SlideShare a Scribd company logo

The importance of Cybersecurity

B
Benoit Callebaut

An introductory overview of cybersecurity covering technical and non-technical aspects of cybersecurity. We define what is cybersecurity, we talk about risks and impacts of a cybersecurity breach and present means to avoid it both in term of regulations (Common criteria, FIPS, ...). We continue with technology and some cryptography and we finish by some fact numbers.

Software
1 of 36
Download to read offline
THE IMPORTANCE OF CYBERSECURITY 26/05/2021
www.nalys-group.com INTRODUCTION
www.nalys-group.com WHAT IS CYBERSECURITY Protection of computer systems from information disclosure, theft or damage to their hardware, software, or electronic data as well as from disruption or misdirection of the service they provide. ( Wikipedia ) Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com WHAT IS IT NOT • Protection of the personal data privacy ➔ Privacy ➔ GDPR • Data Availability in case of an accident ➔ Business continuity • Make sure your servers are always online ➔ Reliability and redundancy • Make sure your system always behave correctly ➔ Safety Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com IOT PERSPECTIVE Safety Protecting the user of the device. Ex: Your car or plane may not crash even if it experiences issues Security Protecting the device from the malicious user Ex: One try to inject a virus into your phone while clicking on a web page. Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com THE GRAY ZONE The brake control software in your car must be: • Bug free • Not be upgradable by anybody … to avoid breaking its safety features Introduction When it goes wrong Technical side Facts numbers Conclusion Safety Security If there is water in you washing machine, the door must stay locked Your locker may only be opened with your key, so your belongings are safe
www.nalys-group.com CYBERSECURITY AND OTHER CONCERNS Cybersecurity is part of a global set of concerns that at the end aims at making sure that : • Your personal data can only be accessed and modified by you or somebody you trust • The system you use always behaves as specified Introduction When it goes wrong Technical side Facts numbers Conclusion Cybersecurity Reliability Privacy Safety
www.nalys-group.com WHEN IT GOES WRONG
www.nalys-group.com IMPACT OF A CYBERSECURITY ACCIDENT • Low impact : You don’t notice or you are only annoyed o Ex: Viruses, zombie machines (parasitism) • High impact : There is a financial or social damage o Ex: everybody knows you have a mistress/ see you naked o Ex: Ransomware, Bitcoin Heist… • Life threatening : Lives are at stake o Ex : F-35 hack target identification compromised o Ex : Ransomware attack on german hospital caused death
www.nalys-group.com HACKERS : MEN IN BLACK OR MEN IN WHITE White hats or Ethical hackers. They are paid to find the vulnerabilities in your infrastructure Black hats or the « bad guys » They do that for money or to cause damages. Sometimes they even work for the state They both like to party DEFCON and BlackHat convention is the place to be to learn about the hot topics in term of cybersecurity (like how to hack your Tesla)
www.nalys-group.com CERT Computer Emergency Response Team Team in a company responsible to monitor attacks and to respond to them as fast as possible, limiting the damages caused. Examples: o Cert.be for Belgium o CERT-EU : for Europe and NATO has also one o US-CERT Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com ATTACK TYPES Common attacks • Social engineering : trick people into give you information of somebody else • Viruses : Tojan, worms, ransomware... • Denial of Service / Brute force : using Botnet • Targetted attacks : StuxNet…  typically performed by states. Side channel attacks • DPA : Differential Power Attacks • Statistical time analysis • Probing using EM probes or microscopes… Stealing company secrets (blueprints…) Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com SECURITY STANDARDS National Security and Militrary o Common Criteria : Regulates how to develop secure IT products ▪ Ex: RedHaT, MacOSX, TPM 2 chips, MySQL, Oracle DB… o Tempest : regulation about electromagnetic emissions Industry specific standards o Payment : PCI-DSS o CCNA, CompTIA o ANSI Coding rules, o OWASP… Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com THE TECHNICAL SIDE
