Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Human factor in CyberSecurity
how to minimize it and save the money
Dmytro Petrashchuk
Chief Technology Officer
About Ukraine
Location: Eastern Europe
Capital: Kyiv (3 million people)
Timezone: UTC +2
Population: 45 million
Workforce: 22 million
1000+ IT Companies100+ R&D Centers2000+ Startups
Land of CyberSecurity Talents
http://www.sicherheitstacho.eu/
http://www.uadn.net/files/ua_hightech.pdf
Ukrainian wages and rates
https://en.wikipedia.org/wiki/List_of_European_countries_by_average_wage#Map
https://yalantis.com/blog/cost-services-europe-market-research/
BlackEnergy Attack
BlackEnergy is a well-known cybercrime toolkit
that has been in use since 2007, but in summer
2015, as tensions rose between Russia and
Ukraine, a new version of the malware was
detected being used by a mysterious group of
hackers targeting Ukrainian government officials
to harvest information.
BlackEnergy trojan, together with an SSH backdoor and
the destructive KillDisk component, which were all
detected in several electricity distribution companies in
Ukraine, are a dangerous set of malicious tools
theoretically capable of giving attackers remote access to
a company’s network, shutting down critical systems and,
by wiping their data, making it harder to get them up and
running again.
http://www.ibtimes.co.uk/reporters/david-gilbert
http://www.welivesecurity.com/2016/01/11/blackenergy-and-the-ukrainian-power-outage-what-we-really-know/
About BMS Consulting
15 years in cybersecurity
60 vendors
500 successful projects
150 professionals
70M+ annual turnover
Managed Security Services
Security Solutions Deployment
Penetration tests
Application Security
AntiDDoS & APT protection
PCI DSS Compliance
ISO 27001:2013
Facts about CyberSecurity
We have to be ready for attack 24x7x365
Former experience is hardly applicable for current landscape
87% EU companies were attacked last year
InfoSec budgets grow up 25% per year
More than 50% companies have implemented cybersecurity controls
Average time-to-compromise
30 min
Average time-to-detect
8 months
Factors that influence
• Globalization• IoT• Industry 4.0• Clouds• Mobility
Verizon DBIR
CyberSecurity Process in ideal world
Asset inventory and documentation
Information Risk analysis
Security Controls design and planning
Security Controls implementation
Policies, Procedures and Workflows
Information Security Awareness
Security Improvement and Optimization
How it works in real world
What CyberSecurity Professionals should do and usually do
Expected Reality
Detect attacks and misuse
Educate users
Define policies
Manage incidents
Evaluate controls
Minimize risks
Establish compliance
Write papers
Hate users
Fight to IT
Protect budget
Hide faults
Buy something
Outsource Security to External
Security Operations Center
+ Professional support
Wide range of services Vulnerabilities, Incidents, Pentests,
Controls Management, Forensics
24x7
SLA
Difficult to manage
Expensive
Jurisdiction issues
Data protection issues
We offer
Professional Managed
CyberSecurity Services:
Security Intelligence
Incident Management
Vulnerability Assessment
Security Controls Support
Penetration testing
PCI DSS/ISO27001 Certification
IT Forensics
Virtual Security Operation Center
24x7x365 support
Online portal, tools and services
Multilingual staff (incl. German)
Robust and customizable SLA
Data encryption and multitenancy
EU based Datacenter
Affordable rates and prices
1 month free trial
Architecture
Dedicated Team of Experts
Private Cloudcybersecurity tools and data
Customer
Operators
Multi-tenant Management Platform
Managed Security Appliance
BMS
Consulting
Team
Services
Web-services
Network perimeter
Corporate Network
Cloud Infrastructure
Diagnostics
Vulnerability scan
Remediation consulting
Check-up scan
Surveillance
Weekly diagnostic
Remediation plan and management
Cybersecurity Incident Forensics
Guard
Full surveillance
Security monitoring 24х7
Dedicated CyberSecurityexpert support during attacks and incidents
Vulnerability scan
Vulnerability management
Security Incident Management
Objects
Standardized Services
Just TRY
Mention keyword “CeBIT Discount”
in request form and get 10% discount
mssp.bms-consulting.com