Justin Stanford

CEO, 4D Innovations Group

Who am I?

• 26, entrepreneur and investor• Founder, advisor, CEO, director, investor to

various companies• First business at 13, selling juice• Was always interested in business and

technology• Left school to enter the business world at 17• Current project: 4Di Capital

Who am I?

• Interested in the security space from 15• Became a hacker• Appeared on 3rd Degree• Noticed clear trends which led me into the

security industry

Companies

• First two startup attempts were in security• Am today involved in two:

Key Trend in my Lifetime

• The technologisation of EVERYTHING

The technologisation of EVERYTHING

• Communications (E-mail, IM, VoIP, SMS)• Personal & social life (Facebook, Twitter)• Banking (Internet banking)• Taxes (SARS E-Filing)• Information (World Wide Web)• Business & Shopping (E-commerce)• Workplace (Remote VPN, mobile devices, video conferencing)• Travel (e-Ticketing, Accomodation, Rentals)• Entertainment (YouTube, Flickr, Online gaming, Virtual worlds, iTunes, MP3s)• Navigation (GPS)• Reading (eBooks, Kindle, Web)• Writing (Word, Powerpoint, Excel)• Filing (Digital storage, DMS, Dropbox)• Access control (Biometrics, keypads, 2FA)

Conclusion

• Our entire lives are technologised and online

• Security is one of the singularly most important technological considerations for today and the future!

• Probably not a bad business to be in then…

Security Industry

• Interesting thing about the security business: it’s pretty recession resilient!

Main security focus historically

• Infrastructure centric, perimeter defended networks

• Attackers wanted to own your COMPUTERS– Viruses, worms, trojans, exploits– Useful for bot nets, DDoS, sending spam, attacking

other networks, stealing data, covering up hacks, trafficking in warez

• Attackers soon became very sophisticated, organised and financially driven

Main security focus historically

Internet

Servers & workstations

Internal apps & services

Servers & workstations

Internal apps & services

New shift

• Shift away from monolithic interconnected networks with fixed perimeters to distributed devices accessing distributed services from anywhere at anytime

• Security is now a scattered problem: You have to defend your networks, various distributed devices, various distributed services, and rely on cloud networks to do their job

• Human element now more crucial than ever

Internet

New shift

• Attackers want to own your DEVICES

• But even more so, attackers want to own your IDENTITY

• Why?

The technologisation of EVERYTHING

• Communications (E-mail, IM, VoIP, SMS)• Personal & social life (Facebook, Twitter)• Banking (Internet banking)• Taxes (SARS E-Filing)• Information (World Wide Web)• Business & Shopping (E-commerce)• Workplace (Remote VPN, mobile devices, video conferencing)• Travel (e-Ticketing, Accomodation, Rentals)• Entertainment (YouTube, Flickr, Online gaming, Virtual worlds, iTunes, MP3s)• Navigation (GPS)• Reading (eBooks, Kindle, Web)• Writing (Word, Powerpoint, Excel)• Filing (Digital storage, DMS, Dropbox)• Access control (Biometrics, keypads, 2FA)

Devices and identity

• Countless possible endpoint leakages: Laptops, smart phones, cloud email accounts, cloud CRM, cloud hosted files, etc

• Identity allows access to EVERYTHING• Scary: majority of modern day identity is

protected with a username and a password• One of the biggest new commodities in the

modern day world: TRUST• Important for individuals, companies, brands

Methods

Primary attack & risk vectors today– E-mail

• Phishing e-mails, highly effective at identity theft• Attachments to install malware, bots, key loggers, etc• Take advantage of hot topics or play on concerns

– Web• Phishing sites, fake sites• Embedded malware• Search engine / SEO attacks• Man in the browser, man in the middle

– Social engineering• Convince consumers or company staff, happening a lot!

– Loss or theft of devices

Careful what you trust! Don’t believe what you see.

More trends

• Apple Macs– It’s not coming, it’s here already!

• Smart phones and tablet devices– We do a lot on these already!– 2009 saw 4 iPhone exploits in a few weeks!

• Compromise of one account compromising many– Saving of user details

• Greater use of search engines and social media to spread malware, spam, phishing and create fake presences to capitalise on trust

• Rogue security software• Bot net turf wars and increasingly intelligent malware

Thank you!

• Questions?