Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
2 | © 2017, Palo Alto Networks. Confidential and Proprietary.
Security To Do List
Sean DucaVice President, Regional Chief Security Officer Asia Pacific
3 | © 2015, Palo Alto Networks. Confidential and Proprietary.
THE ECONOMICS OF CYBER ATTACKS
4 | © 2017, Palo Alto Networks. Confidential and Proprietary.
THE ECONOMICS OF CYBERATTACKS
Economics Favor Attackers Failure of Status Quo
PREDICTIONS FOR 2017
5 | © 2017, Palo Alto Networks. Confidential and Proprietary.
CHECKLIST FOR SUCCESS
10 | © 2017, Palo Alto Networks. Confidential and Proprietary.
YOUR CHECKLIST FOR SUCCESS: - WHO, WHAT, WHERE, WHEN & HOW
• Where is all our sensitive data?
• Many organisations struggle to answer this question and that leads to misappropriation of resources in the form of security controls being used broadly across the entire organisation, resulting in increased cost to acquire and utilize.
• Risk and cost reduction necessitates knowing where sensitive data resides and strategically applying the appreciate controls.
11 | © 2017, Palo Alto Networks. Confidential and Proprietary.
• Who amongst our employees has access to our sensitive data?
• Simply knowing who has access to a document or file server stops short of understanding what they have access to.
12 | © 2017, Palo Alto Networks. Confidential and Proprietary.
YOUR CHECKLIST FOR SUCCESS: - WHO, WHAT, WHERE, WHEN & HOW
• What is the nature of the information that makes it sensitive?
• Are we protecting the information that is of most value to us or are we only covering the basics of PII or other regulatory mandated data types?
• Successful CISOs will include company-confidential, proprietary trade secrets and intellectual property as part of their security strategy.
13 | © 2017, Palo Alto Networks. Confidential and Proprietary.
YOUR CHECKLIST FOR SUCCESS: - WHO, WHAT, WHERE, WHEN & HOW
• When has the sensitive data most recently been audited for obsolescence, necessity, access control, and governance (ownership)?
• Not all information needs to be kept indefinitely, and for information that does, are we auditing its use and access? Shrinking the sensitive data footprint of an organisation can reduce cost.
14 | © 2017, Palo Alto Networks. Confidential and Proprietary.
YOUR CHECKLIST FOR SUCCESS: - WHO, WHAT, WHERE, WHEN & HOW
• How likely is it to be leaked, if we were hacked?
• Measuring the risk associated with keeping sensitive data will propel successful CISOs by allowing them to implement technologies and processes that will both reduce the risk and reduce the cost associated with protecting sensitive data.
15 | © 2017 Palo Alto Networks. Confidential and Proprietary.
YOUR CHECKLIST FOR SUCCESS: - WHO, WHAT, WHERE, WHEN & HOW
UNDERSTANDING THE ATTACKER
16 | © 2017, Palo Alto Networks. Confidential and Proprietary.
THE ACTORS MOTIVATION
17 | © 2017 Palo Alto Networks. Confidential and Proprietary.
Espionage
Insider Threat
Cyber Crime
Cyber Warfare
Cyber Terrorism
Cyber Mischief
Cyber Hacktivism
WHAT IS TOLERATED BY THE BUSINESS ?
18 | © 2017, Palo Alto Networks. Confidential and Proprietary.
Remote Unlikely Possible Likely Almost Certarin
Likelihood
Very Low
Low
Significant
Serious
Material
Imp
act
HOW MANY PEOPLE WILL SOLVE THE PROBLEM ?
19 | © 2017, Palo Alto Networks. Confidential and Proprietary.
EXECUTING ON PREVENTION MATTERS
20 | © 2017, Palo Alto Networks. Confidential and Proprietary.
COMBINING PUROPOSE-BUILT METHODS TO PREVENT
21 | © 2017, Palo Alto Networks. Confidential and Proprietary.
Collision
Avoidance
System
Safety Glass
Traction Control
System
Side Impact Bars
Airbags
Crumple
Zone
PREVENTING ATTACKS
22
Automatically turn unknown threats to knownAutomation must be used in order to get leverage
FLIPPING THE ECONOMICS OF CYBER ATTACKS
23 | © 2017, Palo Alto Networks. Confidential and Proprietary.
Flip the Economics
NUMBER OF
SUCCESSFUL
ATTACKS
COST OF
LAUNCHING
A SUCCESSFUL
ATTACK
Secure Enterprise