Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Alex van Someren - The Family Office Forum

advertisement 
Amadeus Cybersecurity: the essentials
Alex van Someren
Cybersecurity: the essentials
Family Office Forum
12th November 2014, Zurich
12th November 2014
Amadeus Cybersecurity: the essentials
Cybersecurity: the essentials
AGENDA
1.
2.
3.
4.
Understanding cyber risks
Cyber security market trends
State of the art: threats & defenses
Best practices in cyber security
12th November 2014
Amadeus Cybersecurity: the essentials
Understanding cyber risks
CYBERSECURITY: THE ESSENTIALS
12th November 2014
12th November 2014
Amadeus Cybersecurity: the essentials
What exactly is the threat?
• The External attacker usually wants to:
– Get access to files stored on the computer, or the local network
– Copy Usernames & Passwords from users
– Run programs on the computer to make it a ‘bot’
• They can deliver some ‘Malware’ inside the computer to achieve this, by:
– infecting it with a Virus,
– getting the user to open an email attachment
– persuading the user to click through to an infected web page
• We also consider Internal attackers, i.e. employees as a possible threat
• Finally, disaster planning is also essential
1 UNDERSTANDING CYBER RISKS
4
12th November 2014
Amadeus Cybersecurity: the essentials
What cybersecurity risks should be considered? - 1
Software & network risks
• Email spam
– Unwanted messages, also links & attachments
• Viruses/spyware/malware
– Programs which can run on the receiving computer and do harm
• Email phishing
– Targeted emails, particularly asking for credentials
• Network intrusion/hacking
– External attackers or programs trying to enter machines/networks
• Denial of Service attacks
– Preventing systems/websites from operating
1 UNDERSTANDING CYBER RISKS
5
12th November 2014
Amadeus Cybersecurity: the essentials
What cybersecurity risks should be considered? - 2
Physical & data loss risks
• Theft of mobile devices
– Both accidental, and targeted
• Theft of system hardware
– Physical attacks on facilities
• Corporate espionage/whistleblowers
– Data leakage & data theft
• Criminal damage
– Not only physical, but also logical i.e. data deletion
1 UNDERSTANDING CYBER RISKS
6
Amadeus Cybersecurity: the essentials
Cyber security market trends
CYBERSECURITY: THE ESSENTIALS
12th November 2014
Amadeus Cybersecurity: the essentials
Cyber security market trends
1. External threats: who actually gets hit?
2. External threats: causes of data losses
3. Internal threats: causes of security breaches
12th November 2014
12th November 2014
Amadeus Cybersecurity: the essentials
External threats: who actually gets hit?
Source: Kaspersky IT Risks Survey 2014 – n = 3,900
2 CYBER SECURITY MARKET TRENDS
12th November 2014
Amadeus Cybersecurity: the essentials
External threats: causes of data losses
Source: Kaspersky IT Risks Survey 2014
2 CYBER SECURITY MARKET TRENDS
10
12th November 2014
Amadeus Cybersecurity: the essentials
Internal threats: causes of security breaches
Source: Kaspersky IT Risks Survey 2014
2 CYBER SECURITY MARKET TRENDS
11
Amadeus Cybersecurity: the essentials
12th November 2014
State of the art: threats & defences
CYBERSECURITY: THE ESSENTIALS
Amadeus Cybersecurity: the essentials
12th November 2014
What are the goals of good cybersecurity?
• There are three major goals of cyber security:
– Confidentiality: Keep private information private
• Prevent data leakage, data loss
– Integrity: Guarantee critical information is not altered/tampered
• Protect data
– Availability: Ensure that critical information remains accessible
• Keep systems working, prevent internal attacks
• So, the “C.I.A.” is your friend!
3 STATE OF THE ART: THREATS & DEFENCES
12th November 2014
Amadeus Cybersecurity: the essentials
What are the risk mitigation strategies?
