© 2015 IBM Corporation

Juliet Grout

Cybersecurity the billion pound problem

2 ©2015IBMCorpora/on

AgendaWhatistheCybersecurityproblem?DataBreaches/ACacksSecurityModelDataGrowthACackSourcesPasswordsACacktypes–Ransomware,ManintheMiddle,SpearPhishingNoMagicBulletWhat’snext?

3 ©2015IBMCorpora/onSource Ponemon Institute 2016 Cost of Cyber Crime Study & the Risk of Business Innovation

WhatistheCybersecurityproblem?Criminalac/vityconductedviatheInternetfromstealingIP,data,crea/nganddistribu/ngvirus,confiden/alinforma/on,disrup/ngacountry'scri/calna/onalinfrastructure.DirectcostsIndirectcostsOpportunitycostsUKcompaniesgreaterthan1000employees,averagecostofcybercrimeperorganisa/onwas$7.21millionfor2016.

4 ©2015IBMCorpora/onhttps://www.ncsc.gov.uk/content/files/protected_files/news_files/The%20Cyber%20Threat%20to%20UK%20Business%20%28b%29.pdf

CybercrimeisseenasaCrac/veop/onforcriminals,highROIes/matesabove1000%formalwarecampaign.Interpoles/matescybercrimalac/vityhascost750billioneurosperyearinEurope.

5 ©2015IBMCorpora/onhttps://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/a-rundown-of-the-biggest-cybersecurity-incidents-of-2016#UkrainianPowerGrid

DataBreaches/ACacksInthepast18monthsmoredatabreacheshavehadmorerealworldimpact

MalwarecausedpoweroutageinUkraineDec2015

BangladeshBankheistFeb2016$81millionwasstolenthroughfraudulenttransac/onssentviaSWIFT

April201611.5millionleakeddocumentsfromPanamanianlawformknownasthePanamaPapers

MiraiwormNov2016900,000customersofGermanISPDeutscheTelekom(DT)knockedoffline.

6 ©2015IBMCorpora/on

SecurityModelConfiden/ality–informa/onisnotmadeavailableordisclosedtounauthorizedindividuals,en//esorprocessesIntegrity–ismaintainingandassuringtheaccuracyandcompletenessofdataoveritsen/relife-cycleAvailability–dataisavailableHowtoimproveSecurityPeopleProcessTechnology

7 ©2015IBMCorpora/onsource http://mylio.com/true-stories/tech-today/how-many-digital-photos-will-be-taken-2017-repost

DataGrowthPredic/ngdatagrowthinworldwheredataisresidinginmoreplacesthanever,ischallenging.OnewaytoillustratethegrowthindataistolookatthegrowthindigitalphotographstakenintheworldBusinessperspec/vedatausedtoresideinaserverroom,nowwithgrowthofapps,newbusinessmodelsdataismuchmoredistributed

8 ©2015IBMCorpora/on

ACackSources

https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=WGL03140USEN&

9 ©2015IBMCorpora/on

Passwords

https://blog.keepersecurity.com/2017/01/13/most-common-passwords-of-2016-research-study/

Keeperresearchteamanalyzedover10millionpasswordsavailableonthepublicwebNearly17%ofusershavethetoppassword–123456Thetop25passwordscons/tuteover50%ofthe10Millionpasswordsanalyzed

Password)psAvoiddic/onaryterms–usepassphraseinsteadUseavarietyofcharactersUseapasswordmanagerUsedifferentpasswordsforeachsite/applica/on

10 ©2015IBMCorpora/on Source: IBM X force Research Ransomware: How consumers and businesses value their data

RansomwareIsatypeofmalicioussohware,designedtoblockaccess(egencrypt)toacomputersystemun/lasumofmoneyispaid.

11 ©2015IBMCorpora/on

ManinthemiddleaCackThisisanaCackwhichinterceptscommunica/onbetweentwosystems.70+iOSappsintheapplestorearevulnerabletomaninthemiddleaCacks,es/matesarethattheseappshavebeendownloadedmorethan18million/mes.Technicalbestprac/cescanensureriskislimitedfromcompaniesusingVPN,usingendpointauthen/ca/on.Whatcanyoudo?LimituseofpublicnetworksandbeawareofwhatdatayouaretransferringusingthembesuspicioushCp://www.theinquirer.net/inquirer/news/3004099/70-something-ios-apps-are-vulnerable-to-man-in-the-middle-aCacks

12 ©2015IBMCorpora/onhttp://www.bbc.co.uk/news/business-35250678

SpearPhishingThisisthefraudulentprac/ceofsendingemailsandothercommunica/onthatappeartobefromaknownontrustedsenderinordertoinducetargetedindividualstorevealconfiden/alinforma/on.Ohenverytargeted,incorpora/onswilltargetfinancialpersonnel

13 ©2015IBMCorpora/on

No Magic Bullet

People, Process and Technology all three need to be consistently improving to stay ahead of the Cyber security problem.

14 ©2015IBMCorpora/on

What’snext?

!  Data Growth increase with adoption of IOT, cheap to adopt for companies who are non technology at their core. Gartner predict that by 2020 there will be 21 billion connected devices.

!  GDPR – General Data Protection Regulation, new EU regulation biggest shake up in 20 years of Data privacy comes into force May 2018

!  NCSC – National Cyber Security Centre – part of GCHQ launched by government in 2016

!  Biometrics - Mastercard storing biometric data on card’s chip launched April 2017 after successful pilot