SlideShare una empresa de Scribd logo

Cybersecurity 3 cybersecurity costs and causes

Descargar como PPTX, PDF
S
sommerville-videos

Explains why it is difficult to estimate the costs of cyberattacks and discusses some fundamental causes for cybersecurity vulnerabilities

Tecnología
1 de 28
Cybersecurity: costs and causes Introduction to cybersecurity, 2013 Slide 1
The cybersecurity problem • How big a problem is cybersecurity for individuals, businesses and nations? • Why is it difficult to make networked systems secure? Introduction to cybersecurity, 2013 Slide 2
The scale of the problem • It’s a big problem • How big ? We really do not know • Many surveys on cyber-security related losses but very wide variations and different methodologies Introduction to cybersecurity, 2013 Slide 3
Individuals • Cyber fraud • Identity theft • Cyber bullying and cyber stalking Introduction to cybersecurity, 2013 Slide 4
© The Guardian 2013 Introduction to cybersecurity, 2013 Slide 5
Introduction to cybersecurity, 2013 Slide 6
Businesses • Differing estimates: – The extent of losses depends on how these losses are measured and what data is collected • Industry reluctant to release figures but when they do, they tend to overvalue assets Introduction to cybersecurity, 2013 Slide 7
© The Scotsman 2013 © deadline.co.uk 2012 Introduction to cybersecurity, 2013 Slide 8
© The IET 2013 Introduction to cybersecurity, 2013 Slide 9
Nations • Cyberattacks on critical infrastructures are seen as a critical economic risk by all countries • Significant resources now being devoted to cyberdefence Introduction to cybersecurity, 2013 Slide 10
© Wall Street Journal, 2013 Introduction to cybersecurity, 2013 Slide 11
Introduction to cybersecurity, 2013 © World Affairs Journal 2013 Slide 12
• Why has cybersecurity become such a major problem – Scale and ubiquity of the internet – Lower level of physical risk to criminals – Fundamental business and technical reasons for insecurity Introduction to cybersecurity, 2013 Slide 13
Business reasons • Connection of computers to the internet can cut costs, improve the efficiency and responsiveness of business processes and open up new opportunities for interaction. Therefore business has focused on connectivity rather than security Introduction to cybersecurity, 2013 Slide 14
• Security is inconvenient and slows down transactions. Businesses have decided to prioritise convenience and usability over security. • Accepting the cost of losses through cyber fraud may be a cost-effective strategy Introduction to cybersecurity, 2013 Slide 15
Internet vulnerabilities • The Internet was invented in the 1970s as a network between organisations that were trustworthy and which trusted each other • The information maintained on their computers was non-commercial and not thought to be of interest to others Introduction to cybersecurity, 2013 Slide 16
• Consequently, security was not a factor in the design of internet protocols, practices and equipment. • Security slows things down so efficiency was prioritized Introduction to cybersecurity, 2013 Slide 17
• These protocols made it easy for the Internet to be universally adopted in the 1990s • However, the problems can only be properly addressed by a complete redesign of Internet protocols, which is probably commercially impractical. Introduction to cybersecurity, 2013 Slide 18
Internet vulnerabilities • Unencypted traffic by default • Packets can be intercepted and the contents read by anyone who intercepts these packets Introduction to cybersecurity, 2013 Slide 19
Internet vulnerabilities • DNS system – Possible to divert traffic from legitimate to malicious addresses – Easy to hide where traffic has come from • Domain name servers vulnerable to DoS attacks Introduction to cybersecurity, 2013 Slide 20
Internet vulnerabilities • Mail protocol – No charging mechanism for mail – Hence spam is possible Introduction to cybersecurity, 2013 Slide 21
Technology is not the only problem • Internet vulnerabilities make possible some kinds of cyber-attack but it is important to remember that cybersecurity is a socio-technical systems problem • Problems almost always stem from a mix of technical, human and Introduction to cybersecurity, 2013 Slide 22
Risk classification • Risks due to actions of people • Risks due to hardware or software • Risks due to organisational processes Introduction to cybersecurity, 2013 Slide 23
Actions of people • Deliberate or accidental exposure of legitimate credentials to attackers • Failure to maintain secure personal computers and devices Introduction to cybersecurity, 2013 Slide 24
• Insider corruption or theft of data • Preference for convenience and usability over security – Weak passwords set because they are easy to remember and quick to type Introduction to cybersecurity, 2013 Slide 25
Hardware and software • Misconfigured firewalls and mail filters • Programming errors and omissions in software lead to malicious penetration – Buffer overflow attacks – SQL poisoning attacks Introduction to cybersecurity, 2013 Slide 26
Organisational processes • No established process and checks for updating and patching software • Lack of security auditing • Lack of systematic backup processes Introduction to cybersecurity, 2013 Slide 27
Summary • Cyber attacks are a major cost for business, government and individuals. But quantifying this cost is difficult. – The Internet was not designed as a secure network and making it secure is practically impossible – To make systems useable, people take actions that introduce vulnerabilities into sociotechnical systems. Introduction to cybersecurity, 2013 Slide 28

