SlideShare a Scribd company logo

People the biggest cyber risk

University of Hertfordshire
University of Hertfordshire

An analysis of Cyber Security publications sees >99% devoted to the technology of attack and defence, with <1% examining the biggest risk of all - People. But every Cyber hack, attack or failure involving technology, starts with some human indiscretion, error, fallibility, stupidity, revenge, malice, or act of vandalism. This near exclusive focus on the technology is analogous to bolting the stable door after the horse has bolted, and it results in a vast redirection and waste of resources. In complete contrast, our adversaries (The Dark Side) are more cunning. It really is time to reconsider our strategy if we are to stem the growing tide of attacks. For sure, people cannot ‘do’ security! And why should they? It really is the responsibility of industry who ought to be designing and supplying inherently secure products that defend users against themselves and The Dark Side. To engineer this would mean the deployment of systems to monitor the behaviours of people, devices, systems, applications and networks. We have to establish patterns of behaviour at all levels if we are to detect and combat the exceptions that might constitute an attack. And whilst our knowledge of human behaviours and sociology are extensive, we know almost nothing about devices, systems, applications and networks. Perhaps even more threatening is our total lack of knowledge about Things: aka the IoT. In this presentation we illustrate the fallibilities of people as well as some of their devious activities and propose some solutions.

