Tackling today's cyber security challenges - WISER Services & Solutions

WISER “WIDE-IMPACT CYBER SECURITY RISK FRAMEWORK”
www.cyberwiser.eu @cyberwiser
Co-funded by the European Commission
Horizon 2020 – Grant # 653321
Antonio Álvarez Romero
Atos Spain
Tackling today's cyber security challenges -
WISER Services & Solutions
Riga – 27th October, 2016
Presentation at DSS ITSEC
1

Outline
Business on the Internet: Cyber landscape
Cyber security as a challenge
CyberWISER as a solution
CyberWISER services portfolio
Conclusions
© WISER 2016 www.cyberwiser.eu - @cyberwiser 2

Outline
Conclusions

The global adoption of the Internet
© WISER 2016 www.cyberwiser.eu - @cyberwiser
4
World population (2016 est.) 7,340,093,380
Internet users (as of 30/06) 3,611,375,813
% Penetration (world) 49.2
Internet users (end 2000) 360,993,184
% growth 2000-2016 900.4
Being on the Internet means to have near 4000
million of potential customers!
internetworldstats.com

Internet as a mean to make business
According to a study from McAfee, Internet
economy generates between $2 and $3 trillion
a year.
The share of the global economy is expected to grow
rapidly
The U.S. e-commerce economy is worth $349
billion while China´s is worth $562 billion
https://hostingfacts.com/internet-facts-stats-2016/Very huge turnover directly related to the Internet

Very huge turnover directly related to the Internet
B2C e-commerce sales worldwide from 2012 to 2018
(in billion U.S. dollars)

7
40% of Internet users (more than 1 billion
people) have bought products or goods online
8 out of 10 consumers will shop online if
offered free shipping
Internet is not only about accessing huge amounts of information, it is
transforming the consumption habits

There are around 966 million websites in the world today
The average e-commerce site takes
7.12 seconds avg to load in Internet Explorer 9
7.15 seconds avg to load in Firefox 7
7.59 seconds avg to load in Google Chrome
40% of web users will abandon a website if it takes longer than 3 seconds to load
and 60% will not return to the site
51% of U.S. online shoppers say slow site loading is a top reason to abandon a
purchase
Slow loading websites cost the U.S. e-commerce market more than $500 billion annually.
38% of British consumers say social media interaction was one of the reasons for
visiting a retailer website
The competition is fierce:
websites must be reliable, visible and highly responsive

Business on the Internet: cyber landscape
9
Call centers Chat centers
Trading
companies
Retail
businesses
Service firms
Financial
institutions
News Media Restaurants
Internet
Marketing
Web hosting
companies
Insurance
providers
Medical
centers
Several kinds of businesses are 100% dependent on the Internet
The dependence is sort of dramatic
VoIP dependent
No Internet, no reps working
Long wait time, angry clients
No Internet, no agents working
Quick loss of business
Clients get no feedback
Based on speed
Bad latency means no business
Loss of trading opportunities
Sales software dependent
Real-time access for inventory
Credit card payments rely on terminals
Teams cannot work together
No access to repositories
No interraction with clients
Dependent on central systems
Branches need reliable connection
No connection, no data, no biz
Need to be the first for storytelling
Pictures taken on-site and live feeds
No Internet impacts competitiveness
Need Internet for payments
Need Internet for ordering
On-line or phone orders management
Social media management
Viral campaigns management
Communication with clients
Need to minimize downtimes
Downtimes means losses
Clients´web must be live Access to claims database
Access to history info for pricing
Management of clients
Patient information management
Online format replaces physical
Critical patients care
https://www.mushroomnetworks.com/blog/2015/12/03/is-your-business-internet-dependent-15-businesses

So… Internet is one of the biggest successes ever
But, as everything, there is a flip side or, in this case…
an evil side

Outline
Conclusions

Cybersecurity as a challenge
What is cybercrime?
Definition of cybercrime
Cybercrime is the use of a computer as an
instrument to further illegal ends, such as
committing fraud, trafficking in child pornography
and intellectual property, stealing identities or
violating privacy
Enciclopaedia Britannica

