evolving it security threats and solutions
TRANSCRIPT
S e c u r i t yE v o l v i n g I T
S e c u r i t y T h r e a t s & S o l u t i o n s
Peter Cochrane
www.cochrane.org.uk
t h e d a r k s i d e I s n o t g o i n g a w a y a n y t i m e s o o n !
• Their numbers and strengths are growing• They always seem to be on the front foot• They always seem to be ahead of the game• They appear to be getting more adaptable• They appear to be getting more agile
• Threats are growing• Attacks are continuous• The types are more varied• Damage costs are accelerating
h ow c ome ?
• They are driven by the economics of criminal success • They are not managed by a board or committee• They are not bound by ethics, laws and rules• They enjoy the advantage of surprise• Attacking is more fun than defending
• They are distributed, highly flexible and adaptable• The threat and penalties of failure are extremely low• Adopting and trying new technologies on the fly is their norm
a n d mor e ! B e y o n d t e c h n o l o g y a n d s k i l l
• They adopted open and sharing everything first• They adopted mobility and mobile working first• They started using clouds and dark nets first• They employed distributed computing first• They adopted and developed apps first• They adopted Be My Own Boss first• T h e y a d o p t e d BYO B f i r s t
• The are now federating resources and trading skills• They are now employing outsourcing and insourcing• Individuals and indiviual teams are selling specific skill sets
C o r r u p t i o n ! H u m a n re l a t i o n s h i p s o p e n d o o r s
• In need of love• In need of care• In need of money• Prone to bribery• Needy of support• In debt • +++
Targeted individuals and organisations easy to influence and infiltrate with no easy detection ordefence +++
i n f i l t r at i o n ! Te c h n o l o g y i s n o t t h e o n l y w a y i n
• External services people• Visiting trades and repair crews• Unauthorised info focussed visits• Hardware/software plants in equipment• Memory sticks in rest rooms• +++
OpenScreens
OpenAccess
PaperNotes
Open Desks
Telephone
NumbersNamers
ContactsData Devices
urls
• Carless and loud discussions• Open screens readily visible• Poor security of devices• Shoulder surfing
o p p o r t u n i s t i c ! P e o p l e a n d t e c h n o l o g y a v a i l a b i l i t y
• Careless PIN and PassWord use• Devices left unguarded• Open phone and SMS• Paper notes
H u n t i n g I N pa c k s Far more powerfu l and ef fect ive than indiv idua ls
• Team work is the new mode• Rapid sharing is the key advantage• Skill sharing and real time learning• High speed adaptability a prime ability• Results based reward system a key driver
• Team work is the new mode• Rapid sharing is the key advantage• Skill sharing and real time learning• High speed adaptability a prime ability• Results based reward system a key driver
H a c k e r N e t s Dynamic aggregation of g lobal assets
Sharing Trumps Need to Know
Mu t e d g o o d A lmost zero shar ing o f any th ing !
Need to Know Culture Disabling
• Commercial confidence/secrets• Government protecting national good• Solutions sold and traded not shared• Companies limping along in ignorance• Specialist companies protecting markets• Individuals unknowingly exposed to risks• Exact damage caused is often undisclosed
economics of shar ing W h e n t h e c o s t g e t s t o o g re a t o r g a n i s a t i o n h ave t o s h a re
• Hakers have upper hand• Retrospective solutions only• Software requires regular updates• Machines need regular security scans• Most people are unaware and exposed• Infections spread rapidly and go undetected• File sharing apps are popular but very risky• All machines come out of their box on day one infected• We can broadly assume that there are no clean devices• It is all a ticking time bomb !
GoodBad
>> 3:1
Sufficient for good to prevail over bad !
But ‘bad’ shares resources and knowledge
Whilst ‘good’ operates by ‘need to know’
Sharing knowledge and resources is vital to assure success !
Best estimate assuming equally good people and technical resources on both side of the line:
resourceS Ratio of aggregated good to bad
sharing at every level An essent i a l e l ement necessar y to secure a s a fe f u ture
The future really is in our hands -we actually holdall the ace cards
Identity theft I t i s s o v e r y v e r y e a s y ! Lax security protocols and procedures
Spoof bank calls and paperwork Big Data, Meta Data analysisBogus call centres/servicesSpoof eMails, TXT, IMsGovernment recordsInstitutional recordsFace to face surveysSocial networkingCompany pagesOn-line surveysHome pagesData mining
Broader Protection N e c e s s a r y
Lax security protocols and proceduresOld technologies mixed with the newCrack one item gives access to all ?Crack one item to acces the networkChange/control all ownershipsUse ownership as collateralOwnership affords validityViral step and repeatCreates new crimesThings as hostageseBlackmail +++
BroaderProtection
N e c e s s a r y
ownership theft IoT rolled out at speed makes it even easier !