Internet
1 of 43
Download to read offline
PeopleThe Biggest Cyber Risk Peter Cochrane cochrane.org.uk UCISA Security Conference Birmingham 3 May 2018 https://www.uos.ac.uk
T H E D A R K S I D E To defeat them, think as they do! “Never interrupt your enemy when he is making a mistake.” ― Napoléon “A wise man gets more use from his enemies than a fool from his friends.” ― Baltasar Gracián “To become a good defender you must first become a good attacker” ― Me “To know your Enemy, you must become your Enemy” ― Sun Tzu
C Y B E R C R I M E Abridged history & cost Banking Malware Crypto-Currency Attacks Bitcoin Wallet Stealer Device & Account Hijacking RansomeWare EPoS Attack Cyber WarfareSocial Engineering DoS, DDoS Infected eMail RansomeWare Identity Theft DNS Attack BotNets Site Sabotage SQL Attack Spam Identity Theft Phishing Trojan Worms Virus 1997 2004 2007 >1000 Bn Attack Total > $2000 Bn Cost of global cyber crime Today 2013 Almost all of these attacks/attack-types can be traced back to human operators exploiting the fallibilities of individuals who have volunteered vital information by falling victim to scams, spams and trickery Social engineering is one of the most powerful tools to be widely exploited by the ‘Dark Side’ - and the approach can span to dumb and very obvious to the highly sophisticated and hard to detect
C Y B E R At t a c k R a p i d l y c h a n g i n g p r o f i l e s Fun Fame Notoriety Vandalism Limited Skills Limited Resources Tend to be Sporadic Rogue States Criminals Hacker Groups Hacktivist Amateurs Money Sharing Organic Dispersed Unbounded Huge Effort Progressive Cooperatives Self Organising Vast Resources Massive Market Aggregated Skills Semi-Professional Substantial Networks Skilled Political Idealists Emotional Relentless Dedicated Cause Driven Vast Networks Varied Missions Targeted Attacks Evolving Community Drugs Fraud Global Extreme Extortion Business Unbounded Professional Well Managed Well Organised Ahead of the Curve Orchestrated Effort Extremely Profitable Syndicated Resources Massive Attack Surface Vast up-to-date Abilities Covert Money WarFare Influence Pervasive Disruption Espionage Professional Sophisticated Well Organised Extreme Creativity Orchestrated Effort Political Influencers ~Unlimited Resources Tech/Thought Leaders Regime Destabilisation Population Manipulation Military and Civil Domains Almost all attacks/attack-types can be traced back to human fallibility and ambition exploitation
W H AT W E D E T E C T Possibly just the tip of an iceberg We need to start looking below the surface of obviousness for the hidden sophistication of the many stealth attacks that we suspect are happening that we cannot see! Ransomeware Phishing Crypto-WalletDoD/DDoS SQLi // XSS Man-in-The Middle URL Spoofing Cloaking Malware Covert Plant Visitors Insiders Outsiders Alongsiders Customers Contractors WiFi Tunnels Implants Malware Networks Diversions Brute Force Decoys
P E RV E R S I T Y Irrational situations by design Our vehicles, white and brown goods are designed to be reliable - and ‘we’ don’t expect to have to get our tools out every week to keep them running ! Reliability, resilience, and trouble free longevity is designed in from concept through design, production, delivery, and customer use Customers no longer understand how they work and certainly do not possess the skills to service and do repairs!
P E RV E R S I T Y Irrational situations by design Non-intuitive language, choices, configurations and options cause endless frustration
P E RV E R S I T Y Irrational situations by design Why does industry assume people to be capable of managing their own PC, laptop, tablet, mobile; whilst ensuring they are also always secure? I see 7 year old machines that have never had an OS update and with no security software Owners oblivious to bot nets and their vital contribution to their global success… They don’t care because they have no clue…and why should they ?
i n c o n v e n i e n C E FaceBook Cambridge Analytica + GDPR A month of repetitious chaos trying to get legal, fix problems and patch security vulnerabilities Home Academia and Lab Company on The Road In just 3 contiguous weeks 4 x OS upgrades over ’N’ widely distributed devices + 163 App updates
T H E I OT Problem amplifier Exponentially increasing the Attack Surface and the inherent complexity - but will be in every home and office, workplace, pocket and vehicle - not to mention every component, item of clothing and food +++ For The Dark Side this is as good as it gets! A great dumb question form 2017: “Why would anyone want to attack my toaster” Doh!
S H E E R S C A L E > 1 0 0 - 1 0 0 0 B n t h i n g s A l w a y s o n l i n e = A l w a y s a t R i s k G O O D N E W S = M a j o r i t y o f I o T d e v i c e s w i l l n e v e r c o n n e c t t o t h e I n t e r n e t ! ! This graphic by Beecham Research really conveys the IoT/M2M complexity to come
Iot NIGHTMare Food & toasters to vehicles https://www.youtube.com/watch?v=RZVYTJarPFs
Broadcasting Malware Responding with updated protection Wider Network Updated Latest Solution Update Dynamic isolation of infected devices and components leading to repair Auto-immunity A mix of clean and infected
Auto-immunity Mirrors biological forebears Applied everywhere 24 x 7 ICs ISPs WiFi Hubs LANs Cards Traffic Servers Circuits Devices Internet Networks Organisations Companies Platforms Groups People Mobile Fixed
Main Event ? Decoy ? Masking ? Diversion ? Tunnel set up ? Infiltration ? Intel Ops ? Implant ? Theft ? Tests ? +++
AL MALWARE SPECIATION The Dark Side are at the leading edge - are we?
Get our act together The essentials shopping list is reasonably short Global monitoring and shared situational awareness Cooperative environments on attacks and solutions Universal sharing of identified attacks/developments Address cloaking & decoy customer sites/net nodes Behavioural analysis of networks, devices, people To continue and expand all established efforts Auto-Immunity for all devices including IoT Secure wireless channels - invisible signals
Get our act together The essentials shopping list is reasonably short Global monitoring and shared situational awareness Cooperative environments on attacks and solutions Universal sharing of identified attacks/developments Address cloaking & decoy customer sites/net nodes Behavioural analysis of networks, devices, people To continue and expand all established efforts Auto-Immunity for all devices including IoT Secure wireless channels - invisible signals GDPR FALLS FAR SHORT • It involves manual processes • It is far too slow • It is not automated • No effective a responses • A hinderance not a gain • Advantageous to the Dark Side
WHEN WE FIX THE TECH A r e w e t h e n c l o s e t o b e i n g s a f e ?
AFRAID NOT ! M o r e h u r d l e s t o j u m p
PEOPLE THE PROBLEM I m p o s s i b l e t o c o n t r o l - c h a n g e t o o s l o w
S P A N O F H U M A N I T Y Impossible to fully define/understand predispositions Honest Dishonest Opportunist Hacker Black Hat White Hat Silly Extreme Careless Helpful Hapless Naive Arrogant Ignorant Unthinking Emotional Analytical Hacktivist Old Tired Distressed Confused Technophobe Technophile Depressed ill Nervous Professional Young Blue Collar Unemployed Employed Educated Uneducated Poor Rich Caring Uncaring BiasedAccepting Unaccepting loner Team Player Social Networker Insider Outsider Untidy Reckless Careful Good Bad Evil
C a r e l ess London is a safe city ! I was working in London and stopped for a coffee break in Soho… Soho A smart young man walked in and I spotted his badge !
C a r e l ess London is a safe city ! I was working in London and stopped for a coffee break in Soho… Soho A smart young man walked in and I spotted his badge ! He sat right in front of me and this is what my mobile phone could see as he booted up !
C a r e l ess London is a safe city ! I was working in London and stopped for a coffee break in Soho… Soho A smart young man walked in and I spotted his badge ! He sat right in front of me and this is what my mobile phone could see as he booted up ! Coffee Shop Protocol • Sit as far back from the door as possible ; ideally with no one to the rear or the sides • Check for overhead cameras • Do not wear identifying insignia of any kind • Do not boot up to an identifying company, country, government, agency badge • Check and be aware N, E, S, W
L O U D & R U D E There is always a price to pay ! The group next to my colleague had just chanced upon the perfect name for their new company. So he bought the domain name and all the variants before they had completed their meeting!
U n t i dy Litter Bug :-) Dropped receipt to a wet floor - I picked it up and this caught my eye And then the fun started !
U n t i dy Litter Bug :-) Dropped receipt to a wet floor - I picked it up and this caught my eye And then the fun started ! I Followed to a Coffee Shop A few minutes listening and observing aided by Goole and FaceBook and I had: Full name & address Telephone Number eMail Address Date of Birth Some History +++ My final act was to explain to this gentleman just how expensive litter might be…and he really ought to take care! I Followed to a Coffee Shop A few minutes listening and observing aided by Goole and FaceBook and I had: Full name & address Telephone Number eMail Address Date of Birth Some History +++ My final act was to explain to this gentleman just how expensive litter might be…and he really ought to take care!
O p P o rt u n i s t i c Unintended revelations & consequences TRUTH ENGINES An End Game Company Dr Peter Cochrane EU Concept Consultant DAY 1: Pass Card for an undefined meeting
O p P o rt u n i s t i c Unintended revelations & consequences TRUTH ENGINES An End Game Company Dr Peter Cochrane EU Concept Consultant DAY 1: Pass Card for an undefined meeting TRUTH ENGINES An End Game Company Peter Cochrane Internal Affairs Advisor DAY 2: Pass Card as a member of staff
O p P o rt u n i s t i c Unintended revelations & consequences TRUTH ENGINES An End Game Company Dr Peter Cochrane EU Concept Consultant DAY 1: Pass Card for an undefined meeting TRUTH ENGINES An End Game Company Peter Cochrane Internal Affairs Advisor DAY 2: Pass Card as a member of staff I Was Invited to Test a Companies Revised Security My way in was to simply massage my security pass from visitor to employee I then played the role of an old boy not really up to the modern world of IT and so many wonderfully kind people came forward to help me access networks, rooms and facilities My secret? Wear a suite and a tie & look very respectable…everyone knows that hackers wear hoodies!
A stack of papers readable at a glance E X H I B I T I O N I S TS Government employees bragging ME Three identical laptops Three Mobiles all the same
A stack of papers readable at a glance E X H I B I T I O N I S TS Government employees bragging ME Three identical laptops Three Mobiles all the same In < 1hour of looking & listening I had: All there names Mobile numbers + eMail addresses Unit Codes Postal Drop Building floor and room IT Support Number and log in Who was at their meeting Meeting agenda Who said what Decisions made Project Code Name Organisations involved Objectives and progress The name of a ‘Secret Project’ Talked about in euphemisms +++++
THE KIND & HELPFUL Sophisticated phishing attacks https://www.youtube.com/watch?v=lc7scxvKQOo
T H E G O O D N E W S Habitualities are near impossible to hide We have so very many individually identifiable idiosyncrasies and routines that they define who and what we are to a high very degree of accuracy - especially when combined with biometrics
D e v i c e t h e f t Or is their something more here This is a high risk crime with a good chance of getting caught in the act or getting caught on camera.. Why would anyone do this for a few ££ an hour, or is there hidden value add that we are not seeing? https://www.youtube.com/watch?v=TWilMUpEMEk https://www.youtube.com/watch?v=tSKXZnfOe60
U P T H E VA L U E 100s of hack tutorials on-line A naked mobile device is one price A live mobile device with all the log-in and personal data accessible is a much better deal !
B E H a V I O U R A L A N A LY S I S Might just be the ‘king pin’ that holds together our security Just as we can be identified by where and what we eat, say, do; and how we walk, talk, type, behave; the friends and colleagues we meet; there is an equivalency for us and all our devices ! Sociology of People Sociology of Things
WO RT H R EA D I N G Strategy without tactics is the slowest route to victory Tactics without strategy is the noise before defeat Be so subtle that you are invisible Be so mysterious you are intangible Then you will control your rivals’ fate Supreme art of war applicable today ~5C BC
T h a n k Y o u cochrane.org.uk We posses superior technology, networks and brains - if we lose this war it is down to our organisational inabilities …and the Dark Side will have an easy win! https://www.uos.ac.uk

