Bewust in een digitale wereld In toenemende mate wordt informatie een factor van doorslaggevende betekenis voor uw onderneming. U kunt niet meer zonder ICT of het internet functioneren. Hierdoor is de kwetsbaarheid van uw onderneming toegenomen. Een gezamenlijke inspanning is nodig om het MKB hierin te begeleiden en te ondersteunen. MKB Cyber Advies Nederland doet dat.

1. Deloitte.

2. © 2014. For information, contact Deloitte Touche TohmatsuLimited.
The Hacking Mind
Know your enemy

3. © 2014. For information, contact Deloitte Touche TohmatsuLimited.
Quotes
“Security is the responsibility of the datacenter”
“Our organization is not a likely target.”
“Security does not help us to sell more products”
“We don’t have budget for security improvements”

4. © 2014 Deloitte The Netherlands 4
“They Couldn’t Hit an Elephant at that Distance.”
John SedgwickMay 9, 1864

5. The danger
And the protection against Cybercrime
© 2014 Deloitte The Netherlands 5
8%
45%
47%
0%
49%
51%
0%
10%
20%
30%
40%
50%
60%
Low/Bad
Average
High/Good
Risk andprotectionagainstcybercrime (n=51)
Risk
Protected
24%
63%
14%
Victim of cybercrime? (n=51)
Yes
No
Unkown
-60
-40
-20
0
20
40
60
Mobile
Social media
Data analytics
Cyber security
CFO’s: Investment priorities (n=25)
(Extremely) High
(Extremely) Low
Executives estimate the risks of digitalization to be high and claim to be adequately protected against cyber attacks. However, they did decide to heavily invest in Cyber security.

6. © 2014. For information, contact Deloitte Touche TohmatsuLimited.
Security Controls
Business Impact
An organization’s point of view
Text
Asset
An attacker’s point of view
Set of skills
Motives
Text
Actor
Attack Vectors

7. “A hacker is someone who thinks outside the box. It's someone who discards conventional wisdom, and does something else instead. It's someone who looks at the edge and wonders what's beyond. It's someone who sees a set of rules and wonders what happens if you don't follow them. A hacker is someone who experiments with the limitations of systems for intellectual curiosity.” Bruce Schneier, Secrets and Lies (2000)
The danger
Whatis a hacker?
© 2014 Deloitte The Netherlands 7

8. The danger
Who is targeting you?
© 2014 Deloitte The Netherlands 8
Attacker Determination
Attacker Sophistication
Accidental
Discovery
Malware
Insider
Lone Hacker /
Hobbyist
Business
Partner
‘Script kiddy’
Disgruntled
ex-Employee
Disgruntled
Customer
Competitor
Disgruntled
ex-IT
Administrator
‘Hacktivism’
Cyber
Terrorism
Hacker
Collectives
Organised Crime
State-sponsored
Cyber Warfare
Type Permission? Criminal Intent?
Blackhat No Yes
Greyhat No No
Whitehat Yes No

9. © 2014. For information, contact Deloitte Touche TohmatsuLimited.
Some thoughts
1.Attackersandresearchersscan everyIP in the public domain daily;
2.Non-targeted attacks can have significant impact;
3.A majority of the security incidents are caused by non-targeted attacks;
4.Non-targetedattacks canlead totargetedattacks;
Targeted Attacks
Focused on your day-to-day business activities, for example by:
•Cybercriminals; steal data, steal money, affect continuity
•Disgruntled employees; compromise systems from the inside
•Hacktivists; having moral reasons to attack
Non-Targeted Attacks
Mass-spread malwarevia email, websites, usb-sticks aimingto:
•Infect systems/servers forbotnets
•Encryptdata andforce organizationtopay(ransomware)
•Createstepping stoneforconsequent targetedattack
Targeted and Non-Targeted Attacks

10. Hackers
•Unlimited time, low costs
•Only one hole is sufficient
•Rules do not apply
Defenders
•Limited time, limited budget
•Time between discovery and mitigation
•Everything is connected and nobody is in charge
Hackers vs. Defenders
An asymmetric fight
© 2014 Deloitte The Netherlands 10

11. © 2014. For information, contact Deloitte Touche TohmatsuLimited.
CyberResilience
How to survive and thrive in the digital world

12. © 2014. For information, contact Deloitte Touche TohmatsuLimited.

13. © 2014. For information, contact Deloitte Touche TohmatsuLimited.

14. © 2014. For information, contact Deloitte Touche TohmatsuLimited.

15. © 2014. For information, contact Deloitte Touche TohmatsuLimited.

16. © 2014. For information, contact Deloitte Touche TohmatsuLimited.

17. © 2014. For information, contact Deloitte Touche TohmatsuLimited.

18. © 2014. For information, contact Deloitte Touche TohmatsuLimited.

19. © 2014. For information, contact Deloitte Touche TohmatsuLimited.

20. © 2014. For information, contact Deloitte Touche TohmatsuLimited.

21. © 2014. For information, contact Deloitte Touche TohmatsuLimited.

22. © 2014. For information, contact Deloitte Touche TohmatsuLimited.

23. © 2014. For information, contact Deloitte Touche TohmatsuLimited.

24. © 2014. For information, contact Deloitte Touche TohmatsuLimited.

25. © 2014. For information, contact Deloitte Touche TohmatsuLimited.
Zodat jij en je organisatie je onbezorgd op het internet kunnen begeven.
Happy foto!

26. Deloitte.
Deloitte refers to one or more of Deloitte ToucheTohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/about for a more detailed description of DTTL and its member firms.
This communication is for internal distribution and use only among personnel of Deloitte ToucheTohmatsu Limited, its member firms, and their related entities (collectively, the “Deloitte network”). None of the Deloitte network shall be responsible for any loss whatsoever sustained by any person who relies on this communication.