Tackling today's cyber security challenges - WISER Services & Solutions
-
Upload
cyber-wiser -
Category
Internet
-
view
110 -
download
0
Transcript of Tackling today's cyber security challenges - WISER Services & Solutions
WISER “WIDE-IMPACT CYBER SECURITY RISK FRAMEWORK”www.cyberwiser.eu @cyberwiser
Co-funded by the European CommissionHorizon 2020 – Grant # 653321
Antonio Álvarez RomeroAtos Spain
Tackling today's cyber security challenges - WISER Services & Solutions
Riga – 27th October, 2016Presentation at DSS ITSEC
1
2
Outline
Business on the Internet: Cyber landscape
Cyber security as a challenge
CyberWISER as a solution
CyberWISER services portfolio
Conclusions
© WISER 2016 www.cyberwiser.eu - @cyberwiser
3
Outline
Business on the Internet: Cyber landscape
Cyber security as a challenge
CyberWISER as a solution
CyberWISER services portfolio
Conclusions
© WISER 2016 www.cyberwiser.eu - @cyberwiser
4
Business on the Internet: Cyber landscapeThe global adoption of the Internet
© WISER 2016 www.cyberwiser.eu - @cyberwiser
World population (2016 est.) 7,340,093,380Internet users (as of 30/06) 3,611,375,813% Penetration (world) 49.2Internet users (end 2000) 360,993,184% growth 2000-2016 900.4
Being on the Internet means to have near 4000 million of potential customers!
internetworldstats.com
Business on the Internet: Cyber landscapeInternet as a mean to make business
© WISER 2016 www.cyberwiser.eu - @cyberwiser 5
According to a study from McAfee, Internet economy generates between $2 and $3 trillion a year.
The share of the global economy is expected to grow rapidly
The U.S. e-commerce economy is worth $349 billion while China´s is worth $562 billion
https://hostingfacts.com/internet-facts-stats-2016/Very huge turnover directly related to the Internet
Business on the Internet: Cyber landscapeInternet as a mean to make business
© WISER 2016 www.cyberwiser.eu - @cyberwiser 6
Very huge turnover directly related to the Internet
B2C e-commerce sales worldwide from 2012 to 2018(in billion U.S. dollars)
Business on the Internet: Cyber landscapeInternet as a mean to make business
© WISER 2016 www.cyberwiser.eu - @cyberwiser 7
40% of Internet users (more than 1 billion people) have bought products or goods online
8 out of 10 consumers will shop online if offered free shipping
Internet is not only about accessing huge amounts of information, it is transforming the consumption habits
Business on the Internet: Cyber landscapeInternet as a mean to make business
© WISER 2016 www.cyberwiser.eu - @cyberwiser 8
There are around 966 million websites in the world todayThe average e-commerce site takes
7.12 seconds avg to load in Internet Explorer 97.15 seconds avg to load in Firefox 77.59 seconds avg to load in Google Chrome
40% of web users will abandon a website if it takes longer than 3 seconds to load and 60% will not return to the site51% of U.S. online shoppers say slow site loading is a top reason to abandon a purchase
Slow loading websites cost the U.S. e-commerce market more than $500 billion annually.38% of British consumers say social media interaction was one of the reasons for visiting a retailer website
The competition is fierce: websites must be reliable, visible and highly responsive
9
Business on the Internet: cyber landscapeInternet as a mean to make business
© WISER 2016 www.cyberwiser.eu - @cyberwiser
Call centers Chat centers Trading companies
Retail businesses
Service firms Financial institutions News Media Restaurants
Internet Marketing
Web hosting companies
Insurance providers
Medical centers
Several kinds of businesses are 100% dependent on the InternetThe dependence is sort of dramatic
VoIP dependentNo Internet, no reps workingLong wait time, angry clients
No Internet, no agents working
Quick loss of businessClients get no feedback
Based on speedBad latency means no businessLoss of trading opportunities
Sales software dependentReal-time access for inventoryCredit card payments rely on terminals
Teams cannot work togetherNo access to repositoriesNo interraction with clients
Dependent on central systemsBranches need reliable connectionNo connection, no data, no biz
Need to be the first for storytellingPictures taken on-site and live feedsNo Internet impacts competitiveness
Need Internet for paymentsNeed Internet for orderingOn-line or phone orders management
Social media managementViral campaigns managementCommunication with clients
Need to minimize downtimesDowntimes means losses
Clients´web must be live Access to claims databaseAccess to history info for pricingManagement of clients
Patient information managementOnline format replaces physicalCritical patients care
https
://w
ww
.mus
hroo
mne
twor
ks.c
om/b
log/
2015
/12/
03/is
-you
r-bus
ines
s-in
tern
et-d
epen
dent
-15-
busin
esse
s-th
at-n
eed-
relia
ble-
inte
rnet
/
Business on the Internet: Cyber landscapeInternet as a mean to make business
© WISER 2016 www.cyberwiser.eu - @cyberwiser 10
So… Internet is one of the biggest successes everBut, as everything, there is a flip side or, in this case…
an evil side
Outline
Business on the Internet: Cyber landscape
Cyber security as a challenge
CyberWISER as a solution
CyberWISER services portfolio
Conclusions
© WISER 2016 www.cyberwiser.eu - @cyberwiser 11
Cybersecurity as a challengeWhat is cybercrime?
