Outlook2016 Canadian CEO Outlook
2016 Canadian CEO Outlook
 
ASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & Risques
ASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & RisquesASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & Risques
ASFWS 2011 : Cyberguerre et Infrastructures critiques : Menaces & Risques
 
EC-Council Computer Hacking Forensic Investigator v9
EC-Council Computer Hacking Forensic Investigator v9EC-Council Computer Hacking Forensic Investigator v9
EC-Council Computer Hacking Forensic Investigator v9
 
Technician Wisdom_June 2010
Technician Wisdom_June 2010Technician Wisdom_June 2010
Technician Wisdom_June 2010
 
Behavioural Economics and Finance
Behavioural Economics and FinanceBehavioural Economics and Finance
Behavioural Economics and Finance
 
FERMA Risk Management Benchmarking Survey 2014
FERMA Risk Management Benchmarking Survey 2014FERMA Risk Management Benchmarking Survey 2014
FERMA Risk Management Benchmarking Survey 2014
 
Driving higher performance from Google AdWords by applying Behavioural Economics
Driving higher performance from Google AdWords by applying Behavioural EconomicsDriving higher performance from Google AdWords by applying Behavioural Economics
Driving higher performance from Google AdWords by applying Behavioural Economics
 
The Power of Cognitive Interviewing... and what qualitative research can lear...
The Power of Cognitive Interviewing... and what qualitative research can lear...The Power of Cognitive Interviewing... and what qualitative research can lear...
The Power of Cognitive Interviewing... and what qualitative research can lear...
 
Tom ewing behavioural economics - 2012
Tom ewing behavioural economics - 2012Tom ewing behavioural economics - 2012
Tom ewing behavioural economics - 2012
 
Operationalizing Safety II - Resilience Learning Network - January 10, 2013
Operationalizing Safety II - Resilience Learning Network - January 10, 2013Operationalizing Safety II - Resilience Learning Network - January 10, 2013
Operationalizing Safety II - Resilience Learning Network - January 10, 2013
 

Similar to Cyber Resilience

Risks and Security of Internet and System
Risks and Security of Internet and SystemRisks and Security of Internet and System
Risks and Security of Internet and System
Param Nanavati
 
Preventing Cybercrime in Libraries
Preventing Cybercrime in LibrariesPreventing Cybercrime in Libraries
Preventing Cybercrime in Libraries
Mary Rayme
 
"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!
amit_shanu
 
A Survey On Cyber Crime Information Security
A Survey On Cyber Crime Information SecurityA Survey On Cyber Crime Information Security
A Survey On Cyber Crime Information Security
Michele Thomas
 
Info Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsInfo Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study Jams
GDSCCVR
 
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
SurfWatch Labs
 
Business under cyberassault
Business under cyberassaultBusiness under cyberassault
Business under cyberassault
Mohammad Husain
 
CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin
OCTF Industry Engagement
 
kevin's powerpoint chapt 6
kevin's powerpoint chapt 6kevin's powerpoint chapt 6
kevin's powerpoint chapt 6kkajairo
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
SonakshiMundra
 
Mis chapter 9
Mis chapter 9Mis chapter 9
Mis chapter 9
Filmon Habtemichael Tesfai
 
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Tech and Law Center
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security Protection
Shawn Crimson
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Debayon Saha
 
Cybercrime trends in last five years
Cybercrime trends in last five yearsCybercrime trends in last five years
Cybercrime trends in last five years
SABBY GILL
 
Cyber security lifting the veil of hacking webinar
Cyber security lifting the veil of hacking webinarCyber security lifting the veil of hacking webinar
Cyber security lifting the veil of hacking webinar
Association for Project Management
 
Cyber security
Cyber securityCyber security
Cyber security
TonyYeung23
 
CRI Retail Cyber Threats
CRI Retail Cyber ThreatsCRI Retail Cyber Threats
CRI Retail Cyber Threats
OCTF Industry Engagement
 
Hacking
Hacking Hacking
Hacking
thajmohammed
 
Cybercrime
CybercrimeCybercrime
Cybercrime
SERCOD
 

Similar to Cyber Resilience (20)

Risks and Security of Internet and System
Risks and Security of Internet and SystemRisks and Security of Internet and System
Risks and Security of Internet and System
 
Preventing Cybercrime in Libraries
Preventing Cybercrime in LibrariesPreventing Cybercrime in Libraries
Preventing Cybercrime in Libraries
 
"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!
 
