Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

PITA Technical and Business Session: Cybersecurity outside the office

178 Aufrufe

Veröffentlicht am

APNIC Security Specialist Jamie Gillespie gives a presentation at the PITA Technical and Business session, held online on 10 Juen 2020, on 'Cybersecurity outside the office' on the changes to traditional cybersecurity, the challenges around technology, and the less-discussed threats around the people and processes, and how those need to adapt as well.

Veröffentlicht in: Internet
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

PITA Technical and Business Session: Cybersecurity outside the office

  1. 1. 1 Cybersecurity Outside the Office Jamie Gillespie, APNIC PITA Technical and Business Forum – 10 June 2020
  2. 2. Layers of Cybersecurity 2 PEOPLE PROCESS TECHNOLOGY
  3. 3. Layers of Cybersecurity 3 PEOPLE PROCESS TECHNOLOGY
  4. 4. Technology • Easiest one to think about: routers, firewalls, VPN • Authentication also critical, as we can no longer rely upon the local office network as a sign of being “trusted” – 2 Factor Authentication (2FA) vs Multi Factor Authentication (MFA) • U2F, FIDO, Yubikey • Google Authenticator, TOTP • SMS • Why is this important? – haveibeenpwned.com 4
  5. 5. Have YOU been pwned? 5
  6. 6. Technology • Exposed services on public IP addresses – Remote Desktop Protocol (RDP) – SSH (with password authentication) – Previously internal-only servers • Centralised security solutions, but distributed workers – Need to rethink how to protect computers outside the office – VPN may allow this, but what about when they’re not connected? 6
  7. 7. Technology • Cybersecurity is sometimes viewed as a sliding scale • During a crisis, some changes are implemented for usability of staff and customers • These changes may need improvements or even rollback once the smoke clears 7
  8. 8. Layers of Cybersecurity 8 PEOPLE PROCESS TECHNOLOGY
  9. 9. Process • You had a Business Continuity Plan…. right? 9
  10. 10. Process • Some office processes don’t translate to remote working – Walk-up questions for IT and Cybersecurity – Face to face approvals for business and finance • Policies and procedures can lag behind during major changes to working conditions, especially during a crisis • Flagging tactical decisions for strategic review later 10
  11. 11. Layers of Cybersecurity 11 PEOPLE PROCESS TECHNOLOGY
  12. 12. People • Under additional stress when moving to working remotely • It’s harder to check up on the mental health of staff • Working from home feels different to working in an office • Less physical oversight, less IT monitoring • Confused with new and changing systems or procedures 12
  13. 13. People • People have their own working procedures, and they usually aren’t documented, communicated, or approved – Who prints off every email? – Who saves important documents on their laptop? – Who uses Skype/Teams/Zoom/WebEx/Hangouts/WhatsApp/……? – Who uses their personal phone or computer for work? – Who lets their family and friends use their work laptop? 13
  14. 14. Summary • Remote working has been getting easier and more common • Rethink securing your networks and data • Keep your policies and procedures current • Rethink managing and monitoring your users • Re-review all changes, and don’t be afraid to make adjustments or roll back • Get an external review of your security, from all angles – People, Process, Technology 14
  15. 15. Questions? https://NFH.APNIC.NET Oceania conference on 4 August 2020 15

×