Bright future ahead in Cybersecurity

Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM

A Bright Future in Cyber security

Olufemi VAUGHAN CISA, ITIL ICSDL Instructor

July, 2015


Technology connects and enriches the lives of every person on earth

Security is critical to protect computing technology from threats which undermine the health of the industry

DeAfrica


DeAfrica

“...If security breaks down, technology breaks down”Brian KrebsNoted Cyber security Reporter


Peering into the future of cyber security

Understand the value of security in technology and shifting trends Better insights to today’s challenges and prepare for tomorrows

dangers Identify opportunities and best practices for better security across the

industry Define what success looks like: How do we prepare? How do we achieve sustainable security? Can we maintain an optimal balance of risk?


Chain Reactions Drive Cyber security Evolution…


Technology-Landscape Environmental changes


Technology-Landscape Environmental changes


Effects of Technology-Landscape changes

• A growing target-rich environment of more users, data, and devices• Motivation for attacks rise as information and systems increase in value • New technology adoption, infrastructures, and usages creates a larger attack surface


Threat Evolution


Threat Evolution


Effects of the Threat Evolution

•Attackers capabilities increases with investments, experience, and professional threat agents•Successes boosts confidence, raises the lure for more attacks and boldness to expand scope•Defenders struggle with a growing attack surface, challenging effectiveness models, lack of talent, and insufficient resources


Impacts and Effects


Impacts and Effects


4 Levels of Cyber security Impacts


Effects of Impacts•Users are impacted more and more. Awarenessincreases and security issues are recognized as a serious problem•Organizations feel the pain in losses, negative press, interruption, leadership, & competitiveness •Demands for more securely designed products, trustworthy vendors, better user-behaviors, advanced security systems, and more regulation to protect assets, usability, privacy, and availability


Defenses Respond


Defenses Respond


The Future of Securing Technology


Good Practices will Emerge…


Analysis Conclusion

Verge of rapid changes, will get worse before it gets better

Threat landscape becomes more professional, organized, and funded

Technology ecosystem grows rapidly, creating new attack surfaces

Value of security rises in the eyes of the public, government, and commercial sectors

Attackers will outpace defenders in the short term, until fundamental changes take place

Defenses will evolve to be smarter, with optimal and sustainable security as the goal


Recommendations:

Leadership is crucial. Take definitive steps to be ahead of the risk curve. Do what is great, while it is small…

Seek an optimal and sustainable level of security Stay aware of your threats, assets, controls, and exposures over time Get in front of technology adoption and leverage security to enable rather

than impede desired usages Treat security as a cycle. Prevention is important, but is never impervious.

Plan across the cycle, including feedback loops for continual improvement Leverage defensive advantages, experts, and continuously implement

industry best-known-methods Stay positive, keep learning, and collaborate across the community. We are

stronger together than individually


3.6B people by 2020. Source:ITU International Telecommunications Union 6.6B mobile cellular subscriptions in 2013. Source: WorldBank.org Growth of devices chart. Source: BI Intelligence 50B ‘things’ connected by 2020. Source: Cisco 35% will be M2M connections. Source: Cisco More Data growth estimate graphic Source: IDC 13x increase of mobile data 2012-17 Source: Cisco 3x data increase by 2018 Source: Cisco 30GB per person/mo. (2x 2013) Source: Cisco 18% CAGR of Business traffic Source: Cisco $14.4 trillion dollars by 2022Internet of Things value. Source: Cisco Theoretical network connections table. Source: Cisco 4x DC traffic by 2018, 31% CAGR. Source: Cisco 13,300 trillion connections by 2020. Source: Cisco 70% of organizations claim they do not have enough IT security staff. Source: PonemonInstitute report: Understaffed and at Risk 58% of senior staff positions and 36% of staff positions went unfilled in 2013. Source: PonemonInstitute report: Understaffed and at Risk 15% of vulnerabilities exploited Source: University of Maryland Average Day in an Average Enterprise Stopwatch. Source: Check Point Security Report 2014 New malware at 4 per second. Source: McAfee 1M+ victims/day (12/second). Source: McAfee $3T impact to the tech market: Source: World 2014 World Economic Forum’s Risk and Responsibility in a HyperconnectedWorld 20%-30% of IT budgets. Sources: McKinsey report (20-30%), Forrester 21%, SANS 11%-25% 49%, 200M+ total malware samples 240 per minute, 4 per second Source: McAfee Threat Report Q1 2014 50% Online adults victims of cybercrime or negative situations Source: Symantec 93% Organizations suffering data loss: Source: UK Government BIS survey 2013 $71B Worldwide IT security spending in 2014, 7.9% increase Source: Gartner 97% Organizations compromised by attacker bypassing all defenses. Source: FireEyeand Mandiantreport Cybersecurity’s Maginot Line 552M Total identities exposed in 2013, 493% increase Source: Symantec Data Breach bubble graph. Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

Security Industry Data and Sources


Questions?

For more information, please visit www.deafrica.org

or [email protected]

http://www.deafrica.org/

mailto:[email protected]