S e c u r i t yE v o l v i n g I T

S e c u r i t y  T h r e a t s & S o l u t i o n s

Peter Cochrane

www.cochrane.org.uk

t h e   d a r k   s i d e  I s n o t g o i n g a w a y a n y t i m e s o o n !

• Their numbers and strengths are growing• They always seem to be on the front foot• They always seem to be ahead of the game• They appear to be getting more adaptable• They appear to be getting more agile

• Threats are growing• Attacks are continuous• The types are more varied• Damage costs are accelerating

h ow   c ome   ?

• They are driven by the economics of criminal success • They are not managed by a board or committee• They are not bound by ethics, laws and rules• They enjoy the advantage of surprise• Attacking is more fun than defending

• They are distributed, highly flexible and adaptable• The threat and penalties of failure are extremely low• Adopting and trying new technologies on the fly is their norm

a n d  mor e   !  B e y o n d t e c h n o l o g y a n d s k i l l

• They adopted open and sharing everything first• They adopted mobility and mobile working first• They started using clouds and dark nets first• They employed distributed computing first• They adopted and developed apps first• They adopted Be My Own Boss first• T h e y a d o p t e d BYO B f i r s t

• The are now federating resources and trading skills• They are now employing outsourcing and insourcing• Individuals and indiviual teams are selling specific skill sets

C o r r u p t i o n   !  H u m a n re l a t i o n s h i p s o p e n d o o r s

• In need of love• In need of care• In need of money• Prone to bribery• Needy of support• In debt • +++

Targeted individuals and organisations easy to influence and infiltrate with no easy detection ordefence +++

i n f i l t r at i o n   !  Te c h n o l o g y i s n o t t h e o n l y w a y i n

• External services people• Visiting trades and repair crews• Unauthorised info focussed visits• Hardware/software plants in equipment• Memory sticks in rest rooms• +++

OpenScreens

OpenAccess

PaperNotes

Open Desks

Telephone

NumbersNamers

ContactsData Devices

urls

• Carless and loud discussions• Open screens readily visible• Poor security of devices• Shoulder surfing

o p p o r t u n i s t i c   !  P e o p l e a n d t e c h n o l o g y a v a i l a b i l i t y

• Careless PIN and PassWord use• Devices left unguarded• Open phone and SMS• Paper notes

H u n t i n g   I N   pa c k s    Far more powerfu l and ef fect ive than indiv idua ls

• Team work is the new mode• Rapid sharing is the key advantage• Skill sharing and real time learning• High speed adaptability a prime ability• Results based reward system a key driver

• Team work is the new mode• Rapid sharing is the key advantage• Skill sharing and real time learning• High speed adaptability a prime ability• Results based reward system a key driver

H a c k e r   N e t s   Dynamic aggregation of g lobal assets

Sharing Trumps Need to Know

Mu t e d   g o o d   A lmost zero shar ing o f any th ing !

Need to Know Culture Disabling

• Commercial confidence/secrets• Government protecting national good• Solutions sold and traded not shared• Companies limping along in ignorance• Specialist companies protecting markets• Individuals unknowingly exposed to risks• Exact damage caused is often undisclosed

economics  of  shar ing   W h e n t h e c o s t g e t s t o o g re a t o r g a n i s a t i o n h ave t o s h a re

• Hakers have upper hand• Retrospective solutions only• Software requires regular updates• Machines need regular security scans• Most people are unaware and exposed• Infections spread rapidly and go undetected• File sharing apps are popular but very risky• All machines come out of their box on day one infected• We can broadly assume that there are no clean devices• It is all a ticking time bomb !

GoodBad

>> 3:1

Sufficient for good to prevail over bad !

But ‘bad’ shares resources and knowledge

Whilst ‘good’ operates by ‘need to know’

Sharing knowledge and resources is vital to assure success !

Best estimate assuming equally good people and technical resources on both side of the line:

resourceS  Ratio of aggregated good to bad

sharing  at  every  level  An essent i a l e l ement necessar y to secure a s a fe f u ture

The future really is in our hands -we actually holdall the ace cards

Identity  theft    I t i s s o v e r y v e r y e a s y ! Lax security protocols and procedures

Spoof bank calls and paperwork Big Data, Meta Data analysisBogus call centres/servicesSpoof eMails, TXT, IMsGovernment recordsInstitutional recordsFace to face surveysSocial networkingCompany pagesOn-line surveysHome pagesData mining

Broader Protection N e c e s s a r y

Lax security protocols and proceduresOld technologies mixed with the newCrack one item gives access to all ?Crack one item to acces the networkChange/control all ownershipsUse ownership as collateralOwnership affords validityViral step and repeatCreates new crimesThings as hostageseBlackmail +++

BroaderProtection

N e c e s s a r y

ownership  theft    IoT rolled out at speed makes it even easier !

