Detecting breach. There are only two types of organisations in the world... Terry Greer-King Director, Cyber security, UK & Africa May 2017

Transcription

1 Feeling lucky?

2 Detecting breach There are only two types of organisations in the world... Terry Greer-King Director, Cyber security, UK & Africa May 2017

3 Industry average is 100 days to detect a breach, 60% of data is exfiltrated in the first few hours

4 You can t defend what you can t see Unifying a security architecture, sharing analytics and sharing responsibility with a team of global experts can improve things Industry Cisco 100 VS. DAYS Less than x 6 13 hours Source: Cisco Annual Security Report, 2016

5 Before we consider technology lets understand risk, risk to people and your organisation.. Risk: Likelihood that a threat will exploit a vulnerability and cause harm Vulnerability: A flaw or weakness that allows threat to succeed in causing harm Threat: A possible danger that might exploit a vulnerability to breach security and therefore cause harm Likelihood: A rough measure of how likely a particular vulnerability is to be uncovered and exploited Exploit: Something that takes advantage of a vulnerability to cause harm Impact: Extent of the resulting harm

6 Determine your approach to risk.. Avoid Transfer Reduce Accept

7 Losses After an Attack Are Real for Organizations Opportunity Productivity loss through downtime Political Reduced pace of innovation Money Ransomware, $24M $1bn 2016 Average cost of breach $4m (IBM/Ponemon) Theft, each sensitive record $158 (IBM/Ponemon) Reduced price M & A Market manipulation Fine, ICO, GDPR Customers Customer can move their business TalkTalk, 101, Security Capabilities Benchmark Study

8 Lack of Cybersecurity Hinders Innovation in the Digital Era Survey Survey Cybersecurity risks and threats hinder innovation in my organisation. 71% Agree My organisation halted a mission-critical initiative due to cybersecurity fears. 39% Agree Innovations are moving forward, but probably at 70%-80% of what they otherwise could if there were better tools to deal with the dark cloud of Robert Simmons CFO cybersecurity threats respondents

9 Different stages of an attack Recon Staging Launch Exploitation Install Callback Persist

10 Biggest Obstacles to Advancing Security Business Constraints Complexity 35% Budget (-4%) 28% Compatibility Issues (-4%) 1-5 (45%) 6-10 (29%) Vendor 55% of organizations use 6 to >50 security vendors (18%) (7%) Over 50 (3%) 2016 (n=2,850) 25% Lack of Trained Personnel (+3%) 25% Certification Requirements (+/-0%) 1-5 (35%) 6-10 (29%) Products 65% of organizations use 6 to >50 security products (Change from 2015) (21%) (11%) Over 50 (6%) 2016 (n=2,860)

11

12 Cisco The Security Security Effectiveness Closes the Gap

13 The Architectural Approach Business Architecture Information Architecture Data Architecture Application Architecture Technology Architecture Drives Prescribes Supported By Supported By Integral Part of Enterprise Architecture Vital Element of IT Strategy that aligns to Business Goals Always Top Down Cuts Across horizontally An enabler for Business to meet its vision

14 What Network is & Intercommunication Behaviour Analytics Network Access Distributed Firewalling DNS Look up Network devices Cloud Access Threat Grid Advance Malware Protection Firewalling/Intrusion Prevention Web Event Threat Intel Policy Context

15 Advanced Malware Protection AMP Everywhere: See Once, Protect Everywhere Visibility Threat Intelligence AMP Intelligence Sharing WWW Endpoint Network s Web

16 Talos provides the best threat intelligence capabilities World-Class Threat Research 250 Threat Researchers 1.1M 1B 100TB Threat Intelligence 8.2B Incoming Malware Samples Per Day 1.4M Sender Base Reputation Queries Per Day 1.8B 19.7B Threats Per Day Web Filtering Blocks Per Month AV Blocks Per Day Spyware Blocks Per Month

17 Industry Cisco 100 VS. DAYS Less than x 6 13 hours Source: Cisco Annual Security Report, 2016

18