SlideShare una empresa de Scribd logo

The 2018 Threatscape

Descargar como PPTX, PDF
Peter Wood
Peter Wood

What have we learned from 2017's biggest breaches and how will we deal with 2018's emerging threats? Attempting to look both backward and forward over the cyber landscape, Peter Wood will review lessons learned and apply them to the evolving threatscape.

Internet
1 de 34
The 2018 Threatscape Peter Wood Chief Executive Officer First Base Technologies LLP Cyber clairvoyance and divination
Founder and CEO - First Base Technologies LLP • Engineer, IT and informationsecurity professional since 1969 • Fellow of the BCS, Chartered IT Professional • CISSP • Member of the Institute of Information Security Professionals • 15 Year+ Member of ISACA, ISACA Security Advisory Group • Senior Member of the InformationSystems Security Association • Founder of white-hats.co.uk • Member of ACM, IEEE, Institute of Directors, Mensa
Cyber Resilience Threat and Risk Cyber Awareness Managed Services Penetration Testing Compliance Testing
Slide 4 © First Base Technologies 2017 The Threatscape and me: a short history
Slide 5 © First Base Technologies 2017 1950’s
Slide 6 © First Base Technologies 2017 1970’s
Slide 7 © First Base Technologies 2017 1980’s
Slide 8 © First Base Technologies 2017 1990’s 1992: Bulgarian virus writer Dark Avenger writes a polymorphic virus to circumvent antivirus pattern recognition 1994: Russian crackers siphon $10 million from Citibank and transfer the money to bank accounts around the world 1994: AOHell allows ‘script kiddies’to wreak havoc on America Online with multi-megabyte email bombs and spam 1995: Hackers attempt to break into Department of Defense computer files 250,000 times - about 65% were successful 1996: Hackers alter the websites of the United States Department of Justice, the CIA and the U.S. Air Force 1996: Canadian hackers Brotherhood break into the Canadian Broadcasting Corporation
Slide 9 © First Base Technologies 2017 Let’s jump ahead to today …
Slide 10 © First Base Technologies 2017 The perceived attack surface Cisco 2017 AnnualCybersecurity Report
Slide 11 © First Base Technologies 2017 Ransomware (user behaviour) 2016 was The Year of Ransomware … and so was 2017 752% increase over 2015 Ransomware families jumped from 29 to 247 TrendLabs 2016 Annual Security Roundup
Slide 12 © First Base Technologies 2017 Business Email Compromise (user behaviour) Spoof CxO email requesting payment to fake account Average loss $140,000 Leoni AG lost $44.6m BEC increasing rapidly TrendLabs 2016 Annual Security Roundup
Slide 13 © First Base Technologies 2017 Mobile Malware (mobile devices) More than 1.5 million new mobile malware incidents in Q1 2017 Total of more than 16 million incidents 79% of respondents report increased difficulty in securing devices McAfee Labs June 2017 Threat Report
Slide 14 © First Base Technologies 2017 The bigger picture …
Slide 15 © First Base Technologies 2017 2017 Threat Actors https://www.recordedfuture.com/prioritizing-cyber-threats/
Slide 16 © First Base Technologies 2017 2017 Kill Chain What was advanced is now average • Well planned, strategic approach • Automation assisted manual attacks • Social engineering, especially phishing • Sophisticated malware • Clear objectives • Lots of resources
Slide 17 © First Base Technologies 2017 There is no silver bullet Known • Predictable • Unknown • Unpredictable • Uncertain • Unexpected
Slide 18 © First Base Technologies 2017 People remain vulnerable Finding 1: 3,066 employees clicked on a link in a phishing email, and 2,398 users entered their username and password. Finding 2: An analysis of the compromised passwords from email phishing campaigns revealed single word-based passwords and 72% of passwords being 10 characters or less in length. Threat Assessment: Email phishing is the most prevalent cyber security threat to organisations. Passwords harvested grant the attacker access to external services such as VPNs, OWA and Cloud Services. Impact: Gaining access to these services can provide an attacker with full, undetected, authenticated access to your data.
Slide 19 © First Base Technologies 2017 Single-factor authentication may not be your best choice • We cracked 48% of 9,569 passwords • 98% of these passwords were cracked within two hours • The remaining 2% were cracked over the course of one week Passwords remain vulnerable
Slide 20 © First Base Technologies 2017 Cyber clairvoyance and divination
Slide 21 © First Base Technologies 2017 My crystal ball is broken - sorry
Slide 22 © First Base Technologies 2017 But what I suggest is … More of the same (Known and Predictable) Plus a whole bunch of: • Unknown • Unpredictable • Uncertain • Unexpected