Recomendados

Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecuritysommerville-videos
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causessommerville-videos
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issuesommerville-videos
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
Infrastructure resilience
Infrastructure resilienceInfrastructure resilience
Infrastructure resiliencesommerville-videos
 
Bl cybersecurity z_dooly
Bl cybersecurity z_doolyBl cybersecurity z_dooly
Bl cybersecurity z_doolyzdooly
 
What every executive needs to know about information technology security
What every executive needs to know about information technology securityWhat every executive needs to know about information technology security
What every executive needs to know about information technology securityLegal Services National Technology Assistance Project (LSNTAP)
 
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNorth Texas Chapter of the ISSA
 

Recomendados

Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecuritysommerville-videos
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causessommerville-videos
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issuesommerville-videos
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
Infrastructure resilience
Infrastructure resilienceInfrastructure resilience
Infrastructure resiliencesommerville-videos
 
Bl cybersecurity z_dooly
Bl cybersecurity z_doolyBl cybersecurity z_dooly
Bl cybersecurity z_doolyzdooly
 
What every executive needs to know about information technology security
What every executive needs to know about information technology securityWhat every executive needs to know about information technology security
What every executive needs to know about information technology securityLegal Services National Technology Assistance Project (LSNTAP)
 
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNorth Texas Chapter of the ISSA
 
Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Donald E. Hester
 
Cyber Security # Lec 4
Cyber Security # Lec 4 Cyber Security # Lec 4
Cyber Security # Lec 4 Kabul Education University
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2Marneil Sanchez
 
Governance fail security fail
Governance fail security failGovernance fail security fail
Governance fail security failEnclaveSecurity
 
22 need-for-security
22 need-for-security22 need-for-security
22 need-for-securityAl Balqa Applied University
 
Cybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCimetrics Inc
 
Cybersecurity Training for Nonprofits
Cybersecurity Training for NonprofitsCybersecurity Training for Nonprofits
Cybersecurity Training for NonprofitsCommunity IT Innovators
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01ITNet
 
Cyber Security in the time of COVID -19
Cyber Security in the time of COVID -19Cyber Security in the time of COVID -19
Cyber Security in the time of COVID -19fingerprint.sh
 
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksIndustrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksPriyanka Aash
 
Computer security
Computer securityComputer security
Computer securityabdulrehman1673
 
information security technology
information security technologyinformation security technology
information security technologygarimasagar
 
Security & control in mis
Security & control in misSecurity & control in mis
Security & control in misVishal Patyal
 
ISTR XV
ISTR XVISTR XV
ISTR XVSymantec
 
Overload: Critical Lessons from 15 Years of ICS Vulnerabilities
Overload: Critical Lessons from 15 Years of ICS VulnerabilitiesOverload: Critical Lessons from 15 Years of ICS Vulnerabilities
Overload: Critical Lessons from 15 Years of ICS VulnerabilitiesTripwire
 
Career guide on cyber security
Career guide on cyber securityCareer guide on cyber security
Career guide on cyber securityavinashkumar1912
 
2010 State Of Enterprise Security
2010 State Of Enterprise Security2010 State Of Enterprise Security
2010 State Of Enterprise SecuritySymantec
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesWAJAHAT IQBAL
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issuesommerville-videos
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecuritysommerville-videos
 
Infrastructure dependability
Infrastructure dependabilityInfrastructure dependability
Infrastructure dependabilitysommerville-videos
 

Más contenido relacionado

La actualidad más candente

Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Donald E. Hester
 
Governance fail security fail
Governance fail security failGovernance fail security fail
Governance fail security failEnclaveSecurity
 
Cybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCimetrics Inc
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01ITNet
 
Cyber Security in the time of COVID -19
Cyber Security in the time of COVID -19Cyber Security in the time of COVID -19
Cyber Security in the time of COVID -19fingerprint.sh
 
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksIndustrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksPriyanka Aash
 
information security technology
information security technologyinformation security technology
information security technologygarimasagar
 
Security & control in mis
Security & control in misSecurity & control in mis
Security & control in misVishal Patyal
 
Overload: Critical Lessons from 15 Years of ICS Vulnerabilities
Overload: Critical Lessons from 15 Years of ICS VulnerabilitiesOverload: Critical Lessons from 15 Years of ICS Vulnerabilities
Overload: Critical Lessons from 15 Years of ICS VulnerabilitiesTripwire
 
Career guide on cyber security
Career guide on cyber securityCareer guide on cyber security
Career guide on cyber securityavinashkumar1912
 
2010 State Of Enterprise Security
2010 State Of Enterprise Security2010 State Of Enterprise Security
2010 State Of Enterprise SecuritySymantec
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesWAJAHAT IQBAL
 

La actualidad más candente (19)

Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001
 
Cyber Security # Lec 4
Cyber Security # Lec 4 Cyber Security # Lec 4
Cyber Security # Lec 4
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2
 
Governance fail security fail
Governance fail security failGovernance fail security fail
Governance fail security fail
 
22 need-for-security
22 need-for-security22 need-for-security
22 need-for-security
 
Cybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework Cimetrics
 
Cybersecurity Training for Nonprofits
Cybersecurity Training for NonprofitsCybersecurity Training for Nonprofits
Cybersecurity Training for Nonprofits
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01
 
Cyber Security in the time of COVID -19
Cyber Security in the time of COVID -19Cyber Security in the time of COVID -19
Cyber Security in the time of COVID -19
 
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksIndustrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & Frameworks
 
Computer security
Computer securityComputer security
Computer security
 
information security technology
information security technologyinformation security technology
information security technology
 
Security & control in mis
Security & control in misSecurity & control in mis
Security & control in mis
 
ISTR XV
ISTR XVISTR XV
ISTR XV
 
Overload: Critical Lessons from 15 Years of ICS Vulnerabilities
Overload: Critical Lessons from 15 Years of ICS VulnerabilitiesOverload: Critical Lessons from 15 Years of ICS Vulnerabilities
Overload: Critical Lessons from 15 Years of ICS Vulnerabilities
 
Career guide on cyber security
Career guide on cyber securityCareer guide on cyber security
Career guide on cyber security
 
2010 State Of Enterprise Security
2010 State Of Enterprise Security2010 State Of Enterprise Security
2010 State Of Enterprise Security
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practises
 

Destacado

Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issuesommerville-videos
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecuritysommerville-videos
 
Introduction to systems of systems
Introduction to systems of systemsIntroduction to systems of systems
Introduction to systems of systemssommerville-videos
 
Critical national infrastructure
Critical national infrastructureCritical national infrastructure
Critical national infrastructuresommerville-videos
 
Cybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurityCybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecuritysommerville-videos
 
System of systems classification
System of systems classificationSystem of systems classification
System of systems classificationsommerville-videos
 
Requirements engineering processes
Requirements engineering processesRequirements engineering processes
Requirements engineering processessommerville-videos
 

Destacado (20)

Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issue
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurity
 
Infrastructure dependability
Infrastructure dependabilityInfrastructure dependability
Infrastructure dependability
 
Infrastructure control
Infrastructure controlInfrastructure control
Infrastructure control
 
Introduction to systems of systems
Introduction to systems of systemsIntroduction to systems of systems
Introduction to systems of systems
 
Maroochy water breach
Maroochy water breachMaroochy water breach
Maroochy water breach
 
Critical national infrastructure
Critical national infrastructureCritical national infrastructure
Critical national infrastructure
 
Cybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurityCybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurity
 
System safety
System safetySystem safety
System safety
 
System success and failure
System success and failureSystem success and failure
System success and failure
 
Warsaw airbus accident
Warsaw airbus accidentWarsaw airbus accident
Warsaw airbus accident
 
Reuse landscape
Reuse landscapeReuse landscape
Reuse landscape
 
Intro to requirements eng.
Intro to requirements eng.Intro to requirements eng.
Intro to requirements eng.
 