Some facts about cybercrime
13
An estimated 37,000 websites are hacked every day.
Cyber insurance market has grown from $1 billion to $2.5 billion over the
last two years
Very focused on the U.S
Measuring the annual cost of cybercrime worldwide is a major challenge.
McAfee dared to do that: they say that the losses are of $445 billion per year,
what means around 20% of the Internet economy value
http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime2.pdf
Lloyd´s estimated $400 billion per year.
http://fortune.com/2015/01/23/cyber-attack-insurance-lloyds/
Cybercrime costs are kind of a very high tax paid to criminals that
hinders the growth of the global economy

Biggest online data breaches worldwide

Cyber attackers´ preferred targets are large corporate businesses, critical
infrastructures and small enterprises
Research shows that small businesses were on average the victims of around 7 million
cybercrimes a year in 2014 and 2015
UK Federation of Small Businesses: Cyber Resilience: How To Protect Small Firms In The Digital
Economy (June 2016)
The University of Oxford tries to profile the cyber criminal
Internal disgruntled technical employee
Interested in theft of personal information, money and intellectual property
Interested in extorting the company and clients
Profiling the Cyber criminal, University of Oxford, https://www.sbs.ox.ac.uk/cybersecurity-
capacity/content/profiling-cybercriminal

Cyber threats have evolved from targeting and
harming computer, networks and
smartphones, to targeting people, cars,
railways, planes, powergrids and anything
with a heartbeat or an electronic pulse
The more connected the world is,
the more varied the targets for cyber attacks become

Cyberattacks among the top global risks
(according to 2016 Global Risk Report by the World Economic Forum)

Cyberattacks connections to other kinds of risks
(according to 2016 Global Risk Report by the World Economic Forum)
Cyberattacks Ilicit trade
State collapse
or crisis
Data frauds or
theft
Interstate
conflict
Failure of financial
mechanism or
institution
Terrorist
attacks
Failure of national
governance
Failure of critical
infrastructure

Background
Cybercrime in press

The unbalanced battle: hackers vs institutions
Black-Hat hackers are motivated by money,
espionage, notoriety and malicious intent. They
are faster, more daring and more experienced
than White-Hats, who are constrained by
boundaries and rules
Putting in place the appropriate barriers to
prevent attackers from succeeding is currently
expensive in terms of time, skills, hardware and
software resources needed

EU Legislation & National Strategies
WISER EU National Strategies watch
Tracking capacity building & business
initiatives: Important updates to ENISA
interactive map & BSA Dashboard (data
collected in 2014)
Analysis & interviews with CERTs/National
Cyber Security Centres
Identification of best practices & innovative
approaches
Interactive free tool available online at:
www.cyberwiser.eu/cartography
21
How EU is addressing Cyber Crime

The unbalanced battle: failing solutions
Sophisticated solutions do exist, but they usually
combine an IT side with a risk management framework
strategy.
Only large companies can afford it
The risk management methodologies and framework
fail to address increasingly complex security needs
The IT monitoring systems fail to offer useful decision
support to decision makers

The unbalanced battle: lack of resources to draw an strategy
Despite the fact that more and more
companies start searching for solutions to
strengthen their cyber resilience, they struggle
to draw their own cyber security strategy due
to the lack of economic and human resources
This is particularly true for SMEs, which constitute
the backbone of the European economy

The unbalanced battle: lack of awareness
Despite abundance of security products,
breach response typically takes months
2 out of 3 organizations don´t define and update
their breach response plans to account for
changing threat landscape
With proper technology and expertise, detection
to response times may be reduced by 90%.
And many, many companies simply don´t have a clue of this
They are completely unaware of what is threatening them!

