4. “Data Security Solutions” business card
Specialization – IT Security
IT Security services (consulting,
audit, pen-testing, market analysis,
system testing and integration,
training and technical support)
Solutions and experience portfolio
with more than 20 different
technologies – cyber-security global
market leaders from more than 10
countries
Trusted services provider for
banks, insurance companies,
government and private companies
(critical infrastructure etc.)
5. Role of DSS in Cyber-security
Development in Baltics
Cyber-Security Awareness Raising
Technology and knowledge transfer
Most Innovative Portfolio
Trusted Advisor to its Customers
6. Cybersecurity Awareness Raising
Own organized conference “DSS ITSEC”
5th annual event this year
More than 400 visitors + more than 250 online
live streaming watchers from LV, EE, LT
4 parallel sessions with more than 40
international speakers, including Microsoft, Oracle,
Symantec, IBM, Samsung and many more –
everything free of charge
Participation in other events & sponsorship
CERT & ISACA conferences & events
RIGA COMM, HeadLight, IBM Pulse Las vegas
Roadshows and events in Latvia / Lithuania /
Estonia (f.i. Vilnius Innovation Forum, Devcon,
ITSEC HeadLight, SFK, business associations)
Participation in cyber security discussions, strategy
preparations, seminaries, publications etc.
7. Innovations – technology & knowledge transfer
Innovative Technology Transfer
Number of unique projects done with
different technology global leadership
vendors
Knowledge transfer (own employees,
customers – both from private & public,
other IT companies in LV, EE, LT)
Specialization areas include:
Endpoint Security
Network Security
Security Management
Application Security
Mobile Security
Data Security
Cyber-security
Security Intelligence
11. AGENDA – IT Security basics in ~ 40 mins
Introduction of DSS and speaker
Prologue: Digital World 2014
The Saga begins – Cyber Criminals
Introduction & business card
Business behind
Examples
The Story Continues – Targets of Cyber
Criminals
Individuals
Business Owners
Government
Value of Information Security for business
Risk management
Technology
Conclusion
Q&A (if time allows)
13. Prologue: Some new technologies
3D Printers
Google Glasses (“glassh**es)
Cloud Computing
Big Data & Supercomputers
Mobile Payment & Virtual Money
Robotics and Intraday Deliveries
Internet of things
Augmented Reality
Extreme development of Aps
Digital prototyping
Gadgets (devices) & Mobility
Technology replaced jobs (automation)
Geo-location power
Biometrics
Health bands and mHealth
Electronic cars
Avegant Glymph and much, much
more
28. Disaster in technology world - NSA
Governments write malware and
exploits (USA started, others follow..)
Cyber espionage
Sabotage
Cyber wars
Infecting own citizens
Surveillance
Known NSA “partners”
Microsoft (incl. Skype)
Apple
Adobe
Facebook
Google
Many, many others
Internet is changing!!!
USA thinks that internet is their
creation and foreign users should
think of USA as their masters…
33. Bright future of the internet way ahead..
1995 – 2005
1st Decade of the
Commercial Internet
2005 – 2015
2nd Decade of the
Commercial InternetMotive
Script-kiddies or hackers
Insiders
Organized crime
Competitors, hacktivists
National Security
Infrastructure Attack
Espionage
Political Activism
Monetary Gain
Revenge
Curiosity
40. Mobility and Security (cont.)
McAfee 2013 Q1 Threats Report
Federal Reserve Survey March 2013
Mobile Malware
Explodes
Mobile banking
adoption rising
End users fall victim
to mobile attacks
55. The value of a hacked computer…
Source: Brian Crebs IT security blog
56. Why hackers might want to “contact” You?
Business
Commercial espionage (financial, business and personal data)
An attack can stop the business, services (competition)
You are spam target
Your home page could be damaged
They can control and monitor you
They can change data in systems
Home page cross-scripting
Private person
You have the infrastructure for tests of new viruses and robots
You have server where to store illegal stuff (programs, files etc.)
They can do criminal (or any) activities using your computer
WiFi – they can just borrow the internet
You have the information which could be sold in black market
“The results” of damage
Financial loss (costs, data, market, value)
Reputation (customer, partner, HR)
Development and competitiveness loss
60. Think security first & Where are You here?
Organizations Need an Intelligent View of Their Security Posture
Proactive
AutomatedManual
Reactive
Optimized
Organizations use
predictive and
automated security
analytics to drive toward
security intelligence
Proficient
Security is layered
into the IT fabric and
business operations
Basic
Organizations
employ perimeter
protection, which
regulates access and
feeds manual reporting
62. Challenge for business ahead..
DROŠĪBAS PASĀKUMI
Costs Security costs
Optimum? Remaining part of risk
Security actions
Risks
New optimum?
Source: Māris Gabaliņš, The Art Of The Systems
63. Take-Away as conclusion
Security Maturity
Develop a Risk-aware Security Strategy
49% of C level executives have no measure
of the effectiveness of their security efforts
31% of IT professionals have no risk strategy
2012 Forrester Research Study, 2013 Global Reputational Risk & IT Study, IBM
68. Some just basic ideas
Policy and real time control
Of devices and applications
Of people and IT stuff
Of data leak protection
Of internet usage
Of any access
Of employees training
Of….
Encryption of data..
Mobile phones
Voice calls and text messages
eMails
Computers and devices
Data bases
…
69. Some just basic ideas
Multifaceted strategy is required
Layers of controls (tech and non-tech)
Awareness / Prevention
Educate workforce (social engineering+)
Segmentation
What if intrusion happen? (modeling)
Critical assets definition & action plan
Roles, responsibilities, access rules
Risk analysis
Business continuity
Continuous real time monitoring,
identification and disruption
All data, all users, all systems
Anomaly detection and analysis
Intelligence