The Business of Cyber Attacks - intechforums.com Kemple… · 13 Unpublished Work Copyright 2016 BAE Systems. All Rights Reserved. BAE SYSTEMS PROPRIETARY . BAE SYSTEMS Surrey Research

BAE SYSTEMS PROPRIETARY 1 Unpublished Work Copyright 2016 BAE Systems. All Rights Reserved.(See final slide for restrictions on use.)

|

BAE SYSTEMS PROPRIETARY

The Business of Cyber Attacks

˃ Insurance Technology ‘Security Matters’ Forum, 16th February 2016

BAE SYSTEMS PROPRIETARY 2 Unpublished Work Copyright 2016 BAE Systems. All Rights Reserved.(See final slide for restrictions on use.)

|

BAE SYSTEMS PROPRIETARY

the business of cyber attacks˃ welcome

We help nations, governments and businesses around the world defend themselves against cybercrime, reduce their risk in the connected world, comply with regulation, and transform their operations.

Russell Kempley – Head of EMEA Technical ServicesHelping our customers by delivering cyber expertise in Threat Intelligence, Penetration Testing and Incident Response

BAE SYSTEMS PROPRIETARY 3 Unpublished Work Copyright 2016 BAE Systems. All Rights Reserved.(See final slide for restrictions on use.)

|

BAE SYSTEMS PROPRIETARY

the business of cyber attacks˃ overview

The attacker’s business…

…is knowing your business

…defend your business

So you need to…

BAE SYSTEMS PROPRIETARY 4 Unpublished Work Copyright 2016 BAE Systems. All Rights Reserved.(See final slide for restrictions on use.)

|

BAE SYSTEMS PROPRIETARY

the attackers’ business…˃ examples

“Malware as a service – cyber crime’s new

industry”

“Hackers for hire”

“Global action targeting shylock

malware”

BAE Systems infographic showing the complex

business processes behind the shylock campaign.

BAE SYSTEMS PROPRIETARY 5 Unpublished Work Copyright 2016 BAE Systems. All Rights Reserved.(See final slide for restrictions on use.)

|

BAE SYSTEMS PROPRIETARY

… is knowing your business˃ the business model

ApplicationProcessBusiness Logic

NetworkTechnologySystem

SocialEmployeesUsers

BAE SYSTEMS PROPRIETARY 6 Unpublished Work Copyright 2016 BAE Systems. All Rights Reserved.(See final slide for restrictions on use.)

|

BAE SYSTEMS PROPRIETARY

… is knowing your business˃ the business model

ApplicationProcessBusiness Logic

NetworkTechnologySystem

SocialEmployeesUsers

Crime

BAE SYSTEMS PROPRIETARY 7 Unpublished Work Copyright 2016 BAE Systems. All Rights Reserved.(See final slide for restrictions on use.)

|

BAE SYSTEMS PROPRIETARY

… is knowing your business˃ the business model

ApplicationProcessBusiness Logic

NetworkTechnologySystem

SocialEmployeesUsers

CyberEnabledCrime

BAE SYSTEMS PROPRIETARY 8 Unpublished Work Copyright 2016 BAE Systems. All Rights Reserved.(See final slide for restrictions on use.)

|

BAE SYSTEMS PROPRIETARY

… is knowing your business˃ the business model

ApplicationProcessBusiness Logic

NetworkTechnologySystem

SocialEmployeesUsers

Social Engineering

BAE SYSTEMS PROPRIETARY 9 Unpublished Work Copyright 2016 BAE Systems. All Rights Reserved.(See final slide for restrictions on use.)

|

BAE SYSTEMS PROPRIETARY

… is knowing your business˃ examples

“SRA warns of ‘Friday afternoon fraud’ risk”

“Security Vendors Report Uptick in

Whaling, Phishing Scams”

“BlackEnergy trojanstrikes again”

BAE Systems incident response revealed a complex fraud which

operated with detailed knowledge of the target business.

BAE SYSTEMS PROPRIETARY 10 Unpublished Work Copyright 2016 BAE Systems. All Rights Reserved.(See final slide for restrictions on use.)

|

BAE SYSTEMS PROPRIETARY

defend your business˃ three pillars

INTELLIGENCEAND RISK LED

THICK-SKINNEDAND ROBUST

OPERATIONALLYAWARE

BAE SYSTEMS PROPRIETARY 11 Unpublished Work Copyright 2016 BAE Systems. All Rights Reserved.(See final slide for restrictions on use.)

|

BAE SYSTEMS PROPRIETARY

defend your business˃ cyber security lifecycle

PREPARE PROTECT

RESPOND MONITOR

Managed SecurityNetwork Security Monitoring, Managed

Threat Analytics, Vulnerability Management,

Device Management

CyberRevealThreat Analytics, Intelligence

Management & SOC Efficiency

Mobile ProtectIntelligent Protection for

smart mobile devices

Threat IntelligenceActionable insight of attack group

behaviours and techniques

Incident ResponseActive containment of live

targeted cyber attacks

Measure your true resilience

to internal and external threats

Security Testing

Industrial ProtectMilitary grade protection

of critical plant operations

Cloud SecurityEmail & Web Protection Services

Hosted Applications, Private Cloud

Cyber ConsultingStrategy and risk, Security assurance,

Improvement and SI

Incident ManagementWorking as part of your team to lead an

effective response

BAE SYSTEMS PROPRIETARY 12 Unpublished Work Copyright 2016 BAE Systems. All Rights Reserved.(See final slide for restrictions on use.)

|

BAE SYSTEMS PROPRIETARY

defend your business˃ intelligence-led security testing

Will the attack succeed?

Who might attack and why?

Would it be detected?

What tools would be used?

Attack scenarios

Safe testing scope

BAE SYSTEMS PROPRIETARY 13 Unpublished Work Copyright 2016 BAE Systems. All Rights Reserved.(See final slide for restrictions on use.)

|

BAE SYSTEMS PROPRIETARY

thank you

thank you

BAE SYSTEMSSurrey Research ParkGuildfordSurreyGU2 7YPUnited Kingdom

T: +44 (0)1483 816000F: +44 (0)1483 816144

Copyright © 2016 BAE Systems. All Rights Reserved.

BAE SYSTEMS, the BAE SYSTEMS Logo and the product names referenced herein are trademarks of BAE Systems plc.

No part of this document may be copied, reproduced, adapted or redistributed in any form or by any means without the express prior written consent of BAE Systems.

BAE Systems Applied Intelligence Limited registered in England and Wales Company No. 1337451 with its registered office at Surrey Research Park, Guildford, England, GU2 7YP.

BAE SYSTEMS PROPRIETARY 14 Unpublished Work Copyright 2016 BAE Systems. All Rights Reserved.(See final slide for restrictions on use.)

|

BAE SYSTEMS PROPRIETARY