Recommended

INNOVATION FOR REAL
INNOVATION FOR REALINNOVATION FOR REAL
INNOVATION FOR REAL
University of Hertfordshire
 
Small data big impact
Small data big impactSmall data big impact
Small data big impact
University of Hertfordshire
 
Small data big impact
Small data big impactSmall data big impact
Small data big impact
University of Hertfordshire
 
Why Robots, AI, AL and Quantum Computing
Why Robots, AI, AL and Quantum ComputingWhy Robots, AI, AL and Quantum Computing
Why Robots, AI, AL and Quantum Computing
University of Hertfordshire
 
Managing cyber security
Managing cyber securityManaging cyber security
Managing cyber security
University of Hertfordshire
 
The future of education: Solving Problems by Thinking
The future of education: Solving Problems by ThinkingThe future of education: Solving Problems by Thinking
The future of education: Solving Problems by Thinking
University of Hertfordshire
 
The Automation of Everything
The Automation of EverythingThe Automation of Everything
The Automation of Everything
University of Hertfordshire
 
The IoT For Real
The IoT For Real The IoT For Real
The IoT For Real
University of Hertfordshire
 

Recommended

INNOVATION FOR REAL
INNOVATION FOR REALINNOVATION FOR REAL
INNOVATION FOR REAL
University of Hertfordshire
 
Small data big impact
Small data big impactSmall data big impact
Small data big impact
University of Hertfordshire
 
Small data big impact
Small data big impactSmall data big impact
Small data big impact
University of Hertfordshire
 
Why Robots, AI, AL and Quantum Computing
Why Robots, AI, AL and Quantum ComputingWhy Robots, AI, AL and Quantum Computing
Why Robots, AI, AL and Quantum Computing
University of Hertfordshire
 
Managing cyber security
Managing cyber securityManaging cyber security
Managing cyber security
University of Hertfordshire
 
The future of education: Solving Problems by Thinking
The future of education: Solving Problems by ThinkingThe future of education: Solving Problems by Thinking
The future of education: Solving Problems by Thinking
University of Hertfordshire
 
The Automation of Everything
The Automation of EverythingThe Automation of Everything
The Automation of Everything
University of Hertfordshire
 
The IoT For Real
The IoT For Real The IoT For Real
The IoT For Real
University of Hertfordshire
 
MSP Automation - Application and Execution
MSP Automation - Application and ExecutionMSP Automation - Application and Execution
MSP Automation - Application and Execution
University of Hertfordshire
 
Big data to big understanding
Big data to big understandingBig data to big understanding
Big data to big understanding
University of Hertfordshire
 
The Future WorkScape
The Future WorkScapeThe Future WorkScape
The Future WorkScape
University of Hertfordshire
 
Telecom service futures driven by customer need
Telecom service futures driven by customer needTelecom service futures driven by customer need
Telecom service futures driven by customer need
University of Hertfordshire
 
Industry 4.0 Imperatives 工业4.0势在必行
Industry 4.0 Imperatives 工业4.0势在必行Industry 4.0 Imperatives 工业4.0势在必行
Industry 4.0 Imperatives 工业4.0势在必行
University of Hertfordshire
 
Patient Heal Thyself
Patient Heal ThyselfPatient Heal Thyself
Patient Heal Thyself
University of Hertfordshire
 
From the right process to a solid cultural change
From the right process to a solid cultural changeFrom the right process to a solid cultural change
From the right process to a solid cultural change
Francesco Zaia
 
IWMW18: Invisible Labour
IWMW18: Invisible LabourIWMW18: Invisible Labour
IWMW18: Invisible Labour
Gareth Edwards
 
New Learning Environments - ICT in the education
New Learning Environments - ICT in the educationNew Learning Environments - ICT in the education
New Learning Environments - ICT in the education
Mari Petrelius
 
Online conversation as foresight
Online conversation as foresightOnline conversation as foresight
Online conversation as foresight
Alberto Cottica
 
Voip Cyber Security
Voip Cyber SecurityVoip Cyber Security
Voip Cyber Security
University of Hertfordshire
 
IT and Systems Security - The Bigger Picture
IT and Systems Security - The Bigger PictureIT and Systems Security - The Bigger Picture
IT and Systems Security - The Bigger Picture
University of Hertfordshire
 
Simon Harrison RWE - Chain of Things 010616 final
Simon Harrison RWE - Chain of Things 010616 finalSimon Harrison RWE - Chain of Things 010616 final
Simon Harrison RWE - Chain of Things 010616 final
Simon Harrison
 
Cyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile WorldCyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile World
University of Hertfordshire
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchers
vicenteDiaz_KL
 
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
Hackito Ergo Sum
 
AI The Call Center Nemesis?
AI The Call Center Nemesis?AI The Call Center Nemesis?
AI The Call Center Nemesis?
University of Hertfordshire
 