A Survey On Cyber Crime Information Security
A Survey On Cyber Crime Information SecurityA Survey On Cyber Crime Information Security
A Survey On Cyber Crime Information Security
 
Info Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsInfo Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study Jams
 
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
 
Business under cyberassault
Business under cyberassaultBusiness under cyberassault
Business under cyberassault
 
CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin
 
kevin's powerpoint chapt 6
kevin's powerpoint chapt 6kevin's powerpoint chapt 6
kevin's powerpoint chapt 6
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
Mis chapter 9
Mis chapter 9Mis chapter 9
Mis chapter 9
 
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security Protection
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cybercrime trends in last five years
Cybercrime trends in last five yearsCybercrime trends in last five years
Cybercrime trends in last five years
 
Cyber security lifting the veil of hacking webinar
Cyber security lifting the veil of hacking webinarCyber security lifting the veil of hacking webinar
Cyber security lifting the veil of hacking webinar
 
Cyber security
Cyber securityCyber security
Cyber security
 
CRI Retail Cyber Threats
CRI Retail Cyber ThreatsCRI Retail Cyber Threats
CRI Retail Cyber Threats
 
Hacking
Hacking Hacking
Hacking
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 

More from Ian-Edward Stafrace

The Core Competencies of a Professional Risk Manager
The Core Competencies of a Professional Risk ManagerThe Core Competencies of a Professional Risk Manager
The Core Competencies of a Professional Risk Manager
Ian-Edward Stafrace
 
Reasons to attend FERMA Risk Magament Forum 2017
Reasons to attend FERMA Risk Magament Forum 2017Reasons to attend FERMA Risk Magament Forum 2017
Reasons to attend FERMA Risk Magament Forum 2017
Ian-Edward Stafrace
 
Improving risk-return and resilience through Enterprise Risk Management — Jul...
Improving risk-return and resilience through Enterprise Risk Management — Jul...Improving risk-return and resilience through Enterprise Risk Management — Jul...
Improving risk-return and resilience through Enterprise Risk Management — Jul...
Ian-Edward Stafrace
 
15 March 2017 Half Day Seminar - Obtaining More Value From Risk & Actuarial F...
15 March 2017 Half Day Seminar - Obtaining More Value From Risk & Actuarial F...15 March 2017 Half Day Seminar - Obtaining More Value From Risk & Actuarial F...
15 March 2017 Half Day Seminar - Obtaining More Value From Risk & Actuarial F...
Ian-Edward Stafrace
 
Risk and Internal Audit Synergies
Risk and Internal Audit SynergiesRisk and Internal Audit Synergies
Risk and Internal Audit Synergies
Ian-Edward Stafrace
 
EU Insurance Protected Cells - Captives on a Budget
EU Insurance Protected Cells - Captives on a BudgetEU Insurance Protected Cells - Captives on a Budget
EU Insurance Protected Cells - Captives on a Budget
Ian-Edward Stafrace
 
Risk Culture
Risk CultureRisk Culture
Risk Culture
Ian-Edward Stafrace
 
Behavioural Economics Overview
Behavioural Economics OverviewBehavioural Economics Overview
Behavioural Economics Overview
Ian-Edward Stafrace
 

More from Ian-Edward Stafrace (8)

The Core Competencies of a Professional Risk Manager
The Core Competencies of a Professional Risk ManagerThe Core Competencies of a Professional Risk Manager
The Core Competencies of a Professional Risk Manager
 
