Masterclass: Security in data, cloud and blockchain Professor Trish - - PowerPoint PPT Presentation

masterclass security in data cloud and blockchain
SMART_READER_LITE
LIVE PREVIEW

Masterclass: Security in data, cloud and blockchain Professor Trish - - PowerPoint PPT Presentation

Dec 28, 2022 271 likes •842 views

Masterclass: Security in data, cloud and blockchain Professor Trish Williams Cisco Chair and Professor of Digital Health Systems Co-Director of Flinders Digital Health Research Centre College of Science and Engineering Flinders University,

slide-1
SLIDE 1
slide-2
SLIDE 2

Masterclass: Security in data, cloud and blockchain

Professor Trish Williams

Cisco Chair and Professor of Digital Health Systems Co-Director of Flinders Digital Health Research Centre College of Science and Engineering Flinders University, South Australia

Ivan Jasenovic

Managing Director, Sicoor.com

slide-3
SLIDE 3

HISA Cybersecurity Community of Practice

http://katyaburg.ru/sites/default/files/pictures/prikolnye_video/super-smeshnaya-podborka-video-pro-kotov-koty-otjigaut.jpg

.

https://www.hisa.org.au/cybersecurity/

slide-4
SLIDE 4

Current security in e-Health

slide-5
SLIDE 5

Continuum of Security

https://securityledger.com/wp-content/uploads/2015/03/Fotolia_75085004_S.jpg
slide-6
SLIDE 6
  • 1. Cybersecurity in healthcare –context
  • 2. Basics test
  • 3. Why do we need to start thinking differently?
  • 4. What’s coming our way?
  • 5. Blockchain in health

What to expect today?

slide-7
SLIDE 7
  • 1. Cybersecurity in healthcare - context
http://documents.trendmicro.com/images/TEx/articles/healthcare-breaches-timeline.jpg
slide-8
SLIDE 8

Attack capability

http://i1-news.softpedia-static.com/images/news2/dyn-ddos-attack-powered-mainly-by-mirai-botnet-509541-2.png
slide-9
SLIDE 9
  • Searches online for internet

connected devices with default authentication

  • usernames and passwords
  • Build a botnet
  • harnessing the computation resources of

equipment infected

  • Distributed denial of service
  • so many data requests the target is

flooded and can no longer respond or function)

  • Design suggests it’s a platform

not just a ‘piece’ of attack malware

  • Last attack was a test run

Mirai (IoT malware), botnets and DDOS attacks

https://4a7efb2d53317100f611-1d7064c4f7b6de25658a4199efb34975.ssl.cf1.rackcdn.com/dumped-source-code-hacks-iot-devices-to-build-ddos-army-showcase_image-5-p-2267.jpg
slide-10
SLIDE 10

Ransomware

https://digitalguardian.com/sites/default/files/26884181_m.jpg
slide-11
SLIDE 11

Rarely one cause e.g. Impact on NHS of WannaCry

slide-12
SLIDE 12

Why do we have this problem?

slide-13
SLIDE 13

Australian healthcare = a complex system

slide-14
SLIDE 14

Complex to defend…

https://media.licdn.com/mpr/mpr/p/6/000/252/246/289588f.jpg
slide-15
SLIDE 15

Data intensive

https://www.blackpepper.co.uk/wp-content/uploads/2016/09/Big-data-blog-image.jpg
slide-16
SLIDE 16

Critical Infrastructure

http://www.nhisac.org/wp-content/uploads/CIKRCollage.jpg http://www.nhisac.org/wp-content/uploads/health1.jpg
slide-17
SLIDE 17
  • Immaturity and a lack distinction between

health software and medical devices in the health mobile marketplace, presents a major challenge for the security discipline

Convergence and Integration

slide-18
SLIDE 18
  • advanced

malware

  • Mirai
  • Ransomware
  • targeted

attacks

  • advanced

persistent threats (APTs)

I

Threat landscape

https://s-media-cache-ak0.pinimg.com/originals/aa/5c/f1/aa5cf14cd468e04f46d7173ab76165a1.jpg

Advanced Persistent Threat

slide-19
SLIDE 19

The hacking business

https://upload.wikimedia.org/wikipedia/en/0/07/H_Commerce_film_poster.jpg
  • Healthcare is an attractive

and valuable target for hackers

  • Ransom for $$$
  • Denial of Service for malice/$$$
  • Stealing confidential data
  • Compromising data
  • Identity theft
  • Compromising devices
slide-20
SLIDE 20

New technology and new/old threats

http://www.healthwareinternational.com/HP3Image/Content/internet-of-things.jpg https://img.wonderhowto.com/img/50/81/63545703386404/0/advice-from-real-hacker-protect-yourself-from-being-hacked.1280x600.jpg
slide-21
SLIDE 21 https://blog.gemalto.com/wp-content/uploads/2016/09/2016-breaches-by-type-source.jpg
slide-22
SLIDE 22

“The healthcare sector is slow to update technology and as such is woefully unprepared for an oncoming onslaught of cyber attacks”

SecurityBriefAu, March 02, 2016

https://securitybrief.com.au/media/cache/6a/f7/6af72e9f889fb0cc6f785790f208c1c9.jpg

Following the Mirai attack - “Hospitals survived not by design by by luck”

Kevin Fu, Report to US Congress,

Unfortunately, the reality is that …..

slide-23
SLIDE 23

But it’s not all doom and gloom…..

https://i.pinimg.com/736x/34/1f/99/341f99bee46fd9f0d5da541d2c628486--cat-tunnel-train-tunnel.jpg
slide-24
SLIDE 24