Security
SecuritySecurity
Security
Bob Cherry
 
Mediarun Festiwal 2014 Damian Winkowski DeSmart Conventica
Mediarun Festiwal 2014 Damian Winkowski DeSmart ConventicaMediarun Festiwal 2014 Damian Winkowski DeSmart Conventica
Mediarun Festiwal 2014 Damian Winkowski DeSmart Conventica
DeSmart Agile Software House
 
The Internet is on fire – don't just stand there, grab a bucket!
The Internet is on fire – don't just stand there, grab a bucket!The Internet is on fire – don't just stand there, grab a bucket!
The Internet is on fire – don't just stand there, grab a bucket!
Frode Hommedal
 
Ten realities of the internet of things - ​Alexandra Deschamps-Sonsino
Ten realities of the internet of things - ​Alexandra Deschamps-SonsinoTen realities of the internet of things - ​Alexandra Deschamps-Sonsino
Ten realities of the internet of things - ​Alexandra Deschamps-Sonsino
webdagene
 
Digital Destinies
Digital DestiniesDigital Destinies
Digital Destinies
University of Hertfordshire
 

More Related Content

What's hot

MSP Automation - Application and Execution
MSP Automation - Application and ExecutionMSP Automation - Application and Execution
MSP Automation - Application and Execution
University of Hertfordshire
 
Big data to big understanding
Big data to big understandingBig data to big understanding
Big data to big understanding
University of Hertfordshire
 
The Future WorkScape
The Future WorkScapeThe Future WorkScape
The Future WorkScape
University of Hertfordshire
 
Telecom service futures driven by customer need
Telecom service futures driven by customer needTelecom service futures driven by customer need
Telecom service futures driven by customer need
University of Hertfordshire
 
Industry 4.0 Imperatives 工业4.0势在必行
Industry 4.0 Imperatives 工业4.0势在必行Industry 4.0 Imperatives 工业4.0势在必行
Industry 4.0 Imperatives 工业4.0势在必行
University of Hertfordshire
 
Patient Heal Thyself
Patient Heal ThyselfPatient Heal Thyself
Patient Heal Thyself
University of Hertfordshire
 
From the right process to a solid cultural change
From the right process to a solid cultural changeFrom the right process to a solid cultural change
From the right process to a solid cultural change
Francesco Zaia
 
IWMW18: Invisible Labour
IWMW18: Invisible LabourIWMW18: Invisible Labour
IWMW18: Invisible Labour
Gareth Edwards
 
New Learning Environments - ICT in the education
New Learning Environments - ICT in the educationNew Learning Environments - ICT in the education
New Learning Environments - ICT in the education
Mari Petrelius
 
Online conversation as foresight
Online conversation as foresightOnline conversation as foresight
Online conversation as foresight
Alberto Cottica
 

What's hot (10)

MSP Automation - Application and Execution
MSP Automation - Application and ExecutionMSP Automation - Application and Execution
MSP Automation - Application and Execution
 
Big data to big understanding
Big data to big understandingBig data to big understanding
Big data to big understanding
 
The Future WorkScape
The Future WorkScapeThe Future WorkScape
The Future WorkScape
 
Telecom service futures driven by customer need
Telecom service futures driven by customer needTelecom service futures driven by customer need
Telecom service futures driven by customer need
 
Industry 4.0 Imperatives 工业4.0势在必行
Industry 4.0 Imperatives 工业4.0势在必行Industry 4.0 Imperatives 工业4.0势在必行
Industry 4.0 Imperatives 工业4.0势在必行
 
Patient Heal Thyself
Patient Heal ThyselfPatient Heal Thyself
Patient Heal Thyself
 
From the right process to a solid cultural change
From the right process to a solid cultural changeFrom the right process to a solid cultural change
From the right process to a solid cultural change
 
IWMW18: Invisible Labour
IWMW18: Invisible LabourIWMW18: Invisible Labour
IWMW18: Invisible Labour
 
New Learning Environments - ICT in the education
New Learning Environments - ICT in the educationNew Learning Environments - ICT in the education
New Learning Environments - ICT in the education
 
Online conversation as foresight
Online conversation as foresightOnline conversation as foresight
Online conversation as foresight
 

Similar to People the biggest cyber risk

Voip Cyber Security
Voip Cyber SecurityVoip Cyber Security
Voip Cyber Security
University of Hertfordshire
 
IT and Systems Security - The Bigger Picture
IT and Systems Security - The Bigger PictureIT and Systems Security - The Bigger Picture
IT and Systems Security - The Bigger Picture
University of Hertfordshire
 
Simon Harrison RWE - Chain of Things 010616 final
Simon Harrison RWE - Chain of Things 010616 finalSimon Harrison RWE - Chain of Things 010616 final
Simon Harrison RWE - Chain of Things 010616 final
Simon Harrison
 
Cyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile WorldCyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile World
University of Hertfordshire
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchers
vicenteDiaz_KL
 
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
Hackito Ergo Sum
 
AI The Call Center Nemesis?
AI The Call Center Nemesis?AI The Call Center Nemesis?
AI The Call Center Nemesis?
University of Hertfordshire
 
Security
SecuritySecurity
Security
Bob Cherry
 
Mediarun Festiwal 2014 Damian Winkowski DeSmart Conventica
Mediarun Festiwal 2014 Damian Winkowski DeSmart ConventicaMediarun Festiwal 2014 Damian Winkowski DeSmart Conventica
Mediarun Festiwal 2014 Damian Winkowski DeSmart Conventica
DeSmart Agile Software House
 
The Internet is on fire – don't just stand there, grab a bucket!
The Internet is on fire – don't just stand there, grab a bucket!The Internet is on fire – don't just stand there, grab a bucket!
The Internet is on fire – don't just stand there, grab a bucket!
Frode Hommedal
 
Ten realities of the internet of things - ​Alexandra Deschamps-Sonsino
Ten realities of the internet of things - ​Alexandra Deschamps-SonsinoTen realities of the internet of things - ​Alexandra Deschamps-Sonsino
Ten realities of the internet of things - ​Alexandra Deschamps-Sonsino
webdagene
 