www.nalys-group.com INTRODUCTION • Requirements :Target of Evaluation in Common Criteria… • Cryptography : algorithms and procedures • Concepts : need to know, layered security, access control… • Technologies : TLS, TPM 2.0, TrustZone… Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com COMMON CRITERIA • Target of Evaluation (ToE) : What are ou protecting • Protection Profile (PP) : Defines threats, roles, security objectives, SFR,SAR… • Security Target : describe the security problem and “how” to address it. • Security functional requirement : requirements about security • Security Assurance requirements : number : how strict are you ➔ Define an Evaluation Assurance Level Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com CONCEPTS – LAYERED PROTECTION Introduction When it goes wrong Technical side Facts numbers Conclusion Hardware Chips. Ex:TPM 2 Board Mechanics Detect physical intrusion DPA, probing Operating System Libraries Filesystem/Data Access rights Network Application
www.nalys-group.com CONCEPTS – LAYERED PROTECTION Introduction When it goes wrong Technical side Facts numbers Conclusion Each security layer protects against the flaws of the previous layer
www.nalys-group.com TPM 2.0 – THE SECURITY CHIP INSIDE YOUR PC • X86 processors have no HW security features • UEFI starts without any security • The TPM 2.0 is unable to verify if a request is made by a trusted party. • The TPM 2.0 sees only « The Processor » • UEFI + TPM 2.0 security can be fooled o Managment engine o Malicious code in other HW subsystems Introduction When it goes wrong Technical side Facts numbers Conclusion TPM 2.0 Chip Secure VAULT Crypto Engine X86 Processor  Unencrypted link  No string authentication UEFI Settings
www.nalys-group.com TPM 2.0 – THE SECURITY CHIP INSIDE YOUR PC • System is vulnerable before and during UEFI boot process • Prevent installation of SW not signed by Microsoft (or Apple if you have a Mac) Consequence • It doesn’t protect your privacy • It doesn’t protect you from any malicious program It has nothing to do with cybersecurity Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com TRUSTZONE Hardware and Software Solution • Hardware o Virtual second core with segregation of memory accesses o HW vendor specific additions to provide end to end solution • Software o OP-Tee : secure firmware o TF-A : secure pre-bootloader that initialize the TrustZone Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com
www.nalys-group.com TRUSTZONE - SOFTWARE
www.nalys-group.com TRUSTZONE -SOFTWARE
www.nalys-group.com CRYPTOGRAPHY • Confidentiality : encryption/decryption using a key o Key length is a measure of the algorithm strength • Authenticity: Use of certificates to authenticatethe user o Need a « Root of Trust » : Something/somebody that can tell you if the data are real • Integrity : Use of secure hashes. Impossible for a Man in the Middle to rebuild a correct hash without the correct key Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com SYMETRIC ENCRYPTION (DES – AES) Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com ASYMETRIC ENCRYPTION ( RSA - ECDA) Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com ASYMETRIC ENCRYPTION - PKI Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com FACT NUMBERS
www.nalys-group.com AN EXPLOSION OF POSSIBILITIES
www.nalys-group.com IOT FACTS AND NUMBERS • Revenue is $212 billion worldwide • 2020 : 20.4 billion IoT devices online – 2025 : 75 billion devices • 1 trillion dollar spent on IoT this year • 847 zettabytes (1021) of data generated Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com CYBERSECURITY FACTS AND NUMBERS • 10.5 trillion $ damage by 2025 • 1 trillion dollars spent on Cybersecurity this year • More than 400 Million user records stolen in 2020 • 50m$ -70m$ in ransomware • Bitcoins worth 530m$ stolen in 2019 Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com CONCLUSION
www.nalys-group.com • Cybersecurity carries a huge financial/social risk • Risk is growing exponentially – Follows the IoT trend • Must be taken into account during design phase • It will never be perfect – You will be hacked someday • Challenging technological problem • Even more challenging procedural problem Introduction When it goes wrong Technical side Facts numbers Conclusion
THANK YOU FOR YOUR ATTENTION 35
www.nalys-group.com CONTACT • Benoit Callebaut : bcallebaut@nalys-group.com • Ntech : ntech@nalys-group.com www.ntech-events.com

