Thales Cyber Assurance Webinar Your first step to Cyber Security

Transcription

1 Thales Cyber Assurance Webinar Your first step to Cyber Security 10 February 2012 Ross Parsell/Edward Wolton 2012 Thales UK Ltd.

2 2 / Edward Wolton Edward has been working in what is now called Cyber Security for fifteen years and has watched the information security industry slowly evolve over that time to focus on business outputs rather than technology for technology s sake. Previously CISO for Accenture at QinetiQ and head of Accenture s UK Government Security consulting team, Edward has run his own consulting business and was until recently an Information Assurance strategy consultant to HMG. In his lighter moments, Edward was also responsible for the growth of the Young Professionals Group within the British Computer Society and having recently been elected Liveryman of the City of London he remains an advocate for promoting young people and skills and looks forward to retiring on their success in the future. Edward is now Thales Head of Cyber Security and represents the company with the Cyber Virtual Task Force, a cross-industry information-sharing collaboration.

3 3 / Ross Parsell Ross Parsell is the Key Account Director for Government and Commercial for Thales UK s Security and C4I areas. Ross has recently changed roles having been the Managing Director for the EMEA region and Chief Operating Officer for the e-security activities globally within Thales. Ross has recently been working with the Cabinet Office covering the Cyber Strategy for the UK contributing a broad experience covering sectors such as Banking and Finance, Enterprise and High Grade cryptographic security. Ross is from an Engineering background. He joined Thales from Ultra Electronics Datel where he was Managing Director. During this period he delivered many large projects including the avionics software programme for Tornado, new contracts with Boeing on the 787, the PC21 new trainer aircraft mission system for Pilatus, secure networks for the UK MOD and secure e- business solutions. Prior to this, Ross held the positions of Business Unit Director, Sales/Business Development Director and Manager of Staff Contracting in the Datel Division of the Ultra Electronics Group. Ross has also had previous experience with SME companies supplying fibre optic solutions to the Highways agency and London Underground for the transmission of CCTV images and control. Ross started his career working on Security products and services as an engineer through to sales support. Ross holds a Bachelor Degree in Metals and Materials Technology from Manchester University and is a Chartered Director of the Institute of Directors. Ross has also served with the Territorial Army with the Royal Signals achieving the rank of Major.

4 4 / Example interview with a Chief Executive So you think you know about Cyber Security?

5 5 / You might think 1. Security is about secrets

6 6 / You might think 1. Security is about secrets 2. Security costs too much

7 7 / You might think 1. Security is about secrets 2. Security costs too much 3. Security is 'fit and forget'

8 8 / You might think 1. Security is about secrets 2. Security costs too much 3. Security is 'fit and forget' 4. You can buy "security in a box"

9 9 / You might think 1. Security is about secrets 2. Security costs too much 3. Security is 'fit and forget' 4. You can buy "security in a box" 5. Patching is all you need to do to protect a system

10 10 / You might think 1. Security is about secrets 2. Security costs too much 3. Security is 'fit and forget' 4. You can buy "security in a box" 5. Patching is all you need to do to protect a system 6. Cyber is about electronic security solutions

11 11 / You might think 1. Security is about secrets 2. Security costs too much 3. Security is 'fit and forget' 4. You can buy "security in a box" 5. Patching is all you need to do to protect a system 6. Cyber is about electronic security solutions 7. Cyber security is a one-off project

12 12 / You might think 1. Security is about secrets 2. Security costs too much 3. Security is 'fit and forget' 4. You can buy "security in a box" 5. Patching is all you need to do to protect a system 6. Cyber is about electronic security solutions 7. Cyber security is a one-off project 8. I have anti-virus and a firewall installed, so my network/computer is safe

13 13 / You might think 1. Security is about secrets 2. Security costs too much 3. Security is 'fit and forget' 4. You can buy "security in a box" 5. Patching is all you need to do to protect a system 6. Cyber is about electronic security solutions 7. Cyber security is a one-off project 8. I have anti-virus and a firewall installed, so my network/ computer is safe 9. External threats are the priority

14 14 / Cyber Risk means different things to Apr. 2011, PSN Hacking G O V E R N M E N T S

