More Related Content
Similar to KPMG-converted.pptx
Similar to KPMG-converted.pptx (20)
KPMG-converted.pptx
- 2. 1
© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no
services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.
Agenda
Who am I... And How did we get here?
■ Me, in a CMD-shell
■ Evolution of computers
Video Time
■ Microsoft Europe – Cyber Security
World’s biggest data breaches
■ World’s Biggest Data Breaches (Graphic)
What should you care about?
■ Cyber Security Threats for 2013/2014
■ Cyber Security Threats: New Platforms
■ Cyber Security Threats: Exploit Kits
■ Cyber Security Threats: TargetedAttacks
Video Time
■ 10 Infamous Computer Hackers
Questions?
- 4. Who am I… And how did we get here? (cont.)
Do you remember “back in the day”?
© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no
services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.
3
- 5. Who am I… And how did we get here? (cont.)
Apple II
Sinclair ZX-81 Timex Sinclair 1000
Sinclair ZX Spectrum
Kaypro 4-84 Tandy 1000EX
KIM-1
© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no
services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.
4
Tandy 102
Digi-Comp
Atari 800XL
Z-180
Commodore PET
Magitronic 286
- 7. 6
© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no
services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.
Microsoft Europe – Cyber Security
Source: YouTube.com
- 9. 8
© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no
services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.
World's Biggest Data Breaches
Source: informationisbeautiful.net
- 11. What should you care about?
© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no
services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.
10
1. Widespread use of new platforms
2. Increasingly available and simple to use exploit kits
3. Attacks are becoming more sophisticated and have
specific targets
Cyber Security Threats for 2013/2014
Three significant reasons as to why cyber security will
remain a key concern for IT managers:
- 12. What should you care about? (cont.)
Mobile Devices
• Rapid increase in the use of mobile devices
• Improved functionality of smartphones and tablets
• Increased use of ‘Bring Your Own Device’ (BYOD) policies in the workplace
• Mobile devices make for an interesting point of attack
• Existence of “apps” as a source of malware
• Increase of cyber attacks on the iOS platform
Cyber Security Threats: New Platforms
© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no
services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.
11
- 13. What should you care about? (cont.)
Cyber Security Threats: New Platforms
Mobile Devices
Impersonation
• SMS Redirection
• Sending Email Messages
• Posting to Social Media
Financial
• Sending premium rate SMS Messages
• Stealing Transaction Authentication Numbers (TANs)
• Extortion via Ransomware
• FakeAntivirus
• Making Expensive Calls
Data Theft
• Account Details
• Contracts
• Call Logs
• Phone Number
• Stealing Data via Application Vulnerabilities
• Stealing International Mobile Equipment Identity Numbers (IMEI)
Surveillance
• Audio
• Camera
• Call Logs
• Location
• SMS Messages
© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no
services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.
12
- 14. What should you care about? (cont.)
© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no
services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.
13
Cyber Security Threats: New Platforms
The Cloud
• A single point of entry that can be accessed from almost anywhere
• This access can be abused in different ways:
• Theft or destruction of data
• DoS attacks
• Hijacking of cloud service traffic and redirecting
it to other sources of malicious content
Attacks can cause significant disruption to businesses
- 15. What should you care about? (cont.)
© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no
services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.
14
Cyber Security Threats: New Platforms
Social Media
• Easy access to personal information
• One entry point provides a trusted voice to reach others
• “Check-ins” can provide malicious users access to possible transactions:
• Identity theft situations
• Fraudulent bank transactions
- 16. What should you care about? (cont.)
© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no
services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.
15
Cyber Security Threats: Exploit Kits
Exploit Kits
• The “For Dummies” series equivalent in the world of cyber security
• Uses pre-written code to target applications with a history of known
security exploits or users who fail to update software
• Can be purchased by anyone and requires no knowledge of how
an exploit works
• Roughly 70% of exploit kits
originate from Russia
► Neutrino 24% ► SweetOrange 11%
► Unknown Kit 21% ► Styx 10%
► Redkit 19% ► Glazunov/Sibhost 5%
- 17. What should you care about? (cont.)
© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no
services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.
