in the it world, security enables trust · innovation confidential data devices access network data...
TRANSCRIPT
![Page 1: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/1.jpg)
In the IT world, security enables TRUST
“TRUST is like the air we breathe. When it’s present, nobody really notices. But when it’s absent, everybody notices.” - Warren Buffet
![Page 2: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/2.jpg)
Cyber Security The Unknown IntruderShwetha RamuInformation Security Technology Consultant
Oracle Corporation
![Page 3: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/3.jpg)
Agenda
• What is Cyber Security? - Why is it Important?
• Market Trends and Challenges
• Common Perceptions
• Key Enablers and Need for end-to-end Security
• Detective Vs Preventive approach
• Tools and Best Practices
• Q & A
![Page 4: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/4.jpg)
What is Cyber Security?Why is it Important?
![Page 5: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/5.jpg)
RISK
COST
IDENTITY
CROSS BORDERS
VULNERABILITY
INNOVATION
CONFIDENTIAL DATA
DEVICES
ACCESS
NETWORK
DATA LEAKS
ATTACKS
DATA BREACH
PENETRATION
INTERNET OF THINGS (IoT)
THEFT
REGULATORY COMPLIANCE
LEGAL
AUDITS SAFETY
![Page 6: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/6.jpg)
Market Trends and Challenges
![Page 7: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/7.jpg)
Extended Enterprise
Applications,LOB
SocialCollaboration
Mobile Cloud
Transformation
![Page 8: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/8.jpg)
DATA SECURITY BREACH
HOPE IS NOT A STRATEGY
![Page 9: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/9.jpg)
Data Breaches in 2015
Source: Gemalto
![Page 10: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/10.jpg)
Data Breaches in 2015
Source: Gemalto
![Page 11: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/11.jpg)
Source: Gemalto
Data Breaches in 2015
![Page 12: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/12.jpg)
Security Challenges – more than breaches to worry about
Confidentiality / Data-breach
Integrity / Fraud Availability / Sabotage
![Page 13: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/13.jpg)
Cybercrime Trends for 2016
• Onion-Layered Security Incidents
• Ransomware
• Malicious Insider Attacks
• Greater Management Awareness **
Source: IBM Security
![Page 14: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/14.jpg)
Cloud Adoption – Demand for Security
• Changing Threat Vectors
• Everything is driven by Security
• Embracing Security-as-a-Service
• Geographical Boundaries
• Customers taking Responsibility
• Mobile & Cloud convergence
• Top-Down approach
![Page 15: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/15.jpg)
Challenges of Digital Transformation
![Page 16: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/16.jpg)
As Peter Steiner rightly illustrated....
![Page 17: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/17.jpg)
Common PerceptionsAssumptions & Myths
![Page 18: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/18.jpg)
Network Security is Self-Sufficient
![Page 19: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/19.jpg)
Antivirus software prevents Attacks
![Page 20: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/20.jpg)
Fraudsters are always Outsiders
![Page 21: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/21.jpg)
Awareness is individual responsibility
![Page 22: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/22.jpg)
Some Interesting Factoids on Breaches
Source: Mandiant ThreatLandscape
100% of Victims had a Firewall
100% of Victims had Up-To-Date Anti-virus Software
100% of Breaches Involve Stolen Credentials
63% of Breaches Reported by Third Parties
60% of Breaches Took Only Minutes to Compromise
![Page 23: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/23.jpg)
![Page 24: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/24.jpg)
Key Enablers & Need for End-to-End Security
![Page 25: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/25.jpg)
Cyber Security Attacks
• Denial of Service (DoS, DDoS)
• Sabotage
• Phishing & Spoofing
• Malwares (Viruses, Trojans)
• Man-in-the-Middle (MITM)
• Social Engineering
• Privileged Users
• Backdoors / Loopholes
• and many more...
