Matthew RosenquistCybersecurity Strategist and Evangelist Intel Corporation

November 10th, 2015

Biography

2

Matthew RosenquistCybersecurity Strategist and EvangelistIntel Corp

Matthew benefits from 20+ years in the field of security, specializing in strategy, threats, operations, crisis management, measuring value, communicating industry changes, and developing cost effective capabilities which deliver the optimal level of security. As a cybersecurity strategist, he works to understand and communicate the future of security and drive industry collaboration to tackle challenges and uncover opportunities to significantly improve global computing security.

Mr. Rosenquist built and managed Intel’s first global 24x7 Security Operations Center, overseen internal platform security products and services, was the first Incident Commander for Intel’s worldwide IT emergency response team, and managed security for Intel’s multi-billion dollar worldwide mergers and acquisitions activities. He has conducted investigations, defended corporate assets, established policies, developed strategies to protect Intel’s global manufacturing, and owned the security playbook for the PC strategic planning group. Most recently, Matthew worked to identify the synergies of Intel and McAfee as part of the creation of the Intel Security Group, one of the largest security product organizations in the world.

Twitter @Matt_RosenquistLinkedIn: MatthewRosenquistBlogs Intel IT Peer Network

Agenda

3

The Emerging Future of Cybersecurity

Changing Digital World

Cybersecurity Forecast

1. More sophisticated attackers

2. New targets and methods

3. Integrity attacks emerge

4. Relevance of the cumulative impact emerges

5. Cybersecurity expectations rise, resources don’t keep pace

Recommendations

The Emerging Futrue of Cybersecurity

4

Why Identify Important Trends?

To understand the challenges and opportunities

Why does it matter?

Allows us to prepare and make good choices tactically and strategically

What must we do?

Think ahead, plan, and lead

Let’s explore and discuss…

Changing Digital World

5

Growing Number of Users: 4B connected people

More Users

New Devices

Innovative Usages

Generating Vast Data

Sensitive Functions

Increased Target Value

New Devices Types: 200B IoT devices

Innovative Usages and Access: 25M+ applications

Creation of Vast Amounts of Data: 50T gigabytes

Critical Functionality: Infrastructure, Defense, Transportation

Creates Targets with Increased Value

6

Attacker Sophistication

7

Nation states: technology reuse by others

Attackers increase in numbers and

capability, allowing for more advanced

attacks across a broader spectrum of

targets.

Organized criminals: success and gains encourage further campaigns

Specialization: Crime-as-a-Service, hacking, ID, data, validation, mules

Cooperation: across geo’s, sharing technology, dark markets

Resources: increase and reinvested to target more and new areas

Attack Methods

8

Ransom & Malware: Rapidly on the Rise

New methods emerge,

successful methods are

improved.

The easiest victims and

targets with high value are at

greatest risk.

Malware-as-a-Service: Pay for technical expertise and access

Digital Credentials: Stolen & Misused Certificates, ID/Passwords

Vulnerability Markets: Research is on the rise, with better tools

Contextual Social Engineering: Aggregation of data to hack people

Data Breaches Expand: healthcare, legal, government, social media, and other digital services

Integrity Attacks Emerge

9

Integrity Based Attack: Selectively altering specific transactions to achieve a malicious goal.

Joins Confidentiality (Data Breaches) and Availability (DDOS) based attacks

Security solutions are not prepared for

Integrity based attacks

Difficult to prevent, detect, and

effectively recover

Banking: Carbanak $300m-$1B

Crypto-Ransomware: CryptoWall$18M (2014) to $325M (2015)

State sponsored malware: Stuxnet, Duqu, Flame, Gauss family

Transportation: Vehicle attacks & exploitation proof-of-concepts

Relevance of Cumulative Impact

10

Viewed as a set of tactical problems

Industry currently fails to see the overall

impact.

New emphasis will emerge to understand

the systemic costs of cybersecurity risks.

What does cybersecurity cost?

+ Security solutions spending, human talent costs, audit and compliance

+ Incident response, repair of reputation, legal, and recovery

+ Secure design/test, customer apprehension. Delays in product release, tech adoption, and diversion of investments for growth

$400B, $3T, $12T, $90T, more?

Strategically, it is systemic and must be addressed at an ecosystem level

Enterprises: shift to accept the market and reputation impactsof digital security

Cybersecurity Expectations Rise

11

Regulations: growing in complexity and risk of being an impediment to innovation

Expectations of cybersecurity will rise, but

the resources and capabilities will not keep

pace.

Leadership is key!

Market: demands for more connectivity, devices, architectures, and applications

Consumers: expect security “their way” with access anywhere to anything, while keeping them safe

Hiring Security Pro’s:resource pool empty, with 1.5M needed

12

The challenges and implications for digital services and telecommunications

13

Challenges and Opportunities

“Two types of victims exist:Those with something of value and those who are easy targets. ”

1. You are a rich target, expect all levels and manners of attacks

Don’t be the easy target. At a minimum follow industry best practices

Establish advanced capabilities based upon the threats you face

Identify and vigorously protect your valuable assets and capabilities

14

Challenges and Opportunities

“Without leadership, we are left with crisis”

2. Lead and be smart

Have a leader, a plan, and the means to deliver

Be realistic, seek an optimal level of security

Establish a strategic capability plan to sustainably manage security

15

Challenges and Opportunities

“Trust is earned in drips and lost in buckets”

3. Build security and trust into the business

Address risks of 3rd party vendors, suppliers, and partners

Design new infrastructures and products with security

Maintain vigilance with focus, expectations, and prioritization on security

16

Intel, the Intel logo, and McAfee are trademarks of Intel Corporation in the United States and other countries.

*Other names and brands may be claimed as the property of others.

Copyright © 2015 Intel Corporation. All Rights Reserved