Scada security
Scada securityScada security
Scada security
 
System of systems classification
System of systems classificationSystem of systems classification
System of systems classification
 
Critical systems intro
Critical systems introCritical systems intro
Critical systems intro
 
Cybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacksCybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacks
 
Requirements engineering processes
Requirements engineering processesRequirements engineering processes
Requirements engineering processes
 
Scaling agile
Scaling agileScaling agile
Scaling agile
 
System dependability
System dependabilitySystem dependability
System dependability
 

Similar a Cybersecurity 3 cybersecurity costs and causes

CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1Ian Sommerville
 
Keeping security relevant amid digital transformation
Keeping security relevant amid digital transformationKeeping security relevant amid digital transformation
Keeping security relevant amid digital transformationSymptai Consulting Limited
 
Overcoming the cybersecurity challenges of smart cities
Overcoming the cybersecurity challenges of smart citiesOvercoming the cybersecurity challenges of smart cities
Overcoming the cybersecurity challenges of smart citiesSaeed Al Dhaheri
 
Advanced threat protection and big data
Advanced threat protection and big dataAdvanced threat protection and big data
Advanced threat protection and big dataPeter Wood
 
Pros and Cons of Cyber Security in Current World
Pros and Cons of Cyber Security in Current WorldPros and Cons of Cyber Security in Current World
Pros and Cons of Cyber Security in Current WorldJetking Chandigarh
 
Protecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksProtecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksThis account is closed
 
SMi Group's Oil & Gas Cyber Security conference & exhibition
SMi Group's Oil & Gas Cyber Security conference & exhibitionSMi Group's Oil & Gas Cyber Security conference & exhibition
SMi Group's Oil & Gas Cyber Security conference & exhibitionDale Butler
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptxMalu704065
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsIBM Security
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security WebinarAVEVA
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsSchneider Electric
 
A Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber AttacksA Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber AttacksIRJET Journal
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themRadouane Mrabet
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective amarukanda
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards ComplianceDr. Prashant Vats
 
weyai cybersecurity.pptx
weyai cybersecurity.pptxweyai cybersecurity.pptx
weyai cybersecurity.pptxWeyai1
 
Preventing Data Cloud Breaches with Zero Trust
Preventing Data Cloud Breaches with Zero TrustPreventing Data Cloud Breaches with Zero Trust
Preventing Data Cloud Breaches with Zero TrustSara Goodison
 
Presentasi ftii intlcyberlaw
Presentasi ftii intlcyberlawPresentasi ftii intlcyberlaw
Presentasi ftii intlcyberlawftii
 
Presentasi ftii intlcyberlaw
Presentasi ftii intlcyberlawPresentasi ftii intlcyberlaw
Presentasi ftii intlcyberlawftii
 

Similar a Cybersecurity 3 cybersecurity costs and causes (20)

CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1
 
Keeping security relevant amid digital transformation
Keeping security relevant amid digital transformationKeeping security relevant amid digital transformation
Keeping security relevant amid digital transformation
 
Overcoming the cybersecurity challenges of smart cities
Overcoming the cybersecurity challenges of smart citiesOvercoming the cybersecurity challenges of smart cities
Overcoming the cybersecurity challenges of smart cities
 
Advanced threat protection and big data
Advanced threat protection and big dataAdvanced threat protection and big data
Advanced threat protection and big data
 
Pros and Cons of Cyber Security in Current World
Pros and Cons of Cyber Security in Current WorldPros and Cons of Cyber Security in Current World
Pros and Cons of Cyber Security in Current World
 
Protecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksProtecting Your Business From Cyber Risks
Protecting Your Business From Cyber Risks
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
SMi Group's Oil & Gas Cyber Security conference & exhibition
SMi Group's Oil & Gas Cyber Security conference & exhibitionSMi Group's Oil & Gas Cyber Security conference & exhibition
SMi Group's Oil & Gas Cyber Security conference & exhibition
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptx
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security Webinar
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
 
A Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber AttacksA Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber Attacks
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address them
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards Compliance
 
weyai cybersecurity.pptx
weyai cybersecurity.pptxweyai cybersecurity.pptx
weyai cybersecurity.pptx
 