15 15 / Cyber Risk means different things to C O M P A N I E S May 2011, RSA Advanced Persistent Threat Apr. 2011, PSN Hacking

16 16 / Cyber Risk means different things to Social engineering Credit card cloning Identity theft Y O U & M E

17 17 / Exponential rise in attacks Cyber-attacks on UK at disturbing levels, warns GCHQ chief. 'Exponential rise' in attacks on departments, industry and public reveal global cyber crime marketplace: I can attest to attempts to steal British ideas and designs in the IT, technology, defence, engineering and energy sectors, as well as other industries to gain commercial advantage or to profit from secret knowledge of contractual arrangements." Iain Lobban, Director GCHQ, 31 Oct 2011

18 18 / Cyber Security for Companies The impact of a cyber attack may be devastating upon a company. Examples of corporate risk include: u Loss of productivity through cyber attack on IT Indicative: 1 week for 5000-head 75/hr = 15m u Revenue decline through loss of intellectual property Loss of market share due to competition getting to market quicker/better/cheaper Loss of market entry following hacked bid win price u Reputation loss through not taking appropriate mitigating actions Brand devaluation resulting in loss of customer trust; fall in share price Regulator/legislative fines Results in exclusion to tender for new contracts Good Cyber Security through management of evolving threats can prevent significant loss of revenue / reputation and increase competitive advantage.

19 19 / How do cyber attacks happen? The architecture of Cyber Attacks: u u Through Corporate IT systems Through employees home IT and social network sites exploiting technical, human and physical vulnerabilities

20 20 / Thales Cyber Security 9 out of 10 of the world s leading technology companies 19 out of the world s 20 top banks and financial companies The world s 3 largest pharmaceutical companies The top 4 global energy companies 70% of worldwide financial transactions Number One European supplier for Government Information Security (50 countries, 25 NATO countries) In the UK, Cyber Security delivered for: Watchkeeper Unmanned Aerial Vehicle Galileo Positioning Satellites South East Water Chinook helicopters National Express Group Type 26 Global Combat Ship A Large Defence Prime Contractor

21 21 / Why Thales? u 40 years of proven UK expertise and references in providing Cyber Security to Critical National Infrastructure, Government, Military and Commercial customers; u Delivering Cyber Security across 50 countries, with a global network of partners that provides us the agility to pull-through market leading Cyber Security technologies, whilst retaining for our customers a single point of contact; u Over 400 Cyber and Security specialists with domain expertise across the complete Cyber spectrum; u Supporting innovation through smallto-medium enterprises and academia.

22 22 /

23 23 / Step by Step approach The Route to Cyber Security: Training, Education & Awareness Recognise there s a problem and act Policy and procedure analysis Holistic Security Audit Vulnerability Analysis Penetration Testing Assessment of risks and findings Agree mitigating actions Engage in solution design Implementation Ongoing Continual Assessment Loop Plan, do, check, review You are here Thales Cyber Assurance: - Holistic Security Audit - Vulnerability Assessment - Penetration Testing Report and recommendations Thales Cyber Maturity: - Secure Architecture (design, build, test and run) - Secure Hosting (managing bespoke services) - Thales products and services (enabling through managed cryptography) - Cyber Security Training, Education & Awareness - Systems Accreditation - Crisis Response

24 24 / So what you re saying is.. 1. The Cyber threat is real, growing and here now 2. It affects us all but each organisation has different risks 3. Cyber Security is a BOARD LEVEL DECISION 4. No need to spend more re-direct existing budget 5. ACT NOW take the first step to understand your cyber risk

25 25 / Where to start?

26 26 / Thales Cyber Assurance Understand your cyber risk 3 Elements included: 1. Vulnerability Assessment 2. Penetration Testing 3. Holistic Security Audit Vulnerability Assessment

27 Take the Next Step Ali McHardy Thales Client Contact Thales UK Ltd.

28 Thales Cyber Assurance Webinar Q & A Ali McHardy Thales Client Contact alistair.mchardy@uk.thalesgroup.com Thales UK Ltd.

29 Thales Cyber Assurance Webinar Thank you for attending Ali McHardy Thales Client Contact Thales UK Ltd.