Oct 23rd 2014 Offices of Arthur Cox - Presentation by Paul C Dwyer CEO of Cyber Risk International outlining a high level overview of the holistic cyber threat landscape in 2014
What is cyber law?
What is cyber crime?
Cybercrimes areas
what law relating to
Data protection and privacy
Software Licensing Issues
IT acts
Policy Versus Law
Codes of Ethics and Professional Organizations
Cybercrime, also called computer crime, the use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy. Cybercrime, especially through the Internet, has grown in importance as the computer has become central to commerce, entertainment, and government.
Because of the early and widespread adoption of computers and the Internet in the United States, most of the earliest victims and villains of cybercrime were Americans. By the 21st century, though, hardly a hamlet remained anywhere in the world that had not been touched by cybercrime of one sort or another.
Most cybercrime is an attack on information about individuals, corporations, or governments. Although the attacks do not take place on a physical body, they do take place on the personal or corporate virtual body, which is the set of informational attributes that define people and institutions on the Internet. In other words, in the digital age our virtual identities are essential elements of everyday life: we are a bundle of numbers and identifiers in multiple computer databases owned by governments and corporations. Cybercrime highlights the centrality of networked computers in our lives, as well as the fragility of such seemingly solid facts as individual identity.
Managing and insuring cyber risk - coverage of insurance policiesIISPEastMids
Tim Johnson, a Cyber Insurance specialist from Browne Jacobson, looks in detail at what Cyber Insurance will cover businesses for and gave some tips on what to consider when deciding on a policy. Given as part of the East Midlands Cyber Security Forum on 21st May. More details at https://www.nexor.com/iisp-east-midlands/may-2015.
Your organization is at risk! Upgrade your IT security & IT governance now.Cyril Soeri
The ICT Association Suriname in collaboration with the Telecommunication Authority Suriname (TAS) presented a Cybersecurity awareness session for the members of the Chamber of Commerce. TAS presented the national response to IT incidents by explaining the implementation of the Computer Emergency Response Team (CERT).
What is cyber law?
What is cyber crime?
Cybercrimes areas
what law relating to
Data protection and privacy
Software Licensing Issues
IT acts
Policy Versus Law
Codes of Ethics and Professional Organizations
Cybercrime, also called computer crime, the use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy. Cybercrime, especially through the Internet, has grown in importance as the computer has become central to commerce, entertainment, and government.
Because of the early and widespread adoption of computers and the Internet in the United States, most of the earliest victims and villains of cybercrime were Americans. By the 21st century, though, hardly a hamlet remained anywhere in the world that had not been touched by cybercrime of one sort or another.
Most cybercrime is an attack on information about individuals, corporations, or governments. Although the attacks do not take place on a physical body, they do take place on the personal or corporate virtual body, which is the set of informational attributes that define people and institutions on the Internet. In other words, in the digital age our virtual identities are essential elements of everyday life: we are a bundle of numbers and identifiers in multiple computer databases owned by governments and corporations. Cybercrime highlights the centrality of networked computers in our lives, as well as the fragility of such seemingly solid facts as individual identity.
Managing and insuring cyber risk - coverage of insurance policiesIISPEastMids
Tim Johnson, a Cyber Insurance specialist from Browne Jacobson, looks in detail at what Cyber Insurance will cover businesses for and gave some tips on what to consider when deciding on a policy. Given as part of the East Midlands Cyber Security Forum on 21st May. More details at https://www.nexor.com/iisp-east-midlands/may-2015.
Your organization is at risk! Upgrade your IT security & IT governance now.Cyril Soeri
The ICT Association Suriname in collaboration with the Telecommunication Authority Suriname (TAS) presented a Cybersecurity awareness session for the members of the Chamber of Commerce. TAS presented the national response to IT incidents by explaining the implementation of the Computer Emergency Response Team (CERT).
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Gohsuke Takama
"Security, Privacy Data Protection and Perspectives to Counter Cybercrime" was presented at the CodeGate 2008 security conference in Seoul, Korea, April 2008.
http://www.codegate.org/
How'd we do in 2013 from a data breach perspective? As we close out the year, are the cupboards / budgets bare and will it be a lean holiday season? Or should we be budgeting a holiday celebration with all of the trappings and a sumptuous New Year?
Borrowing themes from the Charles Dickens holiday classic, this webinar will review industry statistics and other indicators to evaluate how we did in 2013 from a privacy breach and security incident response perspective. Will our mythical CSO and CPO get the Scrooge-like CFO to approve their budget increases? And what will 2014 hold from a security, privacy, and regulatory perspective? Register below to find out.
