SlideShare a Scribd company logo
<#>
2019 Cyber Security
Threats & Trends
2019 SCTBA Conference | Charleston, SC
<#>
Jason Smith
Lead Security & Compliance Consultant
Internetwork Engineering
• Security Researcher
• ISACA Instructor
• Lifelong Boy Scout
Introduction
<#>
In The News
Seems
opportunistic – but
Facebook is
interesting ….
<#>
Trouble at Facebook … and elsewhere
50 Million Facebook
Accounts Affected
<#>
This is why it really sucks!
• Facebook Single Sign-on affected
• The increased use of Facebook as
an authentication tool has
increased the affected user base
exponentially.
• Annuity Attack Issues
• User Apathy
<#>
The security challenge
Motivated and targeted adversaries Increased attack surface Increased attack sophistication
• State sponsored
• Financial and espionage motives
• $1T cybercrime market
• BYOD blurring perimeter
• Public cloud services
• Enterprise IoT
• Advanced persistent threats
• Encrypted malware
• Zero-day exploits
Scale Too many alerts Complexity Securing everything Sophistication Keeping up against attackers
100%
Of customers lack network
segmentation at time of breach
200 days
Industry average
detection time for a breach
60 days
Industry average
time to contain a breach
$3.8M
Average cost
of a data breach
<#>
2018 – 2019 Cyber Security Trends
We expect to see up to a
moderate increase, with an
increase in sophistication.
Characteristics:
• Very automated and
opportunistic = low upfront cost.
• Easily monetized
• Integrates well with other attack
goals.
Security budgets appear
stagnate, board stakeholder
interest waning, breaches
generally viewed as BAU.
Contributing Factors:
• Lack of vendor innovation
• EDR market saturation –
confusing consumers
• Recent huge breaches,
including Equifax*
Ransomware Decline Stakeholder Apathy
<#>
2018 – 2019 Cyber Security Trends
Expect to see significant
increase in the number and
sophistication of these attacks.
Contributing Factors:
• Wild west development,
minimal standards
• Widespread consumer adoption
• Easily integrated into multi
vector attacks (WFH bridge)
Expect to see attackers shift to
more targeted attacks, by
leveraging new and cheap data
analysis tools (Python, R,
Power BI)
Contributing Factors
• Cyber crime business model
• More effective use of available
resources, higher ROI.
IOT Exploitation Leveraging Big Data
<#>
IoT on the network introduces additional security challenges
Users, devices, and things are coming onto the network
ITUsers
Mobile Laptops/PCs Bonjour Audio Video Healthcare Printers Security
cameras
Fire alarm
system
Badging system
Sensors
Lighting
HVAC
Securing these devices is hard
Unsophisticated devices
• Limited security and crypto
capabilities, prone to hacks
Endpoint identity
• No support for standard
authentication mechanisms
Policy ownership (IT, OT, Mfg)
• Who defines policy? Who
holds liability?
Non-IT
The network needs to offer an extended trust domain, with scalable device classification and policy
<#>
2018 – 2019 Cyber Security Trends
Security Resources tend to be
only available during concern
about a breach or immediately
following a breach.
Contributing Factors:
• Security, Compliance, and
Governance are cost centers,
not profit centers.
• ROI is rarely captured
effectively and the “story” isn’t
told well.
Attackers will continue to leverage
mis managed cloud infrastructure.
Contributing Factors
• Poor design and
implementation – rush to deploy
• Misperception of X as a Service
(XaaS) technology and
management
• Poorly secured middle layer
(Mesos) and transport layers
Security Resource Scarcity March to the Cloud
<#>
Cloud practices provide simplicity and agility to enterprise networks
Cloud practices require retraining of IT workforceSecurity, IoT and mobility add operational complexity
Policy decoupled from network