© WISER 2016 www.cyberwiser.eu - @cyberwiser 12
Definition of cybercrimeCybercrime is the use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities or violating privacy
Enciclopaedia Britannica
Cybersecurity as a challengeSome facts about cybercrime
© WISER 2016 www.cyberwiser.eu - @cyberwiser 13
An estimated 37,000 websites are hacked every day.
Cyber insurance market has grown from $1 billion to $2.5 billion over the last two yearsVery focused on the U.S
Measuring the annual cost of cybercrime worldwide is a major challenge.McAfee dared to do that: they say that the losses are of $445 billion per year, what means around 20% of the Internet economy value
http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime2.pdfLloyd´s estimated $400 billion per year.
http://fortune.com/2015/01/23/cyber-attack-insurance-lloyds/
Cybercrime costs are kind of a very high tax paid to criminals that hinders the growth of the global economy
Cybersecurity as a challengeSome facts about cybercrime
© WISER 2016 www.cyberwiser.eu - @cyberwiser 14
Biggest online data breaches worldwide
Cybersecurity as a challengeSome facts about cybercrime
© WISER 2016 www.cyberwiser.eu - @cyberwiser 15
Cyber attackers´ preferred targets are large corporate businesses, critical infrastructures and small enterprises
Research shows that small businesses were on average the victims of around 7 million cybercrimes a year in 2014 and 2015
UK Federation of Small Businesses: Cyber Resilience: How To Protect Small Firms In The Digital Economy (June 2016)
The University of Oxford tries to profile the cyber criminalInternal disgruntled technical employeeInterested in theft of personal information, money and intellectual propertyInterested in extorting the company and clients
Profiling the Cyber criminal, University of Oxford, https://www.sbs.ox.ac.uk/cybersecurity-capacity/content/profiling-cybercriminal
Cybersecurity as a challengeSome facts about cybercrime
© WISER 2016 www.cyberwiser.eu - @cyberwiser 16
Cyber threats have evolved from targeting and harming computer, networks and smartphones, to targeting people, cars, railways, planes, powergrids and anything with a heartbeat or an electronic pulse
The more connected the world is, the more varied the targets for cyber attacks become
Cybersecurity as a challengeCyberattacks among the top global risks(according to 2016 Global Risk Report by the World Economic Forum)
Cybersecurity as a challengeCyberattacks connections to other kinds of risks(according to 2016 Global Risk Report by the World Economic Forum)
Cyberattacks Ilicit tradeState collapse or crisis
Data frauds or theft
Interstate conflict
Failure of financial mechanism or
institution
Terrorist attacks
Failure of national governance
Failure of critical infrastructure
© WISER 2016 www.cyberwiser.eu - @cyberwiser
Background
© WISER 2016 www.cyberwiser.eu - @cyberwiser 19
Cybercrime in press
Cybersecurity as a challengeThe unbalanced battle: hackers vs institutions
© WISER 2016 www.cyberwiser.eu - @cyberwiser 20
Black-Hat hackers are motivated by money, espionage, notoriety and malicious intent. They are faster, more daring and more experienced than White-Hats, who are constrained by boundaries and rules
Putting in place the appropriate barriers to prevent attackers from succeeding is currently expensive in terms of time, skills, hardware and software resources needed
EU Legislation & National Strategies
WISER EU National Strategies watchTracking capacity building & business initiatives: Important updates to ENISA interactive map & BSA Dashboard (data collected in 2014)Analysis & interviews with CERTs/National Cyber Security CentresIdentification of best practices & innovative approaches
Interactive free tool available online at:www.cyberwiser.eu/cartography
21© WISER 2016 www.cyberwiser.eu - @cyberwiser
How EU is addressing Cyber Crime
Cybersecurity as a challengeThe unbalanced battle: failing solutions
© WISER 2016 www.cyberwiser.eu - @cyberwiser 22
Sophisticated solutions do exist, but they usually combine an IT side with a risk management framework strategy.
