warning potential
play

Warning Potential 96 2016 106 2017 118B 131 2019 145 2020 - PowerPoint PPT Presentation

Sep 04, 2023 •137 likes •1.12k views

Warning Potential 96 2016 106 2017 118B 131 2019 145 2020 *Estimated global spend as reported by IDC (11% CAGR) 1.5T *Estimated global cybercriminal revenue as reported by Bromium 3.5 2016 4 2017 4.5T 5 2019 5.5 2020

  1. Warning

  4. Potential

  7. 96 2016 106 2017 118B 131 2019 145 2020 *Estimated global spend as reported by IDC (11% CAGR)

  8. 1.5T *Estimated global cybercriminal revenue as reported by Bromium

  9. 3.5 2016 4 2017 4.5T 5 2019 5.5 2020 *Estimated global damages as reported by Cybersecurity Ventures

  10. Dollars Related To Cybercrime & Cybersecurity 6000 Damages 4500 $ Billions (CDN) 3000 11% Growth Rate Revenue 1500 Security 2016 2017 2018 2019 2020

  11. 2016

  12. 2016

  13. 2016

  14. 2017

  15. 2017

  16. 2018

  17. 2018

  18. 2018

  19. 2018

  20. 2018

  21. 2018

  22. THOUSANDS of hours wasted BILLIONS of records breached BILLIONS of dollars spent TRILLIONS of dollars lost TENS of convictions

  23. Is this what SUCCESS looks like?

  24. NO

  25. Pause

  26. A short tangent… @marknca https://markn.ca

  27. Large Research Global Reach Cloud Focus Organization

  28. Operational “Standard” IT Serverless Technologies

  29. History New capabilities Top problem Biggest opportunity

  30. How did we get here?

  31. Bad People Controls Customers Internet Controls Employees Services Problems

  32. The goal of cybersecurity Protect the confidentiality, integrity, and availability of information

  33. CIO Service System 
 System CISO Delivery Support Development

  34. CIO Service System 
 System CISO Delivery Support Development Network Application 
 GRC Service Desk Operations Development Change 
 Security 
 Application 
 Testing Management Ops Support Business System 
 Project 
 Incident Liaison Administration Office Response

  35. CIO Service System 
 System CISO Delivery Support Development Responsible Responsible Responsible Responsible Accountable Accountable Accountable Informed Consulted Consulted Consulted Consulted Informed Informed Informed RACI for customer facing solutions

  36. Can We Do That?

  37. Joe CISO, OurCo

  38. 170 *Number of days to detect a persistent threat on network as per Ponemon, 2018

  39. “Let’s start a threat hunting program” “What will we need?” “Some new tools & 2 team members…”

  40. … � Generate stronger analytics � Expand AppSec program � Fill open requisitions for SOC � Deploy shelfware � Create threat hunting team?!?

  42. CIO Service System 
 System CISO Delivery Support Development

  43. IT Employees

  44. Cybersecurity IT

  45. Employees

  46. IT Employees

  47. You IT Employees

  48. 1:50:750 You IT Employees

  49. A Lack Of People

  50. Cybersecurity IT

  51. Cybersecurity IT

  52. Can you find these people?

  56. 770 * Graduates in cybersecurity from Canadian universities per year as per Universities Canada, 2018

  57. Can you find these people? Can you keep these people? Will these people actually help?

  58. #1 Problem

  60. 92.4% * Malware starts via phishing as per Verizon DBIR, 2018

  61. Phishing awareness campaign

  62. h tu p://click.thehustle.co/wf/click?upn=rw4-2B1wCQ bh6Z1QY0AaTRRgxNWhkFS3tL4210JyH-2B-2BpEm4 tu t5oCho7iCesyL1k1C_w2FF8AYzKpBRjzA7UjULRaTF5X IrrbdesgVaow37rDL0j99VHPRqu3DXqNtSY32Ny9COk Q6J5iyb102DBbyU3bwwSndbVB5LBjhoA61xCaAHTcu PQWdg tu qU2JGWa-2FiYxaP8S2DWu4kH64X9Klqbx-2 FnPk3CS0xNvJnZ-2FMXTz2PgweO6oqxHn36XbpZYn U61W2ZS-2FTMU4pX76KkSTWvCKR1AeJycxP093uVX -2Ffuq6GxJa4poLH4fYFmIdHaomBq0h10vEJUjyGtRs SLDNhAuJDhvL5BdGbHNpybTUP9VURlMCLwcLcBGLJ SP5-2FSSeI6-2FSRkz2SvpFdGsHj1F5EJReK9SCrUDeEJ WFJbzv7nQJZvIE5n8-2F96TVnNnFutjkzyKR

