e:

Transcription

1 e: Risk Analysis Tool: Research Database:

2 The View From 2018 An exercise to identify emerging cyber security related problems Tom Clark, Product Manager

3 The view from 2018 A series of round-table lunches and dinners, hosted by Crossword & facilitated by The Security Company Over 60 information security executives (CISOs, Heads of IT Security, Leading Consultancy firms, supplier Executives, senior Government officials) Question: What are the major emerging cyber security challenges facing organisations over the next three years? Discussions held under the Chatham House Rule Some strong, consistent themes emerged. Some key points of divergence amongst the groups. Seven themes picked to share today

4 1) Prepare for a major cyber fatality Within the next 3 years there will be a cyber fatality so large that it will fundamentally change the way industry executives relate to cyber 50:50 split on this bold assertion

5 2) There is no perimeter Every entity becomes a collection of loosely-coupled organisations that form chains of trust

6 2) There is no perimeter Every entity becomes a collection of loosely-coupled organisations that form chains of trust The concept of a perimeter is redundant. Better to think of your company as being in an ecosystem

7 3) They will be inside us and we won t even know Every employee of every supplier, partner, contractor is an insider Divisions between home and work life breaking down Bring Your Own Device (BYOD) Bring Your Own Vulnerability (BYOV)? The fabric of people s lives is digital

8 4) Hackers for hire Explosive growth of old style criminals into cyber Groups of threat actors co-operating methodically e.g. crime, terrorist, state, activists Technically adept white collar criminals, linked to manipulating shares & insider trading Foreign nation states will leak advanced tools to the mass market

9 5) Attack surface expands massively With the emergence of the Internet of Things the attack surface expands exponentially Vast amounts of data to be managed. Continuous data leakage We keep everything because of the few items that might be useful.

10 6) We need a neighbourhood watch Collaboration is vital within and across industries and with Government agencies Mutual trust is essential Speed & standardisation of threat intelligence sharing

11 7) Is Cyber insurance a red herring? No robust data sets so insurers don t know how to price cyber insurance But insurance is a language that business understands and can engage with The rise of Cyber Economics Robust Cyber Risk Assessment

12 Industry and academia can co-operate to stay ahead of the curve Landscape moving so fast. Risks getting away from us Research world can help industry stay ahead Works best when there is a clear end goal within an industry timeframe 500 cyber security research projects; 450m+ of research funding since 2007 Free Searchable database: CLUE

13 Governance and Risk Management related projects in CLUE

14 Rizikon.io based on City University London research are you AAA cyber rated? Low cost, online or on-site, aiming for thousands of customers worldwide

15 Thank