Download - Nsa spying gem_2013_final

12023-04-08

The potential consequences of the NSA (and GHCQ) spying on the mobile enterprise

And what you can/should do about itClaus Cramon Houmann

Banque Öhman

2Öhman

Banque Öhman 2023-04-08

Key take aways:

• The known and the ”feared” extents of the NSA spying & others who spy

• Spyware exists which can take full control of any mobile device, not to mention laptops

• Defend your enterprise with Defense in depth which includes devices outside the perimeter

• Make sure you know which data leaves the perimeter• Do your risk assessments and protect against your REAL

threats• Consider any data that leaves the perimeter lost

3Öhman


Why am I here presenting this?

• June 6th• ..and since then • Truth has been

coming out • That affects us all

4Öhman


Initial releases from Snowden trove• PRISM, XKEYSCORE, other programs that combined SPY on

our lives -> and remove much of our privacy & security– Calls being recorded in the US – private AND corporate – Metadata for all calls and Internet in the US – -> this alone is a quite a risk for companies operating in the US

• But THEN started the real revelations that concern any company, worldwide....

5Öhman


!Collect everything!• It turns out that the NSA&Partners collect everything (almost)

– Your calls– Your metadata– Your e-mails– Your google searches– Your banking

transactions– Your social

media activity• They are intercepting, analyzing and storing almost all

Internet traffic. If they cant decrypt it, it just gets stored longer until they can

6Öhman


!Tailored access!

• It’s not enough to just collect and store everything• NSA actively hacks states, companies and private individuals• To make this EASIER they have also weakened an unknown

amount of cryptographic standards and tools

7Öhman


Red flags – special NSA target areas• Any bank with a swift code• Anyone using encryption• Anyone doing anything in the middle east• Anything to do with oil or gas (energy)• Anyone building security system / Infosec systems

8Öhman


But wait...this doesnt affect my company

•Raise your hand if you’re thinking this right now

9Öhman


My guess

• Is that around 25% of people present raised their hands• I hope for 0• If 25% raised their hands, another 25% didnt – only due to

normal classroom psychology

10Öhman


Why are those raised hands wrong?• Others have the means to exploit cryptographic weaknesses

– China, Russia, serious competitors?• The NSA passes information to US Government (and others?),

it’s conceivable that information from NSA spying ends up in US corp hands (http://www.zerohedge.com/contributed/2013-10-21/nsa-busted-conducting-industrial-espionage-france-mexico-brazil-china-and-all)– This has happened before (echelon anno 2000 in BBC report fx)

- Anyone can potentially get at your data! Especially on exposed locations such as mobile devices

http://www.zerohedge.com/contributed/2013-10-21/nsa-busted-conducting-industrial-espionage-france-mexico-brazil-china-and-all



11Öhman


But then...what can we do?

• Risk Management – mitigate the risks to acceptable levels• Defense-in-depth: Defend your data, wherever and whenever

appropriate. Follow the booming market for innovative tools – eventually someone will find a way to protect smartphones/tablets acceptably. Laptops already protectable

• ENCRYPT. EVERYTHING. NOW.• Manage where your data is.

Control that policies are followed.• Awareness training & GRC

implementation/improvement

12Öhman


Defense-in-depth. Isnt is simple and beatiful?

13Öhman


The future brings....

• European or Global Crypto-standards institute• Advanced malware protection tools (AMP’s), also for phones

and tablets• Changes to how NSA spies on US citizens...but how about the

rest of us....?• Fortress Europe? Fortress South-america? Fortress Russia?

14Öhman


About me

• Claus Cramon Houmann, 38, married to Tina and I have 3 lovely kids

• CISSP, ITIL Certified Expert, Prince2 practitioner• You can contact me anytime:

– Skype: Claushj0707– Twitter: @claushoumann

• Sources used:– Richard Stiennon’s presentation: ”How the surveillance state is

changing IT security forever”– Tidbits from @mikko’s TEDx presentation recently

15Öhman


Questions?

Download - Nsa spying gem_2013_final

Top Related