Preventing Data Cloud Breaches with Zero Trust
Preventing Data Cloud Breaches with Zero TrustPreventing Data Cloud Breaches with Zero Trust
Preventing Data Cloud Breaches with Zero Trust
 
Presentasi ftii intlcyberlaw
Presentasi ftii intlcyberlawPresentasi ftii intlcyberlaw
Presentasi ftii intlcyberlaw
 
Presentasi ftii intlcyberlaw
Presentasi ftii intlcyberlawPresentasi ftii intlcyberlaw
Presentasi ftii intlcyberlaw
 

Más de sommerville-videos

Architectural patterns for real-time systems
Architectural patterns for real-time systemsArchitectural patterns for real-time systems
Architectural patterns for real-time systemssommerville-videos
 
Introduction to real time software systems script
Introduction to real time software systems scriptIntroduction to real time software systems script
Introduction to real time software systems scriptsommerville-videos
 
Agile methods for large systems
Agile methods for large systemsAgile methods for large systems
Agile methods for large systemssommerville-videos
 
Agile and plan based development processes
Agile and plan based development processesAgile and plan based development processes
Agile and plan based development processessommerville-videos
 
Fundamental software engineering activities
Fundamental software engineering activitiesFundamental software engineering activities
Fundamental software engineering activitiessommerville-videos
 
Introducing Software Engineering
Introducing Software EngineeringIntroducing Software Engineering
Introducing Software Engineeringsommerville-videos
 
Stakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernsStakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernssommerville-videos
 
Requirements engineering challenges
Requirements engineering challengesRequirements engineering challenges
Requirements engineering challengessommerville-videos
 
Introducing sociotechnical systems
Introducing sociotechnical systemsIntroducing sociotechnical systems
Introducing sociotechnical systemssommerville-videos
 

Más de sommerville-videos (17)

Architectural patterns for real-time systems
Architectural patterns for real-time systemsArchitectural patterns for real-time systems
Architectural patterns for real-time systems
 
Introduction to real time software systems script
Introduction to real time software systems scriptIntroduction to real time software systems script
Introduction to real time software systems script
 
Agile methods for large systems
Agile methods for large systemsAgile methods for large systems
Agile methods for large systems
 
User stories
User storiesUser stories
User stories
 
Agile and plan based development processes
Agile and plan based development processesAgile and plan based development processes
Agile and plan based development processes
 
Fundamental software engineering activities
Fundamental software engineering activitiesFundamental software engineering activities
Fundamental software engineering activities
 
Introducing Software Engineering
Introducing Software EngineeringIntroducing Software Engineering
Introducing Software Engineering
 
Why se script
Why se scriptWhy se script
Why se script
 
Ariane 5 launcher failure
Ariane 5 launcher failure Ariane 5 launcher failure
Ariane 5 launcher failure
 
Airbus Flight Control System
Airbus Flight Control SystemAirbus Flight Control System
Airbus Flight Control System
 
Stakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernsStakeholders, viewpoints and concerns
Stakeholders, viewpoints and concerns
 
Requirements engineering challenges
Requirements engineering challengesRequirements engineering challenges
Requirements engineering challenges
 
Emergent properties
Emergent propertiesEmergent properties
Emergent properties
 
Introducing sociotechnical systems
Introducing sociotechnical systemsIntroducing sociotechnical systems
Introducing sociotechnical systems
 
Availability and reliability
Availability and reliabilityAvailability and reliability
Availability and reliability
 
Critical systems engineering
Critical systems engineeringCritical systems engineering
Critical systems engineering
 
System security
System securitySystem security
System security
 

Último

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 

Último (20)

