Post on 14-Apr-2017
THE CYBER CHALLENGEJiri Kram, Cloud Architect
Why should you care?1.Criminal liability – it’s no longer just an IT problem
(Data Security is on the CEO & COO agenda)
2. Severity – it’s no longer child's play, now the damage can be real (Clinton emails, Sony Hack, Dyn attack…etc.)
3. Compliance – would you pass compliance requirements if your company data is unsecure? (really?)
4.Brand damage – why invest in a brand if its value can be wiped out overnight? (Will you stay / become a TALKTALK customer?)
The TALKTALK hack cost £42 million CEO says
TalkTalk hack: Teen in court on hacking and blackmail charges.19-year-old from Wales allegedly demanded 596 bitcoins
TalkTalk share price plunged twice as deep as Sony, Carphone Warehouse, Barclays and EBay
after cyber attacks
What should you do?1. Compliance is not just about regulations – compliance must work
hand in hand with IT, Enterprise Architecture, and Security teams.
2. An Architect is not a Developer – companies “save” money by hiring a Developer / Architect (means there is no control over the code). This has to stop!
3. Security is not SI responsibility – companies think hiring a System Integrator will solve all problems. It won’t, because they will leave.
4. Beware of Cloud & IoT – don’t believe in myths, if you “save” money on “cheap” cloud & IoT you will be unpleasantly surprised. Very surprised.
On Friday (21 Oct), one of the largest DDoS attacks ever created widespread internet outage affecting services such as Twitter, AWS, Reddit, Netflix, Spotify, CNN, Paypal, NY Times, WSJ, and others.
The attack was directed at Dyn, a domain name service provider, whose servers interpret internet addresses, directing web traffic to the affected companies.
10s of millions of IP addresses and customers of affected sites were unable to access web services for about two hours.
Security firm Flashpoint said it had confirmed that the attack used "botnets" infected with the "Mirai" malware. Many of the devices involved come from Chinese manufacturers, with easy-to-guess usernames and passwords that cannot be changed by the user - a vulnerability that the malware exploited
How secure is Cloud?1. Cloud is secure if done right – if done in the manner of “hey
we’ve done something like this before,” then your risk is very high
2. Don’t believe your AE – many IT deals are done between Sales people (from the vendor and the business). Don’t exclude IT and Security! Ever!
3. API is the doorway to your company – code means danger. Use cloud middleware, don’t use on-premise middleware ”just because you have it”
4. Encryption – if you want to be sure, encrypt. Don’t forget that encryption has three stages (at rest, in transit, in use). Be certain of what you have.
Get the right tools – don’t save money on IT!
Effective tools identify and kill threats
Don’t buy something because it’s cheap to mass produce…
Four golden rules of security1.Don’t trust – think of your data as the key to your
office. Would you allow anyone to get in?
2.Don’t save money – saving money on IT security is equal to not wearing a seat belt.
3. Don’t experiment – you are not Microsoft or Oracle, don’t try to outsmart them by doing it “cheaper your way”
4.Don’t be naive – there is a war out there. You are a target, you just don’t know it yet.
That’s all: THANK YOU & GOOD LUCK
Linkedin: https://www.linkedin.com/in/jirikramTwitter: @jiri_kram