Recommended

Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
OoXair
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
Dave Monahan
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptx
ANIKETKUMARSHARMA3
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Ramiro Cid
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
mateenzero
 

Recommended

Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
OoXair
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
Dave Monahan
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptx
ANIKETKUMARSHARMA3
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Ramiro Cid
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
mateenzero
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amos
Amos Oyoo
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
AbdalrhmanTHassan
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
Edureka!
 
Cyber security
Cyber securityCyber security
Cyber security
Bhavin Shah
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
Radar Cyber Security
 
Cyber security
Cyber securityCyber security
Cyber security
Manjushree Mashal
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
Paige Rasid
 
Cyber security
Cyber securityCyber security
Cyber security
ChethanMp7
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
Jason Murray
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptx
kishore golla
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
Eng Hasan Shamroukh CISCO Exams Author
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
Mohammad Shakirul islam
 
Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employees
Priscila Bernardes
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
Dipesh Waghela
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ramiro Cid
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awareness
hubbargf
 
Cyber Security Seminar.pptx
Cyber Security Seminar.pptxCyber Security Seminar.pptx
Cyber Security Seminar.pptx
DESTROYER39
 
cyber security
cyber securitycyber security
cyber security
abithajayavel
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
Michele Chubirka
 
Network Security Tools and applications
Network Security Tools and applicationsNetwork Security Tools and applications
Network Security Tools and applicationswebhostingguy
 

More Related Content

What's hot

Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amos
Amos Oyoo
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
AbdalrhmanTHassan
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
Edureka!
 
Cyber security
Cyber securityCyber security
Cyber security
Bhavin Shah
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
Radar Cyber Security
 
Cyber security
Cyber securityCyber security
Cyber security
Manjushree Mashal
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
Paige Rasid
 
Cyber security
Cyber securityCyber security
Cyber security
ChethanMp7
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
Jason Murray
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptx
kishore golla
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
Eng Hasan Shamroukh CISCO Exams Author
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
Mohammad Shakirul islam
 
Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employees
Priscila Bernardes
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
Dipesh Waghela
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ramiro Cid
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awareness
hubbargf
 
Cyber Security Seminar.pptx
Cyber Security Seminar.pptxCyber Security Seminar.pptx
Cyber Security Seminar.pptx
DESTROYER39
 
cyber security
cyber securitycyber security
cyber security
abithajayavel
 

What's hot (20)

Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amos
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptx
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employees
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awareness
 
Cyber Security Seminar.pptx
Cyber Security Seminar.pptxCyber Security Seminar.pptx
Cyber Security Seminar.pptx
 
cyber security
cyber securitycyber security
cyber security
 

Similar to The importance of Cybersecurity

Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
Michele Chubirka
 
Network Security Tools and applications
Network Security Tools and applicationsNetwork Security Tools and applications
Network Security Tools and applicationswebhostingguy
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015
Claus Cramon Houmann
 
IDC Security 2014, Endpoint Security in Depth
IDC Security 2014, Endpoint Security in DepthIDC Security 2014, Endpoint Security in Depth
IDC Security 2014, Endpoint Security in Depth
Ken Tulegenov
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Michele Chubirka
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
Claus Cramon Houmann
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware Analysis
Ramin Farajpour Cami
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to Hacking
Rishabha Garg
 
Ecommerce Security
Ecommerce SecurityEcommerce Security
Ecommerce Security
Rebecca Jones
 
Prevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability ScannerPrevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability Scanner
GFI Software
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security Environments
Joe McCray
 
LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9Amanda Case
 
Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)Tim Wright
 
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
centralohioissa
 
AktaionPPTv5_JZedits
AktaionPPTv5_JZeditsAktaionPPTv5_JZedits
AktaionPPTv5_JZeditsRod Soto
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2
Claus Cramon Houmann
 

Similar to The importance of Cybersecurity (20)

Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
 
Network Security Tools and applications
Network Security Tools and applicationsNetwork Security Tools and applications
Network Security Tools and applications
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015
 
IDC Security 2014, Endpoint Security in Depth
IDC Security 2014, Endpoint Security in DepthIDC Security 2014, Endpoint Security in Depth
IDC Security 2014, Endpoint Security in Depth
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware Analysis
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to Hacking
 
Ecommerce Security
Ecommerce SecurityEcommerce Security
Ecommerce Security
 
Prevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability ScannerPrevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability Scanner
 
SecurityOperations
SecurityOperationsSecurityOperations
SecurityOperations
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security Environments
 
LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9
 
Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)
 
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
 
Security technology
Security technologySecurity technology
Security technology
 
Super1
Super1Super1
Super1
 
AktaionPPTv5_JZedits
AktaionPPTv5_JZeditsAktaionPPTv5_JZedits
AktaionPPTv5_JZedits
 
Regan, Keller, SF State Securing the vendor mr&ak
Regan, Keller, SF State Securing the vendor mr&akRegan, Keller, SF State Securing the vendor mr&ak
Regan, Keller, SF State Securing the vendor mr&ak
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2
 

Recently uploaded

Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
Cyanic lab
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
Paco van Beckhoven
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2
 
Visitor Management System in India- Vizman.app
Visitor Management System in India- Vizman.appVisitor Management System in India- Vizman.app
Visitor Management System in India- Vizman.app
NaapbooksPrivateLimi
 