Reasons to attend FERMA Risk Magament Forum 2017
Reasons to attend FERMA Risk Magament Forum 2017Reasons to attend FERMA Risk Magament Forum 2017
Reasons to attend FERMA Risk Magament Forum 2017
 
Improving risk-return and resilience through Enterprise Risk Management — Jul...
Improving risk-return and resilience through Enterprise Risk Management — Jul...Improving risk-return and resilience through Enterprise Risk Management — Jul...
Improving risk-return and resilience through Enterprise Risk Management — Jul...
 
15 March 2017 Half Day Seminar - Obtaining More Value From Risk & Actuarial F...
15 March 2017 Half Day Seminar - Obtaining More Value From Risk & Actuarial F...15 March 2017 Half Day Seminar - Obtaining More Value From Risk & Actuarial F...
15 March 2017 Half Day Seminar - Obtaining More Value From Risk & Actuarial F...
 
Risk and Internal Audit Synergies
Risk and Internal Audit SynergiesRisk and Internal Audit Synergies
Risk and Internal Audit Synergies
 
EU Insurance Protected Cells - Captives on a Budget
EU Insurance Protected Cells - Captives on a BudgetEU Insurance Protected Cells - Captives on a Budget
EU Insurance Protected Cells - Captives on a Budget
 
Risk Culture
Risk CultureRisk Culture
Risk Culture
 
Behavioural Economics Overview
Behavioural Economics OverviewBehavioural Economics Overview
Behavioural Economics Overview
 

Recently uploaded

FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
LR1709MUSIC
 
Accpac to QuickBooks Conversion Navigating the Transition with Online Account...
Accpac to QuickBooks Conversion Navigating the Transition with Online Account...Accpac to QuickBooks Conversion Navigating the Transition with Online Account...
Accpac to QuickBooks Conversion Navigating the Transition with Online Account...
PaulBryant58
 
PriyoShop Celebration Pohela Falgun Mar 20, 2024
PriyoShop Celebration Pohela Falgun Mar 20, 2024PriyoShop Celebration Pohela Falgun Mar 20, 2024
PriyoShop Celebration Pohela Falgun Mar 20, 2024
PriyoShop.com LTD
 
Project File Report BBA 6th semester.pdf
Project File Report BBA 6th semester.pdfProject File Report BBA 6th semester.pdf
Project File Report BBA 6th semester.pdf
RajPriye
 
Digital Transformation in PLM - WHAT and HOW - for distribution.pdf
Digital Transformation in PLM - WHAT and HOW - for distribution.pdfDigital Transformation in PLM - WHAT and HOW - for distribution.pdf
Digital Transformation in PLM - WHAT and HOW - for distribution.pdf
Jos Voskuil
 
Business Valuation Principles for Entrepreneurs
Business Valuation Principles for EntrepreneursBusiness Valuation Principles for Entrepreneurs
Business Valuation Principles for Entrepreneurs
Ben Wann
 
Buy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star ReviewsBuy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star Reviews
usawebmarket
 
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n PrintAffordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Navpack & Print
 
April 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products NewsletterApril 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products Newsletter
NathanBaughman3
 
BeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdfBeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdf
DerekIwanaka1
 
Filing Your Delaware Franchise Tax A Detailed Guide
Filing Your Delaware Franchise Tax A Detailed GuideFiling Your Delaware Franchise Tax A Detailed Guide
Filing Your Delaware Franchise Tax A Detailed Guide
YourLegal Accounting
 
The-McKinsey-7S-Framework. strategic management
The-McKinsey-7S-Framework. strategic managementThe-McKinsey-7S-Framework. strategic management
The-McKinsey-7S-Framework. strategic management
Bojamma2
 
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
BBPMedia1
 
India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...
India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...
India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...
Kumar Satyam
 
Attending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learnersAttending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learners
Erika906060
 