Our featured speakers for this Dickensian webinar will be:
- Ebenezer Scrooge, Chief Financial Officer, Acme Inc. played by Ted Julian, Chief Marketing Officer, Co3 Systems
- Bob Cratchit, Chief Privacy Officer, Acme Inc. played by Gant Redmon, General Counsel, Co3 Systems
- Tiny Tim, Chief Security Officer, Acme Inc. played by "Tiny" Tim Armstrong, Incident Response Specialist, Co3 Systems
Adrian Ifrim - prezentare - Cyber Security Trends 2020Business Days
Adrian Ifrim with more than twelve years of experience in the financial, telecom and IT security sectors, currently serving as Senior Manager within the Cyber Risk Advisory team of Deloitte Romania. In addition, he is an expert in information security with focus on penetration testing services and currently holds the Offensive Security Certified Expert (OSCE), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP) and System Security Certified Practitioner (SSCP) certifications.
BYOD - Bringing Technology to work | Sending Data EverywhereJim Brashear
Presentation to the Science and Technology Committee of the American Bar Association on legal issues associated with employers enabling employee Bring Your Own Device policies.
PCI Compliance with Tripp Lite Wall Mount Rack CabinetsTripp Lite
Tripp Lite's Wall-Mount Rack Enclosures help merchants achieve PCI compliance by securing network/telecommunications hardware and storage media which prevents credit, debit, and ATM card fraud.
Cyber crimes are growing rapidly and cyber liability insurance is the safest way for companies to stay harmless. Information security is expected by all the customers and loss of these information could cost a company loyal customers and financial crisis.
Fully understand how GDPR affects the life of millions of EU citizens by having in mind the 10 simple facts exposed by Dr. Karsten Kinast
The presentation gives a short glimpse in to the motivation of GDPR, the key changes it brings, and the ongoing compliance on information lifecycle it presumes.
Presentation to (ISC)2 Omaha-Lincoln Chapter meeting on March 15th, 2017. This presentation looks at managing compliance with multiple cybersecurity laws and regulations across different industries using the NIST Risk Management Framework.
Social Engineering, Insider and Cyber Threat Advent IM Ltd
Presentation with voice over: Discussion of how Social Engineers can target a business as part of preparation for a cyber attack and how this gives us more opportunities to prevent or limit the affect of the attack through proper policy, use of resources and training.
Presentation by Bill Wright, Symantec on the Cyber Threat Environment presented at the Government Technology & Services Coalition (GTSC) meeting The National Security Supply Chain: Reducing the Vulnerabilities
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Gohsuke Takama
"Security, Privacy Data Protection and Perspectives to Counter Cybercrime" was presented at the CodeGate 2008 security conference in Seoul, Korea, April 2008.
http://www.codegate.org/
How'd we do in 2013 from a data breach perspective? As we close out the year, are the cupboards / budgets bare and will it be a lean holiday season? Or should we be budgeting a holiday celebration with all of the trappings and a sumptuous New Year?
Borrowing themes from the Charles Dickens holiday classic, this webinar will review industry statistics and other indicators to evaluate how we did in 2013 from a privacy breach and security incident response perspective. Will our mythical CSO and CPO get the Scrooge-like CFO to approve their budget increases? And what will 2014 hold from a security, privacy, and regulatory perspective? Register below to find out.
Our featured speakers for this Dickensian webinar will be:
- Ebenezer Scrooge, Chief Financial Officer, Acme Inc. played by Ted Julian, Chief Marketing Officer, Co3 Systems
- Bob Cratchit, Chief Privacy Officer, Acme Inc. played by Gant Redmon, General Counsel, Co3 Systems
- Tiny Tim, Chief Security Officer, Acme Inc. played by "Tiny" Tim Armstrong, Incident Response Specialist, Co3 Systems
Adrian Ifrim - prezentare - Cyber Security Trends 2020Business Days
Adrian Ifrim with more than twelve years of experience in the financial, telecom and IT security sectors, currently serving as Senior Manager within the Cyber Risk Advisory team of Deloitte Romania. In addition, he is an expert in information security with focus on penetration testing services and currently holds the Offensive Security Certified Expert (OSCE), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP) and System Security Certified Practitioner (SSCP) certifications.
BYOD - Bringing Technology to work | Sending Data EverywhereJim Brashear
Presentation to the Science and Technology Committee of the American Bar Association on legal issues associated with employers enabling employee Bring Your Own Device policies.