The unbalanced battle: bad performance as for cyber resilience
Enterprises having a formally defined ICT security policy

Loss of revenues
Damage to valuable assets
Intellectual property
Critical infrastructure
Job losses
Loss of investment confidence
Damage to brand image and company reputation
Closure of companies
Loss of well-being of the population
Moral damage (child pornography)
Human casualties
Some cybercrime likely consequences

A stronger and stronger problem against a weak solution
Strong problem Weak solution
Cybercrime is a flourishing business
Cybercriminals are using ever more sophisticated methods
Cybercrime slows down the growth of the Digital Single Market
Cybercrime is a clear obstacle for European economies to strive
Cybercrime targets sensitive information and critical
infrastructures
Cyberterrorists are cybercriminals capable of performing attacks
that may lead to loss of human lives
Cyber risk detection and assessment is usually a manual process
Cyber risk detection and assessment is mostly a process
performed periodically.
Current approach is static and iterative
Cyber risk detection and assessment usually focus on the ICT side,
not considering business or societal impact
No support for decision-making of mitigating measures
Stronger solutions are not in place yet due to the lack of
awareness on the issue.

The challenge is clear…
How can we contribute to solve the problem?

Outline
Conclusions

What is CyberWISER?
CyberWISER is a framework of resilient cyber security risk assessment
services providing the following features
Multi-level cyber risk assessment, focusing not only on ICT systems, but also on the
meaning they have for the corporate business processes
Real-time cyber risk assessment providing an updated view of the risk level
Real-time cyber risk monitoring tool supporting decision-making to manage risks
Decision support tools to facilitate selection of mitigation options to face
unacceptable risks
The CyberWISER Risk Management Framework will put your company
in control with a smart ‘DYI’ approach and will ensure that cyber
security becomes part of the business process

Our consortium

How CyberWISER meets the requirements
Cybersecurity challenge CyberWISER answer
The risk management methodologies and framework fail to address
increasingly complex security needs
CyberWISER sensoring techniques are able to detect a wide spectrum of
incidents as well as vulnerabilities in the ICT infrastructure likely to be
exploited by attackers
The IT monitoring systems fail to offer useful decision support to
decision makers
CyberWISER direct language is aimed to ease the decision-making
support. CyberWISER provides decision-making tools
Cybersecurity is unaffordable and restricted to large companies CyberWISER offers an agile and easy-to-implement risk management
methodology, without the need of high security budget, complex and
time-consuming procedures, or dedicated teams of external consultants
Lack of awareness CyberWISER considers the prevention and the creation of a
cybersecurity culture with user-friendly services
CyberWISER main objective is the democratisation of cybersecurity,
with a strong focus on SMEs

The WISER approach

The WISER approach: configuration inputs
Some examples of configuration inputs
Industry sector to which the company belongs
Organization size
Yearly revenues
Geographical area where the company has offices
Geographical area where the company makes business
Internal organization of the company: roles and responsibilities
Cyber security corporate culture
Volume of sensitive information handled by the company
Business impact analysis:
Focused on the value the information stored by the digital assets have

The WISER approach: monitoring inputs
The monitoring infrastructure has two layers
The resource layer
It consists of collectors installed on the client´s infrastructure
The collectors continuously observe numerous network and application-level parameters
The collectors are able to detect several types of attacks and anomalies in the network
infrastructure and in applications installed on the client´s premises
This information is sent to the provider layer
The provider layer
It has a Monitoring Engine that filters and correlates information coming from the
collectors, producing alarms which are part of the inputs received by the Risk Assessment
Engine

The WISER approach: monitoring inputs
Some examples of attack types detected by CyberWISER monitoring
capabilities
Monitoring of DNS requests to detect patterns of traffic potentially
belonging to botnets
Network reconnaissance attempts
Malware signatures
Denial of Service attacks
Viruses
Anomalies in operation of core OS services and user applications
Honeypots are also used to attract attackers and detect their
presence

The WISER approach: testing inputs
The testing information is collected by means of an
automatic vulnerability scanning service which helps to
identify security vulnerabilities in the client´s ICT
infrastructure

The WISER approach: modelling inputs and Risk Assessment Engine
Models are machine-readable risk asessment algorithms
Such algorithms are composed by a set of modelling rules
Modelling rules establish associations among the different
types of information presented before
Configuration information, obtained from the user
Monitoring information, network layer, obtained from the collectors
Monitoring information, application layer, obtained from the collectors
Testing information, obtained from the vulnerability scanners
The models can be qualitative or quantitative
The model algorithms are executed by the Risk Assessment
Engine