  63. .accountant .education .jetzt .school .apartment .energy .kim .soccer .associates .engineering .lawyer .surf .bingo .enterprise .love .theater .boutique .fish .maison .today .brussels .fitness .memorial .vacations .careers .flights .network .video .clinic .glass .one .webcam .consulting .global .parts .wiki .degree .gripe .party .wtf .dog .hockey .porn .yoga .download .how .rentals .zone

  64. Runs counter to the idea of a link

  65. 2.77% * Effectiveness of phishing training by McCoy et al., 2017

  67. 41% * Web attacks use stolen credentials as per Verizon DBIR, 2018

  68. Password awareness campaign

  70. Runs counter to math & psychology

  71. 86% * Of passwords are reused or simple as per Troy Hunt, 2018

  72. Ugh, Users

  73. vs. Us Them

  74. “Users” are the problem

  75. “Users” are the problem

  76. 100% * Forgotten common sense

  77. vs. Us Them

  78. Containment

  79. “This system needs to be deployed.” “When?” “Monday…”

  80. Plan Run Code Stage Mitigate Detect Test Respond

  81. Plan Run Code Stage Mitigate Detect Test Respond

  82. Resolution Cost—Workflow Stage 2x —x 10x 5x 1x Code Test Stage Run Plan * NIST Planning Report 02-3

  83. Late stage risk assessments limit options

  84. Bolt-on

  85. Plan Run Code Stage Mitigate Detect Test Respond

  86. Plan Run Code Stage Mitigate Detect Test Respond

  87. Resolution Cost—Workflow Stage 2x —x 10x 5x 1x Code Test Stage Run Plan * NIST Planning Report 02-3

  88. Resolution Cost—Workflow Stage 30x 15x 10x 5x —x Plan Code Test Stage Run * NIST Planning Report 02-3

  90. Plan Run Code Stage Mitigate Detect Test Respond

  91. Plan Run Code Stage Mitigate Detect Test Respond

  92. Deployment Frequency Lead time for changes Time to restore service Change failure rate *2018 State of Devops report from DORA

  93. Early security intervention opens up new options Can you keep up with development cycles? Can you speak developer?

  94. What now?

  95. You can’t scale… automate User’s ≠ problem… educate Not collaborating… participate

  96. The goal of cybersecurity Make sure that systems work as intended …and only as intended

  97. Thank you Read more at https://markn.ca Reach me online @marknca

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

RANDY G. FISCHER Discusses potential characteristics of an active shooter Potential warning

RANDY G. FISCHER Discusses potential characteristics of an active shooter Potential warning

RANDY G. FISCHER Discusses potential characteristics of an active shooter Potential warning signs for an active shooter Strategies for surviving an incident Law Enforcements response to an active shooter incident Incidents of Active Shooters

745 views • 35 slides
Q4 & FY 2019 Results Focus on our potential The Hague, 24 February 2020 Warning about

Q4 & FY 2019 Results Focus on our potential The Hague, 24 February 2020 Warning about

Q4 & FY 2019 Results Focus on our potential The Hague, 24 February 2020 Warning about forward-looking statements: Some statements in this presentation are forward - looking statements. By their nature, forward -looking statements

717 views • 47 slides
CS70: Countability and Uncountability Alex Psomas June 30, 2016 Warning! Warning: Im really

CS70: Countability and Uncountability Alex Psomas June 30, 2016 Warning! Warning: Im really

CS70: Countability and Uncountability Alex Psomas June 30, 2016 Warning! Warning: Im really loud! Today. One idea, from around 130 years ago. At the heart of set theory. Started a crisis in mathematics in the middle of the previous

