new age of cyber security and data protection...fireeye and darktrace emulate the human immune...
TRANSCRIPT
1
Jason Gottschalk
Removing Fear, Uncertainty and Doubt
Sep 2016
New age of Cyber
Security and
Data Protection
© 2016 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of
independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has
any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG
International have any such authority to obligate or bind any member firm. All rights reserved. NDPPS 133584
3
THE THREAT CONTINUES TO RISE
• Concern over cyber attacks has grown by 7%, with 37% believing
they are a target for cyber attacks.
• 76% have seen increase in the rate of cyber attacks.
• 38% have had to deal with 1 or more
major cyber security incidents
in the last 12 months.
WHAT OUR SURVEYS HAVE FOUND
© 2016 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of
independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has
any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG
International have any such authority to obligate or bind any member firm. All rights reserved. NDPPS 133584
4
RECENT ATTACKS – DATA BREACH
LIFE IS SHORT, HAVE AN AFFAIR, WHAT’S THE
WORST THAT CAN HAPPEN
In July Ashley Madison, an online
platform for would-be adulterers with
the slogan “Life is short. Have an
Affair” was hacked.
• Data from about 31 million
accounts was breached with
sensitive information about the
users being published
• Data breach led to the resignation
of the website’s CEO
• Ashley Madison is now facing
multiple lawsuits for failing to take
proper security measures to
protect its users’ information
© 2016 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of
independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has
any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG
International have any such authority to obligate or bind any member firm. All rights reserved. NDPPS 133584
5
RECENT ATTACKS – INDUSTRIAL
NATIONS UNDER SIEGE
BlackEnergy – In December 2015
over 1.4 million people were left
without electricity in Ivano-Frankivsk
region, Ukraine.
• BlackEnergy backdoor plants a
KillDisk component which renders
computers unbootable
• Infection is through Microsoft
Office files containing malicious
macros
• The virus can overwrite its
corresponding executable file on
the hard drive with random data
which makes restoration of the
system more difficult
© 2016 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of
independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has
any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG
International have any such authority to obligate or bind any member firm. All rights reserved. NDPPS 133584
6
AN EVER-CHANGING THREAT LANDSCAPE
BE IN A DEFENSIBLE POSITION, BE CYBER RESILIENT
Extortion-driven attacks and ransomware attempts will increase
Pressure to disclose data breaches and threat responses will
intensify
Widespread use of mobile devices and IoT brings a parallel
increase in risk
Organisations will make greater use of real-time intelligence
tools to monitor attacks
Organisations will focus much more on risks posed by
third party vendors and suppliers
© 2016 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of
independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has
any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG
International have any such authority to obligate or bind any member firm. All rights reserved. NDPPS 133584
7
ATTACK SURFACES INCREASE
MORE USERS + MORE DEVICES = MORE RISK
© 2016 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of
independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has
any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG
International have any such authority to obligate or bind any member firm. All rights reserved. NDPPS 133584
8
“
”
WHAT IS BEING
STOLEN?Thousands of South Africans have
fallen victim to phishing and other
types of cyber fraud, and financial
institutions have lost in excess of
R80-million and continue to lose
money every day as a result.
Dries Morris, Securicom
© 2016 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of
independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has
any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG
International have any such authority to obligate or bind any member firm. All rights reserved. NDPPS 133584
9
IMPACTS BROAD AND DEEP
Intellectual Property Loss,
including patent, client,
commercial and financial
data.
Reputational Loss,
affecting market value,
confidence and goodwill.
Penalties, legal and regulatory,
such as fines, breach
compensation and contractual
penalties.
Administrative resource
effort to correct, replace
and restore.
Time loss due to investigation,
managing media, regulatory
authorities.
Property losses – stock,
information, and a failure to
deliver.
IT CAN TAKE UP TO 90 DAYS TO RECOVER
© 2016 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of
independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has
any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG
International have any such authority to obligate or bind any member firm. All rights reserved. NDPPS 133584
10
MOTIVATIONS HAVE CHANGED
FROM “TARGET OF OPPORTUNITY” TO “TARGET OF
CHOICE”
© 2016 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of
independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has
any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG
International have any such authority to obligate or bind any member firm. All rights reserved. NDPPS 133584
11
CLOSING THE LOOP
3 KEY PRINCIPLES
1
2
3
What are we trying to protect
and from whom?
Accept the fact that a breach is
inevitable
Focus on early detection and
response
getting an up-to-date, detailed snapshot of the current cyber
threat landscape that is understood by all
whether or not your organisation has doing enough due diligence to
mitigate risks, preparing for a breach is now mandatory
Real-time intelligence solutions, heads-up situational awareness and
proactive “hunting” of incidents is the new status-quo
© 2016 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of
independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has
any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG
International have any such authority to obligate or bind any member firm. All rights reserved. NDPPS 133584
12
WHO, WHAT, WHEN?