Controller-based
automation
Analytics-based
assurance
Model driven Streaming
Infrastructure
Network-dependent policies
CLI Polling
Infrastructure
Network management
Windows 10
AWS
Linux Patch
Python
Windows 10
AWS
Docker
<#>
Intent-based networking
Digital business
SecurityMobile MulticloudIoT
Network
Powered by intent. Informed by context.
Translation
Capture business intent,
translate to policies,
and check integrity
Activation
Orchestrate policies and
configure systems
Assurance
Continuous verification,
insights and visibility,
and corrective actions
Public
<#>
2019 Cyber Security Trends
Recent malware appears to be more
sophisticated, including:
• More Dynamic Encryption
• More efficient use of Zero Days
Contributing Factors:
• Increased use of Malware Kits and
improvement in the Kits
• Better backend communication
channels
• More reactive malware defense
techniques
• Geolocation & Presence Awareness
Increased Threat Sophistication “Living off the Land” Attack Increase
Recent (targeted) attacks appear
to be more reliant on improperly
installed tools and software and
network misconfigurations.
Examples:
• PowerShell
• Active Directory
• Java
<#>
TARGETED
OPPORTUNISTIC
Traditional Threat Actor Model
Nation-State Sponsored
SOPHISTICATION
PREVELANCE
Industrial Espionage
Hactivist
Typical Ransomware
Generic & Financial Ransomware
<#>
TARGETED
OPPORTUNISTIC
NEW Threat Actor Model
Nation-State Sponsored
SOPHISTICATION
PREVELANCE
Industrial Espionage
Hactivist
Typical Ransomware
Generic & Financial Ransomware
Non-Typical Ransomware
Targeted Financial Ransomware
Social Media Manipulation
<#>
NEW Threat Actor Model
TARGETED
OPPORTUNISTIC
Nation-State Sponsored
SOPHISTICATION
PREVELANCE
Industrial Espionage
Hactivist
Typical Ransomware
Generic & Financial Ransomware
Non-Typical Ransomware
Targeted Financial Ransomware
Social Media Manipulation
Expect to see attackers
shift to more targeted
attacks, by leveraging
new and cheap data
analysis tools (Python,
R, Power BI)
Contributing Factors:
• Cyber crime business
model
• More effective use of
available resources,
higher ROI.
Leveraging Big Data
<#>
The Risk of Added Complexity
Not the Same Old Business Network
Companies have adopted newer adaptive technologies such as:
• Elastic Cloud and Orchestration
• Policy and Intent Based Networking
• Converged Environments
The Issue:
• The technology is adopted, but not fully supported or even understood
• Default configurations are left in place to speed deployment
• Some “add-ons” and “optional components” are actually CRITICAL.
<#>
Too Many EDR Solutions
Endpoint Detection & Response
<#>
How do you know what you
actually need?
<#>
Vendor Risk Management
Cyber Security Drivers
Compliance & Regulatory
Contractual Requirements
Cyber Insurance Requirements
Stakeholder (Shareholder)
Concern
<#>
Choose your battles wisely.
Avoid spending on knee jerk,
point solutions.
What to Do …
Focus on your risk.
Remember, hackers tend to
opportunistic first.
Back to the basics. Security
hygiene, risk assessments,
user awareness training.
Get involved with other IT
areas and departments.
What is the near term and
long term IT strategy and
how can it be secured.
Demonstrate value (metrics,
KPIs, show up!)!
1
2
3
4
<#>
”Just showing up is half the battle.”
Woody Allen
<#>
• Train the Users
• Train the IT Folks
• Train the IR Team
and TEST
TRAINING
What to do …
<#>
Start with a RISK Assessment!!
IT’s All About RISK!!!
Understand your network
Understand your data, and
how it is consumed!
Learn the Business!
<#>
Thank you!
Questions?
Jason Smith
Lead Security & Compliance Consultant
IE Advisory Services – Cyber Security
Internetwork Engineering
Twitter: @smith380
We’d love to see you at one of our Security User Groups in
Charlotte or Raleigh, NC!

