The document summarizes an ICSA Technology Conference focused on cyber security that was held on Friday, November 4, 2017. The conference included chair remarks, discussions on building business confidence in cyber security, the evolving cyber threat landscape, ransomware and cyber extortion, and how to respond to a cyber security breach. Speakers addressed questions organizations have about current cyber risk levels and how to understand and address cyber threats through practical measures.

1. ICSA Technology Conference:
focus on cyber security
Friday 4 November, 2017

2. Join
the conversation
@ICSA_News
#ICSATechConf

3. Chair’s opening remarks
Mark Child, Managing Director
GLE Consulting Limited

4. Building business confidence

5. Cyber Security
The ICSA Technology Conference 2016
ICSA: THE GOVERNANCE INSTITUTE 4TH NOVEMBER 2016

6. Cyber security – everyone’s pet subject
• Undoubtedly the topic of the moment
• But, is it anything new?
• How worried should we really be?
• How, in practical terms, do we understand and tackle ‘cyber
threat’?

7. Questions…
“What are we doing
about Cyber?” “Can we be
hacked?”
“What is our current
level of Cyber risk?”
“Should we be
doing penetration
testing?”
“Can’t we just take
out insurance?”

8. It’s an opportunity for the authorities too
“The biggest threat to the UK way of life will
come from cyber terrorism rather than
traditional attacks on cities and people”.
David Blunkett
“If the US government does not improve
cyber defences, we will leave our nation and
our economy vulnerable".
Barak Obama
“Cyber security is a Tier 1 threat to the
nation and has become a strategic risk
management issue for all organisations.”
MI6

9. Hardware and software vendors…
…are never blind to a sales and
marketing opportunity either!

10. Threat landscape
• Main themes over the last year.
• The risk landscape is dynamic and continuously evolving.
• Cybercrime in Financial Services is the domain of organised criminals -
focussed on monetising their technical advantage.
• Ransom-ware
• Phishing
• Data theft
• Wire-fraud (and ‘whale phishing’)
• Smaller organisations are as equally likely to be in the firing line as large
firms. Their relative lack of resources mean that they are easier to
compromise and exploit.
• Increased reliance on third party suppliers – a significant hidden
security risk.
• The threat therefore remains real, current and relevant to all.

11. Threat landscape –
The global state of information security survey
2015

12. Threat landscape – global
Implementation of key security safeguards

13. Threat landscape – global

14. Ransomware and cyber extortion
Martin Lee
Technical Lead, Security Research Team
Lead, Talos Outreach EMEA, Cisco

15. Martin Lee
Technical Lead Security Research

16. Digitisation of Crime

17. Acquisitive Crime
“The Conjurer”
Hieronymus Bosch c.1480

18. Cyber Crime Business Model
Compromised
System
Steal CPU Cycles
Steal Bandwidth
Steal Data
Mine bitcoins
DDOS
Send spam
Credential theft
Identity theft

19. Ransomware - A New Model

20. Ransomware Rogues Gallery
Name AIDS Trojan
Date Dec 1989
Spread Diskette
Ransom $189 (by post)
Encryption Symmetric
(file names only)

21. Ransomware Rogues Gallery
Name Reveton Cryptolocker Cryptowall 2.0 Locky
Date May 2012 Sep 2013 Sep 2014 Feb 2016
Spread Exploit kits
(web)
Email Malvertising Email
Ransom $200
by Ukash,
Bitcoin
$400 by Ukash
or Bitcoin
$500 or bitcoin $300 - $400
Tor, Bitcoin
Encryption various RSA-2048 bit Including
network drives
RSA- 2048 bit RSA-2048 + AES-256
including network
drives also web site
version.

22. Angler EK - The Money

23. Distribution

24. Zepto - Spam

25. Malvertising

26. A Major News Site
26 Domains
39 Hosts
171 Objects
557 Connections

27. Angler EK Infection Demo

28. SamSam – March 2016
Scan for JBoss
vulnerability
Encrypt files &
demand payment
Install
SamSam
malware
Install web shell
Expand presence
on network

29. SamSam – March 2016

30. Vulnerable Systems
3.2 million ‘at risk’ machines
Scan for JBoss
vulnerability
CVE-2010-0738
Install web shell
2100 installed web shells

31. A Future Ransomware Model
Establish initial
access
Escalate
privileges
Identify critical
systems
Install
ransomware
Collect
payment
Scan for
vulnerabilities
Maximising lost value for the victim
Minimising costs for the attacker

