AmadeusCybersecurity: the essentials12 th November 2014 Alex van Someren Family Office Forum 12 th...

Amadeus Cybersecurity: the essentials 12th November 2014

Alex van Someren

Family Office Forum12th November 2014, Zurich

Cybersecurity: the essentials


AGENDA

1. Understanding cyber risks2. Cyber security market trends3. State of the art: threats & defenses4. Best practices in cyber security

Cybersecurity: the essentials


1Understanding cyber risks

CYBERSECURITY: THE ESSENTIALS


4UNDERSTANDING CYBER RISKS

• The External attacker usually wants to:– Get access to files stored on the computer, or the local network– Copy Usernames & Passwords from users– Run programs on the computer to make it a ‘bot’

• They can deliver some ‘Malware’ inside the computer to achieve this, by:– infecting it with a Virus,– getting the user to open an email attachment– persuading the user to click through to an infected web page

• We also consider Internal attackers, i.e. employees as a possible threat• Finally, disaster planning is also essential

What exactly is the threat?

1



• Email spam– Unwanted messages, also links & attachments

• Viruses/spyware/malware– Programs which can run on the receiving computer and do harm

• Email phishing– Targeted emails, particularly asking for credentials

• Network intrusion/hacking– External attackers or programs trying to enter machines/networks

• Denial of Service attacks– Preventing systems/websites from operating

What cybersecurity risks should be considered? - 1Software & network risks

1



• Theft of mobile devices– Both accidental, and targeted

• Theft of system hardware– Physical attacks on facilities

• Corporate espionage/whistleblowers– Data leakage & data theft

• Criminal damage– Not only physical, but also logical i.e. data deletion

What cybersecurity risks should be considered? - 2Physical & data loss risks

1


2Cyber security market trends



1. External threats: who actually gets hit?2. External threats: causes of data losses3. Internal threats: causes of security breaches

Cyber security market trends


External threats: who actually gets hit?

CYBER SECURITY MARKET TRENDS

Source: Kaspersky IT Risks Survey 2014 – n = 3,900

2


10

External threats: causes of data losses


Source: Kaspersky IT Risks Survey 2014

2


11

Internal threats: causes of security breaches


Source: Kaspersky IT Risks Survey 2014

2


3State of the art: threats & defences



STATE OF THE ART: THREATS & DEFENCES

• There are three major goals of cyber security:– Confidentiality: Keep private information private

• Prevent data leakage, data loss– Integrity: Guarantee critical information is not altered/tampered

• Protect data – Availability: Ensure that critical information remains accessible

• Keep systems working, prevent internal attacks• So, the “C.I.A.” is your friend!

What are the goals of good cybersecurity?

3


14STATE OF THE ART: THREATS & DEFENCES

• The primary goal is to prevent malware from getting into computers– Employees are the source of greatest risk

• They sometimes click on stupid stuff• They can sometimes be misled• They sometimes steal data

• So:– train employees in cybersecurity basics– employ adequate cybersecurity technology to prevent damage & loss

What are the risk mitigation strategies?

3


15STATE OF THE ART: THREATS & DEFENCES

• Network Firewalls– Control the flow of Internet traffic and prevent intrusions

• Anti-Spam filters/services– Minimise the amount of potentially dangerous email arriving

• Anti-Virus software– Detect, search for & destroy malware on computers

• Data Loss Prevention– Detect and prevent the export of sensitive data

• Mobile Device Management– Allow mobile & ‘BYOD’ users to safely operate remotely

What kind of basic cybersecurity defences are needed?

3


4Best practices in cyber security



17BEST PRACTICES IN CYBER SECURITY

1. Business managers must know where the most important data is held– On-site in desktops and servers, or in cloud services and mobile devices

2. Bad things happen to good businesses– Automate the secure data back-up process– How will business continue if the physical site becomes unavailable?

3. Train employees about the nature of today’s cyber-attacks– Cyber-criminals particularly target SMBs – Aiming to compromise the PCs used for online banking and payments

4. Deploy the security basics: – Firewalls for wireless and wired-based access points, – Anti-malware on endpoints and servers– Encrypt highly sensitive data at rest and in transit

Adapted from Messmer/InfoWorld Oct. 2014

Best practices - 1

4



5. Define each individual’s access to data– Ideally use two-factor authentication– Systems administrators jobs give them huge power– Immediately de-provision access & credentials when an employee departs

6. Trust, but verify– Do background checks on prospective employees– Have SLAs for technology vendors/cloud service providers; visit data-centre

7. Remove & securely destroy hard disks – From all old computers – And any other devices that store data

Best practices - 2

4



8. Smartphones require different security requirements than older PCs and laptops– ‘BYOD’ raises important legal questions– Business data no longer held on a device owned directly by the business

9. Use physical access controls to keep unauthorized individuals from IT resources– That includes the office cleaners– Train staff to challenge unexpected visitors in a polite, but determined, way

10. Have an employee acceptable-use policy – Defining behavior online, how data is to be shared and restricted– Have them read and sign it– Making it clear if there will be monitoring of online activities

– There should be possible penalties for non-compliance.

Best practices - 3

4


Amadeus Capital Partners

Alex van Someren, Managing Partner, Early Stage Funds

[email protected]

https://www.amadeuscapital.com/

Global Technology Investors



AmadeusCybersecurity: the essentials12 th November 2014 Alex van Someren Family Office Forum 12 th...

Documents

Transcript of AmadeusCybersecurity: the essentials12 th November 2014 Alex van Someren Family Office Forum 12 th...