More Related Content

PPTX
Eliminating the Confusion Surrounding Cyber Insurance
Internetwork Engineering (IE)
 
PPTX
2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit Wonders
Internetwork Engineering (IE)
 
PDF
Outlook Briefing 2016: Cyber Security
Mastel Indonesia
 
PPTX
Enterprise Cyber Security 2016
Supply Chain Coalition
 
PDF
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
Netpluz Asia Pte Ltd
 
PPTX
Securing the Cloud
GGV Capital
 
PDF
Cybersecurity in Banking Sector
Quick Heal Technologies Ltd.
 
PDF
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Knowledge Group
 
Eliminating the Confusion Surrounding Cyber Insurance
Internetwork Engineering (IE)
 
2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit Wonders
Internetwork Engineering (IE)
 
Outlook Briefing 2016: Cyber Security
Mastel Indonesia
 
Enterprise Cyber Security 2016
Supply Chain Coalition
 
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...
Netpluz Asia Pte Ltd
 
Securing the Cloud
GGV Capital
 
Cybersecurity in Banking Sector
Quick Heal Technologies Ltd.
 
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Knowledge Group
 

What's hot (19)

PDF
Cyber Risk Management in the New Digitalisation Age - eSentinel™
Netpluz Asia Pte Ltd
 
PPTX
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
Symantec
 
PPTX
2016 - Cyber Security for the Public Sector
Scott Geye
 
PPT
The Future of Cyber Security
Stephen Lahanas
 
PPTX
Top 5 Cybersecurity Trends in 2021 and Beyond
Nandita Nityanandam
 
PDF
The IBM X-Force 2016 Cyber Security Intelligence Index
Kanishka Ramyar
 
PDF
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...
Netpluz Asia Pte Ltd
 
PDF
Insights into cyber security and risk
EY
 
PDF
CSE 2016 Future of Cyber Security by Matthew Rosenquist
Matthew Rosenquist
 
PPTX
Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...
Netpluz Asia Pte Ltd
 
PPTX
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Knowledge Group
 
PDF
Key Findings from the 2015 IBM Cyber Security Intelligence Index
IBM Security
 
PPTX
The State of Ransomware 2020
Netpluz Asia Pte Ltd
 
PDF
ICION 2016 - Cyber Security Governance
Charles Lim
 
PPTX
Cyber Security
rahulbhardwaj312501
 
PDF
Cyber Security and the National Central Banks
Community Protection Forum
 
PPTX
Cyber attacks in 2021
redteamacademypromo
 
PDF
Cyber Risk Management in 2017: Challenges & Recommendations
Ulf Mattsson
 
PDF
Must Know Cyber Security Stats of 2016
DWP Information Architects Inc.
 
Cyber Risk Management in the New Digitalisation Age - eSentinel™
Netpluz Asia Pte Ltd
 
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
Symantec
 
2016 - Cyber Security for the Public Sector
Scott Geye
 
The Future of Cyber Security
Stephen Lahanas
 
Top 5 Cybersecurity Trends in 2021 and Beyond
Nandita Nityanandam
 
The IBM X-Force 2016 Cyber Security Intelligence Index
Kanishka Ramyar
 
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...
Netpluz Asia Pte Ltd
 
Insights into cyber security and risk
EY
 
CSE 2016 Future of Cyber Security by Matthew Rosenquist
Matthew Rosenquist
 
Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...
Netpluz Asia Pte Ltd
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Knowledge Group
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
IBM Security
 
The State of Ransomware 2020
Netpluz Asia Pte Ltd
 
ICION 2016 - Cyber Security Governance
Charles Lim
 
Cyber Security
rahulbhardwaj312501
 
Cyber Security and the National Central Banks
Community Protection Forum
 
Cyber attacks in 2021
redteamacademypromo
 
Cyber Risk Management in 2017: Challenges & Recommendations
Ulf Mattsson
 
Must Know Cyber Security Stats of 2016
DWP Information Architects Inc.
 
Ad

Similar to 2019 Cyber Security Trends (20)

PPTX
2019 NCLGISA Spring Cybersecurity Threats & Trends: Blended Threats and Smart...
Internetwork Engineering (IE)
 
PPT
Lessons Learned from the Field: CyberSecurity that Works - Jason Smith Ses...
Internetwork Engineering (IE)
 
PPTX
Managing security threats in today’s enterprise
Quick Heal Technologies Ltd.
 
