Convegno Sezione Automazione ANIMP

Transcription

1 SEZIONE AUTOMAZIONE ANIMP Convegno Sezione Automazione ANIMP SISTEMI DI AUTOMAZIONE: NUOVE SFIDE E OPPORTUNITA 6 ottobre 2016 c/o Auditorium Maire Tecnimont (Milano)

2 Cybersecurity Hope or prepare for resiliency? Security Horizon Cyber Risks Incidents Motives Countermeasure & Vulnerability Landscape Vision A resilient approach Francesco Faenzi Head of Cybersecurity Business Platform

3 Cyber Risk Lloyd's Risk Index 2015

4 Cyber Risk World Economic Forum Global Risk 2014

5 Cyber Risk Allianz Global Corporate & Specialty, A Guide to Cyber Risk 2015

6 Incidents New Information & Communication Technology models and trends (Consumerization, BYOD, Open Knowledge Society, Cyber (In- )Security, Cloud Services, App Economy & Always-on Workers, Internet of Everything etc.) together with Globalization trend thanks to Internet bring many advantages to our society (sharing of information and thoughts, global communication, transparency, etc.) but also issues Together with growth of Internet and online business, organizations around are progressively more exposed to malicious activities IBM X-Force Report 2016

7 Motives Nuisance Data Theft Cyber Crime Hactivism Network Attack Objective Access & Propagation Economic & Political Advantage Example Botnets & Spam Intellectual Property Theft Financial Gain Credit Card Theft Defamation, Press & Policy Website Defacements Escalation, Destruction Destroy Critical Infrastructure Targeted No Yes Yes Yes Yes Character Aumated Persistent Opportunistic Conspicuous Conflict Driven Iran-based China-based Industries Targeted Energy, State Government Agencies Most industry sectors Victim Selection Limited based on vulnerabilities Varied and independent of vulnerabilities (zerodays) Available Tools Publicly available Specially created, customized, publicly available Data of Initial Observation 2012 At least 2006 Detected by Victim 75% 33% Average Time Spent in a Victim Organization Re-Compromise After the Initial Security Incident 28 days 243 days Not witnessed Mandiant 2015 Threat Report 40% of cases

8 Countermeasure Landscape Attackers are able to compromise a victim in days or less with how often defenders detect compromises within that same time frame. Unfortunately, the proportion of breaches discovered within days still falls well below that of time to compromise. Even worse, the two situations are diverging over the last decade, indicating a growing detection deficit between attackers and defenders. We think it highlights one of the primary challenges to the security industry: prevention is failing In of breaches, data is stolen in hours of breaches are not discovered for months Verizon Data Breach Investigation Report 2012

9 Countermeasure Landscape We cannot avoid infection Taking control requires from 10m to 48h Detection takes up to 1 year Remediation up to 6 months & more - Freddy Dezeure, Head of CERT-EU Europol Cybercrime Conference 2014

10 Countermeasure Landscape Approximately 70% of breaches are discovered by external parties who then notified the victim. Far less than 10% of breaches are detected by technologies. We think this phenomena highlights another primary challenge to the security industry: detection is failing as well Verizon Data Breach Investigation Report 2013

11 Vulnerability Landscape If it's software is hackable If it's connected it's exposed - Joshua Corman, - Director Cyber Statecraft Initiative - at Atlantic Council

12 Vulnerability Landscape Rapporto Clusit 2016 sul Sicurezza ICT in Italia Rapporto Clusit 2013 su Sicurezza ICT in Italia Rapporto Clusit 2015 sul Sicurezza ICT in Italia Rapporto Clusit 2014 sul Sicurezza ICT in Italia

13 Vision A resilient approach Enforcement Detection Response Anticipation Default deny vs Agility Hardening & Encryption vs Evasion If not deny then inspect Smart data & avoid "data deluge" If not inspect then log & hunt Be ready to contain something that will happen Context & Enrichment at hand Borderless Visibility beyond the know Attack Surface (avoid "Maginot line") Early Warning for better Response & Prevention Know your defenses Exercise & Be aware

14 Vision A resilient approach Governance, Risk & Compliance Enforcement Detection Response Anticipation Solutions Optimization Data Classification & Encryption Application,Telco & ICS/SCADA Defense Data Breach & Attack Detection, Investigation & Reaction Log Management Incident Response Cyber Threat Intelligence Assessment & Tabletop Exercise Ethical Hacking, Physical Testing, SCADA/ICS & IoT Testing Digital Forensic Cyber Training & Awareness

15 Grazie per la cortese attenzione Convegno Sezione Automazione ANIMP Milano, 6 ottobre 2016