F I RE WALLS Old th ink ing and i n su f f i c i en t
• Easy to end run• Easy to penetrate• Difficult to maintain• Easy to circumnavigate• Demand high level expertise• Only provide limited protection• An impediment to sharing apps• Inflexible for modern working• Counter cultural to BYOD• Slow to change/update
malware protect ion No sa t i s f ac tor y so lu t ions ava i l ab le to da te
• Hackers have upper hand• Retrospective solutions only• Software requires regular updates• Machines need regular security scans• Most people are unaware• Infections spread rapidly• File sharing apps is risky• All machines come infected• There are no clean devices• It is all a ticking time bomb
PEOPLE protect ion Unin tended and In tended peop le based exposure
• Laxity• Mistakes• Gullibility• Coercion• Conspiracy• Criminal acts• Opportunistic acts
People are habitual and conform to patterns of regular behaviour
behav ioural Analys is Cont inuous mon i tor ing o f ac t i v i t i e s to de tec t anoma l i e s
• Uploads and Downloads• EMail attachment types• Web Site addresses• Networks accessed• eMai l addresses• Device owneship• Device type• Home time• Desk time• Road time +++
Activities, Connections, Quantities, Timings
Ax iomat ic ! T h e r e a r e n o s i l v e r b u l l e t s
If we do nothing new things will get worseNon stop learning & adaptation requiredActing in isolation guarantees failureContinual monitoring necessaryMachines action trumps humansNetworking and sharing are keyEarly detection and action vitalIntegrated security is a mustLocalised quarantene vitalEvery level to be protectedEvery device proactiveAll networks proactive
A NewEra For
Secur i ty
No
sin
gu
lar
solu
t io
ns
on
ly a
mu
l tip
l ic i
tyo
f t e
ch
ni q
ue
s t
o b
e a
pp
l ie
d i
n u
ni s
on
Ax iomat ic T i m e t o t h i n k a g a i n !
Scenarios for the age of everything on lineMobile and Social Everything
Smart to Smart EverythingThe Internet of Things
Clouds of ThingsIntelligent Things
RepurposingRecycling
Reuse
Apps on line WiFi dominationDistributed storageClouds of thingsThe internet of thingsMore on-line than offNew working practicesMore mobile than fixedMore connectivity modesThousands of Cloud Species
FarGreater
Variability
au t o Immune s y s t ems C a p a b l e o f d e t e c t i n g a n d i s o l a t i n g m a l w a r e
Hardware malware traps on every chip and cardAnd on every device, card, shelf, suit, floor, networkAlso on all network elements & componentsSoft malware traps in all code everywhereAutomatic experience/solution sharingFully automated response/reportingResource sharing and adaptationMany variants & contributions Evolution dominates design Industry wide adoptionFul l integrat ion
Behav iourEmmeregent
& Unpred ic tab le
USING a multiplicity of channels Attack exposure and offset through access diversity
Blue Tooth Short Range Device to DeviceDevice to Cloud
WiFi/WiMax Medium RangeWLAN/C loud
3, 4, 5, 6 G Long Range
Device to Net Device to Cloud
Integrated and intelligent security apps embedded
into product/components
Attacks almost never occur on more than one channel at a timeIntercepting parsed information transmitted over many channels and modes extremely secure
Using more one device also addssecurity options
Automation/AI essential D e m a n d s a r e w a y b e y o n d h u m a n s !
Continuous monitoring is a necessityGetting it all right on the night is impossibleRapid evolution & response are a requiredFrustrating the enemy all the timeIntegration of all available resourcesGathering al l avai lable intell igenceAnalysing every aspect from both sidesRapid response and repair an essentialPunitive responses and attacks an option?War gaming the next moves to be built inOpen learning and solution disseminationHuman intervention should be the exception
Automation and AI is essential T h e d e m a n d s a r e w a y b e y o n d h u m a n a b i l i t i e s !
Thank Y o u
cochrane.org.uk