• The primary goal is to prevent malware from getting into computers
– Employees are the source of greatest risk
• They sometimes click on stupid stuff
• They can sometimes be misled
• They sometimes steal data
• So:
– train employees in cybersecurity basics
– employ adequate cybersecurity technology to prevent damage & loss
3 STATE OF THE ART: THREATS & DEFENCES
14
12th November 2014
Amadeus Cybersecurity: the essentials
What kind of basic cybersecurity defences are needed?
• Network Firewalls
– Control the flow of Internet traffic and prevent intrusions
• Anti-Spam filters/services
– Minimise the amount of potentially dangerous email arriving
• Anti-Virus software
– Detect, search for & destroy malware on computers
• Data Loss Prevention
– Detect and prevent the export of sensitive data
• Mobile Device Management
– Allow mobile & ‘BYOD’ users to safely operate remotely
3 STATE OF THE ART: THREATS & DEFENCES
15
Amadeus Cybersecurity: the essentials
12th November 2014
Best practices in cyber security
CYBERSECURITY: THE ESSENTIALS
12th November 2014
Amadeus Cybersecurity: the essentials
Best practices - 1
1.
Business managers must know where the most important data is held
–
2.
3.
4.
On-site in desktops and servers, or in cloud services and mobile devices
Bad things happen to good businesses
–
Automate the secure data back-up process
–
How will business continue if the physical site becomes unavailable?
Train employees about the nature of today’s cyber-attacks
–
Cyber-criminals particularly target SMBs
–
Aiming to compromise the PCs used for online banking and payments
Deploy the security basics:
–
Firewalls for wireless and wired-based access points,
–
Anti-malware on endpoints and servers
–
Encrypt highly sensitive data at rest and in transit
Adapted from Messmer/InfoWorld Oct. 2014
4 BEST PRACTICES IN CYBER SECURITY
17
12th November 2014
Amadeus Cybersecurity: the essentials
Best practices - 2
5. Define each individual’s access to data
–
Ideally use two-factor authentication
–
Systems administrators jobs give them huge power
–
Immediately de-provision access & credentials when an employee departs
6. Trust, but verify
– Do background checks on prospective employees
– Have SLAs for technology vendors/cloud service providers; visit data-centre
7. Remove & securely destroy hard disks
– From all old computers
– And any other devices that store data
4 BEST PRACTICES IN CYBER SECURITY
18
12th November 2014
Amadeus Cybersecurity: the essentials
Best practices - 3
8.
9.
Smartphones require different security requirements than older PCs and laptops
–
‘BYOD’ raises important legal questions
–
Business data no longer held on a device owned directly by the business
Use physical access controls to keep unauthorized individuals from IT resources
–
That includes the office cleaners
–
Train staff to challenge unexpected visitors in a polite, but determined, way
10. Have an employee acceptable-use policy
–
Defining behavior online, how data is to be shared and restricted
–
Have them read and sign it
–
Making it clear if there will be monitoring of online activities
–
There should be possible penalties for non-compliance.
4 BEST PRACTICES IN CYBER SECURITY
19
Amadeus Cybersecurity: the essentials
12th November 2014
Amadeus Capital Partners
Global Technology Investors
Alex van Someren,
Managing Partner,
Early Stage Funds
alex.vansomeren@amadeuscapital.com
https://www.amadeuscapital.com/
Related documents
Joining the Cybersecurity Revolution: What it means, where the jobs
Joining the Cybersecurity Revolution: What it means, where the jobs
BroadBand Building Future Skills for National Security and Business
BroadBand Building Future Skills for National Security and Business
Topics - tri
Topics - tri
ARS Results
ARS Results
The Political Economy of Cybersecurity
The Political Economy of Cybersecurity
Improving Critical Infastructure Cybersecurity
Improving Critical Infastructure Cybersecurity
National Security Key Issues Deck
National Security Key Issues Deck
Cybersecurity Risk - Financial Executives International
Cybersecurity Risk - Financial Executives International
4 Steps To Identify Essential Questions
4 Steps To Identify Essential Questions
Download
advertisement