32. www.talosintelligence.com
blog.talosintel.com
@talossecurity
martinle@cisco.com

33. Incident response: what to do in
the event of a cyber breach
Mark Child, Managing Director and
Neil May, Senior Manager, Technology Risk
Management
GLE Consulting Limited

34. What To Do In The Event of A
Cyber Breach
Incident Response
ICSA: THE GOVERNANCE INSTITUTE 4TH NOVEMBER 2016

35. You might be feeling a bit like this…
Rabbit in the headlights!

36. Or, depending on your board…
Possibly like this.

37. The big question is …
Is this really an entirely new threat that
we are facing?

38. Our view
But, there are some trends:
― We are noticing more and larger breaches.
― Breaches and data leaks are making the news – there is public, media and regulatory interest.
― The criminals are getting smarter.
The threat is NOT new.
‘Cyber’ is a convenient label for
information risk in the 21st Century

39. Our view – how do we respond?
Pursue a strategy of defence-in-depth
Avoid our historic fixation on ‘the perimeter’
This is not a purely technical problem.
The solution is not necessarily a technical one.
Technical controls remain key.
The weakest links are likely to be:
Your people
Your third party suppliers & partners
And
So
But

40. Summary
― ‘Cyber threat’ is nothing new – in our view!
― But it is serious.
― Target defence in depth.
― Staff, contractors and suppliers are now your weakest link.
― Get back to basics on information governance
― Apply technology solutions intelligently to support & enable.

41. History quiz

42. History quiz

43. Just how successful was it?
Not very
successful at
all!

44. Perception versus reality
We think we are building this…
But we have potentially built this…

45. Case studies – poor practices
― October 2015
― Cause: Simple (and old) technical exploit (executed by a 15 year-old boy)
― Immediate result: 150,000 customer records stolen (0ver 15,000 full bank details)
― Incident/crisis management extremely poor:
― CEO unprepared & poorly briefed
― Scope of breach massively over-estimated
― Response ill-judged (500,000 customers given ‘free upgrade’)
― Impacts:
― REPUTATION – Lost 95,000 customers in year 1
― FINANCIAL – Current financial cost estimated at £60m
― REGULATORY – Formally sanctioned by ICO (Fined 400k)

46. Case studies – insider threat
― December 2014
― Cause: Malicious software deployed via ‘phishing’ attack used to obtain IDs and passwords
― Politically motivated
― Immediate result: 100 terabytes of data stolen (the whole of the “.co.uk” domain is only 68
Tb)
― Data included entire movies, financials, staff data, salary data, email records
― Data posted on the internet for download
― Impacts:
― REPUTATION – Deputy CEO forced to resign due to damaging email content
― FINANCIAL – Current financial cost estimated at $15m (impact reduced by
insurances and managed legal response).

47. Case studies – third party
― Spring 2014
― Cause: Security compromise at third party AirCon and Ventilation contractor – access gained
to Target’s network.
― Immediate result: 70m customer records and 40m credit card records harvested across
1,797 stores over extended period
― Data downloaded by criminals in Russia.
― Impacts:
― FINANCIAL – Current financial cost to Target estimated at $61m (Industry-wide costs estimated at
$200m)

48. Get back to basics
― It’s not just about the enemy at the gates (i.e. the perimeter)
― The perimeter is hard to define these days
― We cannot rely solely upon prevention – our detection and response capability must improve.
We need to take the threat seriously.

49. Get back to basics
― Technology and tools of the highest quality can be undermined by weaknesses in basic
security practices.
― Or by a flawed corporate culture.
― Cyber/Information risk is a problem for the entire business to resolve – not just IT!
― Today’s cyber criminals recognise this and exploit it by adopting a range of approaches which
step away from the purely technical and exploit weaknesses in the way that organisations
manage, control and interact with their information.
― A full frontal assault is unlikely to be profitable – an attacker will target compromise from the
inside. And they can be very patient.

50. Get back to basics
Fundamentally, addressing the Cyber Threat means going back to basics, looking again at your
organisation and the controls you already have:
― Understanding your people – what threats do they pose? After all there is no patch for
stupidity!
― Understanding your organisation’s information, where it is and how it is used.
― Identifying the main risks to physical and information assets.
― Ensuring that the right measures are adopted to mitigate risk to within acceptable levels –
balancing cost versus risk.

