2. Paul C Dwyer
Paul C Dwyer is an internationally recognised information security expert with over
two decades experience and serves as President of ICTTF International Cyber
Threat Task Force and Co Chairman of the UK NCA National Crime Agency Industry
Group. A certified industry professional by the International Information Systems
Security Certification Consortium (ISC2) and the Information System Audit &
Control Association (ISACA) and selected for the IT Governance Expert Panel.
Paul is a world leading Cyber Security GRC authority. He has been an advisor to
Fortune 500 companies including law enforcement agencies, military (NATO) and
recently advised DEFCOM UK at Westminster Parliament.
He has worked and trained with organisations such as the US Secret Service,
Scotland Yard, FBI, National Counter Terrorism Security Office (MI5), is approved by
the National Crime Faculty and is a member of the High Tech Crime Network
(HTCN).
Paul C Dwyer CEO
Cyber Risk International
6. What Are Cyber Threats?
Cybercrime
Cyber
Warfare
Cyber
Espionage
Cyber
X
Adversary
7.
8. Cyber Statistics
• Cybercrime costs £27 billion a year in the UK
• £1,000 a second
• 170,000 ID’s are stolen each year – 1 every three seconds
• Theft of IP £9.2 billion
(pharmaceuticals, biotechnology, electronics, IT and chemicals)
Source: UK Cabinet Office
9. Cybercrime Economy Drivers
It’s a business with an excellent economic model.
Other reasons, you name it:
• Technology
• Internet
• Recession
• “A safe crime”
• It’s easy to get involved
• Part of Something
16. A Decade on What Have We Learnt?
• Heating/AC Contractors Credentials
• Intrusion Months Before Data Theft
• Waited for US Thanksgiving Day
• Malware KAPTOXA/BlackPOS
7 Months – Average Breach Before Detection
2/3 Cases informed by third party
19. Cyber Risks for You
• Tangible Costs
– Loss of funds
– Damage to Systems
– Regulatory Fines
– Legal Damages
– Financial Compensation
• Intangible Costs
– Loss of competitive advantage (Stolen IP)
– Loss of customer and/or partner trust
– Loss of integrity (compromised digital assets)
– Damage to reputation and brand
Quantitative vs. Qualitative
46% Reduction in Profits Following Breach
20. Bottom Line for Retailers
• Arms Race – Cat and Mouse
• Top 5 Target Groups – Continuously Attacked
• You Spend Less on Cyber Security
• Low Risk – High Reward for “Bad Guys” –
Established Market for Data Assets
• Best Data Assets On the Planet
• Compliance is NOT Security
21. Retail Factors
• Data on networked and distributed systems that are accessible to a
widening array of entry points
• Broad adoption of mobile applications
by retailers adds many other new points of vulnerability
• Complex supply chains - more access and data is given to vendors
and external partners
• Global expansion may require retailers to expand distribution of
their own information around the world
23. Some Retailers Doors!
• Point-of-sale (POS) terminals in stores
• Mobile POS access points
• Customer-facing e-commerce websites
• Links with each third-party vendor, supply-chain vendor, ecosystem partner and contractor
• Employee-facing access points — including those that may utilise employee-owned mobile devices
— and the social workplace
• Links to connected data centers via the cloud
• Links to financial institutions and payment processors
• Links to managed service providers
• Links to delivery services
• Links to all other contractors who are provided with network access
• B2B, intranet and extranet portals
• In-store wireless routers, kiosks and networks
• The expanding “Internet of Things”: IP-based printers, IP-linked surveillance cameras and similar
devices
26. Reconnaissance Weaponisation Delivery Exploitation C2
Lateral
Movement
Exfiltration Maintenance
Gathers Intelligence About
Employee and Assets
Targets Individual (Asset)Bad Guy
Exploit Run – Comms
Established – Command &
Control Server
Move Laterally Across Network
Chooses Weapon from
underground forum
Exfiltrate Data
Protection – Maint Mode
30. Regulatory and Legal
EU Data Privacy Directive
EU Network
Information
Security
Directive
European Convention on
Cybercrime
PCI DSS plus
400+ Others
– 10,000+
Controls –
175 Legal
Jurisdictions
Your
Organisation
31. Responsibility – Convention Cybercrime
All organisations need to be aware of the Convention’s provisions in article 12,
paragraph 2:
‘ensure that a legal person can be held liable where the lack of supervision or
control by a natural person…has made possible the commission of a criminal
offence established in accordance with this Convention’.
In other words, directors can be responsible for offences committed by their
organisation simply because they failed to adequately exercise their duty of care.
32. Operational
Level
Strategic Level
Technical Level
Cyber is a Strategic Issue
32
Macro Security
Micro Security
How do cyber attacks affect, policies,
industry, business decisions?
What kind of policies, procedures and
business models do we need?
How can we solve our security
problems with technology?
33. •Loss of market share and reputation
•Legal ExposureCEO
•Audit Failure
•Fines and Criminal Charges
•Financial Loss
CFO/COO
•Loss of data confidentiality, integrity and/or availability
CIO
•Violation of employee privacy
CHRO
•Loss of customer trust
•Loss of brand reputationCMO
Board Room Discussion
Increasingly companies are appointing CRO’s and CISO’s with a direct line to the audit committee.
41. Botnets (Rent or Own)
Botnet Herder
ProxyProxy Command & Control Server
Infected PC Infected PC Infected PC Infected PC Infected PC Infected PC
Spam Spam Spam
Website
DDoS Attack
44. Get CC Info
Botnet Herder
Proxy Spyeye C & C Server
Infected PC Infected PC Infected PC Infected PC Infected PC Infected PC
or Upload
List
45. Place Something For Sale
Botnet Herder
Proxy Spyeye C & C Server
Uploads, Renames and Claims
Ownership of Software Utility
For Sale on a popular
download store
46. Automate Transactions
Botnet Herder
Proxy Spyeye C & C Server
Spyeye automates purchases
by form filling at intervals to
avoid detection using the
stolen credit card information
49. Avoid Detection
Botnet Herder
Proxy Spyeye C & C Server
Billing hammer will
send the transaction
through an infected
machine close to the
cardholders address to
avoid detection