The document discusses the evolving cyber threat landscape and emphasizes the necessity of cybersecurity resilience due to increasing vulnerabilities and sophisticated attacks. Key themes include the importance of preparation, detection, response, and recovery strategies against cyber threats, with a focus on training personnel to recognize risks. Additionally, it advocates for adapting security measures to prioritize detection and response rather than solely prevention.

1. The 2018 Threatscape
Peter Wood
Chief Executive Officer
First Base Technologies LLP
Cyber clairvoyance and divination

2. Founder and CEO - First Base Technologies LLP
• Engineer, IT and informationsecurity professional since 1969
• Fellow of the BCS, Chartered IT Professional
• CISSP
• Member of the Institute of Information Security Professionals
• 15 Year+ Member of ISACA, ISACA Security Advisory Group
• Senior Member of the InformationSystems Security Association
• Founder of white-hats.co.uk
• Member of ACM, IEEE, Institute of Directors, Mensa

3. Cyber Resilience Threat and Risk Cyber Awareness
Managed Services Penetration Testing Compliance Testing

4. Slide 4 © First Base Technologies 2017
The Threatscape and me:
a short history

5. Slide 5 © First Base Technologies 2017
1950’s

6. Slide 6 © First Base Technologies 2017
1970’s

7. Slide 7 © First Base Technologies 2017
1980’s

8. Slide 8 © First Base Technologies 2017
1990’s
1992: Bulgarian virus writer Dark Avenger writes a polymorphic virus to circumvent antivirus
pattern recognition
1994: Russian crackers siphon $10 million from Citibank and transfer the money to bank
accounts around the world
1994: AOHell allows ‘script kiddies’to wreak havoc on America Online with multi-megabyte
email bombs and spam
1995: Hackers attempt to break into Department of Defense computer files 250,000 times -
about 65% were successful
1996: Hackers alter the websites of the United States Department of Justice, the CIA and the
U.S. Air Force
1996: Canadian hackers Brotherhood break into the Canadian Broadcasting Corporation

9. Slide 9 © First Base Technologies 2017
Let’s jump ahead to today …

10. Slide 10 © First Base Technologies 2017
The perceived attack surface
Cisco 2017 AnnualCybersecurity Report

11. Slide 11 © First Base Technologies 2017
Ransomware
(user behaviour)
2016 was The Year of Ransomware …
and so was 2017
752% increase over 2015
Ransomware families jumped from 29 to
247
TrendLabs 2016 Annual Security Roundup

12. Slide 12 © First Base Technologies 2017
Business Email Compromise
(user behaviour)
Spoof CxO email requesting payment to
fake account
Average loss $140,000
Leoni AG lost $44.6m
BEC increasing rapidly
TrendLabs 2016 Annual Security Roundup

13. Slide 13 © First Base Technologies 2017
Mobile Malware
(mobile devices)
More than 1.5 million new mobile malware incidents
in Q1 2017
Total of more than 16 million incidents
79% of respondents report increased difficulty in
securing devices
McAfee Labs June 2017 Threat Report

14. Slide 14 © First Base Technologies 2017
The bigger picture …

15. Slide 15 © First Base Technologies 2017
2017 Threat Actors
https://www.recordedfuture.com/prioritizing-cyber-threats/

16. Slide 16 © First Base Technologies 2017
2017 Kill Chain
What was advanced is now
average
• Well planned, strategic approach
• Automation assisted manual attacks
• Social engineering, especially
phishing
• Sophisticated malware
• Clear objectives
• Lots of resources

17. Slide 17 © First Base Technologies 2017
There is no silver bullet
Known • Predictable • Unknown • Unpredictable • Uncertain • Unexpected

18. Slide 18 © First Base Technologies 2017
People remain vulnerable
Finding 1: 3,066 employees clicked on a link in a phishing email, and 2,398 users entered their username and password.
Finding 2: An analysis of the compromised passwords from email phishing campaigns revealed single word-based passwords
and 72% of passwords being 10 characters or less in length.
Threat Assessment: Email phishing is the most prevalent cyber security threat to organisations. Passwords harvested grant the
attacker access to external services such as VPNs, OWA and Cloud Services.
Impact: Gaining access to these services can provide an attacker with full, undetected, authenticated access to your data.