PPTX
SAM05_Barber PW (7-9-15)
Norm Barber
 
PPTX
ITIL Basic introduction for the beginners
zamankhanbd23
 
PDF
Vulnerability Management – Opportunities and Challenges!
Outpost24
 
PPTX
CS5300 class presentation on managing information systems
zenhubris
 
PPTX
ISACA ISSA Presentation
Marc Crudgington, MBA
 
PDF
CyberSecurity Update Slides
Jim Kaplan CIA CFE
 
PDF
Cyber security general perspective a
marukanda
 
PPTX
Automating Critical Security Controls for Threat Remediation and Compliance
Qualys
 
PDF
Cyber Security and Data Privacy - presentation
noorebrahim2002
 
PDF
Eyes Wide Shut: Cybersecurity Smoke & Mirrors...
STASH | Datacentric Security
 
PPTX
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Cristian Garcia G.
 
PDF
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
lthawkins
 
PDF
Cybersecurity update 12
Jim Kaplan CIA CFE
 
PPTX
CYBER SECURITY.pptx
Malu704065
 
PPTX
Too Small to Get Hacked? Think Again (Webinar)
OnRamp
 
PDF
Cyber security series advanced persistent threats
Jim Kaplan CIA CFE
 
PDF
EMEA10: Trepidation in Moving to the Cloud
CompTIA UK
 
2019 NCLGISA Spring Cybersecurity Threats & Trends: Blended Threats and Smart...
Internetwork Engineering (IE)
 
Lessons Learned from the Field: CyberSecurity that Works - Jason Smith Ses...
Internetwork Engineering (IE)
 
Managing security threats in today’s enterprise
Quick Heal Technologies Ltd.
 
SAM05_Barber PW (7-9-15)
Norm Barber
 
ITIL Basic introduction for the beginners
zamankhanbd23
 
Vulnerability Management – Opportunities and Challenges!
Outpost24
 
CS5300 class presentation on managing information systems
zenhubris
 
ISACA ISSA Presentation
Marc Crudgington, MBA
 
CyberSecurity Update Slides
Jim Kaplan CIA CFE
 
Cyber security general perspective a
marukanda
 
Automating Critical Security Controls for Threat Remediation and Compliance
Qualys
 
Cyber Security and Data Privacy - presentation
noorebrahim2002
 
Eyes Wide Shut: Cybersecurity Smoke & Mirrors...
STASH | Datacentric Security
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Cristian Garcia G.
 
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
lthawkins
 
Cybersecurity update 12
Jim Kaplan CIA CFE
 
CYBER SECURITY.pptx
Malu704065
 
Too Small to Get Hacked? Think Again (Webinar)
OnRamp
 
Cyber security series advanced persistent threats
Jim Kaplan CIA CFE
 
EMEA10: Trepidation in Moving to the Cloud
CompTIA UK
 
Ad

Recently uploaded (20)

PDF
How Open Source Changed My Career by abdelrahman ismail
a0m0rajab1
 
PPTX
cloud computing vai.pptx for the project
vaibhavdobariyal79
 
PPTX
ChatGPT's Deck on The Enduring Legacy of Fax Machines
Greg Swan
 
PDF
Trying to figure out MCP by actually building an app from scratch with open s...
Julien SIMON
 
PDF
This slide provides an overview Technology
mineshkharadi333
 
PDF
Cloud-Migration-Best-Practices-A-Practical-Guide-to-AWS-Azure-and-Google-Clou...
Artjoker Software Development Company
 
PDF
NewMind AI Weekly Chronicles - July'25 - Week IV
NewMind AI
 
PDF
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 
PDF
Brief History of Internet - Early Days of Internet
sutharharshit158
 
PDF
Presentation about Hardware and Software in Computer
snehamodhawadiya
 
PPTX
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 
PDF
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
PPTX
OA presentation.pptx OA presentation.pptx
pateldhruv002338
 
