CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21...

53
CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob Clyde, CISM, NACD Board Leadership Fellow Managing Director, Clyde Consulting LLC Vice-Chair, ISACA Executive Chair White Cloud Security Executive Advisor to BullGuard and HyTrust

Transcript of CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21...

Page 1: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

CYBER FUTURE: SECURITY AND PRIVACY DOOMED?

21 September 2017

Rob Clyde, CISM, NACD Board Leadership FellowManaging Director, Clyde Consulting LLCVice-Chair, ISACAExecutive Chair White Cloud SecurityExecutive Advisor to BullGuard and HyTrust

Page 2: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate
Page 3: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

NEW MANUFACTURING COMPANIES AREREALLY SOFTWARE COMPANIES

3

“Tesla is a software company as much as it is a hardware company." –Elon Musk, Tesla CEO

Page 4: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

OLD MANUFACTURING COMPANIES ARE SOFTWARE COMPANIES TOO?

4

"If you went to bed last night as an industrial company, you're going to wake up today as a software and analytics company,"Jeff Immelt, CEO General Electric

Page 5: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

SOON EVERY BUSINESS WILL BE A DIGITAL BUSINESS…

5

…WITH SOFTWARE AT THE CORE

Page 6: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

DIGITAL OUTAGES LIKE THOSE AT THE AIRLINES AND NEW YORK STOCK EXCHANGE ARE THE NEW NATURAL DISASTERS

6

British Airways computer glitch causes big delays at multiple airports

Page 7: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

FTC Opens Probe into Equifax Data BreachApache Struts flaw was known to be critical and should have been addressed, security researchers say.The US Federal Trade Commission (FTC) has launched a formal investigation into the massive data breach of Equifax, which yesterday confirmed its failure to address a previously disclosed Apache Struts vulnerability that was exploited in the attack.Meanwhile, Equifax share prices continued to plummet this week - now 35% lower than before the breach - in an ominous sign of the breach's potential finanical devastation to the credit-monitoring firm.

9/14/2017

Equifax Reports Data Breach Possibly Affecting 143 Million U.S. Consumers

Social Security numbers, birth dates, addresses and driver’s license numbers exposed

By AnnaMaria Andriotis and Ezequiel MinayaUpdated Sept. 8, 2017 9:48 a.m. ET

CYBER ATTACKS HAVE MAJOR IMPACTS

Page 8: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

8

Page 9: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

CONNECTED DEVICES ON PUBLIC INTERNET

9

Page 10: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

10

Page 11: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

USING THE INTERNET OF THINGS TO SPY?

11 | 9/20/2017

“In the future, intelligence services might use the internet of things for identification, surveillance, monitoring, location tracking, and targeting for recruitment”, says James Clapper, US director of national intelligence.

Photograph: Alex Brandon/AP

Page 12: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

MIGHT USE INTERNET TO SPY?

12

WASHINGTON — WikiLeaks on Tuesday released thousands of documents that it said described sophisticated software tools used by the Central Intelligence Agency to break into smartphones, computers and even Internet-connected televisions.

If the documents are authentic, as appeared likely at first review, the release would be the latest coup for the anti-secrecy organization and a serious blow to the C.I.A., which maintains its own hacking capabilities to be used for espionage.

Source: https://www.nytimes.com/2017/03/07/world/europe/wikileaks-cia-hacking.html?_r=0

The C.I.A. headquarters in Langley, Va. If the WikiLeaks documents are authentic, the release would be a serious blow to the C.I.A. CreditJason Reed/Reuters

Page 13: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

RANSOMWARE EXPLODINGRansomware is profitable• PCs and MACs both attacked• Encrypts data to deny access to data users• Half of financially motivated malware is ransomware• Average ransom: $300 – 2015, $1000 – 2016• 70% of Enterprise victims paid• 45% of Enterprise victims paid over $20K

Defense:• App white listing or trust lists (top defense US-CERT)• Use OpenDNS and similar tools• Backups; however, cloud backups and storage are

also being attacked (airgap?)