Only large companies can afford it
The risk management methodologies and framework fail to address increasingly complex security needs
The IT monitoring systems fail to offer useful decision support to decision makers
Cybersecurity as a challengeThe unbalanced battle: lack of resources to draw an strategy
© WISER 2016 www.cyberwiser.eu - @cyberwiser 23
Despite the fact that more and more companies start searching for solutions to strengthen their cyber resilience, they struggle to draw their own cyber security strategy due to the lack of economic and human resources
This is particularly true for SMEs, which constitute the backbone of the European economy
Cybersecurity as a challengeThe unbalanced battle: lack of awareness
© WISER 2016 www.cyberwiser.eu - @cyberwiser 24
Despite abundance of security products, breach response typically takes months
2 out of 3 organizations don´t define and update their breach response plans to account for changing threat landscapeWith proper technology and expertise, detection to response times may be reduced by 90%.
And many, many companies simply don´t have a clue of thisThey are completely unaware of what is threatening them!
Cybersecurity as a challengeThe unbalanced battle: bad performance as for cyber resilience
© WISER 2016 www.cyberwiser.eu - @cyberwiser 25
Enterprises having a formally defined ICT security policy
Cybersecurity as a challenge
Loss of revenuesDamage to valuable assets
Intellectual propertyCritical infrastructure
Job lossesLoss of investment confidence
Damage to brand image and company reputation
Closure of companiesLoss of well-being of the populationMoral damage (child pornography)Human casualties
© WISER 2016 www.cyberwiser.eu - @cyberwiser 26
Some cybercrime likely consequences
Cybersecurity as a challengeA stronger and stronger problem against a weak solution
Strong problem Weak solution
Cybercrime is a flourishing business
Cybercriminals are using ever more sophisticated methods
Cybercrime slows down the growth of the Digital Single Market
Cybercrime is a clear obstacle for European economies to strive
Cybercrime targets sensitive information and critical infrastructures
Cyberterrorists are cybercriminals capable of performing attacks that may lead to loss of human lives
Cyber risk detection and assessment is usually a manual process
Cyber risk detection and assessment is mostly a process performed periodically.
Current approach is static and iterative
Cyber risk detection and assessment usually focus on the ICT side, not considering business or societal impact
No support for decision-making of mitigating measures
Stronger solutions are not in place yet due to the lack of awareness on the issue.
© WISER 2016 www.cyberwiser.eu - @cyberwiser 27
Cybersecurity as a challenge
© WISER 2016 www.cyberwiser.eu - @cyberwiser 28
The challenge is clear…How can we contribute to solve the problem?
29
Outline
Business on the Internet: cyber landscape
Cyber security as a challenge
CyberWISER as a solution
CyberWISER services portfolio
Conclusions
© WISER 2016 www.cyberwiser.eu - @cyberwiser
CyberWISER as a solutionWhat is CyberWISER?