PDF
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
PPTX
Comunidade Salesforce São Paulo - Desmistificando o Omnistudio (Vlocity)
Francisco Vieira Júnior
 
PDF
Software Development Company | KodekX
KodekX
 
PDF
The Evolution of KM Roles (Presented at Knowledge Summit Dublin 2025)
Enterprise Knowledge
 
PDF
Doc9.....................................
SofiaCollazos
 
PPTX
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
PDF
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
How Open Source Changed My Career by abdelrahman ismail
a0m0rajab1
 
cloud computing vai.pptx for the project
vaibhavdobariyal79
 
ChatGPT's Deck on The Enduring Legacy of Fax Machines
Greg Swan
 
Trying to figure out MCP by actually building an app from scratch with open s...
Julien SIMON
 
This slide provides an overview Technology
mineshkharadi333
 
Cloud-Migration-Best-Practices-A-Practical-Guide-to-AWS-Azure-and-Google-Clou...
Artjoker Software Development Company
 
NewMind AI Weekly Chronicles - July'25 - Week IV
NewMind AI
 
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 
Brief History of Internet - Early Days of Internet
sutharharshit158
 
Presentation about Hardware and Software in Computer
snehamodhawadiya
 
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
OA presentation.pptx OA presentation.pptx
pateldhruv002338
 
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
Comunidade Salesforce São Paulo - Desmistificando o Omnistudio (Vlocity)
Francisco Vieira Júnior
 
Software Development Company | KodekX
KodekX
 
The Evolution of KM Roles (Presented at Knowledge Summit Dublin 2025)
Enterprise Knowledge
 