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 

Cybersecurity 3 cybersecurity costs and causes

  • 1. Cybersecurity: costs and causes Introduction to cybersecurity, 2013 Slide 1
  • 2. The cybersecurity problem • How big a problem is cybersecurity for individuals, businesses and nations? • Why is it difficult to make networked systems secure? Introduction to cybersecurity, 2013 Slide 2
  • 3. The scale of the problem • It’s a big problem • How big ? We really do not know • Many surveys on cyber-security related losses but very wide variations and different methodologies Introduction to cybersecurity, 2013 Slide 3
  • 4. Individuals • Cyber fraud • Identity theft • Cyber bullying and cyber stalking Introduction to cybersecurity, 2013 Slide 4
  • 5. © The Guardian 2013 Introduction to cybersecurity, 2013 Slide 5
  • 7. Businesses • Differing estimates: – The extent of losses depends on how these losses are measured and what data is collected • Industry reluctant to release figures but when they do, they tend to overvalue assets Introduction to cybersecurity, 2013 Slide 7
  • 8. © The Scotsman 2013 © deadline.co.uk 2012 Introduction to cybersecurity, 2013 Slide 8
  • 9. © The IET 2013 Introduction to cybersecurity, 2013 Slide 9
  • 10. Nations • Cyberattacks on critical infrastructures are seen as a critical economic risk by all countries • Significant resources now being devoted to cyberdefence Introduction to cybersecurity, 2013 Slide 10
  • 11. © Wall Street Journal, 2013 Introduction to cybersecurity, 2013 Slide 11
  • 12. Introduction to cybersecurity, 2013 © World Affairs Journal 2013 Slide 12
  • 13. • Why has cybersecurity become such a major problem – Scale and ubiquity of the internet – Lower level of physical risk to criminals – Fundamental business and technical reasons for insecurity Introduction to cybersecurity, 2013 Slide 13
  • 14. Business reasons • Connection of computers to the internet can cut costs, improve the efficiency and responsiveness of business processes and open up new opportunities for interaction. Therefore business has focused on connectivity rather than security Introduction to cybersecurity, 2013 Slide 14
  • 15. • Security is inconvenient and slows down transactions. Businesses have decided to prioritise convenience and usability over security. • Accepting the cost of losses through cyber fraud may be a cost-effective strategy Introduction to cybersecurity, 2013 Slide 15
  • 16. Internet vulnerabilities • The Internet was invented in the 1970s as a network between organisations that were trustworthy and which trusted each other • The information maintained on their computers was non-commercial and not thought to be of interest to others Introduction to cybersecurity, 2013 Slide 16
  • 17. • Consequently, security was not a factor in the design of internet protocols, practices and equipment. • Security slows things down so efficiency was prioritized Introduction to cybersecurity, 2013 Slide 17
  • 18. • These protocols made it easy for the Internet to be universally adopted in the 1990s • However, the problems can only be properly addressed by a complete redesign of Internet protocols, which is probably commercially impractical. Introduction to cybersecurity, 2013 Slide 18
  • 19. Internet vulnerabilities • Unencypted traffic by default • Packets can be intercepted and the contents read by anyone who intercepts these packets Introduction to cybersecurity, 2013 Slide 19
  • 20. Internet vulnerabilities • DNS system – Possible to divert traffic from legitimate to malicious addresses – Easy to hide where traffic has come from • Domain name servers vulnerable to DoS attacks Introduction to cybersecurity, 2013 Slide 20
  • 21. Internet vulnerabilities • Mail protocol – No charging mechanism for mail – Hence spam is possible Introduction to cybersecurity, 2013 Slide 21
  • 22. Technology is not the only problem • Internet vulnerabilities make possible some kinds of cyber-attack but it is important to remember that cybersecurity is a socio-technical systems problem • Problems almost always stem from a mix of technical, human and Introduction to cybersecurity, 2013 Slide 22
  • 23. Risk classification • Risks due to actions of people • Risks due to hardware or software • Risks due to organisational processes Introduction to cybersecurity, 2013 Slide 23
  • 24. Actions of people • Deliberate or accidental exposure of legitimate credentials to attackers • Failure to maintain secure personal computers and devices Introduction to cybersecurity, 2013 Slide 24
  • 25. • Insider corruption or theft of data • Preference for convenience and usability over security – Weak passwords set because they are easy to remember and quick to type Introduction to cybersecurity, 2013 Slide 25
  • 26. Hardware and software • Misconfigured firewalls and mail filters • Programming errors and omissions in software lead to malicious penetration – Buffer overflow attacks – SQL poisoning attacks Introduction to cybersecurity, 2013 Slide 26
  • 27. Organisational processes • No established process and checks for updating and patching software • Lack of security auditing • Lack of systematic backup processes Introduction to cybersecurity, 2013 Slide 27
  • 28. Summary • Cyber attacks are a major cost for business, government and individuals. But quantifying this cost is difficult. – The Internet was not designed as a secure network and making it secure is practically impossible – To make systems useable, people take actions that introduce vulnerabilities into sociotechnical systems. Introduction to cybersecurity, 2013 Slide 28