4. Before we begin.. Some stats
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/261674/bis-13-1293-ftse-350-cyber-governance-health-check-tracker-report.pdf
5. Before we begin.. Some more stats
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/261674/bis-13-1293-ftse-350-cyber-governance-health-check-tracker-report.pdf
9. Causes
• Poorly designed and developed software and systems
• Lack of network segregation, access control & monitoring
• Level of user education and risk understanding / sense of
ownership & responsibility
• Security solutions / practices leading to poor UX
• Regulatory tick boxing / audit burden
11. Some realities
• Perimeter security alone has never been sufficient
• The definition of a perimeter has changed
• Asking people not to click on things is not sustainable
• Limiting the use of mobile does not work
• Security doesn’t come from free!
12. Current threats
// Internal
• Accidental data or device loss
• Deliberate data exfiltration
• Poor internal security practices
// External
• Collateral damage compromises
• Drive by compromise
• Targeted attacks
14. Emerging threats – data volumes
• How to tag data efficiently and effectively
• How to control access
• How to protectively monitor
• How to detect anomalous behaviour
• Aggregation of data
15. Emerging threats – tech evolution pace
• Evolution rate increasing
• Shorter product life spans
• Quicker time to market
• Sustaining older products from a security perspective
• Agile security engineering
16. Emerging threats – everyone’s a coder!
• A world where everyone is a developer
• Traditional security expertise in
development / engineering teams diluted
• We need better frameworks and platforms
17. Emerging threats – Internet of things
• Traditional patching goes away
• Exploitability doesn’t diminish
• Machine to machine interactions
• Compounded hidden I.T.
18. Final thoughts
• Cyber risk ownership can not be
outsourced
• Cyber security is just one element of
modern good business governance
• Investment should be always be proportional
• Events will occur! It shouldn’t be a drama..
19. Thanks? Questions?
UK Offices
North American Offices
Australian Offices
Manchester - Head Office
San Francisco
Sydney
Cheltenham
Atlanta
Edinburgh
New York
Leatherhead
Seattle
London
Austin
Milton Keynes
European Offices
Amsterdam - Netherlands
Munich – Germany
Zurich - Switzerland
Ollie Whitehouse
ollie.whitehouse@nccgroup.com