Using IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New ZealandUsing IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New Zealand
IES VE
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
takuyayamamoto1800
 
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
XfilesPro
 
Designing for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesDesigning for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web Services
KrzysztofKkol1
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Globus
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Globus
 
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Hivelance Technology
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
Juraj Vysvader
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
Globus
 
Advanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should KnowAdvanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should Know
Peter Caitens
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus
 
Software Testing Exam imp Ques Notes.pdf
Software Testing Exam imp Ques Notes.pdfSoftware Testing Exam imp Ques Notes.pdf
Software Testing Exam imp Ques Notes.pdf
MayankTawar1
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Shahin Sheidaei
 
Corporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMSCorporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMS
Tendenci - The Open Source AMS (Association Management Software)
 

Recently uploaded (20)

Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
Visitor Management System in India- Vizman.app
Visitor Management System in India- Vizman.appVisitor Management System in India- Vizman.app
Visitor Management System in India- Vizman.app
 
Using IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New ZealandUsing IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New Zealand
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
 
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
 
Designing for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesDesigning for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web Services
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
 
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
 
Advanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should KnowAdvanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should Know
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
 
Software Testing Exam imp Ques Notes.pdf
Software Testing Exam imp Ques Notes.pdfSoftware Testing Exam imp Ques Notes.pdf
Software Testing Exam imp Ques Notes.pdf
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
 
Corporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMSCorporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMS
 