© WISER 2016 www.cyberwiser.eu - @cyberwiser 30
CyberWISER is a framework of resilient cyber security risk assessment services providing the following features
Multi-level cyber risk assessment, focusing not only on ICT systems, but also on the meaning they have for the corporate business processes
Real-time cyber risk assessment providing an updated view of the risk level
Real-time cyber risk monitoring tool supporting decision-making to manage risks
Decision support tools to facilitate selection of mitigation options to face unacceptable risksThe CyberWISER Risk Management Framework will put your company
in control with a smart ‘DYI’ approach and will ensure that cyber security becomes part of the business process
CyberWISER as a solutionOur consortium
© WISER 2016 www.cyberwiser.eu - @cyberwiser 31
CyberWISER as a solutionHow CyberWISER meets the requirements
© WISER 2016 www.cyberwiser.eu - @cyberwiser 32
Cybersecurity challenge CyberWISER answer
The risk management methodologies and framework fail to address increasingly complex security needs
CyberWISER sensoring techniques are able to detect a wide spectrum of incidents as well as vulnerabilities in the ICT infrastructure likely to be exploited by attackers
The IT monitoring systems fail to offer useful decision support to decision makers
CyberWISER direct language is aimed to ease the decision-making support. CyberWISER provides decision-making tools
Cybersecurity is unaffordable and restricted to large companies CyberWISER offers an agile and easy-to-implement risk management methodology, without the need of high security budget, complex and time-consuming procedures, or dedicated teams of external consultants
Lack of awareness CyberWISER considers the prevention and the creation of a cybersecurity culture with user-friendly services
CyberWISER main objective is the democratisation of cybersecurity, with a strong focus on SMEs
CyberWISER as a solutionThe WISER approach
© WISER 2016 www.cyberwiser.eu - @cyberwiser 33
CyberWISER as a solutionThe WISER approach: configuration inputs
© WISER 2016 www.cyberwiser.eu - @cyberwiser 34
Some examples of configuration inputsIndustry sector to which the company belongsOrganization sizeYearly revenuesGeographical area where the company has officesGeographical area where the company makes businessInternal organization of the company: roles and responsibilitiesCyber security corporate cultureVolume of sensitive information handled by the companyBusiness impact analysis:
Focused on the value the information stored by the digital assets have
CyberWISER as a solutionThe WISER approach: monitoring inputs
© WISER 2016 www.cyberwiser.eu - @cyberwiser 35
The monitoring infrastructure has two layers
The resource layerIt consists of collectors installed on the client´s infrastructureThe collectors continuously observe numerous network and application-level parametersThe collectors are able to detect several types of attacks and anomalies in the network infrastructure and in applications installed on the client´s premisesThis information is sent to the provider layer
The provider layerIt has a Monitoring Engine that filters and correlates information coming from the collectors, producing alarms which are part of the inputs received by the Risk Assessment Engine
CyberWISER as a solutionThe WISER approach: monitoring inputs
© WISER 2016 www.cyberwiser.eu - @cyberwiser 36
Some examples of attack types detected by CyberWISER monitoring capabilities
Monitoring of DNS requests to detect patterns of traffic potentially belonging to botnetsNetwork reconnaissance attemptsMalware signaturesDenial of Service attacksVirusesAnomalies in operation of core OS services and user applications
Honeypots are also used to attract attackers and detect their presence
CyberWISER as a solutionThe WISER approach: testing inputs
© WISER 2016 www.cyberwiser.eu - @cyberwiser 37
The testing information is collected by means of an automatic vulnerability scanning service which helps to identify security vulnerabilities in the client´s ICT infrastructure
CyberWISER as a solutionThe WISER approach: modelling inputs and Risk Assessment Engine
© WISER 2016 www.cyberwiser.eu - @cyberwiser 38
Models are machine-readable risk asessment algorithmsSuch algorithms are composed by a set of modelling rulesModelling rules establish associations among the different types of information presented before
Configuration information, obtained from the userMonitoring information, network layer, obtained from the collectorsMonitoring information, application layer, obtained from the collectorsTesting information, obtained from the vulnerability scanners
The models can be qualitative or quantitative
The model algorithms are executed by the Risk Assessment Engine
CyberWISER as a solutionThe WISER approach: support to decision-making
© WISER 2016 www.cyberwiser.eu - @cyberwiser 39
CyberWISER not only evaluates the cyber risk faced by the company, it also proposes mitigation measures
Since budgets are limited, WISER offers the user support to prioritize the measures to be actually applied
The comparison, ranking and prioritisation of measures is done basing on cost-benefit analysis with data provided by the user by filling out a template
CyberWISER as a solutionThe WISER risk management cycle
© WISER 2016 www.cyberwiser.eu - @cyberwiser 40
CyberWISER as a solutionCyberWISER pragmatic vision for cybersecurity
STEP 1 – Acquire awareness through self-assessment of your cyber risks and vulnerabilities of your IT system.STEP 2 - Evaluate your exposure levels (€€€ + reputation) STEP 3 - Evaluate cyber insurance.STEP 4 – Develop a mitigation plan.STEP 5 – Monitor in real-time.