The WISER approach: support to decision-making
CyberWISER not only evaluates the cyber risk faced
by the company, it also proposes mitigation
measures
Since budgets are limited, WISER offers the user support
to prioritize the measures to be actually applied
The comparison, ranking and prioritisation of measures is
done basing on cost-benefit analysis with data provided
by the user by filling out a template

The WISER risk management cycle

CyberWISER pragmatic vision for cybersecurity
STEP 1 – Acquire awareness through self-assessment of
your cyber risks and vulnerabilities of your IT system.
STEP 2 - Evaluate your exposure levels (€€€ + reputation)
STEP 3 - Evaluate cyber insurance.
STEP 4 – Develop a mitigation plan.
STEP 5 – Monitor in real-time.
Higher cyber security levels are directly connected to greater awareness
and effectiveness of data protection & privacy

Cyber WISER as a solution
Cyber resilience is a journey, not a destination
How can CyberWISER help you to become more cyber resilient?
Let´s take a look to CyberWISER Services

Outline
Conclusions

 Registration and basic data
required to Clients
 WISER tests
vulnerabilities from
the outside
 Provides basic
benchmarking
 Detailed business and IT
infrastructure data required
 Model selection based on
WISER suggestion or tailored
 Sensors installation at the
network layer level
 Real time exposure
calculation
 Monitoring
 Mitigation options
considered
 WISER team limited support
 Detailed business and IT
infrastructure data required
 Possibility to implement Client’s
models
 Possibility to perform cost/benefit
analysis on the base of Client’s
indications
 Sensors installation at the
application layer level
Required
Interaction
 Real time exposure calculation
 Monitoring
 Mitigation cost benefit
calculations
 WISER team full involvement
Complexity of WISER
Operating Model

Non-intrusive mode
No need to install anything on the
client´s infrastructure
Offers a very early assessment of the situation of the client´s IT infrastructure with respect
to cyber risk
The client fills a short questionnaire, and basing on the answers, a first evaluation is done
by means of a simple algorithm
No need to register
Optionally, the client can run a vulnerability scanner against the IT infrastructure in a not
intrusive way
This needs registration
Quick feedback
Report easy to understand and aimed especially at top managers
Main areas of improvement are highlighted
No need for external assistance and minimum time investment

Incorporates real-time
monitoring
Sensors are deployed on the target infrastructure
Sensors only gather information belonging to the network layer
Enhanced vulnerability scan feature
More detailed and specific questionnaires to gather configuration
information
Modelling techniques incorporated to assess the cyber risk
Mitigation measures suggested along with the cyber risk assessment
It incorporates a tool to evaluate the societal impact of the cyber risk
faced by the company
Complete dashboard to show the results
Limited consulting service offered by WISER Service provider

Most complex and advanced CyberWISER service
Sensors scope is expanded and
application layer information is also gathered
More detailed configuration questionnaires to be answered by the client
Larger quantity and variety of data available for analysis
Possibility of putting in place customized sensors adapted to client´s
infrastructure peculiarities
Possibility of integrating sensors brought by the client
Mitigation measures suggestion is supplemented with a cost-benefit
analysis in order to prioritize which measure actually apply
Complete dashboard to show the results
Further involvement of CyberWISER consultants

Outline
Conclusions

Innovation elements brought in by WISER
It is not simply about monitoring cyber incidents, it is about assessing the risks present
within a company
The risk assessment considers the potential damage to the ICT infrastructure and the
damage to the business of the company, including various aspects, such as reputational
implications – a multi-level assessment
This risk evaluation evolves with the rapid dynamics that are inherent with the cyber
“climate”
This evaluation is performed by means of a novel methodology, to be elaborated in the
project
Modelling cyber risk, using patterns
Definition of mitigation measures according to the threats and attacks and ranking
based on different criteria
Ultimate goal: Make cyber risk assessment affordable, especially to SMEs
Going beyond the state of art
49© WISER 2016 www.cyberwiser.eu - @cyberwiser