Slide 23 © First Base Technologies 2017 Gartner says … Take the money you’re spending on prevention and begin to drive it more equitably to detection and response. The truth is that you won’t be able to stop every threat and you need to get over it. A dedicated, well-financed actor who is after something in your enterprise is going to get it, even if they use the weakest link, people, to do so. This means adapting your security setup to focus on detection, response, and remediation. That’s where the cybersecurity fight is today. In the future it will most likely move to prediction of what’s coming before anything happens. Earl Perkins, research vice president, during the Gartner Security & Risk Management Summit2017 https://www.gartner.com/smarterwithgartner/5-trends-in-cybersecurity-for-2017-and-2018/
Slide 24 © First Base Technologies 2017 The ISF view on cyber resilience ISF Cyber Security Strategies: Achieving cyber resilience, November 2011
Slide 25 © First Base Technologies 2017 The Cyber Resilience Manifesto To withstand negative impacts due to known, predictable, unknown, unpredictable, uncertain and unexpected threats from activities in cyberspace Minimise the cost of controls, responses and other cyber resilience activities, relative to the spend needed to minimise the cost of negative impacts from activities in cyberspace Cyber security is a key element of being resilient, but you must recognise that it goes far beyond just technical measures, embracing people, processes, and technology
Slide 26 © First Base Technologies 2017 Key Focus • Recognise that you must prepare now to deal with severe impacts from cyber threats that cannot be predicted or prevented • Invest in very high levels of partnering and collaboration, including external collaboration (with ISPs, intelligence agencies, industry groups, security analysts, customers and supply chains), and internal collaboration throughout the organisation • Develop the agility to prevent, detect and respond quickly and effectively, not just to incidents, but also to the consequences of the incidents
Slide 27 © First Base Technologies 2017 Five pillars of Cyber Resilience Prepare / Identify Protect Detect Respond Recover Known • Predictable • Unknown • Unpredictable • Uncertain • Unexpected • Known • Predictable • Known • Predictable • Uncertain • Unexpected • Known • Predictable • Unknown? • Unpredictable? • Uncertain • Unexpected • Known • Predictable • Unknown • Unpredictable • Uncertain • Unexpected
Slide 28 © First Base Technologies 2017 Prepare / Identify To successfully face and overcome an attack, you must thoroughly understand your organisation’s security and risk posture This means painstakingly identifying your vital information, conducting an assessment that includes all known security vulnerabilities, and establishing a baseline which you will compare with your peers Prepare / Identify Protect Detect Respond Recover
Slide 29 © First Base Technologies 2017 Protect The second pillar is about implementing safeguards to limit or contain the impact of an attack or breach Your goal is to protect your infrastructure and data from malicious attack and accidental exposure All three areas - people, processes, and technology - are important to your protection Prepare / Identify Protect Detect Respond Recover
Slide 30 © First Base Technologies 2017 Detect The Detect pillar focuses on developing activities to rapidly identify an attack or a breach, assess the systems that may be affected, and ensure a timely response To effectively minimise any damage, you must have the necessary detection and response policies, processes, and technologies in place Prepare / Identify Protect Detect Respond Recover
Slide 31 © First Base Technologies 2017 Respond The Respond pillar addresses activities that accelerate remediation and contain the impact of an attack once detected Whilst there are many solutions and services available to help, much of what is needed involves people and processes internal to your business Prepare / Identify Protect Detect Respond Recover
Slide 32 © First Base Technologies 2017 Recover This stage involves developing systems and plans to restore data and services after an attack Even if you respond quickly to a cyber breach, there may be consequences for people, processes and systems. An effective recovery depends on a clear and thorough recovery plan. Prepare / Identify Protect Detect Respond Recover
Slide 33 © First Base Technologies 2017 Invest in your human firewall • Train your staff to recognise social engineering attacks • Explain the why and how of passphrases • Invest in continual awareness campaigns • Use every medium available to spread the word Priority: Enable your best defence
peter@firstbase.co.uk http://firstbase.co.uk twitter: @FBTechies More information? Peter Wood Chief Executive Officer First Base Technologies LLP