Lookback Analysis
Lookback AnalysisLookback Analysis
Lookback Analysis
Safe PaaS
 
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-indiafalcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
Falcon Invoice Discounting
 
Memorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.pptMemorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.ppt
seri bangash
 
Unveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdfUnveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdf
Sam H
 
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBdCree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
creerey
 

Recently uploaded (20)

FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
 
Accpac to QuickBooks Conversion Navigating the Transition with Online Account...
Accpac to QuickBooks Conversion Navigating the Transition with Online Account...Accpac to QuickBooks Conversion Navigating the Transition with Online Account...
Accpac to QuickBooks Conversion Navigating the Transition with Online Account...
 
PriyoShop Celebration Pohela Falgun Mar 20, 2024
PriyoShop Celebration Pohela Falgun Mar 20, 2024PriyoShop Celebration Pohela Falgun Mar 20, 2024
PriyoShop Celebration Pohela Falgun Mar 20, 2024
 
Project File Report BBA 6th semester.pdf
Project File Report BBA 6th semester.pdfProject File Report BBA 6th semester.pdf
Project File Report BBA 6th semester.pdf
 
Digital Transformation in PLM - WHAT and HOW - for distribution.pdf
Digital Transformation in PLM - WHAT and HOW - for distribution.pdfDigital Transformation in PLM - WHAT and HOW - for distribution.pdf
Digital Transformation in PLM - WHAT and HOW - for distribution.pdf
 
Business Valuation Principles for Entrepreneurs
Business Valuation Principles for EntrepreneursBusiness Valuation Principles for Entrepreneurs
Business Valuation Principles for Entrepreneurs
 
Buy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star ReviewsBuy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star Reviews
 
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n PrintAffordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n Print
 
April 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products NewsletterApril 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products Newsletter
 
BeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdfBeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdf
 
Filing Your Delaware Franchise Tax A Detailed Guide
Filing Your Delaware Franchise Tax A Detailed GuideFiling Your Delaware Franchise Tax A Detailed Guide
Filing Your Delaware Franchise Tax A Detailed Guide
 
The-McKinsey-7S-Framework. strategic management
The-McKinsey-7S-Framework. strategic managementThe-McKinsey-7S-Framework. strategic management
The-McKinsey-7S-Framework. strategic management
 
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
 
India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...
India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...
India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...
 
Attending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learnersAttending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learners
 
Lookback Analysis
Lookback AnalysisLookback Analysis
Lookback Analysis
 
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-indiafalcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
 
Memorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.pptMemorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.ppt
 
Unveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdfUnveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdf
 
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBdCree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
 

