Luke Bilton

Director, Digital & Content, UBM

Author Bio ▼

Luke is Director of Digital & Content for UBM EMEA London, the media business behind IFSEC Global and IFSEC live events.
June 22, 2017

Sign up to free email newsletters

Download

Barbour Download: A technical guide to sprinkler systems

Cyber Security Crashcourse [Download]

Download the Cyber Security Crashcourse

Slides from IFSEC International 2015

Eric Hansleman speaking at Interop Las Vegas

Eric Hansleman speaking recently at Interop Las Vegas

“In the last year,” said Eric Hansleman, “businesses spent $70bn on cyber security. Meanwhile criminals will have made 10-20 times that amount”.

At IFSEC 2015, Eric Hansleman from 451 Research presented a rapid-fire overview of cyber security. The DarkReading Cyber Security Crashcourse – introduced with Sara Peters, Senior Editor for Dark Reading – was 40 slides packed with insight into the trends shaping the industry and how you can protect yourself.

You can download the slidedeck by filling out the form on the right…

Some 75% of IT professionals believe their organisations are about as vulnerable, or more vulnerable, to attacks than this time a year ago. As devices and applications proliferate and complexity grows, to be successful at securing our IT assets we have to be successful all the time.

IT security budgets continue to increase with half of surveyed respondents increasing security planning. Diversification of options is proving a major challenge.

The various security technologies that a typical enterprise needs to employ is growing with fragmented spend:

CyberSecurityCrashcourse

 

 Today’s threat environment

Eric emphasised the need for a change in attitude, start from a position that “we have already been compromised”.  While a maintaining a firewall perimeter is still important,  multi-layered defences are required to truly protect your data.

Every business now faces a multitude of adversaries, including “a generation of cyber criminals for whom this is their day job” and attacks often blamed on “nation states” such as North Korea. As Eric explained, it is hard to identify who is really behind an attack. For example, Kaspersky Labs thought that they had been attacked by either Israel or the United States due to the tools the hackers used.

At the top of your list of adversaries should be your own authorised users, who are the greatest risk to security.

Social engineering of your users has been used tremendously effectively by hackers. Indeed, 91% of targeted attacks involve phishing emails to trick users into giving up sensitive information.

Attacks are proven to be much more effective if they use personal information, with mobile devices making this much more of a problem as phishing has as much as a 30% higher success rate on a mobile device.  “The data you have will always be valuable to someone – either directly or indirectly.”

The ‘Salesforce effect’ – whereby all different users are using pay-as-you-go cloud services – puts pressure on IT teams to maintain security standards with cloud capabilities purchased outside of corporate IT buying. Any marketing manager with a credit card can purchase cloud services. Hosting data in the cloud and moving it onto different platforms carries a far greater risk of disclosure.

Password alternatives have helped somewhat, but still come with limitations:

Password alternatives

As a solution, Eric recommended the FIDO alliance to businesses who are looking to integrate more sophisticated authentication into their IT infrastructure:

FIDO

 

It’s what you don’t know that will hurt you

With employees being the greatest vulnerability, Eric emphasised that the best investment business can make is in education. Only through ongoing training of employees can businesses deal with the cyber security threats.

Eric reported that there are encouraging signs of improvements in understanding and expectations for risk management, as can be seen in this table of changing attitudes from the Cloud Security Alliance (CSA):

2010 to 2013

 

The part that IT has to play is moving from the department of ‘no’ to the department of ‘know’ – educating colleagues about new technologies to better enable, rather than resist, change.

You can download the full Cyber Security Crashcourse presentation by entering your details in the form on the top right of this page.

Free Download: The State of Surveillance Storage

From the growing quantity of data to new innovations like Artificial Intelligence (AI) and machine learning, the surveillance and security landscape is changing. The Seagate Surveillance Storage Survey 2018 is a look at what the industry challenges really are—and what businesses, security industry professionals, installers and integrators need from their storage moving forwards. Discover the challenges now by clicking here.

Related Topics

Leave a Reply

1 Comment on "Cyber Security Crashcourse [Download]"

avatar
  Subscribe  
newest oldest most voted
Notify of
quickbooks Support
Guest

To be an expert on cybersecurity the user needs to do the course of cybersecurity and it is necessary because the importance of it we already know that.