Digital Destinies
Digital DestiniesDigital Destinies
Digital Destinies
University of Hertfordshire
 
nullcon 2010 - Underground Economy
nullcon 2010 - Underground Economynullcon 2010 - Underground Economy
nullcon 2010 - Underground Economy
n|u - The Open Security Community
 
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Steve Poole
 
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
Santhosh Tuppad
 
Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economyRaoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
CRS4 Research Center in Sardinia
 
Dr. Jantz — #Hooked Presentation
Dr. Jantz — #Hooked PresentationDr. Jantz — #Hooked Presentation
Dr. Jantz — #Hooked Presentation
Dr. Gregory Jantz
 
Pc magazine january 2015 usa
Pc magazine january 2015 usaPc magazine january 2015 usa
Pc magazine january 2015 usa
Nhóc Nhóc
 
Progscon cybercrime and the developer
Progscon cybercrime and the developerProgscon cybercrime and the developer
Progscon cybercrime and the developer
Steve Poole
 
The Stadium Business - Technology of Engagement
The Stadium Business - Technology of EngagementThe Stadium Business - Technology of Engagement
The Stadium Business - Technology of Engagement
University of Hertfordshire
 

Similar to People the biggest cyber risk (20)

Voip Cyber Security
Voip Cyber SecurityVoip Cyber Security
Voip Cyber Security
 
IT and Systems Security - The Bigger Picture
IT and Systems Security - The Bigger PictureIT and Systems Security - The Bigger Picture
IT and Systems Security - The Bigger Picture
 
Simon Harrison RWE - Chain of Things 010616 final
Simon Harrison RWE - Chain of Things 010616 finalSimon Harrison RWE - Chain of Things 010616 final
Simon Harrison RWE - Chain of Things 010616 final
 
Cyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile WorldCyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile World
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchers
 
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
 
AI The Call Center Nemesis?
AI The Call Center Nemesis?AI The Call Center Nemesis?
AI The Call Center Nemesis?
 
Security
SecuritySecurity
Security
 
Mediarun Festiwal 2014 Damian Winkowski DeSmart Conventica
Mediarun Festiwal 2014 Damian Winkowski DeSmart ConventicaMediarun Festiwal 2014 Damian Winkowski DeSmart Conventica
Mediarun Festiwal 2014 Damian Winkowski DeSmart Conventica
 
The Internet is on fire – don't just stand there, grab a bucket!
The Internet is on fire – don't just stand there, grab a bucket!The Internet is on fire – don't just stand there, grab a bucket!
The Internet is on fire – don't just stand there, grab a bucket!
 
Ten realities of the internet of things - ​Alexandra Deschamps-Sonsino
Ten realities of the internet of things - ​Alexandra Deschamps-SonsinoTen realities of the internet of things - ​Alexandra Deschamps-Sonsino
Ten realities of the internet of things - ​Alexandra Deschamps-Sonsino
 
Digital Destinies
Digital DestiniesDigital Destinies
Digital Destinies
 
nullcon 2010 - Underground Economy
nullcon 2010 - Underground Economynullcon 2010 - Underground Economy
nullcon 2010 - Underground Economy
 
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
 
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
 
Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economyRaoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
 
Dr. Jantz — #Hooked Presentation
Dr. Jantz — #Hooked PresentationDr. Jantz — #Hooked Presentation
Dr. Jantz — #Hooked Presentation
 
Pc magazine january 2015 usa
Pc magazine january 2015 usaPc magazine january 2015 usa
Pc magazine january 2015 usa
 
Progscon cybercrime and the developer
Progscon cybercrime and the developerProgscon cybercrime and the developer
Progscon cybercrime and the developer
 
The Stadium Business - Technology of Engagement
The Stadium Business - Technology of EngagementThe Stadium Business - Technology of Engagement
The Stadium Business - Technology of Engagement
 

More from University of Hertfordshire

Applied Science: Thermodynamics, Laws & Methodology.pdf
Applied Science: Thermodynamics, Laws & Methodology.pdfApplied Science: Thermodynamics, Laws & Methodology.pdf
Applied Science: Thermodynamics, Laws & Methodology.pdf
University of Hertfordshire
 
Quantifying Artificial Intelligence and What Comes Next!
Quantifying Artificial Intelligence and What Comes Next!Quantifying Artificial Intelligence and What Comes Next!
Quantifying Artificial Intelligence and What Comes Next!
University of Hertfordshire
 
The Philosophy of Science
The Philosophy of ScienceThe Philosophy of Science
The Philosophy of Science
University of Hertfordshire
 
Future Telecoms Challenges & Opportunities
Future Telecoms Challenges & OpportunitiesFuture Telecoms Challenges & Opportunities
Future Telecoms Challenges & Opportunities
University of Hertfordshire
 
Thermodynamics - Laws Embracing Our Universe
Thermodynamics - Laws Embracing Our UniverseThermodynamics - Laws Embracing Our Universe
Thermodynamics - Laws Embracing Our Universe
University of Hertfordshire
 
Applied Science - Engineering Systems
Applied Science - Engineering SystemsApplied Science - Engineering Systems
Applied Science - Engineering Systems
University of Hertfordshire
 
IoT Yet to Come
IoT Yet to ComeIoT Yet to Come
IoT Yet to Come
University of Hertfordshire
 
The Scientific Meme
The Scientific Meme The Scientific Meme
The Scientific Meme
University of Hertfordshire
 
Uncanny Valley and Human Destiny
Uncanny Valley and Human DestinyUncanny Valley and Human Destiny
Uncanny Valley and Human Destiny
University of Hertfordshire
 
Resurgence of Technology Driven Change
Resurgence of Technology Driven ChangeResurgence of Technology Driven Change
Resurgence of Technology Driven Change
University of Hertfordshire
 
Society 5.0: A Vital Symbiosis
Society 5.0: A Vital SymbiosisSociety 5.0: A Vital Symbiosis
Society 5.0: A Vital Symbiosis
University of Hertfordshire
 
Cyber Portents and Precursors
Cyber Portents and PrecursorsCyber Portents and Precursors
Cyber Portents and Precursors
University of Hertfordshire
 