Continuum of Security

https://securityledger.com/wp-content/uploads/2015/03/Fotolia_75085004_S.jpg

Start Here

slide-25
SLIDE 25
  • 2. Basics test
http://epicfails.net/wp-content/uploads/2011/04/camera_fail.jpg
slide-26
SLIDE 26

Rate the strength of the eight passwords:

–Rate 1 for the strongest password –To 8 for the weakest password

  • Password
  • rover
  • 1qaz2wsx
  • Fluffy19
  • Pa$$w0rd
  • :);):-:( ;):-
  • 1qaz@WSX
  • 21734260118924

Back to basics….. Passwords.... Weak or strong?

slide-27
SLIDE 27

Back to basics…..Passwords

8. rover 7. Password 6. 21734260118924 5. :);):-:( ;):- 4. Fluffy19 3. 1qaz2wsx

  • 2. Pa$$w0rd

1. 1qaz@WSX

slide-28
SLIDE 28

Continuum of Security

https://securityledger.com/wp-content/uploads/2015/03/Fotolia_75085004_S.jpg

Gradually moving to here

slide-29
SLIDE 29
  • Does your organisation use email ?
  • Does your organisation send any

patient related data via email?

  • Yes 
  • No – think again -

Lets test your knowledge….

https://stupidevilbastard.com/wp-content/uploads/2012/03/techsupportcat.jpg
slide-30
SLIDE 30

Is email a secure form of communication?

a) Yes b) No

How much do you know?

b) No – can be traced, intercepted, spoofed, read (unless encrypted)

slide-31
SLIDE 31

a) Spoofed e-mails and fraudulent websites to fool recipients b) A type of computer virus c) An example of a strong password

What is phishing?

a) Spoofed e-mails and fraudulent websites to fool recipients

slide-32
SLIDE 32

a) Reboot with sysdoc.exe disabled b) Delete the email c) Wipe your monitor with soft cloth

What do you do if you get spammed?

b) Delete the email

slide-33
SLIDE 33

Phishing – real or not?

slide-34
SLIDE 34

Real or not?

slide-35
SLIDE 35
slide-36
SLIDE 36

What does this prove?

Captcha: "Completely Automated Public Turing test to tell Computers and Humans Apart".

slide-37
SLIDE 37

Continuum of Security

https://securityledger.com/wp-content/uploads/2015/03/Fotolia_75085004_S.jpg

Lets advance to here

slide-38
SLIDE 38
  • Things are moving faster than we can imagine
  • 3. Why do we need to start thinking differently?
http://ichef.bbci.co.uk/wwfeatures/live/624_351/images/live/p0/0z/95/p00z9591.jpg
slide-39
SLIDE 39

How do we usually approach cybersecurity?

So much cybersecurity advice out there …

slide-40
SLIDE 40

Layered Security

http://www.infoexchangeja.com/uploads/blog/Layered_Security_Diagram-01.png https://businessinsightsdm.files.wordpress.com/2017/03/graphic-1.jpg?w=616
slide-41
SLIDE 41

How do we keep up with attacks that are different, constant, and more and more sophisticated?

Why change? Your challenges are:

slide-42
SLIDE 42

Continuum of Security

https://securityledger.com/wp-content/uploads/2015/03/Fotolia_75085004_S.jpg

Now to here

slide-43
SLIDE 43

Acceptance of new ways of doing things

http://slideplayer.com/10952745/39/images/6/The+Cloud+Continuum+Customer+Entry+into+Cloud+Security.jpg
slide-44
SLIDE 44
slide-45
SLIDE 45
  • 4. What’s coming our way?

(or is already here!)

https://pbs.twimg.com/media/DHNY_r3XsAASKi5.jpg
slide-46
SLIDE 46 https://media.licdn.com/mpr/mpr/AAEAAQAAAAAAAAt3AAAAJDM5NDBhN2JiLTQ2MDYtNGYxMi1hYTEwLWVmMWU2ZjhkYjQzZA.jpg
slide-47
SLIDE 47 http://www.geekculture.com/joyoftech/joyimages/2340.png
slide-48
SLIDE 48

Continuum of Security

https://securityledger.com/wp-content/uploads/2015/03/Fotolia_75085004_S.jpg

Ultimately to here

slide-49
SLIDE 49
  • A blockchain is a type of distributed ledger,

comprised of un-changable, digitally recorded data in packages called blocks.

Blockchain

https://gallery.mailchimp.com/0c60818e26ecdbe423a10ad2f/images/5335b0a4-1b15-46e7-acf9-01f43ad813d7.jpg
slide-50
SLIDE 50

Healthcare data security is like…

slide-51
SLIDE 51

Resilience is the ability to “bounce back” from stressful

  • r challenging experiences. It

involves being able to adapt to changes and approach negative events, sources of stress and traumatic events as constructively as possible.

What we need to build is ……Resilience

http://www.motivationalmemo.com/wp-content/uploads/2012/07/resilience.jpg

Cyber resilience refers to an entity's ability to continuously deliver the intended outcome despite adverse cyber events

slide-52
SLIDE 52

https://www.pmc.gov.au/cyber-security/cyber-resilience-taskforce

Australia’s Cyber Resilience Taskforce

slide-53
SLIDE 53

Resilience philosophy

http://4.bp.blogspot.com/-oGounP7z0S0/TiBdgq_X-TI/AAAAAAAAAfI/XjzKNvSHrqQ/s1600/1tiggerbounce.gif
slide-54
SLIDE 54
slide-55
SLIDE 55

Thank you

Questions/Discussion