51. Get back to basics – governance foundations
Unless the foundations of good information and security governance are working well, any
investment in security technology will most likely be wasted. Fundamental areas for focus are:
― Staff security training and awareness.
― Robust oversight and management of third party suppliers
― Software & hardware patch management
― Intelligent management & admin of user access.
― Clear policies on security, acceptable system use and social media.
People. Process. Tools. In that order!

52. Get back to basics – making it work
For effective and sustainable governance:
― Setting, maintaining and continuing to evolve the “tone at the top”.
― Monitoring of information risk management by the Board of Directors.
― Ongoing, practical and relevant awareness training.
― Independent assurance.
― Regular, risk-based security testing. Inside and outside the perimeter.

53. What happens if a security breach occurs?
― If a security breach occurs, organisations that follow clearly documented plans to reduce the
impact of the breach have a much better chance of staying out of the law courts and avoiding
punishment
― Most organisations unfortunately don't have good systems for actually managing the
problem. If a breach occurs, the law is really concerned with your behaviour at that point in
time. You can't unravel the past and pretend the breach didn't occur, it's what you do from
that point on that will determine your culpability
― On top of having well documented systems and procedures, organisations need to have
clearly defined actions for dealing with a breach and limiting the damage to those affected.
This is likely to involve multiple disciplines that could include information security specialists,
IT resources, a PR agency, legal advice and credit reporting services
― If you adopt an honourable stance from the outset, doing the right thing at the right time, then
your legal team is in a very strong position to defend you to the regulator arguing that you're
not the kind of organisation that has the profile that requires all of the effect of the law and
therefore the punishment

54. How to protect organisations from security breaches
― Take some basic steps to "build a protective shield”, most notably:
― Build a single unified security policy
― Ensure information security forms part of any contract initiation
― Make security part of the process when any project is initiated
― Employee adequacy – ensure you have processes for handling new employees, changes of job, and
for employees exiting the company; show that they were made aware of security requirements
― Third-party assurance – have processes in place to guard information held by third parties
― Culture – have a managerial structure in place that demonstrates a chain of responsibility for handling
security and reporting errors
― ‘Tone at the top’
― Shared ownership of good practices
― Openness & transparency – continuous improvement

55. State of the Nation – addressing Cyber Risk
Four golden rules our plan is founded upon
Over 75% of attacks exploit failures to put in
place basic controls
Get the basics right
You have to prioritize where you spend your
money to defend yourself, so build a fortress
around your most critical asset.
Look after the crown jewels
Invest in understanding who might attack you,
why and how, so that you can anticipate the most
likely scenarios and defend those assets that are
most likely to get attacked.
Do your homework on your enemies
Security and resilience can affect nearly every
part of an organization. Strategies to protect IT
security and business resiliency should align with
an organization’s broader goals – from protecting
intellectual property to maximizing productivity to
finding new ways to delight customers.
Treat cyber risk as an opportunity to look
closely at your business

56. Solving the big ‘Board reporting
problem’ in cyber
Jon Hawes, Security Intelligence Strategist,
Panaseer

57. Cyber security insurance
Graeme Newman, Chief Innovation Officer
CFC

58. Tackling the insider threat
Garath Lauder, Director, Cyberseer
Ted Plumis, Vice President of Channels
and Corporate Development, Exabeam

59. Social engineering: the art of the
con
Rob Shapland, Penetration Testing Team
Manager, First Base Technologies

60. Cryptography Basics
Dr David Weston, Lecturer in Computer
Science and Information Systems
Birkbeck University of London

61. Tokens, Honeypots, Idenitfication
Authorisation Services
Ray Dalgarno, Director, CYBERCAST

62. Trust with “THIS”
Tokens,
Honeypots,
Identification Authorisation Services;
The Confluence

63. Agenda
Warfare
Attack Surface, Attribution, Residency, Deniability
Honeypots & Tokens
Identification and Authorisation
Conclusion

64. Warfare
Security through obscurity –
the reason the armed forces adopt camouflage

65. NHS Cyber Attacks – The Telegraph 1st Nov 2016
“…hacking is "no longer the stuff of spy thrillers and action
movies" but a clear and present threat…”
“…Ben Gummer, minister for Cabinet, says that "large
quantities of sensitive data" held by the NHS and the
Government is being targeted by hackers…”
“…Ministers will also unveil a Cyber Security Research Institute,
a "virtual collection of UK universities" which will work towards
making passwords obsolete…”