16
Cyber Security Threats: Targeted Attacks
Targeted & Sophisticated Attacks
• Higher payoff makes cyber attacks more of an enterprise
• “Hacktivists”: Groups of cyber criminals
and/or protestors that target government
and corporate websites to bring awareness
to their cause
• “Cyberwarfare”: Nation-state
sponsored attacks
• Advanced Persistent Threat (APT)
• Zero-Day-Forever
- 18. Zero-Day-Forever
Zero-Day-Forever
Legacy Windows users are bracing for Microsoft’sApril
8, 2014 deadline to end security updates on Windows
XP and Office 2003.
© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no
services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.
17
- 19. What should you care about? (cont.)
© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no
services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.
18
Cyber Security Threats: Targeted Attacks
Targeted & Sophisticated Attacks
• Malware
• Ransomware: Common iteration referred to as Cryptolocker.
Ransomware has been around for nearly a quarter-century, the
latest version uses very strong encryption to make users’ files
inaccessible and extort cash from them.
• Scareware: Software that appears to be something legit
(usually masquerading as some tool to help fix your computer)
but when it runs it tells you that your system is either infected or
broken in some way. This message is generally delivered in a
manner that is meant to frighten you into doing something.
• Spyware
• Adware
- 20. What should you care about? (cont.)
Cyber Security Threats: Targeted Attacks
Targeted & Sophisticated Attacks
• Viruses
• Boot Sector Virus
• Direct Action Virus
• Browser Hijacker
• File Infector Virus
• Macro Virus
• Multipartite Virus
• Polymorphic Virus
• Resident Virus
• Web Scripting Virus
© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no
services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.
19
- 22. 10 Infamous Computer Hackers
Source: YouTube.com
© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no
services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.
21
- 23. Questions?
© 2014 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no
services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.
22
- 25. © 2014 KPMG International. KPMG International is a
Swiss cooperative of which all KPMG firms are
members. KPMG International provides no services to
clients. Each member firm is a separate and
independent legal entity and each describes itself as
such. All rights reserved.
The KPMG name, logo and “cutting through
complexity” are registered trademarks or trademarks
of KPMG International.
Disclaimer:
1)This presentation has been prepared by KPMG Services (Pty) Ltd
(“KPMG”) and is exclusively for the benefit, information and internal use of
“McDonald Butler” for the exclusive purposes of/in order to present at the
“CSO Summit”. Under the terms of KPMG Services (Pty) Ltd, neither this
presentation nor its content thereof may be used for any other purposes
without KPMG’s prior written consent.
2)This presentation should be viewed solely in conjunction with a
KPMG Services (Pty) Ltd representative.
3)In preparing this presentation, KPMG has relied upon and assumed,
without independent verification, the accuracy and completeness of any
information provided to, and/or gathered by KPMG whether from public
sources or otherwise, and accordingly KPMG express no opinion or make
any representation concerning the accuracy and completeness of any such
information contained in this presentation.
4 ) KPMG’s finding shall not in any way constitute advice or
recommendations and/or regarding any other commercial decisions
associated with this presentation. All relevant issues may not have been
identified, and only those issues that have been identified as part of our
review are included in this presentation.
5) The information contained in this presentation reflects prevailing
conditions and KPMG’s view as at 27 March 2014. KPMG has not
undertaken to nor shall KPMG be under any obligation in any circumstances
to update the presentation or revise the information contained in the
presentation for events or circumstances arising after the 27th of March 2014
and the presentation or any information contained in the presentation shall
not amount to any form of guarantee that KPMG have determined or
predicted future events or circumstances.
6 ) This presentation cannot be copied, published, quoted, referred to or
disclosed by “McDonald Butler” to any other third party, without KPMG’s prior
written consent. No party, other than “McDonald Butler”, may rely on the
presentation and/or its contents thereof, either in whole or in part. KPMG
and/or KPMG Inc including its directors, employees and agents, and any
body or entity controlled by or owned by or associated with KPMG or KPMG
Inc (collectively “KPMG”) accepts no liability or responsibility whatsoever,
resulting directly or indirectly from the disclosure or referral of the
presentation and/or its contents thereof to any third party and/or the reliance
of any third party on the presentation and/or its contents thereof, either in
whole or in part and “McDonald Butler” agrees to indemnify and hold KPMG
harmless in this regard from and against any and all claims from any person
or party whatsoever, expenses, liability, loss or damages arising from or in
connection thereto in this respect.