Recomendados

Outpost24 webinar - Improve your organizations security with red teaming
Outpost24 webinar - Improve your organizations security with red teamingOutpost24 webinar - Improve your organizations security with red teaming
Outpost24 webinar - Improve your organizations security with red teamingOutpost24
 
Building Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedBuilding Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedEnergySec
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec
 
Achieving Compliance Through Security
Achieving Compliance Through SecurityAchieving Compliance Through Security
Achieving Compliance Through SecurityEnergySec
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceEnergySec
 
Cyber Secuirty Visualization
Cyber Secuirty VisualizationCyber Secuirty Visualization
Cyber Secuirty VisualizationDoug Cogswell
 
Security Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of SecuritySecurity Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of SecurityDoug Copley
 
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...SurfWatch Labs
 

Recomendados

Outpost24 webinar - Improve your organizations security with red teaming
Outpost24 webinar - Improve your organizations security with red teamingOutpost24 webinar - Improve your organizations security with red teaming
Outpost24 webinar - Improve your organizations security with red teamingOutpost24
 
Building Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedBuilding Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedEnergySec
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec
 
Achieving Compliance Through Security
Achieving Compliance Through SecurityAchieving Compliance Through Security
Achieving Compliance Through SecurityEnergySec
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceEnergySec
 
Cyber Secuirty Visualization
Cyber Secuirty VisualizationCyber Secuirty Visualization
Cyber Secuirty VisualizationDoug Cogswell
 
Security Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of SecuritySecurity Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of SecurityDoug Copley
 
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...SurfWatch Labs
 
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationEnergySec
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber ResiliencePeter Wood
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber SecurityFireEye, Inc.
 
ISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryKevin Landale
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber DefenseEnergySec
 
Impacts cloud remote_workforce
Impacts cloud remote_workforceImpacts cloud remote_workforce
Impacts cloud remote_workforceRodrigo Varas
 
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye, Inc.
 
Integrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator DisplayIntegrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator DisplayEnergySec
 
Next generation security analytics
Next generation security analyticsNext generation security analytics
Next generation security analyticsChristian Have
 
Security initiatives here and down under
Security initiatives here and down underSecurity initiatives here and down under
Security initiatives here and down underRoger Hagedorn
 
CRI Cyber Board Briefing
CRI Cyber Board Briefing CRI Cyber Board Briefing
CRI Cyber Board Briefing OCTF Industry Engagement
 
Security Transformation Services
Security Transformation ServicesSecurity Transformation Services
Security Transformation Servicesxband
 
Stay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - FortinetStay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - FortinetMarcoTechnologies
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaborationcentralohioissa
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilienceChristophe Foulon, CISSP
 
Defense In-Depth
Defense In-DepthDefense In-Depth
Defense In-DepthWill Kelly
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiativescentralohioissa
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
 
Cyber threat forecast 2018..
Cyber threat forecast 2018..Cyber threat forecast 2018..
Cyber threat forecast 2018..Bolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,
 
The future of cloud security
The future of cloud securityThe future of cloud security
The future of cloud securityPeter Wood
 

Más contenido relacionado

La actualidad más candente

NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationEnergySec
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber ResiliencePeter Wood
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber SecurityFireEye, Inc.
 
ISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryKevin Landale
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber DefenseEnergySec
 
Impacts cloud remote_workforce
Impacts cloud remote_workforceImpacts cloud remote_workforce
Impacts cloud remote_workforceRodrigo Varas
 
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye, Inc.
 
Integrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator DisplayIntegrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator DisplayEnergySec
 
Next generation security analytics
Next generation security analyticsNext generation security analytics
Next generation security analyticsChristian Have
 
Security initiatives here and down under
Security initiatives here and down underSecurity initiatives here and down under
Security initiatives here and down underRoger Hagedorn
 
Security Transformation Services
Security Transformation ServicesSecurity Transformation Services
Security Transformation Servicesxband
 
Stay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - FortinetStay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - FortinetMarcoTechnologies
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaborationcentralohioissa
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
Defense In-Depth
Defense In-DepthDefense In-Depth
Defense In-DepthWill Kelly
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiativescentralohioissa
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
 

La actualidad más candente (20)

NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development Presentation
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber Resilience
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber Security
 
ISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryISM and its impact on Government Project Delivery
ISM and its impact on Government Project Delivery
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber Defense
 
Impacts cloud remote_workforce
Impacts cloud remote_workforceImpacts cloud remote_workforce
Impacts cloud remote_workforce
 
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
 
Integrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator DisplayIntegrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator Display
 
Next generation security analytics
Next generation security analyticsNext generation security analytics
Next generation security analytics
 
Security initiatives here and down under
Security initiatives here and down underSecurity initiatives here and down under
Security initiatives here and down under
 
CRI Cyber Board Briefing
CRI Cyber Board Briefing CRI Cyber Board Briefing
CRI Cyber Board Briefing
 
Security Transformation Services
Security Transformation ServicesSecurity Transformation Services
Security Transformation Services
 
Stay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - FortinetStay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - Fortinet
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber Resilience
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaboration
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
 
Defense In-Depth
Defense In-DepthDefense In-Depth
Defense In-Depth
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiatives
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
 

Similar a The 2018 Threatscape

The future of cloud security
The future of cloud securityThe future of cloud security
The future of cloud securityPeter Wood
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUlf Mattsson
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondSecPod Technologies
 
Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...
Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...
Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...NRBsanv
 
Advanced threat protection and big data
Advanced threat protection and big dataAdvanced threat protection and big data
Advanced threat protection and big dataPeter Wood
 
Nonprofit Cybersecurity Risk Assessment Basics
Nonprofit Cybersecurity Risk Assessment BasicsNonprofit Cybersecurity Risk Assessment Basics
Nonprofit Cybersecurity Risk Assessment BasicsCommunity IT Innovators
 
111.pptx
111.pptx111.pptx
111.pptxJESUNPK
 
The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017R-Style Lab
 
Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Technology
 
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONSIMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONSPreetiDevidas
 
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemIBM Security
 
Protect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainProtect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainDavid J Rosenthal
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...robbiesamuel
 
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti
 
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursHow to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursSurfWatch Labs
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...Matthew Rosenquist
 

Similar a The 2018 Threatscape (20)

Cyber threat forecast 2018..
Cyber threat forecast 2018..Cyber threat forecast 2018..
Cyber threat forecast 2018..
 
The future of cloud security
The future of cloud securityThe future of cloud security
The future of cloud security
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External Threats
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
 
Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...
Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...
Cyber innovation without a new product to buy-Michael Boeckx - cybersec europ...
 