66. Cyber Fraud
“…Online fraudsters stole £10.9bn in the UK last year…”
“…39% (of respondents), questioned by “Get Safe Online” said
they were a victim of cybercrime, but did not report it…”
“…53% received phishing messages…”
Extract from The Telegraph 20th October 2016

67. Cyber Crime is a War Zone
“Rouse him, and learn the principle of his activity or inactivity. Force
him to reveal himself, so as to find out his vulnerable spots.”
“If you know the enemy and know yourself you need not fear the
results of a hundred battles”
- Sun Tzu, Military General, Strategist & Philosopher, 5th Century
BC, China
Deception is a powerful, effective, but under utilised tool –
(at least by defenders)
Full range of “effects” on adversaries possible through deception

68. Effects Attacker Defender
Fail to observe
Prevent the defender from detecting the attack. Prevent the attacker from discovering their target.
Reveal
Trick the defender into providing access. Trick the attacker into revealing their presence.
Waste Time
Focus the defender’s attention on the wrong aspects of
the incident.
Focus the attacker’s efforts on the wrong target.
Deception Effects - Attacker & Defender

69. Operation Mincemeat - 1943
Successful British disinformation plan during the
Second World War to cover the invasion of Italy from
North Africa. To convince the Germans that, instead
of attacking Sicily, the Allied armies would invade
Greece.

71. Operation Mincemeat - 1943
Successful British disinformation plan
during the Second World War to cover
the invasion of Italy from North Africa.
To convince the Germans that, instead
of attacking Sicily, the Allied armies
would invade Greece.
This was accomplished by persuading
the Germans that they had, by
accident, intercepted "top secret"
documents giving details of Allied war
plans.

72. Attack Surface, Attribution,
Residency, Deniability
From the living room to the boardroom

73. Attack Surface
From ordinary consumers, to a single-office business, through
the regulatory bodies, to the national and global giants
The environment dictates the approach – no “Silver Bullet”
Layered security – combining multiple mitigating security
controls to cost effectively protect resources & data

74. Attack Attribution
At which point in the attack do you realise that you have been
hacked
 TalkTalk, DNC, Yahoo
There are very few “smoking guns” visible
Attacks that often begin with broadly targeted phishing, that can
introduce & run new binaries on victims networks, & that
connect to random internal hosts using exfiltrated credentials ,
can still remain hidden for a year

75. Examples of Global IT Vendors’ Vulnerabilities
Microsoft
 Microsoft August (2016) Patch Tuesday, included five updates rated
critical out of a total of nine, bringing the number of patches for the year-
to-date at 103
SAP
 There are vulnerabilities in almost every SAP module; CRM, EP, and SRM
are leaders among them ERPScan SAP Cyber Threat
Report2016
Oracle MICROS (and others)
 In total, more than one million PoS terminals around the world could be
at risk, should the attacks prove to have been deeper than the
companies are currently publicly admitting
Computing Aug

76. Dwell Time/Residency
Mandiant reported that attackers on average lurked on a
network for 205 days before being discovered¹
Microsoft recently reported they place the number at more
than 200 days to detect a security breach and 80 days to contain
it²
1. https://www2.fireeye.com/rs/fireye/images/rpt-m-trends-2015.pdf
2. https://blogs.windows.com/windowsexperience/2016/03/01/announcing-windows-defender-advanced-threat-
protection

77. Plausible Deniability & Malware Intrusion
Plausible deniability refers to circumstances where a denial of
responsibility or knowledge of wrong doing cannot be proved as
true or untrue due to a lack of evidence proving the allegation
It is a basic law for the cheat and the deceiver. Be able to offer up
an excuse that cannot be disproved easily and that makes sense
for the situation

78. Trickle-down Effects
Increasing rapidity of car-trickle-down; yester-years’ top end car
innovations eventually migrate through the models becoming standard
options in lower-priced vehicles
This pattern of innovation holds true in virtually every field, including
cyber- security
Malware as a Service (MaaS) – moving from the heavily funded
specialist cyber experts down into the mass market
MaaS now commonly available at very low cost through the darknet and
sites such TOR, I2p

80. Honeypots & Tokens
Evolution Mimicry

81. Honeypots
Venus Flytrap in Action
(triggered honeypot)
Trojan Horse (passive honeypot)
Greeks built, used to enter the
city of Troy and win the 10 year
Trojan war - 4th Century story
Cartography: A trap street (passive
honeypot) is a fictitious entry in the
form of a misrepresented street, for
the purpose of "trapping" potential
copyright violators