Technology Overlords Or A Symbiosis ?
Technology Overlords Or A Symbiosis ?Technology Overlords Or A Symbiosis ?
Technology Overlords Or A Symbiosis ?
University of Hertfordshire
 
THE FUTURE OF MOBILE NETWORKS
THE FUTURE OF MOBILE NETWORKS THE FUTURE OF MOBILE NETWORKS
THE FUTURE OF MOBILE NETWORKS
University of Hertfordshire
 
Quantifying Machine Intelligence Mathematically
Quantifying Machine Intelligence MathematicallyQuantifying Machine Intelligence Mathematically
Quantifying Machine Intelligence Mathematically
University of Hertfordshire
 
Technologies That Will Change Everything
Technologies That Will Change EverythingTechnologies That Will Change Everything
Technologies That Will Change Everything
University of Hertfordshire
 
Cyber Security - Thinking Like The Enemy
Cyber Security - Thinking Like The EnemyCyber Security - Thinking Like The Enemy
Cyber Security - Thinking Like The Enemy
University of Hertfordshire
 
Society 5.0 Redefined
Society 5.0 RedefinedSociety 5.0 Redefined
Society 5.0 Redefined
University of Hertfordshire
 
Engineering Reliability and Resilience
Engineering Reliability and ResilienceEngineering Reliability and Resilience
Engineering Reliability and Resilience
University of Hertfordshire
 
Smart Materials and Structures
Smart Materials and StructuresSmart Materials and Structures
Smart Materials and Structures
University of Hertfordshire
 

More from University of Hertfordshire (20)

Applied Science: Thermodynamics, Laws & Methodology.pdf
Applied Science: Thermodynamics, Laws & Methodology.pdfApplied Science: Thermodynamics, Laws & Methodology.pdf
Applied Science: Thermodynamics, Laws & Methodology.pdf
 
Quantifying Artificial Intelligence and What Comes Next!
Quantifying Artificial Intelligence and What Comes Next!Quantifying Artificial Intelligence and What Comes Next!
Quantifying Artificial Intelligence and What Comes Next!
 
The Philosophy of Science
The Philosophy of ScienceThe Philosophy of Science
The Philosophy of Science
 
Future Telecoms Challenges & Opportunities
Future Telecoms Challenges & OpportunitiesFuture Telecoms Challenges & Opportunities
Future Telecoms Challenges & Opportunities
 
Thermodynamics - Laws Embracing Our Universe
Thermodynamics - Laws Embracing Our UniverseThermodynamics - Laws Embracing Our Universe
Thermodynamics - Laws Embracing Our Universe
 
Applied Science - Engineering Systems
Applied Science - Engineering SystemsApplied Science - Engineering Systems
Applied Science - Engineering Systems
 
IoT Yet to Come
IoT Yet to ComeIoT Yet to Come
IoT Yet to Come
 
The Scientific Meme
The Scientific Meme The Scientific Meme
The Scientific Meme
 
Uncanny Valley and Human Destiny
Uncanny Valley and Human DestinyUncanny Valley and Human Destiny
Uncanny Valley and Human Destiny
 
Resurgence of Technology Driven Change
Resurgence of Technology Driven ChangeResurgence of Technology Driven Change
Resurgence of Technology Driven Change
 
Society 5.0: A Vital Symbiosis
Society 5.0: A Vital SymbiosisSociety 5.0: A Vital Symbiosis
Society 5.0: A Vital Symbiosis
 
Cyber Portents and Precursors
Cyber Portents and PrecursorsCyber Portents and Precursors
Cyber Portents and Precursors
 
Technology Overlords Or A Symbiosis ?
Technology Overlords Or A Symbiosis ?Technology Overlords Or A Symbiosis ?
Technology Overlords Or A Symbiosis ?
 
THE FUTURE OF MOBILE NETWORKS
THE FUTURE OF MOBILE NETWORKS THE FUTURE OF MOBILE NETWORKS
THE FUTURE OF MOBILE NETWORKS
 
Quantifying Machine Intelligence Mathematically
Quantifying Machine Intelligence MathematicallyQuantifying Machine Intelligence Mathematically
Quantifying Machine Intelligence Mathematically
 
Technologies That Will Change Everything
Technologies That Will Change EverythingTechnologies That Will Change Everything
Technologies That Will Change Everything
 
Cyber Security - Thinking Like The Enemy
Cyber Security - Thinking Like The EnemyCyber Security - Thinking Like The Enemy
Cyber Security - Thinking Like The Enemy
 
Society 5.0 Redefined
Society 5.0 RedefinedSociety 5.0 Redefined
Society 5.0 Redefined
 
Engineering Reliability and Resilience
Engineering Reliability and ResilienceEngineering Reliability and Resilience
Engineering Reliability and Resilience
 
Smart Materials and Structures
Smart Materials and StructuresSmart Materials and Structures
Smart Materials and Structures
 

Recently uploaded

办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
uehowe
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
Trending Blogers
 
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
uehowe
 
Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!
Toptal Tech
 
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
uehowe
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
zoowe
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
Laura Szabó
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
Danica Gill
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
Paul Walk
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
cuobya
 
Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
davidjhones387
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
ysasp1
 
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
cuobya
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
fovkoyb
 
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
bseovas
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
xjq03c34
 
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
ukwwuq
 
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalmanuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
wolfsoftcompanyco
 
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
bseovas
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
cuobya
 

Recently uploaded (20)

办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
 
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
 
Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!
 