Advanced threat protection and big data
Advanced threat protection and big dataAdvanced threat protection and big data
Advanced threat protection and big data
 
Nonprofit Cybersecurity Risk Assessment Basics
Nonprofit Cybersecurity Risk Assessment BasicsNonprofit Cybersecurity Risk Assessment Basics
Nonprofit Cybersecurity Risk Assessment Basics
 
16231
1623116231
16231
 
111.pptx
111.pptx111.pptx
111.pptx
 
The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017
 
Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...
 
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONSIMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
 
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
 
Protect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainProtect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chain
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
 
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
 
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursHow to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SCCyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
 
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
 

Más de Peter Wood

Hacking is easy: understanding your vulnerabilities
Hacking is easy: understanding your vulnerabilitiesHacking is easy: understanding your vulnerabilities
Hacking is easy: understanding your vulnerabilitiesPeter Wood
 
Network security, seriously?
Network security, seriously?Network security, seriously?
Network security, seriously?Peter Wood
 
Lessons from a Red Team Exercise
Lessons from a Red Team ExerciseLessons from a Red Team Exercise
Lessons from a Red Team ExercisePeter Wood
 
Red teaming in the cloud
Red teaming in the cloudRed teaming in the cloud
Red teaming in the cloudPeter Wood
 
All your files now belong to us
All your files now belong to usAll your files now belong to us
All your files now belong to usPeter Wood
 
Network Security - Real and Present Dangers
Network Security - Real and Present DangersNetwork Security - Real and Present Dangers
Network Security - Real and Present DangersPeter Wood
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Peter Wood
 
Advanced Threat Protection: Lessons from a Red Team Exercise
Advanced Threat Protection: Lessons from a Red Team ExerciseAdvanced Threat Protection: Lessons from a Red Team Exercise
Advanced Threat Protection: Lessons from a Red Team ExercisePeter Wood
 
Pragmatic Network Security - Avoiding Real-World Vulnerabilities
Pragmatic Network Security - Avoiding Real-World VulnerabilitiesPragmatic Network Security - Avoiding Real-World Vulnerabilities
Pragmatic Network Security - Avoiding Real-World VulnerabilitiesPeter Wood
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineeringPeter Wood
 
Cloud, social networking and BYOD collide!
Cloud, social networking and BYOD collide!Cloud, social networking and BYOD collide!
Cloud, social networking and BYOD collide!Peter Wood
 
Unpatched Systems: An Ethical Hacker's View
Unpatched Systems: An Ethical Hacker's ViewUnpatched Systems: An Ethical Hacker's View
Unpatched Systems: An Ethical Hacker's ViewPeter Wood
 
Prime Targets in Network Infrastructure
Prime Targets in Network InfrastructurePrime Targets in Network Infrastructure
Prime Targets in Network InfrastructurePeter Wood
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsPeter Wood
 
Emerging Threats and Attack Surfaces
Emerging Threats and Attack SurfacesEmerging Threats and Attack Surfaces
Emerging Threats and Attack SurfacesPeter Wood
 
Out of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day ThreatsOut of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day ThreatsPeter Wood
 
Social Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's ViewSocial Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's ViewPeter Wood
 
Top Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesTop Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesPeter Wood
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate ITPeter Wood
 
Security in a Virtualised Environment
Security in a Virtualised EnvironmentSecurity in a Virtualised Environment
Security in a Virtualised EnvironmentPeter Wood
 

Más de Peter Wood (20)

Hacking is easy: understanding your vulnerabilities
Hacking is easy: understanding your vulnerabilitiesHacking is easy: understanding your vulnerabilities
Hacking is easy: understanding your vulnerabilities
 
Network security, seriously?
Network security, seriously?Network security, seriously?
Network security, seriously?
 