82. Tempting - moneypot
All
mine……….
Ooops!

83. Honeypot Principle
Focus on detecting threats
 Here, we’d like to know immediately someone has broken into the network and in
places they shouldn’t be
Ensure the honeypot looks appealing to the attacker
 The honeypot must look legitimate & enticing
In this attack scenario the defender has particular advantage
 Once attackers initially land inside your internal network, they’re at a disadvantage.
They don’t know the lay of the land and they need to explore it (reconnaissance),
while remaining hidden

84. Defence through Deception
Deception is a highly effective solution for protecting
environments; used to confuse, delay and redirect the enemy
Lured to the Canary Honeypot, the attacker will be tricked into
engaging with that device and believe they are being successful
in their attack

85. Canary – Today and Tomorrow
Canary - great for remote sites but what about our VM data
centres?
What about integration with established enterprise monitoring
frameworks such as Openview, CA or Microsoft SCOM?
Console management limit on the number of deployed Canaries?
Are “Canarytokens” part of tomorrow’s planning?

86. Identification &
Authorisation
A new way forward

87. Tokens
Tokens - In general, a token is an object that represents something
else, such as another object (either physical or virtual), or an
abstract concept. In computer systems, there are a number of
types of tokens, both hardware and software
In human terms, a token of trust can exist between two parties
with such levels of trust reinforced through personal introductions
with other parties
A token generation & management platform, designed
specifically for high security multi-services in public and private
clouds,
greatly enhances trustworthy information handling

88. Identification with Passwords
Any directory service or management
platform holding passwords becomes a
target by the attacker for credentials’ theft
Passwords are fundamentally flawed:
 Often easy to guess
 Are reused across different services
 Are written down or stored or shared
 Can be intercepted
 Are expensive to maintain
 29% of all cybercrime is from stolen
passwords

89. Identification WITHOUT Password
The Problem
 The password has outlived it’s usefulness
Secure Cloudlink’s Response
 Patented and highly secure tokenised message management
solution assures password redundancy
 User credentials are not transmitted, stored or replicated
 Secure digital services - a snap for the user
Randomised, encrypted, key generation –
no consistent key to be stolen

90. Conclusion
Possible quick-wins

91. Immediate Low-risk Considerations
People protection: Continuous inter-active education on the threats & risks
posed by cyber-criminals through the deployment of Phish5 email phishing
simulations with supporting education processes
Network hardening: Rapid deployment of customisable, low-cost, capex-
free, Canary honeypots throughout the strategic points on the network
Access & authorisation protection: Review and assess the usage &
costs (direct/indirect) of passwords in your own organisation – test the results
against Secure Cloudlink
Information handling assurance: Regular external, expert assessment &
audit of network, data governance practices and procedures

92. Security Through Obscurity
Warfare - The Social Threat
Attack Surface, Attribution, Residency, Deniability -
Livingroom to Boardroom
Honeypots & Tokens – Evolution Mimicked
Identification and Authorisation – New Pathway

93. Thank you
Trust in “THIS”
Security through Obscurity
Ray Dalgarno
ray@cybercast.co

94. New and evolving forms of malware
Mark Olding, Senior Enterprise Presales
Consultant, Kaspersky Labs

95. The what, how, who and why of computer malware
Mark Olding
Senior Enterprise Presales Consultant

96. THE SCALE OF THE THREAT
1
NEW VIRUS EVERY
HOUR
1994
1
NEW VIRUS EVERY
MINUTE
2006
1
NEW VIRUS EVERY
SECOND
2011
310,000
NEW SAMPLES EVERY
DAY
2016
THE SCALE OF THE THREAT

97. 90%
9.9%
0.1%
Targeted attacks
Advanced persistent
threats
Traditional cybercrime
Targeted threats to
organizations
Cyber-weapons
THE NATURE OF THE THREAT

98. TRENDS AND THREATS
Internet of Things
Big Data Fragmentation of the internet
Cloud & Virtualization
Consumerisation & Mobility
Critical Infrastructure at risk
Increasing online
commerce
Privacy & Data
protection challenge
Online
banking at risk
Mobile threats
Decreasing costs of APTs
Merger of cyber crime and APTs
Supply chain attacks
Internet of Things
Targeting
hotel networks
Ransomware
programs
Cyber mercenariesMassive data
leaks
Malware for ATMs
Financial phishing attacks
Attacks on
PoS terminals
Threats to
Smart Cities
‘Wipers’ & Cyber - sabotage
Targeted Attacks