Higher cyber security levels are directly connected to greater awareness and effectiveness of data protection & privacy
© WISER 2016 www.cyberwiser.eu - @cyberwiser 41
Cyber WISER as a solution
© WISER 2016 www.cyberwiser.eu - @cyberwiser 42
Cyber resilience is a journey, not a destinationHow can CyberWISER help you to become more cyber resilient?
Let´s take a look to CyberWISER Services
Outline
Business on the Internet: cyber landscape
Cyber security as a challenge
CyberWISER as a solution
CyberWISER services portfolio
Conclusions
© WISER 2016 www.cyberwiser.eu - @cyberwiser 43
CyberWISER services portfolio
© WISER 2016 www.cyberwiser.eu - @cyberwiser 44
Registration and basic data required to Clients
WISER tests vulnerabilities from the outside
Provides basic benchmarking
Detailed business and IT infrastructure data required
Model selection based on WISER suggestion or tailored
Sensors installation at the network layer level
Real time exposure calculation
Monitoring Mitigation options
considered WISER team limited support
Detailed business and IT infrastructure data required
Possibility to implement Client’s models
Possibility to perform cost/benefit analysis on the base of Client’s indications
Sensors installation at the application layer level
RequiredInteraction
Real time exposure calculation Monitoring Mitigation cost benefit
calculations WISER team full involvement
Complexity of WISER Operating Model
CyberWISER services portfolio
© WISER 2016 www.cyberwiser.eu - @cyberwiser 45
Non-intrusive mode No need to install anything on the client´s infrastructureOffers a very early assessment of the situation of the client´s IT infrastructure with respect to cyber riskThe client fills a short questionnaire, and basing on the answers, a first evaluation is done by means of a simple algorithm
No need to register
Optionally, the client can run a vulnerability scanner against the IT infrastructure in a not intrusive way
This needs registration
Quick feedbackReport easy to understand and aimed especially at top managersMain areas of improvement are highlightedNo need for external assistance and minimum time investment
CyberWISER services portfolio
© WISER 2016 www.cyberwiser.eu - @cyberwiser 46
Incorporates real-time monitoringSensors are deployed on the target infrastructureSensors only gather information belonging to the network layerEnhanced vulnerability scan featureMore detailed and specific questionnaires to gather configuration informationModelling techniques incorporated to assess the cyber riskMitigation measures suggested along with the cyber risk assessmentIt incorporates a tool to evaluate the societal impact of the cyber risk faced by the companyComplete dashboard to show the resultsLimited consulting service offered by WISER Service provider
CyberWISER services portfolio
© WISER 2016 www.cyberwiser.eu - @cyberwiser 47
Most complex and advanced CyberWISER serviceSensors scope is expanded and application layer information is also gatheredMore detailed configuration questionnaires to be answered by the clientLarger quantity and variety of data available for analysisPossibility of putting in place customized sensors adapted to client´s infrastructure peculiaritiesPossibility of integrating sensors brought by the clientMitigation measures suggestion is supplemented with a cost-benefit analysis in order to prioritize which measure actually applyComplete dashboard to show the resultsFurther involvement of CyberWISER consultants
Outline
Business on the Internet: cyber landscape
Cyber security as a challenge
CyberWISER as a solution
CyberWISER services portfolio
Conclusions
© WISER 2016 www.cyberwiser.eu - @cyberwiser 48
Innovation elements brought in by WISER
It is not simply about monitoring cyber incidents, it is about assessing the risks present within a companyThe risk assessment considers the potential damage to the ICT infrastructure and the damage to the business of the company, including various aspects, such as reputational implications – a multi-level assessmentThis risk evaluation evolves with the rapid dynamics that are inherent with the cyber “climate”This evaluation is performed by means of a novel methodology, to be elaborated in the projectModelling cyber risk, using patternsDefinition of mitigation measures according to the threats and attacks and ranking based on different criteriaUltimate goal: Make cyber risk assessment affordable, especially to SMEs
Going beyond the state of art
49© WISER 2016 www.cyberwiser.eu - @cyberwiser
Innovative capabilities and featuresCyber risk assessment follow-upMonitoring: events and alarms detection and follow-upTesting: vulnerabilities scanning and follow-upModellingDecision Support
The WISER framework delivers capabilities that are unparalleled with respect to current offering. SMEs are enticed by means of “freemium” services
(i.e. the “CyberWISER-Light”)
Basic and detailed visualization of reportsGraphic dashboard with analytical featuresConfigurable alertsPeriodical execution of vulnerability scansBasic and detailed information of vulnerabilities foundAssistance to derive model rules from risk modelsAssistance to decide the most suitable risk model according to the business and ICT profile of the companyCost-benefit analysis of mitigation measuresQuality Criteria Assessment of risks
50© WISER 2016 www.cyberwiser.eu - @cyberwiser
What next?