Lessons from a Red Team Exercise
Lessons from a Red Team ExerciseLessons from a Red Team Exercise
Lessons from a Red Team Exercise
 
Red teaming in the cloud
Red teaming in the cloudRed teaming in the cloud
Red teaming in the cloud
 
All your files now belong to us
All your files now belong to usAll your files now belong to us
All your files now belong to us
 
Network Security - Real and Present Dangers
Network Security - Real and Present DangersNetwork Security - Real and Present Dangers
Network Security - Real and Present Dangers
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)
 
Advanced Threat Protection: Lessons from a Red Team Exercise
Advanced Threat Protection: Lessons from a Red Team ExerciseAdvanced Threat Protection: Lessons from a Red Team Exercise
Advanced Threat Protection: Lessons from a Red Team Exercise
 
Pragmatic Network Security - Avoiding Real-World Vulnerabilities
Pragmatic Network Security - Avoiding Real-World VulnerabilitiesPragmatic Network Security - Avoiding Real-World Vulnerabilities
Pragmatic Network Security - Avoiding Real-World Vulnerabilities
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineering
 
Cloud, social networking and BYOD collide!
Cloud, social networking and BYOD collide!Cloud, social networking and BYOD collide!
Cloud, social networking and BYOD collide!
 
Unpatched Systems: An Ethical Hacker's View
Unpatched Systems: An Ethical Hacker's ViewUnpatched Systems: An Ethical Hacker's View
Unpatched Systems: An Ethical Hacker's View
 
Prime Targets in Network Infrastructure
Prime Targets in Network InfrastructurePrime Targets in Network Infrastructure
Prime Targets in Network Infrastructure
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
 
Emerging Threats and Attack Surfaces
Emerging Threats and Attack SurfacesEmerging Threats and Attack Surfaces
Emerging Threats and Attack Surfaces
 
Out of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day ThreatsOut of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day Threats
 
Social Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's ViewSocial Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's View
 
Top Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesTop Five Internal Security Vulnerabilities
Top Five Internal Security Vulnerabilities
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate IT
 
Security in a Virtualised Environment
Security in a Virtualised EnvironmentSecurity in a Virtualised Environment
Security in a Virtualised Environment
 

Último

Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleanscorenetworkseo
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 

Último (20)

Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleans
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 