99. HOW MALWARE SPREADS
USB sticks
Email
Exploit kits
Social Networks

100. Browser
s
VULNERBILITIES AND EXPLOITS

101. WEB-BASED THREATS
Kaspersky Lab discovered 798,113,087 web attacks in 2015
25 attacks per second
1,518 attacks per minute
2.1 million attacks per day 91,000 attacks per hour

102. DRIVE-BY DOWNLOADS

103. June2015
SOCIAL MEDIA

104. June2015
EMAIL

105. REMOVABLE DRIVES

106. June2015
DIGITAL CERTIFICATES

107. CONSUMER THREATS IN 2015
0
50000
100000
150000
200000
250000
300000
350000
400000
450000
Users
Users
2 MILLION ATTEMPTS
In 2015, Kaspersky Lab solutions blocked
attempts to launch malware capable of
stealing money via on-line banking on almost
2 million computers
This number is 2.8%
higher than in 2014

108. June2015
Ransomware

109. June
2015
BLOCKERS

110. CRYPTORS
June
2015

111. Stuxnet
Advanced Persistent Threats
Duqu
Gauss
Flame
MiniFlame
Kimsuky
NetTraveler
Winnti
Icefog
RedOctober
Miniduke
TeamSpy
Energetis Bear/
Crouching Yeti
Epic Turla
Careto/The Mask
Regin
CosmicDuke
Darkhotel
Spring Dragon
Satellite Turla
MsnMM
Campaigns
Darkhotel Part 2
Animal Farm
Equation
Desert Falcons
Carbanak
Sofacy
Hellsing
Naikon
Duqu 2.0
Blue Termite
Wild Neutron
We discover and dissect
the worlds most
sophisticated malware

112. HOW THE CARBANAK CYBERGANG STOLE $1bn
Carbanak sent
backdoor as an
attachment
Bank employee
Emails with exploits
Credentials stolen
100s of machines infected
In search of admin PC
Admin
REC
CASH
TRANSFER
SYSTEMS
1. Infection 2. Harvesting Intelligence
Intercepting the clerk’s screen
3. Mimicking the staff
How the money was stolen
Online – Banking
Money was transferred to the
fraudsters accounts
E- Payment Systems
Money was transferred to banks in
China and the US
A targeted attack on a bank
Inflated account balances
The extra funds were pocketed via a
fraudulent transaction
Inflated account balances
The extra funds were pocketed via a
fraudulent transaction
Controlling ATMS
Orders to dispense cash at a pre-
determined time

113. MAC MALWARE
In 2012, the flashback botnet was
discovers, consisting of 700,000
computers all running under
MAC OSX
Cybercriminals repeatedly use
MAC malware when launching
targeted attacks
MACs can unknowingly pass PC
malware onto PCs in your
network

114. MAC MALWARE
0
5000
10000
15000
20000
25000
30000
2003200520072009201120132015
Malware
Malware
Since 2012 the proportion of
adware on OSX has increased
fivefold
Kaspersky Lab recorded almost
6 million unique attacks on MAC
devices in 2015
x5
There are more then 24,000
sample of malicious OSX files in
Kaspersky Lab’s collection

115. MOBILE MALWARE
0
200000
400000
600000
800000
1000000
1200000
1400000
1600000
Q12011
Q32011
Q12012
Q32012
Q12013
Q32013
Q12014
Q32014
Q12015
Q32015
Malware
Malware

116. MOBILE MALWARE
Sales
Adware
RiskTool

117. • Evaluate the risks
• Patch OS and applications
• Mange your network
• Secure your systems
 Multi-layered protection
 Not just endpoints
 Default-Deny
 Encrypt
 Don’t forget mobile
• Educate staff
RIGHT NOW

118. • Stop fire fighting
 Create a strategy
• It’s bigger than IT
• Delegate to experts
 Assessment
 Incident response
 Analysis
TOMORROW

119. • ‘The end of APTs’
• Alternative payment systems and stock exchange
• Sabotage, extortion and shame
• Ransomware
• Trusted resources
• From ‘APT-as-a-Service’ to ‘Access-as-a-service’
• Balkanisation
• Transportation
• ‘Crypto-apocalypse
FUTURE PROSPECTS

120. THANK YOU

121. Closing keynote address
Vicki Gavin, Compliance Director, Head of
Business Continuity & Information Security
The Economist Group

122. Thank you.