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
 
Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
 
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
 
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
 
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
 
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalmanuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
 
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
 

People the biggest cyber risk

  • 1. PeopleThe Biggest Cyber Risk Peter Cochrane cochrane.org.uk UCISA Security Conference Birmingham 3 May 2018 https://www.uos.ac.uk
  • 2.
  • 3. T H E D A R K S I D E To defeat them, think as they do! “Never interrupt your enemy when he is making a mistake.” ― Napoléon “A wise man gets more use from his enemies than a fool from his friends.” ― Baltasar Gracián “To become a good defender you must first become a good attacker” ― Me “To know your Enemy, you must become your Enemy” ― Sun Tzu
  • 4. C Y B E R C R I M E Abridged history & cost Banking Malware Crypto-Currency Attacks Bitcoin Wallet Stealer Device & Account Hijacking RansomeWare EPoS Attack Cyber WarfareSocial Engineering DoS, DDoS Infected eMail RansomeWare Identity Theft DNS Attack BotNets Site Sabotage SQL Attack Spam Identity Theft Phishing Trojan Worms Virus 1997 2004 2007 >1000 Bn Attack Total > $2000 Bn Cost of global cyber crime Today 2013 Almost all of these attacks/attack-types can be traced back to human operators exploiting the fallibilities of individuals who have volunteered vital information by falling victim to scams, spams and trickery Social engineering is one of the most powerful tools to be widely exploited by the ‘Dark Side’ - and the approach can span to dumb and very obvious to the highly sophisticated and hard to detect
  • 5. C Y B E R At t a c k R a p i d l y c h a n g i n g p r o f i l e s Fun Fame Notoriety Vandalism Limited Skills Limited Resources Tend to be Sporadic Rogue States Criminals Hacker Groups Hacktivist Amateurs Money Sharing Organic Dispersed Unbounded Huge Effort Progressive Cooperatives Self Organising Vast Resources Massive Market Aggregated Skills Semi-Professional Substantial Networks Skilled Political Idealists Emotional Relentless Dedicated Cause Driven Vast Networks Varied Missions Targeted Attacks Evolving Community Drugs Fraud Global Extreme Extortion Business Unbounded Professional Well Managed Well Organised Ahead of the Curve Orchestrated Effort Extremely Profitable Syndicated Resources Massive Attack Surface Vast up-to-date Abilities Covert Money WarFare Influence Pervasive Disruption Espionage Professional Sophisticated Well Organised Extreme Creativity Orchestrated Effort Political Influencers ~Unlimited Resources Tech/Thought Leaders Regime Destabilisation Population Manipulation Military and Civil Domains Almost all attacks/attack-types can be traced back to human fallibility and ambition exploitation
  • 6. W H AT W E D E T E C T Possibly just the tip of an iceberg We need to start looking below the surface of obviousness for the hidden sophistication of the many stealth attacks that we suspect are happening that we cannot see! Ransomeware Phishing Crypto-WalletDoD/DDoS SQLi // XSS Man-in-The Middle URL Spoofing Cloaking Malware Covert Plant Visitors Insiders Outsiders Alongsiders Customers Contractors WiFi Tunnels Implants Malware Networks Diversions Brute Force Decoys
  • 7. P E RV E R S I T Y Irrational situations by design Our vehicles, white and brown goods are designed to be reliable - and ‘we’ don’t expect to have to get our tools out every week to keep them running ! Reliability, resilience, and trouble free longevity is designed in from concept through design, production, delivery, and customer use Customers no longer understand how they work and certainly do not possess the skills to service and do repairs!
  • 8. P E RV E R S I T Y Irrational situations by design Non-intuitive language, choices, configurations and options cause endless frustration
  • 9. P E RV E R S I T Y Irrational situations by design Why does industry assume people to be capable of managing their own PC, laptop, tablet, mobile; whilst ensuring they are also always secure? I see 7 year old machines that have never had an OS update and with no security software Owners oblivious to bot nets and their vital contribution to their global success… They don’t care because they have no clue…and why should they ?
  • 10. i n c o n v e n i e n C E FaceBook Cambridge Analytica + GDPR A month of repetitious chaos trying to get legal, fix problems and patch security vulnerabilities Home Academia and Lab Company on The Road In just 3 contiguous weeks 4 x OS upgrades over ’N’ widely distributed devices + 163 App updates
  • 11. T H E I OT Problem amplifier Exponentially increasing the Attack Surface and the inherent complexity - but will be in every home and office, workplace, pocket and vehicle - not to mention every component, item of clothing and food +++ For The Dark Side this is as good as it gets! A great dumb question form 2017: “Why would anyone want to attack my toaster” Doh!
  • 12. S H E E R S C A L E > 1 0 0 - 1 0 0 0 B n t h i n g s A l w a y s o n l i n e = A l w a y s a t R i s k G O O D N E W S = M a j o r i t y o f I o T d e v i c e s w i l l n e v e r c o n n e c t t o t h e I n t e r n e t ! ! This graphic by Beecham Research really conveys the IoT/M2M complexity to come
  • 13. Iot NIGHTMare Food & toasters to vehicles https://www.youtube.com/watch?v=RZVYTJarPFs
  • 14. Broadcasting Malware Responding with updated protection Wider Network Updated Latest Solution Update Dynamic isolation of infected devices and components leading to repair Auto-immunity A mix of clean and infected
  • 15. Auto-immunity Mirrors biological forebears Applied everywhere 24 x 7 ICs ISPs WiFi Hubs LANs Cards Traffic Servers Circuits Devices Internet Networks Organisations Companies Platforms Groups People Mobile Fixed
  • 16.
  • 17.
  • 18. Main Event ? Decoy ? Masking ? Diversion ? Tunnel set up ? Infiltration ? Intel Ops ? Implant ? Theft ? Tests ? +++
  • 19. AL MALWARE SPECIATION The Dark Side are at the leading edge - are we?
  • 20. Get our act together The essentials shopping list is reasonably short Global monitoring and shared situational awareness Cooperative environments on attacks and solutions Universal sharing of identified attacks/developments Address cloaking & decoy customer sites/net nodes Behavioural analysis of networks, devices, people To continue and expand all established efforts Auto-Immunity for all devices including IoT Secure wireless channels - invisible signals
