The Business of Cyber Attacks - intechforums.com Kemple… · 13 Unpublished Work Copyright 2016...
Transcript of The Business of Cyber Attacks - intechforums.com Kemple… · 13 Unpublished Work Copyright 2016...
BAE SYSTEMS PROPRIETARY 1 Unpublished Work Copyright 2016 BAE Systems. All Rights Reserved.(See final slide for restrictions on use.)
|
BAE SYSTEMS PROPRIETARY
The Business of Cyber Attacks
˃ Insurance Technology ‘Security Matters’ Forum, 16th February 2016
BAE SYSTEMS PROPRIETARY 2 Unpublished Work Copyright 2016 BAE Systems. All Rights Reserved.(See final slide for restrictions on use.)
|
BAE SYSTEMS PROPRIETARY
the business of cyber attacks˃ welcome
We help nations, governments and businesses around the world defend themselves against cybercrime, reduce their risk in the connected world, comply with regulation, and transform their operations.
Russell Kempley – Head of EMEA Technical ServicesHelping our customers by delivering cyber expertise in Threat Intelligence, Penetration Testing and Incident Response
BAE SYSTEMS PROPRIETARY 3 Unpublished Work Copyright 2016 BAE Systems. All Rights Reserved.(See final slide for restrictions on use.)
|
BAE SYSTEMS PROPRIETARY
the business of cyber attacks˃ overview
The attacker’s business…
…is knowing your business
…defend your business
So you need to…
BAE SYSTEMS PROPRIETARY 4 Unpublished Work Copyright 2016 BAE Systems. All Rights Reserved.(See final slide for restrictions on use.)
|
BAE SYSTEMS PROPRIETARY
the attackers’ business…˃ examples
“Malware as a service – cyber crime’s new
industry”
“Hackers for hire”
“Global action targeting shylock
malware”
BAE Systems infographic showing the complex
business processes behind the shylock campaign.
BAE SYSTEMS PROPRIETARY 5 Unpublished Work Copyright 2016 BAE Systems. All Rights Reserved.(See final slide for restrictions on use.)
|
BAE SYSTEMS PROPRIETARY
… is knowing your business˃ the business model
ApplicationProcessBusiness Logic
NetworkTechnologySystem
SocialEmployeesUsers
BAE SYSTEMS PROPRIETARY 6 Unpublished Work Copyright 2016 BAE Systems. All Rights Reserved.(See final slide for restrictions on use.)
|
BAE SYSTEMS PROPRIETARY
… is knowing your business˃ the business model
ApplicationProcessBusiness Logic
NetworkTechnologySystem
SocialEmployeesUsers
Crime
BAE SYSTEMS PROPRIETARY 7 Unpublished Work Copyright 2016 BAE Systems. All Rights Reserved.(See final slide for restrictions on use.)
|
BAE SYSTEMS PROPRIETARY
… is knowing your business˃ the business model
ApplicationProcessBusiness Logic
NetworkTechnologySystem
SocialEmployeesUsers
CyberEnabledCrime
BAE SYSTEMS PROPRIETARY 8 Unpublished Work Copyright 2016 BAE Systems. All Rights Reserved.(See final slide for restrictions on use.)
|
BAE SYSTEMS PROPRIETARY
… is knowing your business˃ the business model
ApplicationProcessBusiness Logic
NetworkTechnologySystem
SocialEmployeesUsers
Social Engineering
BAE SYSTEMS PROPRIETARY 9 Unpublished Work Copyright 2016 BAE Systems. All Rights Reserved.(See final slide for restrictions on use.)
|
BAE SYSTEMS PROPRIETARY
… is knowing your business˃ examples
“SRA warns of ‘Friday afternoon fraud’ risk”
“Security Vendors Report Uptick in
Whaling, Phishing Scams”
“BlackEnergy trojanstrikes again”
BAE Systems incident response revealed a complex fraud which
operated with detailed knowledge of the target business.
BAE SYSTEMS PROPRIETARY 10 Unpublished Work Copyright 2016 BAE Systems. All Rights Reserved.(See final slide for restrictions on use.)
|
BAE SYSTEMS PROPRIETARY
defend your business˃ three pillars
INTELLIGENCEAND RISK LED
THICK-SKINNEDAND ROBUST
OPERATIONALLYAWARE
BAE SYSTEMS PROPRIETARY 11 Unpublished Work Copyright 2016 BAE Systems. All Rights Reserved.(See final slide for restrictions on use.)
|
BAE SYSTEMS PROPRIETARY
defend your business˃ cyber security lifecycle
PREPARE PROTECT
RESPOND MONITOR
Managed SecurityNetwork Security Monitoring, Managed
Threat Analytics, Vulnerability Management,
Device Management
CyberRevealThreat Analytics, Intelligence
Management & SOC Efficiency
Mobile ProtectIntelligent Protection for
smart mobile devices
Threat IntelligenceActionable insight of attack group
behaviours and techniques
Incident ResponseActive containment of live
targeted cyber attacks
Measure your true resilience
to internal and external threats
Security Testing
Industrial ProtectMilitary grade protection
of critical plant operations
Cloud SecurityEmail & Web Protection Services
Hosted Applications, Private Cloud
Cyber ConsultingStrategy and risk, Security assurance,
Improvement and SI
Incident ManagementWorking as part of your team to lead an
effective response
BAE SYSTEMS PROPRIETARY 12 Unpublished Work Copyright 2016 BAE Systems. All Rights Reserved.(See final slide for restrictions on use.)
|
BAE SYSTEMS PROPRIETARY
defend your business˃ intelligence-led security testing
Will the attack succeed?
Who might attack and why?
Would it be detected?
What tools would be used?
Attack scenarios
Safe testing scope
BAE SYSTEMS PROPRIETARY 13 Unpublished Work Copyright 2016 BAE Systems. All Rights Reserved.(See final slide for restrictions on use.)
|
BAE SYSTEMS PROPRIETARY
thank you
thank you
BAE SYSTEMSSurrey Research ParkGuildfordSurreyGU2 7YPUnited Kingdom
T: +44 (0)1483 816000F: +44 (0)1483 816144
Copyright © 2016 BAE Systems. All Rights Reserved.
BAE SYSTEMS, the BAE SYSTEMS Logo and the product names referenced herein are trademarks of BAE Systems plc.
No part of this document may be copied, reproduced, adapted or redistributed in any form or by any means without the express prior written consent of BAE Systems.
BAE Systems Applied Intelligence Limited registered in England and Wales Company No. 1337451 with its registered office at Surrey Research Park, Guildford, England, GU2 7YP.
BAE SYSTEMS PROPRIETARY 14 Unpublished Work Copyright 2016 BAE Systems. All Rights Reserved.(See final slide for restrictions on use.)
|
BAE SYSTEMS PROPRIETARY