Cyber Resilience

  • 1. Cyber Resilience Malta Association of Risk Management (MARM) Donald Tabone 24 June 2013
  • 2. Agenda 1 Where are we coming from? 2 Cybercrime and threat actors 3 What the stats say 4 Who‟s being targeted? 5 Cause for concern? 6 Cyber resilience defined 7 A six-point plan to becoming resilient 1
  • 3. Where are we coming from? The foundations • ‟62 J.C. R. Licklider introduced the idea of an „Intergalactic Network‟ • „76 Dr. Robert Metcalfe invented Ethernet, coaxial cables • „78 Gary Thuerek – first spam email sent to 400 users of ARPANET • „84 Dr. Jon Postel described his idea for .com, .org, .gov etc. In a series of papers published by the IETF • „89 The World was the first ISP to offer commercial dial up internet • ‟92 The Corporation for Education and Research Network (CREN) released the world wide web The beginning of eCommerce • „94 Pizza hut offered online ordering through their website • „95 Pierre Omidyar released AuctionWeb which later became eBay • „96 Hotmail was launched. The following year Microsoft bought it out for $400m • „98 Google received funding to become Google Technology Incorporated. • „99 The Internet consisted of 19.5m hosts and over 1m websites 2
  • 4. Where are we coming from? The Dot-com bubble • „00 The Dot-com bubble burst • „03 Apple launched the iTunes store with 200,000 songs • „03 The hacktivisit group Anonymous was born • „04 Google launched Gmail with 1Gb of storage • ‟05 YouTube is launched. The following year Google bought it out for $1.6b • „06 Twitter and Facebook came around • „06 There are an estimated 92m websites online 40 years from its inception • ‟09 Mobile data traffic exceeds voice traffic every single month • „09 Cloud-based file hosting from the likes of Dropbox came around • „10 Facebook announces it reached 400m active members • „10 Syria and China attempt to control Internet access • „10 The Wikileaks drama ensues whilst Anonymous conduct several cyber attacks on government, religious and corporate websites • „11 Interest in virtualisation and cloud computing reach their highest peak • „13 The interest in BYOD and Big Data has reached a new high 3
  • 5. Opportunity for crime www Cybercrime & Cyber criminals Our dependence As a result, we face new challenges related to.. • Our online privacy, • The confidentiality and integrity of the data we entrust to online entities, and • Our ability to conduct business on the net through the use of ecommerce web applications Because of the nature of how the net works, accountability is also a challenge! 4
  • 6. Threat actors..1 Organised Crime • Traditionally based in former Soviet Republics (Russia, Belarus, Ukraine) • Common attacks: Theft of PII for resale and misuse or resources for hosting of illicit material • Occasionally employ blackmail in terms of availability (Threats of denial of service attacks to companies and threats of exposing individuals to embarrassment) 5
  • 7. Threat actors..2 State Sponsored • Nations where commercial and state interests are very aligned • Military or Intelligence assets deployed in commercial environments • Limitless resources? • Main aim to achieve competitive advantage for business • Theft of commercial secrets (Bid information, M&A details) 6
  • 9. Hacktivism Will attack companies, organizations and individuals who are seen as being unethical or not doing the right thing Hacking for fun… seriously! Entire nations can be taken down (Estonia) 8
  • 10. Stolen information • 18.5m people have been affected by PC theft • 75% of data loss incidents in Retail were attributed to Hacking • 96% of data loss incidents in Media were attributed to Hacking Source: 2012 KPMG Data Loss Barometer 9
  • 11. 2012 KPMG cybercrime survey Source: KPMG A nuanced perspective on cybercrime, shifting viewpoints – call for action. The results were based on over 170 responses from CIOs/CISOs or professionals in related professions in the Netherlands. 10
  • 12. 3 Common Attacks Traditional crime, redefined? Network based attacks Spear phishing attacks Human based attacks • Identify a target website • Conduct network reconnaissance / mapping • Engage in DDoS attacks to deny accessibility • The result is direct loss of business • Identify a target individual • Build a profile / biography • Directly target with a personal email • Trick user into accessing a malicious website • Implant malware and gain control of a device • Use a compromised machine to obtain otherwise confidential information • Human error incidents • Inside users become the target as they are often trusted users • Scorned / disgruntled employees The reality is that cyber attackers and organised crime perpetuators often use a combination of attack avenues to profile a target and map out their internal systems – the information is readily available! Competitive edge is eroded Organisation secrets are stolen Corporate reputations are damaged Source: 2012 KPMG Cyber Vulnerability Index 11