PCI Compliance with Tripp Lite Wall Mount Rack CabinetsTripp Lite
Tripp Lite's Wall-Mount Rack Enclosures help merchants achieve PCI compliance by securing network/telecommunications hardware and storage media which prevents credit, debit, and ATM card fraud.
Cyber crimes are growing rapidly and cyber liability insurance is the safest way for companies to stay harmless. Information security is expected by all the customers and loss of these information could cost a company loyal customers and financial crisis.
Fully understand how GDPR affects the life of millions of EU citizens by having in mind the 10 simple facts exposed by Dr. Karsten Kinast
The presentation gives a short glimpse in to the motivation of GDPR, the key changes it brings, and the ongoing compliance on information lifecycle it presumes.
Presentation to (ISC)2 Omaha-Lincoln Chapter meeting on March 15th, 2017. This presentation looks at managing compliance with multiple cybersecurity laws and regulations across different industries using the NIST Risk Management Framework.
Social Engineering, Insider and Cyber Threat Advent IM Ltd
Presentation with voice over: Discussion of how Social Engineers can target a business as part of preparation for a cyber attack and how this gives us more opportunities to prevent or limit the affect of the attack through proper policy, use of resources and training.
Presentation by Bill Wright, Symantec on the Cyber Threat Environment presented at the Government Technology & Services Coalition (GTSC) meeting The National Security Supply Chain: Reducing the Vulnerabilities
Recently, NTT published the Global Threat Intelligence Report 2016 (GTIR). This year’s report focused both on the changes in threat trends and on how security organizations around the world can use the kill chain to help defend the enterprise.
Turning threat intelligence data from multiple sources into actionable, contextual information is a challenge faced by many organizations today. The Global Threat Intelligence Platform provides increased efficiency, reduces risks and focuses on global coverage with accurate and up-to-date threat intelligence.
This presentation was given at Carnegie Mellon University by Kenji Takahashi, VP of Product Management, Security at NTT Innovation Institute.
Improve Your Threat Intelligence Strategy With These IdeasRecorded Future
Threat intelligence is a massive subject, and it’s natural to want to produce the most comprehensive range of intelligence possible … but that’s not always useful. In fact it’s usually not.
By concentrating intelligence efforts on highly specific business objectives (e.g., to maintain or improve profitability), this broad subject can be narrowed down to the point where a small amount of highly valuable intelligence is produced.
With this principle firmly in mind, let’s look at some ways to enhance your threat intelligence strategy.
Présentation et deep dive de Microsoft Advanced Threat Analytics
Cette présentation à était donnée par moi même lors du MS cloud Summit 2017 à Paris.
Cette présentation présente la solution, vous donne toute les bonne pratique pour l’aspect installation, design, déploiement et opérations.
Merci :)
Seyfallah Tagrerout
A presentation providing a high-level overview of the problems that organizations face with regards to cyber security and the available options to the,
bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?Anthony Melfi
Despite being around for well over six years, the position of a "cyber threat analyst" is one that is still not yet clearly defined. The lack of definition is due to the positions popularity and infancy. This talk isn't about stating which definition is right or wrong. This presentation is about the set of skills, concepts and theories which enable an analyst to be successful under any definition of "cyber threat analyst". For beginners it is a road-map. For experienced analysts it is a cross-pollination of ideas.
I was extremely excited and nervous to deliver the first non-keynote presentation at bsides NOVA 2017. The actual presentation is posted to youtube: https://www.youtube.com/watch?v=Xzd4ousd8-U&list=PLNhlcxQZJSm95e9Z5mvkAk5H3eEBFuVSf&index=19
Cyber attacks are on the rise, and organizations in every industry are at risk. Understand the threats, and how you can evaluate, assess, and ultimately take steps to protect your agency.
Proactive Defense: Understanding the 4 Main Threat Actor TypesRecorded Future
To avoid the cost and embarrassment of a data breach, you’ll need to understand your adversaries. Most threat actors fall within four main groups, each with their own favorite tactics, techniques, and procedures (TTPs). By gaining a deeper understanding of threat actors, you’ll be able to assign your cyber security budget to fund the right activities.
Cyber defense: Understanding and Combating the ThreatIBM Government
The broad subject of cyber defense makes it just as difficult to achieve. Learn about IBM solutions and SPADE conference insights on the subject of cyber defense which includes both cyber terrorism and the larger umbrella "cyber threat," and the best ways to combat them.
Symantec Internet Security Threat Report 2014 - Volume 19Symantec
The 2014 Internet Security Threat Report gives an overview of global threat activity for the past year based on data from Symantec’s Global Intelligence Network.
