Download the Cyber Security Crashcourse

Slides from IFSEC International 2015

Eric Hansleman speaking at Interop Las Vegas

Eric Hansleman speaking recently at Interop Las Vegas

“In the last year,” said Eric Hansleman, “businesses spent $70bn on cyber security. Meanwhile criminals will have made 10-20 times that amount”.

At IFSEC 2015, Eric Hansleman from 451 Research presented a rapid-fire overview of cyber security. The DarkReading Cyber Security Crashcourse – introduced with Sara Peters, Senior Editor for Dark Reading – was 40 slides packed with insight into the trends shaping the industry and how you can protect yourself.

You can download the slidedeck by filling out the form on the right…

Some 75% of IT professionals believe their organisations are about as vulnerable, or more vulnerable, to attacks than this time a year ago. As devices and applications proliferate and complexity grows, to be successful at securing our IT assets we have to be successful all the time.

IT security budgets continue to increase with half of surveyed respondents increasing security planning. Diversification of options is proving a major challenge.

The various security technologies that a typical enterprise needs to employ is growing with fragmented spend:

CyberSecurityCrashcourse

 

 Today’s threat environment

Eric emphasised the need for a change in attitude, start from a position that “we have already been compromised”.  While a maintaining a firewall perimeter is still important,  multi-layered defences are required to truly protect your data.

Every business now faces a multitude of adversaries, including “a generation of cyber criminals for whom this is their day job” and attacks often blamed on “nation states” such as North Korea. As Eric explained, it is hard to identify who is really behind an attack. For example, Kaspersky Labs thought that they had been attacked by either Israel or the United States due to the tools the hackers used.

At the top of your list of adversaries should be your own authorised users, who are the greatest risk to security.

Social engineering of your users has been used tremendously effectively by hackers. Indeed, 91% of targeted attacks involve phishing emails to trick users into giving up sensitive information.

Attacks are proven to be much more effective if they use personal information, with mobile devices making this much more of a problem as phishing has as much as a 30% higher success rate on a mobile device.  “The data you have will always be valuable to someone – either directly or indirectly.”

The ‘Salesforce effect’ – whereby all different users are using pay-as-you-go cloud services – puts pressure on IT teams to maintain security standards with cloud capabilities purchased outside of corporate IT buying. Any marketing manager with a credit card can purchase cloud services. Hosting data in the cloud and moving it onto different platforms carries a far greater risk of disclosure.

Password alternatives have helped somewhat, but still come with limitations:

Password alternatives

As a solution, Eric recommended the FIDO alliance to businesses who are looking to integrate more sophisticated authentication into their IT infrastructure:

FIDO

 

It’s what you don’t know that will hurt you

With employees being the greatest vulnerability, Eric emphasised that the best investment business can make is in education. Only through ongoing training of employees can businesses deal with the cyber security threats.

Eric reported that there are encouraging signs of improvements in understanding and expectations for risk management, as can be seen in this table of changing attitudes from the Cloud Security Alliance (CSA):

2010 to 2013

 

The part that IT has to play is moving from the department of ‘no’ to the department of ‘know’ – educating colleagues about new technologies to better enable, rather than resist, change.

You can download the full Cyber Security Crashcourse presentation by entering your details in the form on the top right of this page.

Listen to the IFSEC Insider podcast!

Each month, the IFSEC Insider (formerly IFSEC Global) Security in Focus podcast brings you conversations with leading figures in the physical security industry. Covering everything from risk management principles and building a security culture, to the key trends ahead in tech and initiatives on diversity and inclusivity, the podcast keeps security professionals up to date with the latest hot topics in the sector.

Available online, and on Spotify, Apple Podcasts and Google Podcasts, tune in for an easy way to remain up to date on the issues affecting your role.

IFSECInsiderPodcastLogo
  • By downloading this content you understand that Informa Markets and the sponsor (if applicable) are providing you with this service, free of charge, with the explicit intent of identifying business leaders with a legitimate interest in Informa Markets and the sponsor (if applicable) products and services for which you will receive marketing communications following submission of this form and your detaisl.

    If you do not wish to continue receiving marketing from Informa Markets and the sponsor (if applicable) you will be able to unsubscribe using the links provided and you will receive no further marketing communications related to this content. If you do not wish to receive any communications from Informa Markets and the sponsor (if applcable) please do not submit this form.


    Please view our Privacy Policy

Partners