![Page 26: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/26.jpg)
The Impact
£4.1Million per
year in the UK
Source: HP Enterprise Security & The Ponemon Institute
14%Increase year-
on-year average
90%Companies not
prepared
Enterprise-Wide Security practices moderate Costs by an average of more
than
£1.3Million
£1,104
to £232per capita costs
![Page 27: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/27.jpg)
Key Enablers for Cyber Security
• Customer Trust
• Compliance
• Risk Mitigation
• Cost Savings
• Enterprise Security Initiatives from C Level
• Security has NO Geographical Borders
![Page 28: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/28.jpg)
Detective vs. Preventive
![Page 29: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/29.jpg)
Preventive Security
• Anticipate the Threats
• Security Strategy and Architecture
• Deploy Preventive Tools and Controls
• Continuous Monitoring
Intended to PREVENT any unwanted users, activities or incidents
![Page 30: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/30.jpg)
Detective Security
• Identify any on-going incidents
• Analyze and Categorize
• Alerts and Notifications
• Logging
• Auditing and Reporting
• Monitoring Activities
Intended to DETECT any unwanted users, activities or incidents
![Page 31: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/31.jpg)
Corrective Security
• Corrective Actions
• Recovery
• Plan for the Future
LIMIT the DAMAGE from any unwanted users, activities or incidents
![Page 32: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/32.jpg)
As the saying goes,
However... there are some exceptions!!
![Page 33: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/33.jpg)
The Approach to Adopt
DEFENCE-IN-DEPTH
DETECTIVEPREVENTIVE +
![Page 34: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/34.jpg)
Tools & Best Practices
![Page 35: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/35.jpg)
Security By Design
Network SecurityHardware Security
Data SecurityDevice Security
End-User SecurityOperating Systems Security
![Page 36: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/36.jpg)
Security by Design• Security designed from
Ground Up
• Defence in Depth strategy
• Security Architectures
• Least Privilege Model
• Reducing Vulnerabilities
• Risk Mitigation
• Monitoring Effectiveness
![Page 37: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/37.jpg)
Security for the End Users
User Lock Down Controls
• Access Controls
• Roles and Privileges
• Privileged Users – “Break Glass”
• Efficient Passwords
• Segregation of Duties (SoD)
• Multi-Factor Authentication
User Experience Controls
• Single Sign-On
• Self-Service
• Context-Aware Security
• Social Sign-On
• Awareness & Education
![Page 38: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/38.jpg)
Security for the Data
• Encryption, a Must Do! (Data-at-Rest)
• Key Management
• Redaction and Masking
• Privilege Analysis and Controls (Ex: DBA)
• Data Access Controls
• Activity Monitoring
• Firewalls
• Up-to-Date Configurations and Patching
![Page 39: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/39.jpg)
Securing the Network
• Encryption (Data-in-Motion)
• Firewalls, Routers, Ports & Switches
• Demilitarized Zones (DMZ)
• IP Whitelisting and IP Blacklisting
• SSH, TLS/SSL, VPN
• Network Traffic Monitoring
• Intrusion Detection Systems (IDS)
• Security Incident and Event Management (SIEM)
![Page 40: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/40.jpg)
Devices and Hardware Security
• Strong Authentication & Device Lock Policies
• VPN Access / Secure Tunnels
• Remote Access Policies (For Confidential Data, Documents)
• Antivirus, Antimalware Software
• Secure Microchips & Silicon
• Security for external hardware (USB, external Hard Drives, Media etc.,)
• Physical Security
![Page 41: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/41.jpg)
Operating System & Other Security
• Security Certifications
• System Hardening
• Hypervisors
• Monitoring and Audits
• Up-to-Date Configurations and Patching
Some further considerations
• Secure Coding practices
• Security by Design for Applications
![Page 42: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/42.jpg)
Cyber Security – A Necessity or Luxury?
![Page 43: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/43.jpg)
To Summarize
• Cyber Security is Everyone’s Responsibility
• Business transformations driving Security to the Forefront
• Awareness and Education is the Key to Success
Needless to say..
Cyber Security in today’s world is a definite NECESSITY !!
AT THE END IT’S ALL ABOUT......
![Page 44: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/44.jpg)
PROTECTING WHAT MATTERS MOST!!
![Page 45: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/45.jpg)
![Page 46: In the IT world, security enables TRUST · INNOVATION CONFIDENTIAL DATA DEVICES ACCESS NETWORK DATA LEAKS ATTACKS DATA BREACH PENETRATION ... • Cyber Security is Everyone’s Responsibility](https://reader035.vdocuments.net/reader035/viewer/2022070800/5f0225c17e708231d402ce93/html5/thumbnails/46.jpg)