Ransomware be applied to IOT?• Home lockout?• Car lockout?• Pacemaker function? Source: Verizon, Symantec, Lancope, IBM Security, Intel/McAfee

Page 14: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

SAN FRANCISCO TRANSPORTATION HIT WITH RANSOMWARE

14

City lets people ride for free until fare machines restored to service

Page 15: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

RANSOMWARE OPERATORS ADOPT TYPICAL BUSINESS PRACTICES

15

Technical Support Time Limited Offers Try Before You Buy

Page 16: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

APP CONTROL RECOMMENDED AS #1 MITIGATION STRATEGY

16

Run only known trusted apps

The Australian Government issued mandatory application whitelisting usage requirements to protect their “high value” systems

Page 17: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

NEXT GENERATION WHITE LISTING“TRUSTED APP” TECHNOLOGY

Run only trusted apps or scripts

• Pull rather than push trust lists to ensure updates

• Handles application updates automatically

• Allow trust of applications, application families (e.g., Microsoft Office), or software publishers

• Crowdsourcing—allow individuals and organizations to publish their own trusted app lists

• Allow organization to control which lists to use

17 Source: White Cloud Security

Experts you trust

Apps you trust

Software you trust

Page 18: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

SOON EVERYTHING WILL BE CONNECTED…

19 https://schrier.wordpress.com/2015/05/25/the-internet-of-first-responder-things-iofrt/

Page 19: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

LENOVO IOT VIDEO

20

Page 20: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

RISK FROM CONNECTED MEDICAL DEVICES

J&J insulin pump (Animus OneTouch Ping)

• Unencrypted command traffic

• Might receive unauthorized insulin injections

St. Jude pacemaker

• MedSec found many vulnerabilities, including wireless master key

• MuddyWaters shorted the stock

• Bad PR

21

Page 21: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

SMART TV SECURITY CONCERNS

• Microphone may always be on (for voice commands)

• Risk that attacker could turn on webcam

• Activity on Smart TV is tracked and may be shared with social media

• Like with smartphones, malicious apps could be downloaded

22

Smart TVs in the office:• Consider not connecting to Internet; if you do, connect to a

Guest network• Take care as to which features and apps are enabled• Turn off or disable microphone and webcam• If possible, lockout others from changing TV settings

Page 22: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

CLOUDPETS

23

Page 23: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

CLOUDPETS TEDDY BEAR HACKED

24

Hackers hold MILLIONS of voice recordings to ransom after creepy CloudPets teddy bears leak private data of parents and children• Leak left private messages of families exposed online

for several days• Leak also exposed 800,000 account email addresses

and passwords• The company 'Spiral Toys' has chosen not to tell

affected families• Hackers have now taken the database down and

demanded a ransom of $1190 in bitcoins from parents

By Harry Pettit For MailonlinePublished: 15:34 GMT, 28 February 2017

source: http://www.dailymail.co.uk/sciencetech/article-4267276/Toys-leak-2MILLION-voice-recordings-kids-online.html#ixzz4a4UEaNBp

The exposed database was easy for cyber-criminals to find using a search engine called Shodan, which is designed to find unprotected websites and databases…

Page 24: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

VULNERABLE SMART THERMOSTAT RISKS

. . .The HVAC system dormant hours—in other words when the climate control is off or in standby—would at the minimum be a security risk because it could give a potential robber times when the home may be empty.

An expensive problem that could be created through a thermostat hack is that malicious damage could be launched by raising temperatures too high or low. Winter-time damage could include freezing, burst water pipes.

Credit: Torbjörn Arvidso

Page 25: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

CONNECTED CARS ARE AT RISK

27

As the researchers stated, the remote hacks likely work on all Tesla models, but on the parked Model S P85, the researchers remotely opened the sunroof, turned on the turn signal, and changed the position of the driver’s seat.