The importance of Cybersecurity

  • 3. www.nalys-group.com WHAT IS CYBERSECURITY Protection of computer systems from information disclosure, theft or damage to their hardware, software, or electronic data as well as from disruption or misdirection of the service they provide. ( Wikipedia ) Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 4. www.nalys-group.com WHAT IS IT NOT • Protection of the personal data privacy ➔ Privacy ➔ GDPR • Data Availability in case of an accident ➔ Business continuity • Make sure your servers are always online ➔ Reliability and redundancy • Make sure your system always behave correctly ➔ Safety Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 5. www.nalys-group.com IOT PERSPECTIVE Safety Protecting the user of the device. Ex: Your car or plane may not crash even if it experiences issues Security Protecting the device from the malicious user Ex: One try to inject a virus into your phone while clicking on a web page. Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 6. www.nalys-group.com THE GRAY ZONE The brake control software in your car must be: • Bug free • Not be upgradable by anybody … to avoid breaking its safety features Introduction When it goes wrong Technical side Facts numbers Conclusion Safety Security If there is water in you washing machine, the door must stay locked Your locker may only be opened with your key, so your belongings are safe
  • 7. www.nalys-group.com CYBERSECURITY AND OTHER CONCERNS Cybersecurity is part of a global set of concerns that at the end aims at making sure that : • Your personal data can only be accessed and modified by you or somebody you trust • The system you use always behaves as specified Introduction When it goes wrong Technical side Facts numbers Conclusion Cybersecurity Reliability Privacy Safety
  • 9. www.nalys-group.com IMPACT OF A CYBERSECURITY ACCIDENT • Low impact : You don’t notice or you are only annoyed o Ex: Viruses, zombie machines (parasitism) • High impact : There is a financial or social damage o Ex: everybody knows you have a mistress/ see you naked o Ex: Ransomware, Bitcoin Heist… • Life threatening : Lives are at stake o Ex : F-35 hack target identification compromised o Ex : Ransomware attack on german hospital caused death
  • 10. www.nalys-group.com HACKERS : MEN IN BLACK OR MEN IN WHITE White hats or Ethical hackers. They are paid to find the vulnerabilities in your infrastructure Black hats or the « bad guys » They do that for money or to cause damages. Sometimes they even work for the state They both like to party DEFCON and BlackHat convention is the place to be to learn about the hot topics in term of cybersecurity (like how to hack your Tesla)
  • 11. www.nalys-group.com CERT Computer Emergency Response Team Team in a company responsible to monitor attacks and to respond to them as fast as possible, limiting the damages caused. Examples: o Cert.be for Belgium o CERT-EU : for Europe and NATO has also one o US-CERT Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 12. www.nalys-group.com ATTACK TYPES Common attacks • Social engineering : trick people into give you information of somebody else • Viruses : Tojan, worms, ransomware... • Denial of Service / Brute force : using Botnet • Targetted attacks : StuxNet…  typically performed by states. Side channel attacks • DPA : Differential Power Attacks • Statistical time analysis • Probing using EM probes or microscopes… Stealing company secrets (blueprints…) Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 13. www.nalys-group.com SECURITY STANDARDS National Security and Militrary o Common Criteria : Regulates how to develop secure IT products ▪ Ex: RedHaT, MacOSX, TPM 2 chips, MySQL, Oracle DB… o Tempest : regulation about electromagnetic emissions Industry specific standards o Payment : PCI-DSS o CCNA, CompTIA o ANSI Coding rules, o OWASP… Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 15. www.nalys-group.com INTRODUCTION • Requirements :Target of Evaluation in Common Criteria… • Cryptography : algorithms and procedures • Concepts : need to know, layered security, access control… • Technologies : TLS, TPM 2.0, TrustZone… Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 16. www.nalys-group.com COMMON CRITERIA • Target of Evaluation (ToE) : What are ou protecting • Protection Profile (PP) : Defines threats, roles, security objectives, SFR,SAR… • Security Target : describe the security problem and “how” to address it. • Security functional requirement : requirements about security • Security Assurance requirements : number : how strict are you ➔ Define an Evaluation Assurance Level Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 17. www.nalys-group.com CONCEPTS – LAYERED PROTECTION Introduction When it goes wrong Technical side Facts numbers Conclusion Hardware Chips. Ex:TPM 2 Board Mechanics Detect physical intrusion DPA, probing Operating System Libraries Filesystem/Data Access rights Network Application
  • 18. www.nalys-group.com CONCEPTS – LAYERED PROTECTION Introduction When it goes wrong Technical side Facts numbers Conclusion Each security layer protects against the flaws of the previous layer
  • 19. www.nalys-group.com TPM 2.0 – THE SECURITY CHIP INSIDE YOUR PC • X86 processors have no HW security features • UEFI starts without any security • The TPM 2.0 is unable to verify if a request is made by a trusted party. • The TPM 2.0 sees only « The Processor » • UEFI + TPM 2.0 security can be fooled o Managment engine o Malicious code in other HW subsystems Introduction When it goes wrong Technical side Facts numbers Conclusion TPM 2.0 Chip Secure VAULT Crypto Engine X86 Processor  Unencrypted link  No string authentication UEFI Settings
  • 20. www.nalys-group.com TPM 2.0 – THE SECURITY CHIP INSIDE YOUR PC • System is vulnerable before and during UEFI boot process • Prevent installation of SW not signed by Microsoft (or Apple if you have a Mac) Consequence • It doesn’t protect your privacy • It doesn’t protect you from any malicious program It has nothing to do with cybersecurity Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 21. www.nalys-group.com TRUSTZONE Hardware and Software Solution • Hardware o Virtual second core with segregation of memory accesses o HW vendor specific additions to provide end to end solution • Software o OP-Tee : secure firmware o TF-A : secure pre-bootloader that initialize the TrustZone Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 25. www.nalys-group.com CRYPTOGRAPHY • Confidentiality : encryption/decryption using a key o Key length is a measure of the algorithm strength • Authenticity: Use of certificates to authenticatethe user o Need a « Root of Trust » : Something/somebody that can tell you if the data are real • Integrity : Use of secure hashes. Impossible for a Man in the Middle to rebuild a correct hash without the correct key Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 26. www.nalys-group.com SYMETRIC ENCRYPTION (DES – AES) Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 27. www.nalys-group.com ASYMETRIC ENCRYPTION ( RSA - ECDA) Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 28. www.nalys-group.com ASYMETRIC ENCRYPTION - PKI Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 31. www.nalys-group.com IOT FACTS AND NUMBERS • Revenue is $212 billion worldwide • 2020 : 20.4 billion IoT devices online – 2025 : 75 billion devices • 1 trillion dollar spent on IoT this year • 847 zettabytes (1021) of data generated Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 32. www.nalys-group.com CYBERSECURITY FACTS AND NUMBERS • 10.5 trillion $ damage by 2025 • 1 trillion dollars spent on Cybersecurity this year • More than 400 Million user records stolen in 2020 • 50m$ -70m$ in ransomware • Bitcoins worth 530m$ stolen in 2019 Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 34. www.nalys-group.com • Cybersecurity carries a huge financial/social risk • Risk is growing exponentially – Follows the IoT trend • Must be taken into account during design phase • It will never be perfect – You will be hacked someday • Challenging technological problem • Even more challenging procedural problem Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 35. THANK YOU FOR YOUR ATTENTION 35
  • 36. www.nalys-group.com CONTACT • Benoit Callebaut : bcallebaut@nalys-group.com • Ntech : ntech@nalys-group.com www.ntech-events.com