Cybersecurity is a difficult and serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Peering into the future of cybersecurity provides valuable insights around the challenges and opportunities. The industry is changing rapidly and attackers seem to always be one step ahead.
Presented by Matthew Rosenquist at the 2016 Connected Security Expo (CSE) @ ISC West http://www.connectedsecurityexpo.com/
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
CSE 2016 Future of Cyber Security by Matthew Rosenquist
1. The Future of Cyber Security
Conference: April 6-7, 2016
Exhibit Hall: April 6-8, 2016
Sands Expo, Las Vegas, NV
Matthew Rosenquist
Cybersecurity Strategist
Intel Corp
2. “...If security breaks down, technology breaks down”
Brian Krebs
Noted Cybersecurity Reporter
Symbiotic Relationship: Physical and Cyber
3. Convergence of Cyber & Physical Security
Physical Cyber
Integration of technology blends the risks, requiring a cohesive approach
4. Convergence of Cyber & Physical Security
People and Technology
Expertise across these realms is highly valuable…
PROCESS
11. Public demands their governments protect
them from digital threats, fraud, and crimes,
yet not infringe upon privacy
Markets strive for more connectivity,
devices, applications, and services
Enterprise perspectives shift to accept the
reputation and market risks
Consumers expect security “their way”:
Safety with access anywhere to anything
Cybersecurity Expectations Increase1.
12. Result:
1. Expectations rise, but resources don’t keep
pace, causing opportunities for attackers
2. More regulations, raising security standards
3. Better policing, laws, and collaboration
4. Friction around technology privacy and
government access
5. Consumers respond economically to
penalize poor security from vendors
Cybersecurity Expectations Increase
13. Nation-State Cyber-Offense Affects Everyone
Broad adoption by many nations of
cyber-offense capabilities.
Governments incorporate cyber into their
defense apparatus with clear objectives
and deployable systems.
2.
i
29countries
Have formal cyber
warfare units
i
63countries
Use cyber tools for
surveillance
i
$19billion
US 2017 proposed
budget for cybersecurity
14. Nation-State Cyber-Offense Affects Everyone
Result:
1. Trickle-down effect gives advanced
technology to criminals and attackers
2. Reverse engineered code is reused by
other threats
3. Attackers don’t need to invest in
developing high-end exploits, instead
they harvest what governments create
15. Life Safety and Cybersecurity Intersect in
Products
Industrial and consumer products are
being connected to the internet
Billions of IoT devices gather data and
exert direct control
Risk of catastrophic impacts as our
reliance and trust increase
3.
16. Life Safety and Cybersecurity Intersect in
Products
Result:
1. Risks first emerge for the transportation,
healthcare, and industrial sectors
2. As IoT devices explode in number and
function, so will the potential misuse
3. Remote devices, cameras, and drones
become more concerning to safety and
privacy. Expect more regulations
17. Rise in Digital Theft and Fraud
More opportunities to steal, extort, and
commit fraud. Greed principle prevails
Attackers are organized, share methods
and tools
Threats not limited by geography
4.
i
~$450billion
Cyber-crime impact
globally
i
200%increase
In cyber-crime in
the last 5 years
i
32%reported
Organizations reporting
cyber-crime
18. Rise in Digital Theft and Fraud
Result:
1. More successful financial fraud and
theft
2. Number of attacks increase, externals
and internals, from across the globe
3. Higher cost incidents, millions-billion
dollar attacks
19. 5.
Attackers are nimble, opportunistic,
cooperative, skilled, and relentless
Their motivation, resiliency, and creativity
drives great adaptability
Acceleration in their methods, tools, and
targets (technology, people, processes)
Attackers Evolve, Adapt, and Accelerate
i
$3trillion
Aggregate innovation impact of cyber-
risks by 2020
-McKinsey & World Economic Forum
i
$90trillion
Potential net economic benefit drained
from global GDP, worst case thru 2030
-Zurich & Atlantic Council
20. Result:
1. Dark markets and services grow to enable
2. New data breach targets emerge
3. Attackers drive down the technology
stack (data, apps, VM, OS, VMM, FW, HW)
4. Research follows quickly into new areas
of technology
5. Ransomware and “CEO email” fraud rises
6. Integrity attacks grow
Attackers Evolve, Adapt, and Accelerate
21. 6.
Lack of qualified talent will greatly restrict
the growth and effectiveness of security
Academia is working to satiate demand,
but it will take time.
Lack of Talent Hinders the Industry
i
1.5-2million
Unfilled positions by
2017
i
12xgrowth
Compared to the overall
job market
i
70%understaffed
Organizations report
lack of staff
22. Result:
1. Salaries continue to rise until demand is
met
2. Headhunting and retention of top talent
is ruthlessly competitive
3. Leadership and technical roles in
greatest demand
4. Outsourcing to MSSP’s and security
consulting firms increases
Lack of Talent Hinders the Industry
23. Conclusion
Aligned goals and threats drive the convergence
of Physical and Cyber security
The rise of cyber represents risks and
opportunities
Attackers will target IoT. Physical and Cyber skill
sets are valuable in protecting assets
New threat vectors will emerge as advanced
technology is integrated
Leaders with insights to the future have the best
opportunity to align resources and be prepared
24. Question and Answer
The Opportunity to Lead is Here!
Conference: April 6-7, 2016
Exhibit Hall: April 6-8, 2016
Sands Expo, Las Vegas, NVMatthew Rosenquist
Cybersecurity Strategist
Intel Corp