Justin Stanford
CEO, 4D Innovations Group
Who am I?
• 26, entrepreneur and investor• Founder, advisor, CEO, director, investor to
various companies• First business at 13, selling juice• Was always interested in business and
technology• Left school to enter the business world at 17• Current project: 4Di Capital
Who am I?
• Interested in the security space from 15• Became a hacker• Appeared on 3rd Degree• Noticed clear trends which led me into the
security industry
Companies
• First two startup attempts were in security• Am today involved in two:
Key Trend in my Lifetime
• The technologisation of EVERYTHING
The technologisation of EVERYTHING
• Communications (E-mail, IM, VoIP, SMS)• Personal & social life (Facebook, Twitter)• Banking (Internet banking)• Taxes (SARS E-Filing)• Information (World Wide Web)• Business & Shopping (E-commerce)• Workplace (Remote VPN, mobile devices, video conferencing)• Travel (e-Ticketing, Accomodation, Rentals)• Entertainment (YouTube, Flickr, Online gaming, Virtual worlds, iTunes, MP3s)• Navigation (GPS)• Reading (eBooks, Kindle, Web)• Writing (Word, Powerpoint, Excel)• Filing (Digital storage, DMS, Dropbox)• Access control (Biometrics, keypads, 2FA)
Conclusion
• Our entire lives are technologised and online
• Security is one of the singularly most important technological considerations for today and the future!
• Probably not a bad business to be in then…
Security Industry
• Interesting thing about the security business: it’s pretty recession resilient!
Main security focus historically
• Infrastructure centric, perimeter defended networks
• Attackers wanted to own your COMPUTERS– Viruses, worms, trojans, exploits– Useful for bot nets, DDoS, sending spam, attacking
other networks, stealing data, covering up hacks, trafficking in warez
• Attackers soon became very sophisticated, organised and financially driven
Main security focus historically
Internet
Servers & workstations
Internal apps & services
Servers & workstations
Internal apps & services
New shift
• Shift away from monolithic interconnected networks with fixed perimeters to distributed devices accessing distributed services from anywhere at anytime
• Security is now a scattered problem: You have to defend your networks, various distributed devices, various distributed services, and rely on cloud networks to do their job
• Human element now more crucial than ever
Internet
New shift
• Attackers want to own your DEVICES
• But even more so, attackers want to own your IDENTITY
• Why?
The technologisation of EVERYTHING
• Communications (E-mail, IM, VoIP, SMS)• Personal & social life (Facebook, Twitter)• Banking (Internet banking)• Taxes (SARS E-Filing)• Information (World Wide Web)• Business & Shopping (E-commerce)• Workplace (Remote VPN, mobile devices, video conferencing)• Travel (e-Ticketing, Accomodation, Rentals)• Entertainment (YouTube, Flickr, Online gaming, Virtual worlds, iTunes, MP3s)• Navigation (GPS)• Reading (eBooks, Kindle, Web)• Writing (Word, Powerpoint, Excel)• Filing (Digital storage, DMS, Dropbox)• Access control (Biometrics, keypads, 2FA)
Devices and identity
• Countless possible endpoint leakages: Laptops, smart phones, cloud email accounts, cloud CRM, cloud hosted files, etc
• Identity allows access to EVERYTHING• Scary: majority of modern day identity is
protected with a username and a password• One of the biggest new commodities in the
modern day world: TRUST• Important for individuals, companies, brands
Methods
Primary attack & risk vectors today– E-mail
• Phishing e-mails, highly effective at identity theft• Attachments to install malware, bots, key loggers, etc• Take advantage of hot topics or play on concerns
– Web• Phishing sites, fake sites• Embedded malware• Search engine / SEO attacks• Man in the browser, man in the middle
– Social engineering• Convince consumers or company staff, happening a lot!
– Loss or theft of devices
Careful what you trust! Don’t believe what you see.
More trends
• Apple Macs– It’s not coming, it’s here already!
• Smart phones and tablet devices– We do a lot on these already!– 2009 saw 4 iPhone exploits in a few weeks!
• Compromise of one account compromising many– Saving of user details
• Greater use of search engines and social media to spread malware, spam, phishing and create fake presences to capitalise on trust
• Rogue security software• Bot net turf wars and increasingly intelligent malware
Thank you!
• Questions?