Trends in CybersecurityWHAT HISTORY TEACHES AND WHERE THE FUTURE WILL LEAD US

JASON INGALLS MAY 22, 2017FOUNDER, CEOINGALLS INFORMATION SECURITY IINFOSEC.COM

Cybersecurity: Protecting DataData Communication, Storage, Processing We use data to make decisions

We make decisions faster when we have trustworthy access to secure data and communications

We eventually automate decisions and actions that have known outcomes

We are doing this more and more with more important things: Weapon Systems

Public Transportation

Healthcare

Cybersecurity Objectives

In order to protect data, communication and automation, we must meet three major objectives: Confidentiality: We must trust the

system to respect privileged access

Integrity: We trust the system to do what it was designed to do

Availability: We trust the system to be there when we need it

Evolution OfHacker Culture

1980’s: Phreakers& Hackers

1990’s: Hackers& Script Kiddies

2000’s: Script Kiddies & Organized Crime

2010’s: Hacktivists & Advanced Persistent Threats

Troubling Implications The Cybercrime Growth Curve

Source: 2016 Verizon Data Breach & Incident Response Report

Problem #1: Not Enough Talent

360,000 Open cybersecurity jobs in U.S. as of August, 2016

1,000,000 Job Openings Worldwide

Not enough current college programs to close the gap

Problem #2: Too Much Data

Cybersecurity tools can collect up to 10 billion bits per second (10 Gbps)

Fills up a 4 Terabyte drive in less than an hour

Most of this data is useless Investigating an attack in all this

data becomes very difficult Data is being created on an

exponential scale

Working Towards The Future

Long term solution: get kids interested in cybersecurity, produce workforce

Mid-term solution: Create better cybersecurity tools

Immediate solution: Encourage everyone to practice good cybersecurity in personal and professional lives

If you and your friends are being chasedby a bear, you don’t have to be thefastest, you just can’t be the slowest.

That’s cybersecurity today.

The Future: Sharing Threats and Creating Risk Pools Information Sharing and Analysis

Organizations (ISAOs): Standards-based organizations that

provides membership with help on cyber

Formerly known as ISACs, now with Federal guidance

Can be co-op, private, or non-profit Allows for risk-based analysis and

decisions on larger data sets

The Future: Trusted Security Protects Our Privacy Security is required for assured privacy

It must be trusted It must be transparent where possible

Anything you put on the Internet never goes away What about right to be forgotten? Audit requirements ensure privacy

Companies will be forced to bargain beyond free services for user data As soon as people remember their most

valuable possession is their identity and privacy

“There goes John again…”

The Far Horizon: Artificial Intelligence

Which One?

In a recent poll, computer scientists were asked if we could expect General Artificial Intelligence by 2050.

Most said yes.Next question: