IT Live 2018 - Farook Al-Jibouri: Stop The Breach
Download as PPTX, PDF6 likes1,158 views
This document discusses the growing importance of security and zero-trust models in today's shifting IT landscape. It notes that most web transactions are now encrypted, mobility is changing the perimeter, and shadow IT is becoming the norm. However, 66% of companies are still breached despite increased spending on security. The document highlights recent ransomware attacks and outlines gaps between what CEOs and technical officers view as primary threats. It argues for a strategic focus on zero-trust security practices like multi-factor authentication and privileged access management to better protect against breaches involving stolen passwords or abuse of privileges. The document concludes by noting areas of infrastructure, policy, and skills that Iraq needs to strengthen its national cybersecurity posture.
More Related Content
Similar to IT Live 2018 - Farook Al-Jibouri: Stop The Breach (20)
IT Live 2018 - Farook Al-Jibouri: Stop The Breach
- 1. 1 Stop the BREACH! Farook Al-Jibouri March 2018 IT LIVE 2018, Baghdad – Iraq
- 2. 2
- 3. 3 The story of “wheelsnation.net”
- 4. The Shifting of IT Environment (… or why security has become so important)
- 5. 5 • Many applications/transactions now operate over the web • Cloud is changing our notion of a perimeter • Worker mobility is redefining the IT landscape • Shadow IT is becoming enterprise IT • Majority of web transactions are now encrypted (SSL) • The security model has changed from good people vs. bad people to enabling zero-trust
- 6. 6 CIO spending priority for 2018 SECURITY #1
- 7. 7 Expect increase spending in 2018 88% of CIOS
- 8. 8 YET 66% OF COMPANIES ARE STILL BREACHED 66%$86BSPENT ON SECURITY IN 2017 And worse, they’re breached on average five or more times TODAY’S SECURITY IS NOT SECURE
- 9. 9 62% CEOs INCORRECTLY CITE MALWARE As the primary threat to cybersecurity vs identity. That’s wrong. Phishing, privilege and compromised passwords are more prevalent — something TOs recognize. CEOs were more likely (62% vs 35%) than Technical Officers to believe malware is the primary threat to cybersecurity
- 10. 10 SENSATIONAL MALWARE HEADLINES IN 2017
- 11. 11 SENSATIONAL MALWARE HEADLINES IN 2017 WANNACRY Britain’s National Health System one of the biggest victimsNHS Systems infected overnight in 150 countries200k+ PETYA Companies using same accounting software fall victim to ransomware100s NOTPETYA Claims to be ransomware but simply spreads and encrypts. Targets privileged access and credentials. BADRABBIT Another major ransomware outbreak Variant of Petya
- 12. 12 IS IRAQ FAR AWAY FROM BREACH? WANNACRY Britain’s National Health System one of the biggest victimsNHS Systems infected overnight in 150 countries200k+ PETYA Companies using same accounting software fall victim to ransomware100s NOTPETYA Claims to be ransomware but simply spreads and encrypts. Targets privileged access and credentials. BADRABBIT Another major ransomware outbreak Variant of Petya
- 13. 13 Arabic States Iraq ranked 19 / 22
- 14. 14 Globally Iraq ranked 159 / 193
- 15. 15 CEOs are MISALIGNED With cybersecurity priorities
- 16. 16 60% of CEOs are MISINVESTING Investing the most in malware prevention even though 92% TOs claim “well-prepared” for malware CEOs intend to invest the most in malware prevention (60%) vs privileged access abuse (28%) or stolen passwords (32%)
- 17. 17 CEOs are MISINFORMED CEO Disconnect On Cybersecurity Increases Risk Of Breaches This despite recent massive innovation, including machine learning, that has dramatically reduced the burden of deploying and managing MFA CEOs biggest concern with security is poor user experience This same innovation has dramatically reduce the learning curve and burden for users, become smarter about when to prompt and uses ubiquitous smartphones
- 18. 18 40% more TECH OFFICERS Frustrated by inadequate security budgets than CEOs (31% Technical Officers vs 22% CEOs)
- 19. 19 2018 Predictions Ransomware Breaches Get Worse GDPR Biometric Adoption AI & Machine Learning More Mobile Threats
- 20. 20 THIS NEW THREATSCAPE REQUIRES ZERO TRUST SECURITY
- 21. 21 Regulations & Compliance We have to do it … NOW!
- 22. 22 Making the BUSINESS CASE for SECURITY
- 23. 23 AVOID SERVICE INTERRUPTION! E.g. Internet shutdown on Exams BUSINESS CONTINUITY e.g. Gov Websites and critical services GET DEEPER having deep visibility with help you detect breaches earlier. STAY IN CONTROL! AVOID the CRISIS
- 24. 24 HOW WE CAN HAD ZERO TRUST SECURITY? Think Strategy … not Product
- 25. 25 50%fewer breaches FORRESTER FINDS IMPLEMENTING BEST PRACTICES RESULTS IN in cost savings$5 MIL less on technology costs40%
- 26. 26 In the absence of security education or experience, people (employees, users, customers, …) naturally make poor security decisions with technology Stay Up-to-Date!
- 27. 27 Iraq Progress towards Cyber Security Iraqi Cyber Events Response Team Central Bank of Iraq ISACA Iraq
- 28. 28 What Iraq Security Needs? * Infrastructure Security: e.g. IGW basic To have robust security for the country infrastructure * Iraq National Cyber Security Center drive Security researches and analysis of threat landscape * Professional Learning Centers for Security for Capacity building * Regulations & Policy
- 29. 29 Enjoy the rest of IT LIVE 2018
Editor's Notes
- #9: Let’s look at this another way: Last year we spent over $86B on cyber security yet a stunned 2/3rds of companies were still breached And worse, those that were breached averaged five or more separate breaches Bottom line: Something has to change. Today’s security is not secure.
- #11: Why do we need a massive rethink of security? Simple: Shareholders are not safe Recent Ponemon study shows that stocks drop 5% after a breach is announced And worse, 30% of impacted consumers discontinue their relationship with the breached company A recent example of shareholder impact is Chipotle which saw it’s stock drop by $400M after announcing a breach Consumers are not safe Over one billion Yahoo users accounts were compromised for years before notifying users Note: this impacted the takeover offer from Verizon to the tune of $350M or 7% of the offer price Governments are not safe Poor authentication and misused privileged accounts resulted in 25M stolen personnel records Note: OPM breach involved the compromise of a “jump box” giving hackers control of every machine on the network Companies are not safe DNS provider (Dyn) knocked offline by a botnet of millions of IoT devices compromised because they all shared the same default password
- #12: Why do we need a massive rethink of security? Simple: Shareholders are not safe Recent Ponemon study shows that stocks drop 5% after a breach is announced And worse, 30% of impacted consumers discontinue their relationship with the breached company A recent example of shareholder impact is Chipotle which saw it’s stock drop by $400M after announcing a breach Consumers are not safe Over one billion Yahoo users accounts were compromised for years before notifying users Note: this impacted the takeover offer from Verizon to the tune of $350M or 7% of the offer price Governments are not safe Poor authentication and misused privileged accounts resulted in 25M stolen personnel records Note: OPM breach involved the compromise of a “jump box” giving hackers control of every machine on the network Companies are not safe DNS provider (Dyn) knocked offline by a botnet of millions of IoT devices compromised because they all shared the same default password
- #13: Why do we need a massive rethink of security? Simple: Shareholders are not safe Recent Ponemon study shows that stocks drop 5% after a breach is announced And worse, 30% of impacted consumers discontinue their relationship with the breached company A recent example of shareholder impact is Chipotle which saw it’s stock drop by $400M after announcing a breach Consumers are not safe Over one billion Yahoo users accounts were compromised for years before notifying users Note: this impacted the takeover offer from Verizon to the tune of $350M or 7% of the offer price Governments are not safe Poor authentication and misused privileged accounts resulted in 25M stolen personnel records Note: OPM breach involved the compromise of a “jump box” giving hackers control of every machine on the network Companies are not safe DNS provider (Dyn) knocked offline by a botnet of millions of IoT devices compromised because they all shared the same default password
- #21: This new threatscape requires a complete paradigm shift. One that rethinks and challenges the network perimeter-based approach One that puts identity at the foundation of the massive security rethink. One that removes trust from the network and redefines security to follow identity based on knowing the user and their device before granting access A new paradigm that frees companies to move fearlessly into the modern cloudscape by not relying on implicit trust, but enforcing a dynamic security policy that only trusts when verified
- #25: So how we can deliver Zero Trust Security?
- #26: If you do these things, then what are the benefits of achieving Zero Trust maturity? According to a brand new study from Forrester, entitled “Stop the Breach”, there are massive benefits to improving Zero Trust maturity including: 50% reduction in the number of reported breaches An average of $5M in cost savings related to breaches Interestingly, the most mature organizations preferred an integrated platform approach vs point and custom one-off solutions. This strategic approach led to a 40% reduction in IAM technology costs as a percentage of IT budget. Massive savings.
- #29: So what makes different or better than alternatives?