It’s Not Sexy Being Over-Exposed

Tim Burnett

Tim BurnettCyber Security Architecture & Design Manager

Atos Big Data & Security

It’s Not Sexy Being Over-Exposed

www.linkedin.com/tpburnett

@tritim

UK Cybercrime Soars 20% in Two Years

Information Security Magazine, 25 Feb 2016

Hackers behind Ukraine power cuts,

says US reportBBC News, 26 Feb 2016

Cybercrime in the News

Baidu apps found to be 'leaking' personal

dataBBC News, 26 Feb 2016Cybercrime Looms As

Biggest ‘Disruptive Threat’ To Finance

MarketsForbes, 25 Feb 2016

Los Angeles hospital returns to faxes and paper charts after

cyberattackGuardian, 16 Feb 2016

Nissan suspends Leaf app after electric car

hackedTelegraph, 25 Feb 2016

UK businesses battling huge rise

in cybercrimeGuardian, 25 Feb 2016

Some stat’s…

98%of tested web

app’s are vulnerable to

attack

93%of DPA breaches

are caused by human error

144%increase in successful

cyber attacks on businesses

Source: ITGovernance.co.uk, June 2015

90%of large

organisations reported suffering a

security breach

61%of organisations say

data theft and cybercrime

are the greatest threatsto their reputation

70%of security execs

are concerned about cloud and mobile

security

16Mmobile devices are

now affected bymobile malware

A few more…

Source: NTT Com Security, Feb 2016

65%of businesses

expect to suffer an Information

Security Breach

75%of directors are not

involved in the review of cyber security risks

and yet…

Script Kiddie

Cyber Threat Landscape

Malicious Insider

Hacktivism

Organised Cybercrime

Cyber Terrorism State Sponsored

Office Hours?

…extremely large data sets that may be analysed computationally to reveal patterns,

trends, and associations, especially relating to human behaviour and interactions

…data sets with sizes beyond the ability of commonly used software tools to capture, curate, manage, and process data within a

tolerable elapsed time

…any voluminous amount of structured, semi-structured and unstructured data that has the

potential to be mined for information

BI / Analytics – “Big Data”Definition

:

Today’s corporate network

Today’s corporate network

What to do with all this data?

Image: Google

Privacy

Insight Systems• Billions of connected

“things”• Exabytes (1018 bytes) of

data• Prescriptive analysis• Autonomous systems

Determine the future• Artificial

intelligence?

Beyond Big Data?

Big Data •millions of customers•petabytes (1015 bytes) of data•predictive analytics

Predict the future• based on what we

know now

Automated trading…

Haven’t we seen this before,

somewhere?

Cloud

“Somebody else’s computer”– Graham Cluley, 2013

Cloud

Mobile businessMobile workforce

Mobile

Easy to change cloud providers Data cleanse?

Mobile business

Mobile users

Mobile users

“FREE”

Is it a tablet or a ‘phone?

Source: bbc.co.uk/news, 22 Feb 2016

…or is it a PC?

Digital is much more than just technology and software.

For any organization, becoming truly digital requires a different mindset and increased flexibility.

It requires a redefinition of corporate structures, bodies and roles and use of new technologies to make innovation happen in the 4 core domains.

Customer Experience

Trust & Compliance

Operational Excellence

Business Reinvention

Digital Transformation

Every new aspect of ‘connectivity’ or

‘integration’ widens the Attack Surface

Challenges

Your data

Challenges

Your data Your Customers’ data

Infrastructure & Data Centre

“Re-perimeterisation”

Enterprise Resource Planning / Customer Relationship Management

Supply Chain Vulnerabilities

Industry Specific Applications

Networking / Voice / Data Communications

CryptoLocker

CryptoLocker

Solutions?

“First, I do not think there is any silver bullet to solving the technology side of the security equation.”

John W. Thompson

Risk

Questions to ask…

Do the basics well

Understand the RISK know where your “crown jewels” really are

Use up-to-date software; patch regularly Know where your perimeters are Educate users Secure the Information

Emerging Approaches to Security

Evolution of Security

Today Tomorrow Perimeter is now porous Simple monitoring is insufficient Can’t afford to watch business burn

Protect the data Faster, broader monitoring & analysis Threat intelligence Cyber skills and automation

…

www.linkedin.com/tpburnett @tritim

Do the Basics

Understand the Risk

Protect your Data