Page 26: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

SOON OUR CARS WILL AUTOMATICALLY DRIVE MOST US

28

Uber launches self-driving cars in Pittsburg

Page 27: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

…THERE IS A DARK SIDE

29

Page 28: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

INSECURE IOT DEVICES AND PRIVACY

30

“All too often for other pieces of major industrial machinery, the controls are sitting there in plain sight or hidden behind the most rudimentary credentials. In 2012, simply attempting to log in as “root” or “admin”, with the password being the same again, was sufficient for another group of anonymous internet explorers to gain access to over 400,000 devices. With the rise of internet-connected devices since this study was conducted, that number is likely to be far higher.”

Page 29: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

SHODAN.IO WEBCAM BROWSER

31

Page 30: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

DEF CON: IOT VILLAGE

Total of 113 vulnerabilities found in two DEF CON events

• 50 different devices• 39 brand name manufacturers

75% of tested smart locks easily compromised (attacker can open)

32Source: http://www.darkreading.com/attacks-breaches/iot-village-at-def-con-24-uncovers-extensive-security-flaws-in-connected-devices/d/d-id/1326928

Page 31: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

“MORE LOCKUPS”

To access on PC:1. click view > slide master2. click on the desired “more

lockup” and copy (CTRL+C)

3. exit out of the slide master view by clicking view >normal

4. navigate to desired slide and paste in “more lockup” (CTRL+V)

To access on Mac:1. click view > master >

slide master2. click on the desired “more

lockup” and copy (CMD+C)3. exit out of the slide master

view by clicking view >normal

4. navigate to desired slide and paste in “more lockup” (CMD+V)

100,000+Unique Scans

Per week

5%Of Scans Have Vulnerabilitie

s

iotscanner.bullguard.com

Page 32: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

INTERNET OF THINGS – THE END OF PRIVACY?

34 | 9/20/2017

Introducing more private information about ourselves

Traditional Personally Identifying Information

New IoT Personal DataWhat? Where? When? Why?

Date of Birth

SSN/Govt. ID Number

Credit Card Number

Name

Address

Glucose level

Weight

Calories

GPS location

Heart rate

Sleep

Mood

Surrounding images

Driving habits

Blood pressure

Travel routeUsername Exercise route

Page 33: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

END OF PRIVACY?

35

Source: ISACA 2014 Risk Reward Barometer

The New Yorker 1993 The New Yorker 2015“On the Internet, nobody knows you’re a dog.”

Page 34: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

IOT – RECOMMENDATIONS FOR ORGANIZATIONS

• Safely embrace Internet of Things devices in the workplace to keep competitive advantage

• Require wireless IoT devices be connected through the workplace guest network or other isolated segment, rather than internal network

• Ensure all workplace devices owned by organization are updated quickly when security upgrades are released

• Scan networks for IoT devices; monitor for and block dangerous traffic to or from IoT devices

• Ensure default passwords are changed and strong

• Provide cybersecurity training for all employees to demonstrate their awareness of best practices of cybersecurity and the different types of cyberattacks

• Ensure that IT and security professionals are ISACA certified36

56% of tested devices using OpenSSL had not been updated in

over 50 months- 2015 Cisco Annual Security Report

Page 35: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

AUGMENTED REALITY DISRUPTING THE WAY WE SEE THE WORLD

37

Opening up new ways of attracting customers and doing business

Page 36: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

38

Page 37: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

BUT THERE IS A DARK SIDE TO AUGMENTED REALITY

39

• Distracted walking and driving• Associates social media information with location• Shows posted, geotagged racy images and video• Criminals use augmented reality to lure victims to location• Gangs and terror groups virtually mark territory and targets

Mobile apps like Layar, Wikitude World Browser, etc. showaugmented reality view using camera and geotags. Risks:

Page 38: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

AUGMENTED REALITY OPPORTUNITY AND CHALLENGES

40 Source: ISACA Risk Reward Barometer – Nov. 2016

Page 39: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

HYPER REALITY OPPORTUNITY AND DANGER

41

Page 40: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

Cloud enables the digital business

Page 41: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

CLOUD – ALL YOU NEED IS AN IDEA AND A CREDIT CARD

One thing to play with it…

…Another thing to depend on it

Reintroduce control…

…without reintroducing friction

43

Page 42: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

WHAT LIMITS CLOUD ADOPTION?

