Upload
informa-australia
View
270
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Presented by Informa and Ovum. Opportunities and threats for Telcos taking them beyond 2020. For more information on the event please visit: http://bit.ly/1AKUIwe
Citation preview
BT Security
Mark Hughes, President BT Security
Securing enterprise ICT
2 BT Security
3 BT Security
Securing your organisa:on and data
4 BT Security
Shellshock interna:onal media coverage
Shellshock bug in bash could spawn worm
Shellshock, which was discovered on 24th September 2014, has been described as the “worst ever computer bug” and as the bug that could poten:ally cause the “internet meltdown”
Why Shellshock is bad news for the Internet of things
Security experts expect ‘Shellshock’ software bug in bash to be significant
Shellshock, the major security flaw discovered “almost by accident” by French
Shellshock: The latest security superbug explained
Shellshock draws hacker aAacks, sparks race to patch bug
Cyber-‐aAack alert as Shellshock bug scores top danger raCng
Hackers exploit ‘Shellshock’ bug with worms in early aAacks
5 BT Security
… to tackle issues like the Heartbleed bug
On Monday 7th April, BT was alerted to the Heartbleed global vulnerability in OpenSSL
Some of your security colleagues described it as: “Like someone had set the internet on fire.”
Heartbleed hacks hit Mumsnet and Canada's tax agency
Heartbleed bug poses the biggest threat to your bank security yet by allowing hackers to snatch credit card details online Panic on web as Heartbleed bug
leaves millions of users vulnerable Major bug called Heartbleed exposes internet data
Programming ‘accident’ caused Heartbleed bug 50 million Android phones may be affected
Heartbleed Bug: Public urged to change ALL passwords over major computer security flaw
Big tech companies offer millions to help with Heartbleed crisis
6 BT Security
Growing complexity
OrganisaCons face increasing challenges in bolstering their defences as this depends on being able to:
1 Integrate security solu:ons
2 Assemble and exploit the full poten:al
3 Tailor solu:ons to secure and protect
What our customers are telling us about their security challenges…
30%
24% 16%
17%
13% Not enough IT staff
Lack of integration between solutions
Complexity of security solutions
Too many point solutions to manage
Lack of IT expertise
Budget constraints and skill shortages
7 BT Security
Top 10 Ques:ons when assessing Corporate Cyber Risk
1. Do you know how much a cyber event would cost your org? And workings.
2. What is the most important infrastructure/informa:on/assets and why?
3. What are you most cri:cal Applica:ons and what do you do to test and check
the Development?
4. What are you monitoring proac:vely, how do you baseline normal and what do
you do when you pick up an anomaly?
5. What links do you have with other Security/Government type organisa:ons do
you have? And who are they?
6. What are you geXng your network provider to do? What DDoS Protec:on do
you have in place?
7. Do you know, audit and control what access you Partners and Third Par:es have
to your Cri:cal Data
8. What veXng or legal recourse do you have with your partnership contracts
9. Do all of your privileged users know the value (and risk) of the data asset they
are charged with
10. How big a part does employee behaviours play in your Cyber Defence strategy
8 BT Security BT Security 8
Cyber defence opera:ons in BT
Apply a risk-‐based approach
Invest in tools
Build on heritage and organise for success
Invest in behaviours
Invest in people and skills
Consolidate detect and response skills
Understand our cri:cal assets
Increase security reduce impact and cost
9 BT Security BT Security 9
• Agile fusion of informa:on feeds from mul:ple sources
• Ar:ficial intelligence based knowledge management and interac:ve visualisa:on
• Interac:ve human/machine data analysis for iden:fying pa`erns or links
• Enabling automa:c no:fica:on of: – Failures – Anomalies – Poten:al threats – A`acks.
Assure Analy:cs
Scru:nising the unthinkable so our customers don’t have to
The future of a`acks
• Likely to increase with more sophis:cated methods used to defeat advancing defences
• Mo:ves changing from hackers gaining bragging rights to making money, consequently the complexity of coordinated a`acks is rising making it more difficult to track, trace and mi:gate
• Increase in Social media and “Apps” as a method of a`ack
• Use of trusted technology e.g. SMS or Voice mail to trick users into Phishing sites
• Accessing personal informa:on to damage reputa:ons or facilitate fraud
• Targe:ng mobile devices and unsecured guest wireless networks to infiltrate and perpetrate a`acks
• SCADA probing and explora:on of control system a`acks – terrorism
• Con:nued DDoS and increases in Intellectual Property Loss.
11 BT Security BT Security 11
BT’s learning
• Cyber is an evoluCon of tradi:onal risks • Tradi:onal risks are no less important
• This is an arms race – constant evoluCon is needed
• The long game – do you know what normal looks like?
• You have to understand and value your assets and the business risk appe:te if you are to protect them
• Horizon Scanning – use of tools to change data into intelligence • Apply business context to allow focused defences – people make the difference
• Sharing InformaCon is vital to maintain an equal foo:ng with adversaries.
12 BT Security
Security is as much as art as a science