0 Some considerations on ICT security and cyber attacks Marco R. A. Bozzetti CEO Malabo Srl Member of the Board and Comms. Officer of AIPSI, Italian Chapter of ISSA CCIP, Chamber of Cooperation and Incentive for Partnership Security, Cybercrime and Fraud Milan, March 25 th 2014
19
Embed
Considerazioni su ITC Security e sui Cyber Attacks
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
00
Some considerationson ICT security
and cyber attacks
Marco R. A. BozzettiCEO Malabo Srl
Member of the Board and Comms. Officer of AIPSI, It alian Chapter of ISSA
CCIP, Chamber of Cooperation and Incentive for Partners hip
Security, Cybercrime and FraudMilan, March 25 th 2014
11
Looking for computer security….
Social networks
Consumerization (BYOD)
personal/homeenvironment
workingenvironment
Cloud andoutsourced
services
Cloud andoutsourced
services
Informatics Systems(Enterprise and PA)
Fixed + mobile
Internet
DCS
VDS, PLC, A/D Conv.
Internet of Things
Domotics
Smart city
The absolute security does not exist and it i
s increasingly complex to manage
All these aspects impact on the computer systems of banks
22
• ICT security is a key element for ensuring : - the Business Continuity
» that is a business problem - compliance with the various standards and
certifications» very demanding and heavy for banks
• information and ICT resources are an enterprise ass et and as such they should be protected and managed.The IC
T security has to
be governed (IC
T
governance)b
y the B
oard (to
p managers) a
nd
to be aligned w
ith th
e business needs
Computer security … not only a technical problem
33
Sponsor
Patronage
OAI, Osservatorio Attacchi Informatici in Italia
Publisher
Report 2013 OAI : 4° Edition of the OAI initiative in collaboration with Italian Postal Police
44
OAI 2013: Main ICT attacks 2012- First half 2013 (multiple answers)
Total Online Banking Malware Infections , 2012 and 20 13
Source: Trend Micro Labs Report 2013
1010
Malicious and High-Risk Mobile App Growth, 2013
Source: Trend Micro Labs Report 2013
1111
Top Mobile Phishing Targets, 2013
Source: Trend Micro Labs Report 2013
1212
Key Vulnerabilities (non-exhaustive list)
• Threats and attacks are all based on technical and / or human-organizational vulnerabilities
• Technical vulnerabilities (software systems and applications, architectures a nd configurations):- Operating systems and middleware - Web sites and collaborative platforms - Smartphones and mobility tablettes ���� ++ 14,000 malware - Virtualized systems - Outsourcing and Cloud (XaaS) - Between 30 and 40% of software vulnerabilities has no patches from the development companies
���� Zero Day vulnerability
• Human Vulnerability : the ICT user's behavior- Social Engineering and Phishing - Use of social networks, even at the enterprise leve l
• Organizational vulnerabilities- Lack or non-use of organizational procedures and in formatics support- Inadequate or non-use of standards and best practic es - Lack of training and awareness from top managers to end users - Lack of systematic monitoring and controls of the I CT resources- Limited or missing Risk analysis - Not effective control of providers- Limited or missing SoD, Separation of Duties