UNDERSTANDING YOUR RISK
Your Organisation
Privileged insider
Trusted insider
Insider Organisation
Group
Nation-state
© 2016 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of
independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has
any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG
International have any such authority to obligate or bind any member firm. All rights reserved. NDPPS 133584
13
“
”
THE ANATOMY OF AN ATTACK
THE LOCKHEED INTRUSION KILL CHAIN
The realm of
digital security is
an open-ended
arms race
between system
defenses on the
one hand and
creative, highly
persistent
attackers on the
other
© 2016 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of
independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has
any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG
International have any such authority to obligate or bind any member firm. All rights reserved. NDPPS 133584
14
RED TEAM
EXERCISES
Test your processes and
systems in a real-life simulation,
providing assurance on your
ability to respond rather than
prevent.
INTRUSION
TOLERANCE:
ASSUME THAT
INTRUSIONS HAVE
HAPPENED AND
WILL HAPPEN
We must maximize the probability
that we can tolerate the direct
effect of those intrusions, and that
whatever damage is done by the
intruder, the system can continue
to do its job to the extent possible.
DEPLOYMENT OF
SECURITY
INTELLIGENCE
SYSTEMS
Ponemon says, provides a
substantially higher ROI (at 23
percent) than all other
technology categories
surveyed.
THINKING BROADER THAN CIA
APPROACHES TO CYBER SECURITY HAVE CHANGED
© 2016 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of
independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has
any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG
International have any such authority to obligate or bind any member firm. All rights reserved. NDPPS 133584
15
“
”
ADAPT AND SURVIVE
ANALYTICS AND DATA CAN SAVE US
New behavioural analytics
solutions and threat data
analytics platforms such as
FireEye and DarkTrace
emulate the human
immune system to protect
us – understanding what
belongs and what does not
A combination of protection, early
warning signals and instant
remediation against sophisticated
attacks is a proactive stance.
THE FIVE MOST
COMMON CYBER
SECURITY
MISTAKES
© 2016 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of
independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has
any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG
International have any such authority to obligate or bind any member firm. All rights reserved. NDPPS 133584
17
Mistake #1:
“We have to
achieve 100 percent
security.”
Reality:
100 percent
security is
neither feasible
nor the
appropriate
goal.
THE 5 COMMON MISTAKES
100% SECURITY IS NOT FEASIBLE NOR APPROPRIATE
© 2016 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of
independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has
any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG
International have any such authority to obligate or bind any member firm. All rights reserved. NDPPS 133584
18
Mistake #2:
“When we invest in
best-in-class
technical tools, we
are safe.”
Reality:
Effective
cybersecurity
is less
dependent on
technology
than you
think.
THE 5 COMMON MISTAKES
TECHNOLOGY IS NOT THE BE ALL AND END ALL
© 2016 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of
independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has
any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG
International have any such authority to obligate or bind any member firm. All rights reserved. NDPPS 133584
19
Mistake #3:
“Our weapons have
to be better than
those of our
attackers.”
Reality:
The security
policy should
primarily be
determined
by your
goals, not
those of
your attacker
THE 5 COMMON MISTAKES
YOU DON’T NEED TO ARM YOURSELF TO THE TEETH
© 2016 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of
independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has
any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG
International have any such authority to obligate or bind any member firm. All rights reserved. NDPPS 133584
20
Mistake #4:
“Cybersecurity
compliance is all
about effective
monitoring.”
Reality:
The ability to
learn is just as
important as the
ability to
monitor.
THE 5 COMMON MISTAKES
BEHAVIOURAL ANALYTICS IS THE FUTURE OF MONITORING
© 2016 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of
independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has
any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG
International have any such authority to obligate or bind any member firm. All rights reserved. NDPPS 133584
21
Mistake #5:
“We need to recruit
the best
professionals to
defend ourselves
against cybercrime.”
Reality:
Cybersecurity
is not a
department,
but an
attitude.
THE 5 COMMON MISTAKES
EVERYONE IS RESPONSIBLE FOR CYBER SECURITY
Jason Gottschalk
Cyber Security Lead – KPMG SA
• 082 719 1804
The information contained herein is of a general nature and is not
intended to address the circumstances of any particular individual or
entity. Although we endeavour to provide accurate and timely
information, there can be no guarantee that such information is
accurate as of the date it is received or that it will continue to be
accurate in the future. No one should act on such information
without appropriate professional advice after a thorough
examination of the particular situation.
© 2016 KPMG International Cooperative (“KPMG International”), a
Swiss entity. Member firms of the KPMG network of independent
firms are affiliated with KPMG International. KPMG International
provides no client services. No member firm has any authority to
obligate or bind KPMG International or any other member firm vis-à-
vis third parties, nor does KPMG International have any such
authority to obligate or bind any member firm. All rights reserved.
NDPPS 133584
KEEP IN TOUCH