  • 21. Get our act together The essentials shopping list is reasonably short Global monitoring and shared situational awareness Cooperative environments on attacks and solutions Universal sharing of identified attacks/developments Address cloaking & decoy customer sites/net nodes Behavioural analysis of networks, devices, people To continue and expand all established efforts Auto-Immunity for all devices including IoT Secure wireless channels - invisible signals GDPR FALLS FAR SHORT • It involves manual processes • It is far too slow • It is not automated • No effective a responses • A hinderance not a gain • Advantageous to the Dark Side
  • 22. WHEN WE FIX THE TECH A r e w e t h e n c l o s e t o b e i n g s a f e ?
  • 23. AFRAID NOT ! M o r e h u r d l e s t o j u m p
  • 24. PEOPLE THE PROBLEM I m p o s s i b l e t o c o n t r o l - c h a n g e t o o s l o w
  • 25. S P A N O F H U M A N I T Y Impossible to fully define/understand predispositions Honest Dishonest Opportunist Hacker Black Hat White Hat Silly Extreme Careless Helpful Hapless Naive Arrogant Ignorant Unthinking Emotional Analytical Hacktivist Old Tired Distressed Confused Technophobe Technophile Depressed ill Nervous Professional Young Blue Collar Unemployed Employed Educated Uneducated Poor Rich Caring Uncaring BiasedAccepting Unaccepting loner Team Player Social Networker Insider Outsider Untidy Reckless Careful Good Bad Evil
  • 26. C a r e l ess London is a safe city ! I was working in London and stopped for a coffee break in Soho… Soho A smart young man walked in and I spotted his badge !
  • 27. C a r e l ess London is a safe city ! I was working in London and stopped for a coffee break in Soho… Soho A smart young man walked in and I spotted his badge ! He sat right in front of me and this is what my mobile phone could see as he booted up !
  • 28. C a r e l ess London is a safe city ! I was working in London and stopped for a coffee break in Soho… Soho A smart young man walked in and I spotted his badge ! He sat right in front of me and this is what my mobile phone could see as he booted up ! Coffee Shop Protocol • Sit as far back from the door as possible ; ideally with no one to the rear or the sides • Check for overhead cameras • Do not wear identifying insignia of any kind • Do not boot up to an identifying company, country, government, agency badge • Check and be aware N, E, S, W
  • 29. L O U D & R U D E There is always a price to pay ! The group next to my colleague had just chanced upon the perfect name for their new company. So he bought the domain name and all the variants before they had completed their meeting!
  • 30. U n t i dy Litter Bug :-) Dropped receipt to a wet floor - I picked it up and this caught my eye And then the fun started !
  • 31. U n t i dy Litter Bug :-) Dropped receipt to a wet floor - I picked it up and this caught my eye And then the fun started ! I Followed to a Coffee Shop A few minutes listening and observing aided by Goole and FaceBook and I had: Full name & address Telephone Number eMail Address Date of Birth Some History +++ My final act was to explain to this gentleman just how expensive litter might be…and he really ought to take care! I Followed to a Coffee Shop A few minutes listening and observing aided by Goole and FaceBook and I had: Full name & address Telephone Number eMail Address Date of Birth Some History +++ My final act was to explain to this gentleman just how expensive litter might be…and he really ought to take care!
  • 32. O p P o rt u n i s t i c Unintended revelations & consequences TRUTH ENGINES An End Game Company Dr Peter Cochrane EU Concept Consultant DAY 1: Pass Card for an undefined meeting
  • 33. O p P o rt u n i s t i c Unintended revelations & consequences TRUTH ENGINES An End Game Company Dr Peter Cochrane EU Concept Consultant DAY 1: Pass Card for an undefined meeting TRUTH ENGINES An End Game Company Peter Cochrane Internal Affairs Advisor DAY 2: Pass Card as a member of staff
  • 34. O p P o rt u n i s t i c Unintended revelations & consequences TRUTH ENGINES An End Game Company Dr Peter Cochrane EU Concept Consultant DAY 1: Pass Card for an undefined meeting TRUTH ENGINES An End Game Company Peter Cochrane Internal Affairs Advisor DAY 2: Pass Card as a member of staff I Was Invited to Test a Companies Revised Security My way in was to simply massage my security pass from visitor to employee I then played the role of an old boy not really up to the modern world of IT and so many wonderfully kind people came forward to help me access networks, rooms and facilities My secret? Wear a suite and a tie & look very respectable…everyone knows that hackers wear hoodies!
  • 35. A stack of papers readable at a glance E X H I B I T I O N I S TS Government employees bragging ME Three identical laptops Three Mobiles all the same
  • 36. A stack of papers readable at a glance E X H I B I T I O N I S TS Government employees bragging ME Three identical laptops Three Mobiles all the same In < 1hour of looking & listening I had: All there names Mobile numbers + eMail addresses Unit Codes Postal Drop Building floor and room IT Support Number and log in Who was at their meeting Meeting agenda Who said what Decisions made Project Code Name Organisations involved Objectives and progress The name of a ‘Secret Project’ Talked about in euphemisms +++++
  • 37. THE KIND & HELPFUL Sophisticated phishing attacks https://www.youtube.com/watch?v=lc7scxvKQOo
  • 38. T H E G O O D N E W S Habitualities are near impossible to hide We have so very many individually identifiable idiosyncrasies and routines that they define who and what we are to a high very degree of accuracy - especially when combined with biometrics
  • 39. D e v i c e t h e f t Or is their something more here This is a high risk crime with a good chance of getting caught in the act or getting caught on camera.. Why would anyone do this for a few ££ an hour, or is there hidden value add that we are not seeing? https://www.youtube.com/watch?v=TWilMUpEMEk https://www.youtube.com/watch?v=tSKXZnfOe60
  • 40. U P T H E VA L U E 100s of hack tutorials on-line A naked mobile device is one price A live mobile device with all the log-in and personal data accessible is a much better deal !
  • 41. B E H a V I O U R A L A N A LY S I S Might just be the ‘king pin’ that holds together our security Just as we can be identified by where and what we eat, say, do; and how we walk, talk, type, behave; the friends and colleagues we meet; there is an equivalency for us and all our devices ! Sociology of People Sociology of Things
  • 42. WO RT H R EA D I N G Strategy without tactics is the slowest route to victory Tactics without strategy is the noise before defeat Be so subtle that you are invisible Be so mysterious you are intangible Then you will control your rivals’ fate Supreme art of war applicable today ~5C BC
  • 43. T h a n k Y o u cochrane.org.uk We posses superior technology, networks and brains - if we lose this war it is down to our organisational inabilities …and the Dark Side will have an easy win! https://www.uos.ac.uk