Top 6 Sources for Identifying Threat Actor TTPsRecorded Future
Effective cyber security is a constantly changing set of goalposts, as threat actors find new and innovative ways to breach your network. By gaining an understanding of both your own weaknesses and your opponents’ strengths, you can drastically enhance your information security program. To capture intelligence on threat actor tactics, techniques, and procedures (TTPs), you’ll need to use one (or more) of the following sources.
Today’s cyber criminals are more sophisticated, more agile and more aggressive than traditional security measures can protect against. One simply needs to open a news source today to find a headline on a new breach - Office of Management Personal, Sony, Target are just a few examples of note. The increase in attacks and breaches can be attributed to a variety of factors, not the least of which include: a rise in asymmetric threats, commoditization of threats/attacks and incomplete security strategies. By incorporating cyber threat analysis in your security strategy, however, you can better counter and mitigate these threats.
September 25th 2014 - IDC Event Croke Park Dublin - Paul C Dwyer CEO Cyber Risk International delivering an extract from the "Cyber lessons from the front lines" seminar.
Blockchain technology is probably the biggest game changer for the Internet. Is this for good or bad? Will it help to make the Internet safer and more secure – and more beneficial?
Author : Patrick Curry, BBFA
Legal vectors - Survey of Law, Regulation and Technology RiskWilliam Gamble
Survey of law, regulation and technology risk including new cyber security regulations, HIPAA, European Privacy GDPR, Internet of Things Liability, State Law
William Gamble
Here you learn about the Cyber Security - Terminologies and its basics and cbyer security threats as well. Slides covering digital knowledge of internet.After going through the slides you will become aware of cyber security basics.
SEC OCIE - Cybersecurity Focus Areas, Guidance, and Best PracticesKroll
The SEC Office of Compliance Inspections and Examinations (OCIE) issues risk alerts on cybersecurity to keep registered broker-dealers, investment advisers, and investment companies up to date regarding SEC focus areas for cyber.
OCIE examinations have focused on firms’ written policies and procedures regarding cybersecurity, including validating and testing that such policies and procedures were implemented and followed.
This presentation was prepared by Greg Michaels and Terry Mason for the Duff & Phelps Alternative Investments conference.
Gowlings - November 12, 2014
In an ever-increasing digital world, all businesses face challenges in managing and protecting sensitive and confidential information. In this presentation Gowlings and Marsh Canada Limited addressed best practices for responding to a cyber breach, and what types of insurance may be available to respond to such a loss. Topics included:
• Trends, and the evolution of cyber insurance/products
• The D&O connection, cyber is a strategic business risk
• Risk Management Strategies
• Best Practices in Breach Response.
How to handle data breach incidents under GDPRCharlie Pownall
A presentation to senior UK public sector insurance and risk management executives on data breach response communications challenges and best practices
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016FERMA
PART II – Cyber Security: the mitigation strategies – how to identify, assess and mitigate cyber risks
The Risk Manager must be responsible, as for others risks, for the quantification aspect of cyber security. It is a necessary step towards understanding and managing the exposure of the company. He/she should act as a facilitator between the Board and the operational department (IT, Finance, Legal and other functions).
A key subject to unlock the cyber insurance development and to support the economic growth the Digital world is bringing to Europe.
Improve IT Security and Compliance with Mainframe Data in SplunkPrecisely
Avoid security blind spots with an enterprise-wide view.
If your organization relies on Splunk as its security nerve center, you can’t afford to leave out your mainframes.
They work with the rest of your IT infrastructure to support critical business applications–and they need to be
viewed in that wider context to address potential security blind spots.
Although the importance of including mainframe data in Splunk is undeniable, many organizations have left it out
because Splunk doesn’t natively support IBM Z® environments. Learn how Precisely Ironstream can help with a
straight-forward, powerful approach for integrating your mainframe security data into Splunk, and making it actionable
once it’s there.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
2. Slides and Material May NOT be Distributed In Any Format Without Written Permission
Copyright Cyber Risk International Ltd – All Rights Reserved
3. Paul C Dwyer
Paul C Dwyer is an internationally recognised information security expert with over
two decades experience and serves as President of ICTTF International Cyber
Threat Task Force and Co Chairman of the UK NCA National Crime Agency Industry
Group. A certified industry professional by the International Information Systems
Security Certification Consortium (ISC2) and the Information System Audit &
Control Association (ISACA) and selected for the IT Governance Expert Panel.
Paul is a world leading Cyber Security GRC authority. He has been an advisor to
Fortune 500 companies including law enforcement agencies, military (NATO) and
recently advised DEFCOM UK at Westminster Parliament.
