Human factor in CyberSecurity

Transcription

1

2 Human factor in CyberSecurity how to minimize it and save the money Dmytro Petrashchuk Chief Technology Officer

3 About Ukraine Location: Eastern Europe Population: 45 million Capital: Kyiv (3 million people) Workforce: 22 million Timezone: UTC IT Companies 100+ R&D Centers Startups

4 Land of CyberSecurity Talents

5 Ukrainian wages and rates List_of_European_countries_by_average_wage#Map

6 BlackEnergy Attack BlackEnergy is a well-known cybercrime toolkit that has been in use since 2007, but in summer 2015, as tensions rose between Russia and Ukraine, a new version of the malware was detected being used by a mysterious group of hackers targeting Ukrainian government officials to harvest information. BlackEnergy trojan, together with an SSH backdoor and the destructive KillDisk component, which were all detected in several electricity distribution companies in Ukraine, are a dangerous set of malicious tools theoretically capable of giving attackers remote access to a company s network, shutting down critical systems and, by wiping their data, making it harder to get them up and running again.

7 About BMS Consulting Managed Security Services Security Solutions Deployment Penetration tests Application Security AntiDDoS & APT protection PCI DSS Compliance ISO 27001: years in cybersecurity 60 vendors 500 successful projects 150 professionals 70M+ annual turnover

8 Facts about CyberSecurity We have to be ready for attack 24x7x365 Former experience is hardly applicable for current landscape 87% EU companies were attacked last year InfoSec budgets grow up 25% per year More than 50% companies have implemented cybersecurity controls Average time-to-compromise 30 min Average time-to-detect 8 months Factors that influence Globalization IoT Industry 4.0 Clouds Mobility Verizon DBIR

9 CyberSecurity Process in ideal world Asset inventory and documentation Security Improvement and Optimization Information Risk analysis Information Security Awareness Policies, Procedures and Workflows Security Controls design and planning Security Controls implementation

10 How it works in real world

11 What CyberSecurity Professionals should do and usually do Expected Detect attacks and misuse Educate users Define policies Manage incidents Minimize risks Evaluate controls Reality Write papers Hate users Fight to IT Protect budget Buy something Hide faults Establish compliance

12 Outsource Security to External Security Operations Center + Professional support Wide range of services Vulnerabilities, Incidents, Pentests, Controls Management, Forensics 24x7 SLA Difficult to manage Expensive Jurisdiction issues Data protection issues

13 We offer Professional Managed CyberSecurity Services: Security Intelligence Incident Management Vulnerability Assessment Security Controls Support Penetration testing PCI DSS/ISO27001 Certification IT Forensics Virtual Security Operation Center 24x7x365 support Online portal, tools and services Multilingual staff (incl. German) Robust and customizable SLA Data encryption and multitenancy EU based Datacenter Affordable rates and prices 1 month free trial

14 Architecture Customer Managed Security Appliance BMS Consulting Team Dedicated Team of Experts Operators Multi-tenant Management Platform Private Cloud cybersecurity tools and data

15 Standardized Services Objects Services Web-services Network perimeter Corporate Network Diagnostics Vulnerability scan Remediation consulting Check-up scan Surveillance Weekly diagnostic Remediation plan and management Cybersecurity Incident Forensics Guard Full surveillance Security monitoring 24х7 Dedicated CyberSecurity expert support during attacks and incidents Cloud Infrastructure Vulnerability scan Vulnerability management Security Incident Management

16 Just TRY mssp.bms-consulting.com Mention keyword CeBIT Discount in request form and get 10% discount

17 Dmytro Petrashchuk, Thank you! Let s discuss