  • 13. Who are they targeting? Increased attack sophistication Inappropriate business response = UNCERTAINITY One study* conducted in the UK showed that small businesses suffer an estimated loss of £800m a year, averaging nearly £4000 per business • 30% of its members were victims of fraud as a result of virus infections • 50% hit by malware • 8% victims of hacking • 5% suffered security breaches As a consequence, a second recent cybercrime study** revealed that • 53% of the British public is worried about the damage of cyber attacks • 40% feel more vulnerable to cyber attacks now than a year ago • 38% feel that their personal data exchanged with organisations they do business with may already have been compromised Sources: * The study was carried out by the Federation of Small Businesses in the UK and is based on its 20000 members, http://www.fsb.org.uk/News.aspx?loc=pressroom&rec=8083, accessed 12/6/2013 ** The study was conducted by PollOne in April 2013 for Tripwire on 1000 users, http://www.tripwire.com/company/research/survey-half-uk-population-worried-about-nation-state-cyber-attacks/, accessed 12/6/2013 12
  • 14. In the US The unverified losses that victims claimed in 2012 jumped 8.3% from $485m the previous year Losses Complaints Sources: SC Magazine and Internet Crime Complaint Center 13
  • 15. Meanwhile in a non-descript building … … just outside of Shanghai, “Unit 61398” of the Peoples Liberation Army is the alleged source of Chinese hacking attacks… Source: Businessweek.com … although the Chinese government consistently denies its involvement in such activities claiming that such allegations are “irresponsible and unprofessional” Why should you be concerned? Source: Hello, Unit 61398, The Economist. 19 February 2013, accessed 13/06/2013 14
  • 16. Convictions? The fight against cybercrime seems to be ongoing 41 MONTHS • Romanian hacker Cezar Butu – 21 months in prison for compromising systems credit card processing • Darnell Albert-El, 53 – 27 months in prison for hacking • Steven Kim, 40 – 12 months in prison for stealing personal data • Bruce Raisley, 48 – 24 months in prison for creating a botnet virus to launch DDoS atacks • Shawn Reilly, 34 – 33 months in prison for committing 84 fraudulent wire transfers • Eduard Arakelyan, 21 and Arman Vardanyan, 23 – 36 months in prison for theft of credit card Why should you be concerned? information and committed bank fraud • Sonya Martin, 45 – 30 months in prison for being part of a gang to evade encryption Sources: ValueWork, Help Net Security, SC Magazine 15
  • 17. Next generation cybercrime threat? What if hackers hijacked a key satellite? Could space be cybercrime's new frontier? FACT #1 We have an overwhelming reliance on space technology for vital streams of information FACT #2 Satellites are frightfully vulnerable to collisions and there are over 5500 redundant ones at the moment ! Makes us acutely vulnerable! Source: The Independent, Space : the new cybercrime frontier, http://www.independent.co.uk/life-style/gadgets-and-tech/news/space-the-new-cyber-crime-frontier8194801.html accessed 16/2/2013 16
  • 18. Juggling the risks Examine threats Determine the risk level Risk Assessment AIM: reduce organisational risk Risk Assumption Risk Alleviation Risk Avoidance Risk Limitation Risk Planning Risk Transference • With appropriate due diligence, management accept the potential risk and continue operating • Management approve the implementation of controls to lower risk to an acceptable level • Eliminate the process that could cause the risks • Management limit the risk exposure by putting controls to limit the impact of a threat • A process to manage risk by developing an architecture that prioritises, implements and maintains controls • Management transfer the risk by using other options to compensate for a loss – e.g. Purchasing an insurance policy 17
  • 19. Risk Transference Bespoke insurance products providing tailor made policies targeting key professional liability exposures for technology companies 18
  • 20. Becoming resilient – a six point action plan Cyber Resilience “ The ability of a system or a domain to withstand attacks or failures and in such events to re-establish itself quickly ” – Nigel Inkster, International Institute of Strategic Studies 1. Organizational Readiness 2. Situational awareness 3. Cyber defence 4. Detection 5. Mitigation and containment 6. Recovery 19