Innovative capabilities and features
Cyber risk assessment
follow-up
Monitoring: events and
alarms detection and
follow-up
Testing: vulnerabilities
scanning and follow-up
Modelling
Decision Support
The WISER framework delivers capabilities that are unparalleled with respect
to current offering. SMEs are enticed by means of “freemium” services
(i.e. the “CyberWISER-Light”)
Basic and detailed visualization of reports
Graphic dashboard with analytical features
Configurable alerts
Periodical execution of vulnerability scans
Basic and detailed information of vulnerabilities
found
Assistance to derive model rules from risk
models
Assistance to decide the most suitable risk model
according to the business and ICT profile of the
company
Cost-benefit analysis of mitigation measures
Quality Criteria Assessment of risks
50

What next?
Start using CyberWISER Light today
Register on www.cyberwiser.eu
Take the questionnaire & download your
personalised report.
Take the vulnerability test to identify threats.
Get the final full report.
Take action to make cyber security part of your
business processes
Need tech support or advice?
Contact us at support@cyberwiser.eu
Want to get involved?
Contact us at info@cyberwiser.eu
Start your cybersecurity journey today with CyberWISER Light
51
Join our community and stay up to
date with new WISER releases:
@cyberwiser
www.linkedin.com/in/cyber-wiser

References
http://www.internetworldstats.com/stats.htm
http://www.infodocket.com/2013/05/30/cisco-releases-latest-internet-usage-and-data-forecast-nearly-half-the-worlds-population-will-be-connected-to-the-internet-by-2017/
http://www2.deloitte.com/us/en/pages/consumer-business/articles/navigating-the-new-digital-divide-retail.html?id=us:2el:3dp:diginf15:awa:retail:051315:dd
http://www.smartinsights.com/mobile-marketing/mobile-marketing-analytics/mobile-marketing-statistics/
http://www.statista.com/topics/779/mobile-internet/
http://www.convinceandconvert.com/mobile/7-mobile-marketing-stats-that-will-blow-your-mind/
http://www.internetlivestats.com/total-number-of-websites/
http://www.speedawarenessmonth.com/slow-websites-cost-the-us-ecommerce-market-504-billion-in-2011/
https://econsultancy.com/blog/10936-site-speed-case-studies-tips-and-tools-for-improving-your-conversion-rate/
https://econsultancy.com/blog/66224-11-staggering-stats-from-around-the-digital-world/
http://research.domaintools.com/statistics/tld-counts/
http://w3techs.com/technologies/overview/top_level_domain/all
https://en.wikipedia.org/wiki/List_of_most_expensive_domain_names
http://www.internetlivestats.com/
http://www.statista.com/statistics/261245/b2c-e-commerce-sales-worldwide/
http://www.statista.com/markets/413/e-commerce/
http://www.remarkety.com/global-ecommerce-sales-trends-and-statistics-2015
https://en.wikipedia.org/wiki/List_of_Internet_top-level_domains
http://www3.weforum.org/docs/GRR/WEF_GRR16.pdf
https://www.mushroomnetworks.com/blog/2015/12/03/is-your-business-internet-dependent-15-businesses-that-need-reliable-internet/
https://www.statista.com/statistics/261245/b2c-e-commerce-sales-worldwide/
http://www.forbes.com/sites/stevemorgan/2015/10/16/the-business-of-cybersecurity-2015-market-size-cyber-crime-employment-and-industry-statistics/2/#c3a6df84e683
https://www.statista.com/statistics/290525/cyber-crime-biggest-online-data-breaches-worldwide/
http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime2.pdf
http://fortune.com/2015/01/23/cyber-attack-insurance-lloyds/
UK Federation of Small Businesses: Cyber Resilience: How To Protect Small Firms In The Digital Economy (June 2016)
Profiling the Cyber criminal, University of Oxford, https://www.sbs.ox.ac.uk/cybersecurity-capacity/content/profiling-cybercriminal

www.cyberwiser.eu
@cyberwiser
Thank you for your attentions! Questions?
Contact
Antonio Álvarez Romero
Atos Spain
antonio.alvarez@atos.net

Tackling today's cyber security challenges - WISER Services & Solutions

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Destacado

Destacado (20)

Similar a Tackling today's cyber security challenges - WISER Services & Solutions

Similar a Tackling today's cyber security challenges - WISER Services & Solutions (20)

Último

Último (11)

Tackling today's cyber security challenges - WISER Services & Solutions

Notas del editor