CSE 2016 Future of Cyber Security by Matthew Rosenquist
-
Upload
matthew-rosenquist -
Category
Technology
-
view
3.441 -
download
0
Transcript of CSE 2016 Future of Cyber Security by Matthew Rosenquist
The Future of Cyber Security
Conference: April 6-7, 2016
Exhibit Hall: April 6-8, 2016
Sands Expo, Las Vegas, NV
Matthew RosenquistCybersecurity StrategistIntel Corp
“...If security breaks down, technology breaks down”
Brian KrebsNoted Cybersecurity Reporter
Symbiotic Relationship: Physical and Cyber
Convergence of Cyber & Physical Security
Physical Cyber
Integration of technology blends the risks, requiring a cohesive approach
Convergence of Cyber & Physical Security
People and Technology
Expertise across these realms is highly valuable…
PR
OC
ES
S
The Growing Cyber-Attack Surface
Innovation Drives Risk Convergence
New technology bridges the virtual and physical worlds
Protecting People, Property, and Business Assets
Limited Resources and Budgets
Seeking an Optimal Balance of Risk/Cost
Aligned Goals and Challenges
Single most important factor
for success in security is
Leadership
Leaders will play a crucial role as security and technology evolves
Chain Reactions Drive Cybersecurity Evolution…
Top Evolving Challenges in Cybersecurity
Public demands their governments protect them from digital threats, fraud, and crimes, yet not infringe upon privacy
Markets strive for more connectivity, devices, applications, and services
Enterprise perspectives shift to accept the reputation and market risks
Consumers expect security “their way”: Safety with access anywhere to anything
Cybersecurity Expectations Increase1.
Result:
1. Expectations rise, but resources don’t keep pace, causing opportunities for attackers
2. More regulations, raising security standards
3. Better policing, laws, and collaboration
4. Friction around technology privacy and government access
5. Consumers respond economically to penalize poor security from vendors
Cybersecurity Expectations Increase
Nation-State Cyber-Offense Affects Everyone
Broad adoption by many nations of cyber-offense capabilities.
Governments incorporate cyber into their defense apparatus with clear objectives and deployable systems.
2.
i29 countries
Have formal cyberwarfare units
i63 countries
Use cyber tools for surveillance
i$19 billion
US 2017 proposed budget for cybersecurity
Nation-State Cyber-Offense Affects Everyone
Result:
1. Trickle-down effect gives advanced technology to criminals and attackers
2. Reverse engineered code is reused by other threats
3. Attackers don’t need to invest in developing high-end exploits, instead they harvest what governments create
Life Safety and Cybersecurity Intersect in Products
Industrial and consumer products are being connected to the internet
Billions of IoT devices gather data and exert direct control
Risk of catastrophic impacts as our reliance and trust increase
3.
Life Safety and Cybersecurity Intersect in Products
Result:
1. Risks first emerge for the transportation, healthcare, and industrial sectors
2. As IoT devices explode in number and function, so will the potential misuse
3. Remote devices, cameras, and drones become more concerning to safety and privacy. Expect more regulations
Rise in Digital Theft and Fraud
More opportunities to steal, extort, and commit fraud. Greed principle prevails
Attackers are organized, share methods and tools
Threats not limited by geography
4.
i~$450 billion
Cyber-crime impact globally
i200% increase In cyber-crime in the last 5 years
i32% reported
Organizations reporting cyber-crime
Rise in Digital Theft and Fraud
Result:
1. More successful financial fraud and theft
2. Number of attacks increase, externals and internals, from across the globe
3. Higher cost incidents, millions-billion dollar attacks
5.
Attackers are nimble, opportunistic, cooperative, skilled, and relentless
Their motivation, resiliency, and creativity drives great adaptability
Acceleration in their methods, tools, and targets (technology, people, processes)
Attackers Evolve, Adapt, and Accelerate
i
$3 trillion Aggregate innovation impact of cyber-
risks by 2020
-McKinsey & World Economic Forum
i
$90 trillion Potential net economic benefit drained from global GDP, worst case thru 2030
-Zurich & Atlantic Council
Result:
1. Dark markets and services grow to enable
2. New data breach targets emerge
3. Attackers drive down the technology stack (data, apps, VM, OS, VMM, FW, HW)
4. Research follows quickly into new areas of technology
5. Ransomware and “CEO email” fraud rises
6. Integrity attacks grow
Attackers Evolve, Adapt, and Accelerate
6.
Lack of qualified talent will greatly restrict the growth and effectiveness of security
Academia is working to satiate demand, but it will take time.
Lack of Talent Hinders the Industry
i1.5-2 million
Unfilled positions by 2017
i12x growth
Compared to the overall job market
i70% understaffed Organizations report
lack of staff
Result:
1. Salaries continue to rise until demand is met
2. Headhunting and retention of top talent is ruthlessly competitive
3. Leadership and technical roles in greatest demand
4. Outsourcing to MSSP’s and security consulting firms increases
Lack of Talent Hinders the Industry
ConclusionAligned goals and threats drive the convergence of Physical and Cyber security
The rise of cyber represents risks and opportunities
Attackers will target IoT. Physical and Cyber skill sets are valuable in protecting assets
New threat vectors will emerge as advanced technology is integrated
Leaders with insights to the future have the best opportunity to align resources and be prepared
Question and Answer
The Opportunity to Lead is Here!
Conference: April 6-7, 2016
Exhibit Hall: April 6-8, 2016
Sands Expo, Las Vegas, NVMatthew RosenquistCybersecurity StrategistIntel Corp