  • 21. #1 - Organisational Readiness Corporate awareness Ownership at the C-level Assign the role and responsibility for information security oversight Understand your business risks Focus on your information and reputation Share intelligence and experiences 20
  • 22. #2 - Situational intelligence Hacking for fame & glory Cybercrime moved into monetisation Disruption Criminal gangs Protest hacktivism Corporate espionage Anonymous & Lulzsec target corporate infrastructures Specialist knowledge Know your information assets Keep abreast of the latest advanced threats Classify your information assets “ One of the problems is that we all tend to be technology professionals weathered by our experiences rather than looking at new ways of managing risk and gaining or using new sources of intelligence ” - Pat Brady, Information Security Manager, National Australia Group 21
  • 23. #3 – Cyber defence Get a grip on infrastructure and access security Assert the levels of staff awareness Define strict access control and remote access control Ensure strong visitor procedures for key buildings Keep your basic security controls in sight e.g. Password change policy Infrastructure changes should trigger network configuration changes allowing you to move the shape of the target 22
  • 24. #4 – Detection Develop the ability to detect attacks Ensure you have an effective internal & external monitoring process Scan outbound messages for abnormal volumes and patterns Early recognition of a compromise is key to early reaction 23
  • 25. #5 – Mitigation and containment The aim is to limit the damage to your services and reputation Continuity of Operations Plan Limit the impact / shutdown the source Disaster Recovery Plan Being prepared is the key IT / Network Contingency Plans Contingency planning – define and review your plans Crisis Communication Plan Ensure adequate testing of business continuity plans Prepared PR statements Cyber Incident Plan Occupant Emergency Plan 24
  • 26. #6 – Recovery You need to develop the ability to re-establish normal service  Your survival as a business depends on it Apply the lessons learnt Give feedback to senior executives Here’s what happened to us This is how we reacted This is what we’ve done to mitigate / prevent it 25
  • 27. Conclusions Some final thoughts.. • The cyber crime threat is actual and here to stay • It’s NOT a question of IF but WHEN IT Service Continuity Management functions Business Continuity • Be prepared for incidents • Ensure security awareness between departments Cyber Resiliency • Protect your information assets, regardless of where are being held • Ensure adequate crisis management between departments Awareness • Align individual goals with the organisations‟ cyber security ambitions Knowledge • Cyber risk teams need to consist of flexible people who can build relationships across departments • Take a pragmatic approach to investing in your defences – overinvesting is a real danger Controls Detection Mitigation Recovery BEING PROACTIVE IS THE NAME OF THE GAME 26
  • 28. References Andrew Auernheimer, http://en.wikipedia.org/wiki/Weev Bandit Country, Amir Singh, Chartech March/April 2013 Cyber Crime Study Reveals Uncertainty, http://www.tripwire.com/state-of-security/it-security-data-protection/cyber-security/viewpoints-oncyber-crime-reveal-uncertainty/ Eight cyber crooks who got less prison time than Andrew Auernheimer, http://www.scmagazine.com/here-are-eight-cyber-crooks-who-gotless-prison-time-than-andrew-auernheimer/article/284928/ KPMG data loss barometer 2012, http://www.kpmg.com/uk/en/services/advisory/risk-consulting/pages/data-loss-barometer-2012.aspx KPMG seven ways to beat cyber crime, http://www.kpmg.com/UK/en/IssuesAndInsights/ArticlesPublications/Documents/PDF/Advisory/seven-ways-beat-cyber-crime-nov2012.pdf KPMG shifting viewpoints - A nuanced perspective on cybercrime, http://www.kpmg.com/NL/en/Issues-AndInsights/ArticlesPublications/Pages/Shifting-viewpoints.aspx Microsoft and FBI disrupt global cybercrime ring, http://www.net-security.org/malware_news.php?id=2511 Most small businesses can't restore all data after a cyber attack, http://www.net-security.org/secworld.php?id=15012 Operation cyber taskforce, Gerry O’Neill, Chartech March/April 2013 Space: the new cyber crime frontier, http://www.independent.co.uk/life-style/gadgets-and-tech/news/space-the-new-cyber-crime-frontier8194801.html The cost of cybercrime, http://securityaffairs.co/wordpress/14628/cyber-crime/cost-of-cybercrime-for-uk-small-businesses.html 27
  • 29. Thank you! Donald Tabone B.Sc. (Hons), LL.M. (Strath)  donaldtabone@kpmg.com.mt