The 2018 Threatscape

  • 1. The 2018 Threatscape Peter Wood Chief Executive Officer First Base Technologies LLP Cyber clairvoyance and divination
  • 2. Founder and CEO - First Base Technologies LLP • Engineer, IT and informationsecurity professional since 1969 • Fellow of the BCS, Chartered IT Professional • CISSP • Member of the Institute of Information Security Professionals • 15 Year+ Member of ISACA, ISACA Security Advisory Group • Senior Member of the InformationSystems Security Association • Founder of white-hats.co.uk • Member of ACM, IEEE, Institute of Directors, Mensa
  • 3. Cyber Resilience Threat and Risk Cyber Awareness Managed Services Penetration Testing Compliance Testing
  • 4. Slide 4 © First Base Technologies 2017 The Threatscape and me: a short history
  • 5. Slide 5 © First Base Technologies 2017 1950’s
  • 6. Slide 6 © First Base Technologies 2017 1970’s
  • 7. Slide 7 © First Base Technologies 2017 1980’s
  • 8. Slide 8 © First Base Technologies 2017 1990’s 1992: Bulgarian virus writer Dark Avenger writes a polymorphic virus to circumvent antivirus pattern recognition 1994: Russian crackers siphon $10 million from Citibank and transfer the money to bank accounts around the world 1994: AOHell allows ‘script kiddies’to wreak havoc on America Online with multi-megabyte email bombs and spam 1995: Hackers attempt to break into Department of Defense computer files 250,000 times - about 65% were successful 1996: Hackers alter the websites of the United States Department of Justice, the CIA and the U.S. Air Force 1996: Canadian hackers Brotherhood break into the Canadian Broadcasting Corporation
  • 9. Slide 9 © First Base Technologies 2017 Let’s jump ahead to today …
  • 10. Slide 10 © First Base Technologies 2017 The perceived attack surface Cisco 2017 AnnualCybersecurity Report
  • 11. Slide 11 © First Base Technologies 2017 Ransomware (user behaviour) 2016 was The Year of Ransomware … and so was 2017 752% increase over 2015 Ransomware families jumped from 29 to 247 TrendLabs 2016 Annual Security Roundup
  • 12. Slide 12 © First Base Technologies 2017 Business Email Compromise (user behaviour) Spoof CxO email requesting payment to fake account Average loss $140,000 Leoni AG lost $44.6m BEC increasing rapidly TrendLabs 2016 Annual Security Roundup
  • 13. Slide 13 © First Base Technologies 2017 Mobile Malware (mobile devices) More than 1.5 million new mobile malware incidents in Q1 2017 Total of more than 16 million incidents 79% of respondents report increased difficulty in securing devices McAfee Labs June 2017 Threat Report
  • 14. Slide 14 © First Base Technologies 2017 The bigger picture …
  • 15. Slide 15 © First Base Technologies 2017 2017 Threat Actors https://www.recordedfuture.com/prioritizing-cyber-threats/
  • 16. Slide 16 © First Base Technologies 2017 2017 Kill Chain What was advanced is now average • Well planned, strategic approach • Automation assisted manual attacks • Social engineering, especially phishing • Sophisticated malware • Clear objectives • Lots of resources
  • 17. Slide 17 © First Base Technologies 2017 There is no silver bullet Known • Predictable • Unknown • Unpredictable • Uncertain • Unexpected
  • 18. Slide 18 © First Base Technologies 2017 People remain vulnerable Finding 1: 3,066 employees clicked on a link in a phishing email, and 2,398 users entered their username and password. Finding 2: An analysis of the compromised passwords from email phishing campaigns revealed single word-based passwords and 72% of passwords being 10 characters or less in length. Threat Assessment: Email phishing is the most prevalent cyber security threat to organisations. Passwords harvested grant the attacker access to external services such as VPNs, OWA and Cloud Services. Impact: Gaining access to these services can provide an attacker with full, undetected, authenticated access to your data.
  • 19. Slide 19 © First Base Technologies 2017 Single-factor authentication may not be your best choice • We cracked 48% of 9,569 passwords • 98% of these passwords were cracked within two hours • The remaining 2% were cracked over the course of one week Passwords remain vulnerable
  • 20. Slide 20 © First Base Technologies 2017 Cyber clairvoyance and divination
  • 21. Slide 21 © First Base Technologies 2017 My crystal ball is broken - sorry
  • 22. Slide 22 © First Base Technologies 2017 But what I suggest is … More of the same (Known and Predictable) Plus a whole bunch of: • Unknown • Unpredictable • Uncertain • Unexpected
  • 23. Slide 23 © First Base Technologies 2017 Gartner says … Take the money you’re spending on prevention and begin to drive it more equitably to detection and response. The truth is that you won’t be able to stop every threat and you need to get over it. A dedicated, well-financed actor who is after something in your enterprise is going to get it, even if they use the weakest link, people, to do so. This means adapting your security setup to focus on detection, response, and remediation. That’s where the cybersecurity fight is today. In the future it will most likely move to prediction of what’s coming before anything happens. Earl Perkins, research vice president, during the Gartner Security & Risk Management Summit2017 https://www.gartner.com/smarterwithgartner/5-trends-in-cybersecurity-for-2017-and-2018/
