cse 2016 future of cyber security by matthew rosenquist

The Future of Cyber Security

Conference: April 6-7, 2016

Exhibit Hall: April 6-8, 2016

Sands Expo, Las Vegas, NV

Matthew RosenquistCybersecurity StrategistIntel Corp

“...If security breaks down, technology breaks down”

Brian KrebsNoted Cybersecurity Reporter

Symbiotic Relationship: Physical and Cyber

Convergence of Cyber & Physical Security

Physical Cyber

Integration of technology blends the risks, requiring a cohesive approach

Convergence of Cyber & Physical Security

People and Technology

Expertise across these realms is highly valuable…

PR

OC

ES

S

The Growing Cyber-Attack Surface

Innovation Drives Risk Convergence

New technology bridges the virtual and physical worlds

Protecting People, Property, and Business Assets

Limited Resources and Budgets

Seeking an Optimal Balance of Risk/Cost

Aligned Goals and Challenges

Single most important factor

for success in security is

Leadership

Leaders will play a crucial role as security and technology evolves

Chain Reactions Drive Cybersecurity Evolution…

Top Evolving Challenges in Cybersecurity

Public demands their governments protect them from digital threats, fraud, and crimes, yet not infringe upon privacy

Markets strive for more connectivity, devices, applications, and services

Enterprise perspectives shift to accept the reputation and market risks

Consumers expect security “their way”: Safety with access anywhere to anything

Cybersecurity Expectations Increase1.

Result:

1. Expectations rise, but resources don’t keep pace, causing opportunities for attackers

2. More regulations, raising security standards

3. Better policing, laws, and collaboration

4. Friction around technology privacy and government access

5. Consumers respond economically to penalize poor security from vendors

Cybersecurity Expectations Increase

Nation-State Cyber-Offense Affects Everyone

Broad adoption by many nations of cyber-offense capabilities.

Governments incorporate cyber into their defense apparatus with clear objectives and deployable systems.

2.

i29 countries

Have formal cyberwarfare units

i63 countries

Use cyber tools for surveillance

i$19 billion

US 2017 proposed budget for cybersecurity

Nation-State Cyber-Offense Affects Everyone

Result:

1. Trickle-down effect gives advanced technology to criminals and attackers

2. Reverse engineered code is reused by other threats

3. Attackers don’t need to invest in developing high-end exploits, instead they harvest what governments create

Life Safety and Cybersecurity Intersect in Products

Industrial and consumer products are being connected to the internet

Billions of IoT devices gather data and exert direct control

Risk of catastrophic impacts as our reliance and trust increase

3.

Life Safety and Cybersecurity Intersect in Products

Result:

1. Risks first emerge for the transportation, healthcare, and industrial sectors

2. As IoT devices explode in number and function, so will the potential misuse

3. Remote devices, cameras, and drones become more concerning to safety and privacy. Expect more regulations

Rise in Digital Theft and Fraud

More opportunities to steal, extort, and commit fraud. Greed principle prevails

Attackers are organized, share methods and tools

Threats not limited by geography

4.

i~$450 billion

Cyber-crime impact globally

i200% increase In cyber-crime in the last 5 years

i32% reported

Organizations reporting cyber-crime

Rise in Digital Theft and Fraud

Result:

1. More successful financial fraud and theft

2. Number of attacks increase, externals and internals, from across the globe

3. Higher cost incidents, millions-billion dollar attacks

5.

Attackers are nimble, opportunistic, cooperative, skilled, and relentless

Their motivation, resiliency, and creativity drives great adaptability

Acceleration in their methods, tools, and targets (technology, people, processes)

Attackers Evolve, Adapt, and Accelerate

i

$3 trillion Aggregate innovation impact of cyber-

risks by 2020

-McKinsey & World Economic Forum

i

$90 trillion Potential net economic benefit drained from global GDP, worst case thru 2030

-Zurich & Atlantic Council

Result:

1. Dark markets and services grow to enable

2. New data breach targets emerge

3. Attackers drive down the technology stack (data, apps, VM, OS, VMM, FW, HW)

4. Research follows quickly into new areas of technology

5. Ransomware and “CEO email” fraud rises

6. Integrity attacks grow

Attackers Evolve, Adapt, and Accelerate

6.

Lack of qualified talent will greatly restrict the growth and effectiveness of security

Academia is working to satiate demand, but it will take time.

Lack of Talent Hinders the Industry

i1.5-2 million

Unfilled positions by 2017

i12x growth

Compared to the overall job market

i70% understaffed Organizations report

lack of staff

Result:

1. Salaries continue to rise until demand is met

2. Headhunting and retention of top talent is ruthlessly competitive

3. Leadership and technical roles in greatest demand

4. Outsourcing to MSSP’s and security consulting firms increases

Lack of Talent Hinders the Industry

ConclusionAligned goals and threats drive the convergence of Physical and Cyber security

The rise of cyber represents risks and opportunities

Attackers will target IoT. Physical and Cyber skill sets are valuable in protecting assets

New threat vectors will emerge as advanced technology is integrated

Leaders with insights to the future have the best opportunity to align resources and be prepared

Question and Answer

The Opportunity to Lead is Here!

Conference: April 6-7, 2016

Exhibit Hall: April 6-8, 2016

Sands Expo, Las Vegas, NVMatthew RosenquistCybersecurity StrategistIntel Corp