What factors are limiting your adoption of virtual/private, community and public clouds today? • Encryption helps, but key management is critical• Regulatory, sensitivity and privacy issues may require that

some data is restricted to certain physical locations• Restrict sensitive workloads (e.g., PCI) to trusted hardware and software

server stack• Only allow certain workloads to run on hardware in approved physical location• Only allow certain workload data to be decrypted in approved physical location• Cloud solutions require a combination of capabilities to achieve "defense in

depth" and compliance readiness

44

Page 43: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

Key Elements

THE WORKLOAD: Workload

Infrastructure

Management

Data

→ Key Management→ Encryption→ Admin rights

Management

→ Role-based access control

→ Secondary Approval → Multi-factor

authentication

Policy

→ Automation for workload policy

→ Any cloud abstraction→ Workload and asset

tagging

Infrastructure

→ Boundary-based policy

→ Tag policy→ Hypervisor hardening

Data

The New Atomic Unit of ITCOMPUTE | NETWORK | STORAGE

Source: HyTrust

WORKLOAD: THE ATOMIC UNIT OF IT

Page 44: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

WORKLOAD SECURITY USE CASES

Eliminate privileged account misuse

Halt data breaches on clouds

Address audit and compliance issues

Remove costly infrastructure air gaps

Meet data residency requirements

Stop accidental downtime

Source: HyTrust

Page 45: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

CONSIDER ADDING SECONDARY APPROVAL CONTROLS

AdministratorSecondary Approval Administrators

Hypervisor or Cloud Control

Add-onVirtual Infrastructure

Does not need secondary approval

NOTAPPROVED

Source: HyTrust

Page 47: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

BIG DATA PRIVACY CONCERNS

De-Identifed” Information Can Be “Re-Identified”: data collectors claim that the aggregated information has been “de-identified”, however, it is possible to re-associate “anonymous” data with specific individuals, especially since so much information is linked with smartphones

Possible Deduction of Personally Identifiable Information: non-personal data could be used to make predictions of a sensitive nature, like health condition, financial status, etc.

Data Sovereignty Issues: Many countries or regions (like the EU), may have requirements that certain personal data and the processing of that data remain in the country or region

Right to be forgotten: Some areas like the EU have a “right to be forgotten” that may be challenging to implement in a Big Data environment.

http://www.ftc.gov/public-statements/2012/03/big-data-big-issues

Page 48: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

USING BIG DATA TO PREDICT CRIME

50 | 9/20/2017

Source: NetworkWorld, Sep 20, 2014

Crime Hot Spots in London

Soldiers' suicide risk predictable with Big Data, study says, Patricia Kime, Nov. 12, 2014

What about predicting crime by particular individuals? Will we have predictive

capabilities like those in the movie Minority Report, but through Big Data?

Page 49: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

51

Page 50: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

DARPA CYBER GRAND CHALLENGE AT DEFCON 2016

• 7 teams competing with individual supercomputers with Machine Learning programs

• Attacking other systems and defending your own

• “Mayhem” took the top prize of $2M

52

Is the future of hacking AI?

Is the future of cyber defense AI?

Page 51: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

53

Private and Safe?

Page 52: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

QUESTIONS?

54

Page 53: CYBER FUTURE: SECURITY AND PRIVACY DOOMED? · CYBER FUTURE: SECURITY AND PRIVACY DOOMED? 21 September 2017 Rob ... Apache Struts flaw was known to be critical and ... demonstrate

55

Rob Clyde, CISM, NACD Board Leadership FellowVice-Chair, ISACA InternationalExecutive Chair, Board of Directors, White Cloud SecurityManaging Director, Clyde Consulting LLCExecutive Advisor to BullGuard and HyTrust

[email protected]

Email: [email protected] Site: www.isaca.org