Doc9.....................................
SofiaCollazos
 
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 

2019 Cyber Security Trends

  • 1. <#> 2019 Cyber Security Threats & Trends 2019 SCTBA Conference | Charleston, SC
  • 2. <#> Jason Smith Lead Security & Compliance Consultant Internetwork Engineering • Security Researcher • ISACA Instructor • Lifelong Boy Scout Introduction
  • 3. <#> In The News Seems opportunistic – but Facebook is interesting ….
  • 4. <#> Trouble at Facebook … and elsewhere 50 Million Facebook Accounts Affected
  • 5. <#> This is why it really sucks! • Facebook Single Sign-on affected • The increased use of Facebook as an authentication tool has increased the affected user base exponentially. • Annuity Attack Issues • User Apathy
  • 6. <#> The security challenge Motivated and targeted adversaries Increased attack surface Increased attack sophistication • State sponsored • Financial and espionage motives • $1T cybercrime market • BYOD blurring perimeter • Public cloud services • Enterprise IoT • Advanced persistent threats • Encrypted malware • Zero-day exploits Scale Too many alerts Complexity Securing everything Sophistication Keeping up against attackers 100% Of customers lack network segmentation at time of breach 200 days Industry average detection time for a breach 60 days Industry average time to contain a breach $3.8M Average cost of a data breach
  • 7. <#> 2018 – 2019 Cyber Security Trends We expect to see up to a moderate increase, with an increase in sophistication. Characteristics: • Very automated and opportunistic = low upfront cost. • Easily monetized • Integrates well with other attack goals. Security budgets appear stagnate, board stakeholder interest waning, breaches generally viewed as BAU. Contributing Factors: • Lack of vendor innovation • EDR market saturation – confusing consumers • Recent huge breaches, including Equifax* Ransomware Decline Stakeholder Apathy
  • 8. <#> 2018 – 2019 Cyber Security Trends Expect to see significant increase in the number and sophistication of these attacks. Contributing Factors: • Wild west development, minimal standards • Widespread consumer adoption • Easily integrated into multi vector attacks (WFH bridge) Expect to see attackers shift to more targeted attacks, by leveraging new and cheap data analysis tools (Python, R, Power BI) Contributing Factors • Cyber crime business model • More effective use of available resources, higher ROI. IOT Exploitation Leveraging Big Data
  • 9. <#> IoT on the network introduces additional security challenges Users, devices, and things are coming onto the network ITUsers Mobile Laptops/PCs Bonjour Audio Video Healthcare Printers Security cameras Fire alarm system Badging system Sensors Lighting HVAC Securing these devices is hard Unsophisticated devices • Limited security and crypto capabilities, prone to hacks Endpoint identity • No support for standard authentication mechanisms Policy ownership (IT, OT, Mfg) • Who defines policy? Who holds liability? Non-IT The network needs to offer an extended trust domain, with scalable device classification and policy
  • 10. <#> 2018 – 2019 Cyber Security Trends Security Resources tend to be only available during concern about a breach or immediately following a breach. Contributing Factors: • Security, Compliance, and Governance are cost centers, not profit centers. • ROI is rarely captured effectively and the “story” isn’t told well. Attackers will continue to leverage mis managed cloud infrastructure. Contributing Factors • Poor design and implementation – rush to deploy • Misperception of X as a Service (XaaS) technology and management • Poorly secured middle layer (Mesos) and transport layers Security Resource Scarcity March to the Cloud
  • 11. <#> Cloud practices provide simplicity and agility to enterprise networks Cloud practices require retraining of IT workforceSecurity, IoT and mobility add operational complexity Policy decoupled from network Controller-based automation Analytics-based assurance Model driven Streaming Infrastructure Network-dependent policies CLI Polling Infrastructure Network management Windows 10 AWS Linux Patch Python Windows 10 AWS Docker
  • 12. <#> Intent-based networking Digital business SecurityMobile MulticloudIoT Network Powered by intent. Informed by context. Translation Capture business intent, translate to policies, and check integrity Activation Orchestrate policies and configure systems Assurance Continuous verification, insights and visibility, and corrective actions Public
  • 13. <#> 2019 Cyber Security Trends Recent malware appears to be more sophisticated, including: • More Dynamic Encryption • More efficient use of Zero Days Contributing Factors: • Increased use of Malware Kits and improvement in the Kits • Better backend communication channels • More reactive malware defense techniques • Geolocation & Presence Awareness Increased Threat Sophistication “Living off the Land” Attack Increase Recent (targeted) attacks appear to be more reliant on improperly installed tools and software and network misconfigurations. Examples: • PowerShell • Active Directory • Java
  • 14. <#> TARGETED OPPORTUNISTIC Traditional Threat Actor Model Nation-State Sponsored SOPHISTICATION PREVELANCE Industrial Espionage Hactivist Typical Ransomware Generic & Financial Ransomware
  • 15. <#> TARGETED OPPORTUNISTIC NEW Threat Actor Model Nation-State Sponsored SOPHISTICATION PREVELANCE Industrial Espionage Hactivist Typical Ransomware Generic & Financial Ransomware Non-Typical Ransomware Targeted Financial Ransomware Social Media Manipulation
  • 16. <#> NEW Threat Actor Model TARGETED OPPORTUNISTIC Nation-State Sponsored SOPHISTICATION PREVELANCE Industrial Espionage Hactivist Typical Ransomware Generic & Financial Ransomware Non-Typical Ransomware Targeted Financial Ransomware Social Media Manipulation Expect to see attackers shift to more targeted attacks, by leveraging new and cheap data analysis tools (Python, R, Power BI) Contributing Factors: • Cyber crime business model • More effective use of available resources, higher ROI. Leveraging Big Data
  • 17. <#> The Risk of Added Complexity Not the Same Old Business Network Companies have adopted newer adaptive technologies such as: • Elastic Cloud and Orchestration • Policy and Intent Based Networking • Converged Environments The Issue: • The technology is adopted, but not fully supported or even understood • Default configurations are left in place to speed deployment • Some “add-ons” and “optional components” are actually CRITICAL.
  • 18. <#> Too Many EDR Solutions Endpoint Detection & Response
  • 19. <#> How do you know what you actually need?
  • 20. <#> Vendor Risk Management Cyber Security Drivers Compliance & Regulatory Contractual Requirements Cyber Insurance Requirements Stakeholder (Shareholder) Concern
  • 21. <#> Choose your battles wisely. Avoid spending on knee jerk, point solutions. What to Do … Focus on your risk. Remember, hackers tend to opportunistic first. Back to the basics. Security hygiene, risk assessments, user awareness training. Get involved with other IT areas and departments. What is the near term and long term IT strategy and how can it be secured. Demonstrate value (metrics, KPIs, show up!)! 1 2 3 4
  • 22. <#> ”Just showing up is half the battle.” Woody Allen
  • 23. <#> • Train the Users • Train the IT Folks • Train the IR Team and TEST TRAINING What to do …
  • 24. <#> Start with a RISK Assessment!! IT’s All About RISK!!! Understand your network Understand your data, and how it is consumed! Learn the Business!
  • 25. <#> Thank you! Questions? Jason Smith Lead Security & Compliance Consultant IE Advisory Services – Cyber Security Internetwork Engineering Twitter: @smith380 We’d love to see you at one of our Security User Groups in Charlotte or Raleigh, NC!