He has worked and trained with organisations such as the US Secret Service,
Scotland Yard, FBI, National Counter Terrorism Security Office (MI5), is approved by
the National Crime Faculty and is a member of the High Tech Crime Network
(HTCN).
Paul C Dwyer CEO
Cyber Risk International
7. What Are Cyber Threats?
Cybercrime
Cyber
Warfare
Cyber
Espionage
Cyber
X Adversary
8.
9. Cyber Statistics
• Cybercrime costs £27 billion a year in the UK
• £1,000 a second
• 170,000 ID’s are stolen each year – 1 every three seconds
• Theft of IP £9.2 billion
(pharmaceuticals, biotechnology, electronics, IT and chemicals)
Source: UK Cabinet Office
11. Cybercrime Economy Drivers
It’s a business with an excellent economic model.
Other reasons, you name it:
• Technology
• Internet
• Recession
• “A safe crime”
• It’s easy to get involved
• Part of Something
18. A Decade on What Have We Learnt?
• Heating/AC Contractors Credentials
• Intrusion Months Before Data Theft
• Waited for US Thanksgiving Day
• Malware KAPTOXA/BlackPOS
7 Months – Average Breach Before Detection
2/3 Cases informed by third party
21. Cyber Risks for You
• Tangible Costs
– Loss of funds
– Damage to Systems
– Regulatory Fines
– Legal Damages
– Financial Compensation
• Intangible Costs
– Loss of competitive advantage (Stolen IP)
– Loss of customer and/or partner trust
– Loss of integrity (compromised digital assets)
– Damage to reputation and brand
Quantitative vs. Qualitative
46% Reduction in Profits Following Breach
22. Bottom Line for Retailers
• Arms Race – Cat and Mouse
• Top 5 Target Groups – Continuously Attacked
• You Spend Less on Cyber Security
• Low Risk – High Reward for “Bad Guys” –
Established Market for Data Assets
• Best Data Assets On the Planet
• Compliance is NOT Security
23. Retail Factors
• Data on networked and distributed systems that are accessible to a
widening array of entry points
• Broad adoption of mobile applications
by retailers adds many other new points of vulnerability
• Complex supply chains - more access and data is given to vendors
and external partners
• Global expansion may require retailers to expand distribution of
their own information around the world
25. Some Retailers Doors!
• Point-of-sale (POS) terminals in stores
• Mobile POS access points
• Customer-facing e-commerce websites
• Links with each third-party vendor, supply-chain vendor, ecosystem partner and contractor
• Employee-facing access points — including those that may utilise employee-owned mobile devices
— and the social workplace
• Links to connected data centers via the cloud
• Links to financial institutions and payment processors
• Links to managed service providers
• Links to delivery services
• Links to all other contractors who are provided with network access
• B2B, intranet and extranet portals
• In-store wireless routers, kiosks and networks
• The expanding “Internet of Things”: IP-based printers, IP-linked surveillance cameras and similar
devices
28. Bad Guy Targets Individual (Asset)
Chooses Weapon from
underground forum
Reconnaissance Weaponisation Delivery Exploitation C2
Lateral
Movement
Exfiltration Maintenance
Gathers Intelligence About
Employee and Assets
Exploit Run – Comms
Established – Command &
Control Server
Move Laterally Across Network
Exfiltrate Data
Protection – Maint Mode
31. Regulatory and Legal
EU Data Privacy Directive
EU Network
Information
Security
Directive
European Convention on
Cybercrime
400+ Others
– 10,000+
Controls –
175 Legal
Jurisdictions
Your
Organisation
32. Responsibility – Convention Cybercrime
All organisations need to be aware of the Convention’s
provisions in article 12, paragraph 2:
‘ensure that a legal person can be held liable where the
lack of supervision or control by a natural person…has
made possible the commission of a criminal offence
established in accordance with this Convention’.
Now Sit Forward!
33. Cyber is a Strategic Issue
Strategic Level
Operational
Level
Technical Level
33
Macro Security
Micro Security
How do cyber attacks affect, policies,
industry, business decisions?
What kind of policies, procedures and
business models do we need?
How can we solve our security
problems with technology?
34. Board Room Discussion
•Loss of market share and reputation
•Legal Exposure CEO
•Audit Failure
•Fines and Criminal Charges
•Financial Loss CFO/COO
•Loss of data confidentiality, CIO integrity and/or availability
CHRO •Violation of employee privacy
•Loss of customer trust
•Loss of brand reputation CMO
Increasingly companies are appointing CRO’s and CISO’s with a direct line to the audit committee.