19. Slide 19 © First Base Technologies 2017
Single-factor authentication may not be your
best choice
• We cracked 48% of 9,569 passwords
• 98% of these passwords were cracked within
two hours
• The remaining 2% were cracked over the
course of one week
Passwords remain vulnerable

20. Slide 20 © First Base Technologies 2017
Cyber clairvoyance and divination

21. Slide 21 © First Base Technologies 2017
My crystal ball is broken - sorry

22. Slide 22 © First Base Technologies 2017
But what I suggest is …
More of the same (Known and Predictable)
Plus a whole bunch of:
• Unknown
• Unpredictable
• Uncertain
• Unexpected

23. Slide 23 © First Base Technologies 2017
Gartner says …
Take the money you’re spending on prevention and begin to drive it more equitably to detection and response. The truth is that
you won’t be able to stop every threat and you need to get over it.
A dedicated, well-financed actor who is after something in your enterprise is going to get it, even if they use the weakest link,
people, to do so.
This means adapting your security setup to focus on detection, response, and remediation. That’s where the cybersecurity fight
is today.
In the future it will most likely move to prediction of what’s coming before anything happens.
Earl Perkins, research vice president, during the Gartner Security & Risk Management Summit2017
https://www.gartner.com/smarterwithgartner/5-trends-in-cybersecurity-for-2017-and-2018/

24. Slide 24 © First Base Technologies 2017
The ISF view on cyber resilience
ISF Cyber Security Strategies: Achieving cyber resilience, November 2011

25. Slide 25 © First Base Technologies 2017
The Cyber Resilience Manifesto
To withstand negative impacts due to known, predictable, unknown, unpredictable, uncertain and unexpected
threats from activities in cyberspace
Minimise the cost of controls, responses and other cyber resilience activities, relative to the spend needed to
minimise the cost of negative impacts from activities in cyberspace
Cyber security is a key element of being resilient, but you must recognise that it goes far beyond just technical
measures, embracing people, processes, and technology

26. Slide 26 © First Base Technologies 2017
Key Focus
• Recognise that you must prepare now to deal with severe impacts from cyber threats that cannot be
predicted or prevented
• Invest in very high levels of partnering and collaboration, including external collaboration (with ISPs,
intelligence agencies, industry groups, security analysts, customers and supply chains), and internal
collaboration throughout the organisation
• Develop the agility to prevent, detect and respond quickly and effectively, not just to incidents, but also to
the consequences of the incidents

27. Slide 27 © First Base Technologies 2017
Five pillars of Cyber Resilience
Prepare /
Identify
Protect Detect Respond Recover
Known • Predictable • Unknown • Unpredictable • Uncertain • Unexpected
• Known
• Predictable
• Known
• Predictable
• Uncertain
• Unexpected
• Known
• Predictable
• Unknown?
• Unpredictable?
• Uncertain
• Unexpected
• Known
• Predictable
• Unknown
• Unpredictable
• Uncertain
• Unexpected

28. Slide 28 © First Base Technologies 2017
Prepare / Identify
To successfully face and overcome an attack, you must thoroughly understand your organisation’s security and
risk posture
This means painstakingly identifying your vital information, conducting an assessment that includes all known
security vulnerabilities, and establishing a baseline which you will compare with your peers
Prepare /
Identify
Protect Detect Respond Recover

29. Slide 29 © First Base Technologies 2017
Protect
The second pillar is about implementing safeguards to limit or contain the impact of an attack or breach
Your goal is to protect your infrastructure and data from malicious attack and accidental exposure
All three areas - people, processes, and technology - are important to your protection
Prepare /
Identify
Protect Detect Respond Recover

30. Slide 30 © First Base Technologies 2017
Detect
The Detect pillar focuses on developing activities to rapidly identify an attack or a breach, assess the systems that
may be affected, and ensure a timely response
To effectively minimise any damage, you must have the necessary detection and response policies, processes,
and technologies in place
Prepare /
Identify
Protect Detect Respond Recover

31. Slide 31 © First Base Technologies 2017
Respond
The Respond pillar addresses activities that accelerate remediation and contain the impact of an attack once
detected
Whilst there are many solutions and services available to help, much of what is needed involves people and
processes internal to your business
Prepare /
Identify
Protect Detect Respond Recover

32. Slide 32 © First Base Technologies 2017
Recover
This stage involves developing systems and plans to restore data and services after an attack
Even if you respond quickly to a cyber breach, there may be consequences for people, processes and systems.
An effective recovery depends on a clear and thorough recovery plan.
Prepare /
Identify
Protect Detect Respond Recover

33. Slide 33 © First Base Technologies 2017
Invest in your human firewall
• Train your staff to recognise social
engineering attacks
• Explain the why and how of passphrases
• Invest in continual awareness campaigns
• Use every medium available to spread the
word
Priority: Enable your best defence

34. peter@firstbase.co.uk
http://firstbase.co.uk
twitter: @FBTechies
More information?
Peter Wood
Chief Executive Officer
First Base Technologies LLP