F I RE  WALLS  Old th ink ing and i n su f f i c i en t

• Easy to end run• Easy to penetrate• Difficult to maintain• Easy to circumnavigate• Demand high level expertise• Only provide limited protection• An impediment to sharing apps• Inflexible for modern working• Counter cultural to BYOD• Slow to change/update

malware  protect ion   No sa t i s f ac tor y so lu t ions ava i l ab le to da te

• Hackers have upper hand• Retrospective solutions only• Software requires regular updates• Machines need regular security scans• Most people are unaware• Infections spread rapidly• File sharing apps is risky• All machines come infected• There are no clean devices• It is all a ticking time bomb

PEOPLE  protect ion  Unin tended and In tended peop le based exposure

• Laxity• Mistakes• Gullibility• Coercion• Conspiracy• Criminal acts• Opportunistic acts

People are habitual and conform to patterns of regular behaviour

behav ioural  Analys is  Cont inuous mon i tor ing o f ac t i v i t i e s to de tec t anoma l i e s

• Uploads and Downloads• EMail attachment types• Web Site addresses• Networks accessed• eMai l addresses• Device owneship• Device type• Home time• Desk time• Road time +++

Activities, Connections, Quantities, Timings

Ax iomat ic   !    T h e r e a r e n o s i l v e r b u l l e t s

If we do nothing new things will get worseNon stop learning & adaptation requiredActing in isolation guarantees failureContinual monitoring necessaryMachines action trumps humansNetworking and sharing are keyEarly detection and action vitalIntegrated security is a mustLocalised quarantene vitalEvery level to be protectedEvery device proactiveAll networks proactive

A NewEra For

Secur i ty

No

sin

gu

lar

solu

t io

ns

on

ly a

mu

l tip

l ic i

tyo

f t e

ch

ni q

ue

s t

o b

e a

pp

l ie

d i

n u

ni s

on

Ax iomat ic    T i m e t o t h i n k a g a i n !

Scenarios for the age of everything on lineMobile and Social Everything

Smart to Smart EverythingThe Internet of Things

Clouds of ThingsIntelligent Things

RepurposingRecycling

Reuse

Apps on line WiFi dominationDistributed storageClouds of thingsThe internet of thingsMore on-line than offNew working practicesMore mobile than fixedMore connectivity modesThousands of Cloud Species

FarGreater

Variability

au t o   Immune   s y s t ems    C a p a b l e o f d e t e c t i n g a n d i s o l a t i n g m a l w a r e

Hardware malware traps on every chip and cardAnd on every device, card, shelf, suit, floor, networkAlso on all network elements & componentsSoft malware traps in all code everywhereAutomatic experience/solution sharingFully automated response/reportingResource sharing and adaptationMany variants & contributions Evolution dominates design Industry wide adoptionFul l integrat ion

Behav iourEmmeregent

& Unpred ic tab le

USING  a  multiplicity  of  channels  Attack exposure and offset through access diversity

Blue Tooth Short Range Device to DeviceDevice to Cloud

WiFi/WiMax Medium RangeWLAN/C loud

3, 4, 5, 6 G Long Range

Device to Net Device to Cloud

Integrated and intelligent security apps embedded

into product/components

Attacks almost never occur on more than one channel at a timeIntercepting parsed information transmitted over many channels and modes extremely secure

Using more one device also addssecurity options

Automation/AI  essential  D e m a n d s a r e w a y b e y o n d h u m a n s !

Continuous monitoring is a necessityGetting it all right on the night is impossibleRapid evolution & response are a requiredFrustrating the enemy all the timeIntegration of all available resourcesGathering al l avai lable intell igenceAnalysing every aspect from both sidesRapid response and repair an essentialPunitive responses and attacks an option?War gaming the next moves to be built inOpen learning and solution disseminationHuman intervention should be the exception

Automation  and  AI  is  essential  T h e d e m a n d s a r e w a y b e y o n d h u m a n a b i l i t i e s !

Thank Y o u

cochrane.org.uk