Editor's Notes

  • #13: What is Intent-based Networking? And why should you care?   We need to move from today’s manual, fragmented, ridge networks – where policy changes can take months to implement to an open, software delivered architecture. Manual  automated Data  Insights Perimeter Security  Pervasive Security   This new network treats the network as a single system and automates network functions based on the intent or goals of the business. First – Translation. The goal of Intent-based networking is to simplify. We have abstracted the network into a single system, build in a fabric which offers the interface to support the translation of your business goals into expected outcomes. This is done with intent capture, where you state in simple business rules what is your intent through basic business policy or rules. Only executives and finance can access earnings data, only doctors, nurses, and clinicians can look at patient medical records, no IoT devices can access corporate databases. That intent has to be translated consistently across the network, and we need to validate the integrity of the system actually doing what it is intended to do. This is huge – because all of you spend months making this happen, and you know just how difficult this can be. Second – Activation. Many of our customers are manually driving updates, and that is precisely why a QoS change or application rollout could take 4-6 months. Automation is critical for helping IT operate at digital speed, and quite honestly, we need to free up your time so you can play a more strategic role in your organization, where they need you most. Activation means your intended policies are automatically active across the system and we make sure they stay in place until further change is required. Finally – Assurance. This is going to be life changing for IT. Instead of wondering what disaster of the day will happen or where your rollout may fail, you can get on the front foot with Assurance and with confidence tell your stakeholders that the network is ready and your move to O365, or your new branch opening, or the merger integration will be a success … and when things go wrong, which they will, you can quickly get to the root cause and resolve quickly. Our announcement in June with “The Network. Intuitive.” focused on what the industry is coining “Intent Based Networking.” In that announcement, we heavily focused on Intent and Security. We talked about DNA Center, Cat 9K and Encrypted Traffic Analytics where customers finally could say goodbye to VLAN, ACL and IP Address management, and could actually uncover threats where no one thought possible. Today, we are going to make our way around this loop and double click on Context. Our latest innovations are going to unlock the intelligence of the network and help your IT dramatically improve productivity to the business through new Assurance Innovations.
  • #14: Orchestration and Scheduling are key components of a cloud model, usually facilitated by Mesos (Middle Atmosphere) using the Apache model and now the Kubernets model
  • #19: With dozens of EDR solutions to choose from, with wildly different feature sets and operational functionality, how do you even begin to narrow the field and choose the best fit solution? Especially given that these solutions are so very expensive, possibly accounting for up to 15% – 25% of the security budget.
  • #25: Security controls, including EDR solutions, should be commiserate to the relative risk to the organization. If you have a large amount of risk associated with the endpoints, then you should consider an EDR solution. If your data, including user generated data, is housed on servers or cloud infrastructure and the endpoint is little more than an input device, why waste the money? A good Security Risk Assessment performed by experienced and trained assessors, such as the Strategic Consulting group at Internetwork Engineering, can save you money. Ask us about the ROI on a Security Risk Assessment.