Start using CyberWISER Light today Register on www.cyberwiser.eu Take the questionnaire & download your personalised report. Take the vulnerability test to identify threats.Get the final full report.Take action to make cyber security part of your business processes
Need tech support or advice?Contact us at [email protected]
Want to get involved?Contact us at [email protected]
Start your cybersecurity journey today with CyberWISER Light51© WISER 2016 www.cyberwiser.eu - @cyberwiser
Join our community and stay up to date with new WISER releases:
@cyberwiser www.linkedin.com/in/cyber-wiser
References
© WISER 2016 www.cyberwiser.eu - @cyberwiser 52
http://www.internetworldstats.com/stats.htmhttp://www.infodocket.com/2013/05/30/cisco-releases-latest-internet-usage-and-data-forecast-nearly-half-the-worlds-population-will-be-connected-to-the-internet-by-2017/http://www2.deloitte.com/us/en/pages/consumer-business/articles/navigating-the-new-digital-divide-retail.html?id=us:2el:3dp:diginf15:awa:retail:051315:ddhttp://www.smartinsights.com/mobile-marketing/mobile-marketing-analytics/mobile-marketing-statistics/http://www.statista.com/topics/779/mobile-internet/http://www.convinceandconvert.com/mobile/7-mobile-marketing-stats-that-will-blow-your-mind/http://www.internetlivestats.com/total-number-of-websites/http://www.speedawarenessmonth.com/slow-websites-cost-the-us-ecommerce-market-504-billion-in-2011/https://econsultancy.com/blog/10936-site-speed-case-studies-tips-and-tools-for-improving-your-conversion-rate/https://econsultancy.com/blog/66224-11-staggering-stats-from-around-the-digital-world/http://research.domaintools.com/statistics/tld-counts/http://w3techs.com/technologies/overview/top_level_domain/allhttps://en.wikipedia.org/wiki/List_of_most_expensive_domain_nameshttp://www.internetlivestats.com/http://www.statista.com/statistics/261245/b2c-e-commerce-sales-worldwide/http://www.statista.com/markets/413/e-commerce/http://www.remarkety.com/global-ecommerce-sales-trends-and-statistics-2015https://en.wikipedia.org/wiki/List_of_Internet_top-level_domainshttp://www3.weforum.org/docs/GRR/WEF_GRR16.pdfhttps://www.mushroomnetworks.com/blog/2015/12/03/is-your-business-internet-dependent-15-businesses-that-need-reliable-internet/https://www.statista.com/statistics/261245/b2c-e-commerce-sales-worldwide/http://www.forbes.com/sites/stevemorgan/2015/10/16/the-business-of-cybersecurity-2015-market-size-cyber-crime-employment-and-industry-statistics/2/#c3a6df84e683https://www.statista.com/statistics/290525/cyber-crime-biggest-online-data-breaches-worldwide/http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime2.pdfhttp://fortune.com/2015/01/23/cyber-attack-insurance-lloyds/UK Federation of Small Businesses: Cyber Resilience: How To Protect Small Firms In The Digital Economy (June 2016) Profiling the Cyber criminal, University of Oxford, https://www.sbs.ox.ac.uk/cybersecurity-capacity/content/profiling-cybercriminal
www.cyberwiser.eu @cyberwiser
Thank you for your attentions! Questions?
ContactAntonio Álvarez RomeroAtos [email protected]