  • 24. Slide 24 © First Base Technologies 2017 The ISF view on cyber resilience ISF Cyber Security Strategies: Achieving cyber resilience, November 2011
  • 25. Slide 25 © First Base Technologies 2017 The Cyber Resilience Manifesto To withstand negative impacts due to known, predictable, unknown, unpredictable, uncertain and unexpected threats from activities in cyberspace Minimise the cost of controls, responses and other cyber resilience activities, relative to the spend needed to minimise the cost of negative impacts from activities in cyberspace Cyber security is a key element of being resilient, but you must recognise that it goes far beyond just technical measures, embracing people, processes, and technology
  • 26. Slide 26 © First Base Technologies 2017 Key Focus • Recognise that you must prepare now to deal with severe impacts from cyber threats that cannot be predicted or prevented • Invest in very high levels of partnering and collaboration, including external collaboration (with ISPs, intelligence agencies, industry groups, security analysts, customers and supply chains), and internal collaboration throughout the organisation • Develop the agility to prevent, detect and respond quickly and effectively, not just to incidents, but also to the consequences of the incidents
  • 27. Slide 27 © First Base Technologies 2017 Five pillars of Cyber Resilience Prepare / Identify Protect Detect Respond Recover Known • Predictable • Unknown • Unpredictable • Uncertain • Unexpected • Known • Predictable • Known • Predictable • Uncertain • Unexpected • Known • Predictable • Unknown? • Unpredictable? • Uncertain • Unexpected • Known • Predictable • Unknown • Unpredictable • Uncertain • Unexpected
  • 28. Slide 28 © First Base Technologies 2017 Prepare / Identify To successfully face and overcome an attack, you must thoroughly understand your organisation’s security and risk posture This means painstakingly identifying your vital information, conducting an assessment that includes all known security vulnerabilities, and establishing a baseline which you will compare with your peers Prepare / Identify Protect Detect Respond Recover
  • 29. Slide 29 © First Base Technologies 2017 Protect The second pillar is about implementing safeguards to limit or contain the impact of an attack or breach Your goal is to protect your infrastructure and data from malicious attack and accidental exposure All three areas - people, processes, and technology - are important to your protection Prepare / Identify Protect Detect Respond Recover
  • 30. Slide 30 © First Base Technologies 2017 Detect The Detect pillar focuses on developing activities to rapidly identify an attack or a breach, assess the systems that may be affected, and ensure a timely response To effectively minimise any damage, you must have the necessary detection and response policies, processes, and technologies in place Prepare / Identify Protect Detect Respond Recover
  • 31. Slide 31 © First Base Technologies 2017 Respond The Respond pillar addresses activities that accelerate remediation and contain the impact of an attack once detected Whilst there are many solutions and services available to help, much of what is needed involves people and processes internal to your business Prepare / Identify Protect Detect Respond Recover
  • 32. Slide 32 © First Base Technologies 2017 Recover This stage involves developing systems and plans to restore data and services after an attack Even if you respond quickly to a cyber breach, there may be consequences for people, processes and systems. An effective recovery depends on a clear and thorough recovery plan. Prepare / Identify Protect Detect Respond Recover
  • 33. Slide 33 © First Base Technologies 2017 Invest in your human firewall • Train your staff to recognise social engineering attacks • Explain the why and how of passphrases • Invest in continual awareness campaigns • Use every medium available to spread the word Priority: Enable your best defence
  • 34. peter@firstbase.co.uk http://firstbase.co.uk twitter: @FBTechies More information? Peter Wood Chief Executive Officer First Base Technologies LLP

Notas del editor

  1. Using ransomware criminals reportedly managed to rake in $1 billion in 2016. This is the result of many affected enterprises choosing to pay their attacker to have their data and assets decrypted even though they are advised against this. A recent example of ransomware is the WannaCry that famously affected our NHS
  2. Business email compromise is currently a huge threat where an attacker will send an email from the CEO’s address to the CFO saying that they need to send a payment to a fake company the hacker has set up. BEC attacks are responsible for causing an average of US$140,000 in losses for companies worldwide. Leoni AG, the fourth largest wire and cable manufacturer in the world, became a victim of a BEC attack when its Chief Financial Officer (CFO) was tricked into transferring about US$44.6 million to a foreign account. Scammers also swindled approximately US$330,000 from the local council of Brisbane in Australia after they posed as one of the council’s suppliers. SS&C Technology also lost US$6 million to a BEC scam that forced the company to temporarily take its operations offline.