611 views • 48 slides
Current Trends and Issues in Current Trends and Issues in Public Warning Public Warning

Current Trends and Issues in Current Trends and Issues in Public Warning Public Warning

I nternational Telecom m unication Union ITU-T Keynote Address Geneva, 19 Oct 2006 Current Trends and Issues in Current Trends and Issues in Public Warning Public Warning Activities in the Private S ector Tony Rutkowski, VeriS ign VP

579 views • 13 slides
Effective Public Warnings and the Common Alerting Protocol (CAP) Goals of Public Warning

Effective Public Warnings and the Common Alerting Protocol (CAP) Goals of Public Warning

Workshop on ICT Standards for Public Warning - Geneva, 2006 Effective Public Warnings and the Common Alerting Protocol (CAP) Goals of Public Warning Save lives Reduce losses Alleviate fear The measure of a warning is the change in

577 views • 35 slides
Most-Effective Actions to Reverse Global Warning Most-Effective Actions to Reverse Global Warning

Most-Effective Actions to Reverse Global Warning Most-Effective Actions to Reverse Global Warning

Our Goal: A Coordinated Philanthropic Effort Most-Effective Actions to Reverse Global Warning Most-Effective Actions to Reverse Global Warning CO2 Reduction (gigatons) Refrigerant management 89.7 1. Wind turbines (onshore) 84.6 2. Reduced

308 views • 12 slides
Disaster Early Warning Systems: Disaster Early Warning Systems: Focus on All- - Hazards,

Disaster Early Warning Systems: Disaster Early Warning Systems: Focus on All- - Hazards,

Disaster Early Warning Systems: Disaster Early Warning Systems: Focus on All- - Hazards, Hazards, Focus on All All- - Media, Public Warning Media, Public Warning All presented by Eliot Christian, United States Workshop on Disaster

805 views • 21 slides
Multi- -Tool CAP Tool CAP- -Based Alert Based Alert Multi and Warning System and Warning

Multi- -Tool CAP Tool CAP- -Based Alert Based Alert Multi and Warning System and Warning

I nternational Telecom m unication Union ITU-T Multi- -Tool CAP Tool CAP- -Based Alert Based Alert Multi and Warning System and Warning System Efraim Petel President, Hormann America, Inc. I TU-T/ OASI S W orkshop and Dem onstration of

745 views • 23 slides
WMO / WMO / World Weather Watch World Weather Watch and Public Warning and Public Warning

WMO / WMO / World Weather Watch World Weather Watch and Public Warning and Public Warning

WMO / WMO / World Weather Watch World Weather Watch and Public Warning and Public Warning presented 19 October, 2006 by Jack Hayes, Director WMO World Weather Watch in the "Workshop and Demonstration of Advances in ICT Standards for

654 views • 22 slides
Warning! Today. One idea, from around 130 years ago. At the heart of set theory. CS70:

Warning! Today. One idea, from around 130 years ago. At the heart of set theory. CS70:

Warning! Today. One idea, from around 130 years ago. At the heart of set theory. CS70: Countability and Uncountability Started a crisis in mathematics in the middle of the previous century!!!!! Warning: Im really loud! The man who worked

235 views • 8 slides
Early Warning Systems To detect New and Emerging Risks of Chemicals, a.o. Carcinogens Nicole

Early Warning Systems To detect New and Emerging Risks of Chemicals, a.o. Carcinogens Nicole

Early Warning Systems To detect New and Emerging Risks of Chemicals, a.o. Carcinogens Nicole Palmen, PhD Industrial Hygienist/toxicologist Early Warning Systems | October 21 2016 Contents 1. Early warning systems 2. Identification and

587 views • 17 slides
T-Gen2 60W/120W Grade 3 Emergency Warning System Sales Presentation Rev 2 21 Nov 18 T-Gen2

T-Gen2 60W/120W Grade 3 Emergency Warning System Sales Presentation Rev 2 21 Nov 18 T-Gen2

Global Fire Detection Products T-Gen2 60W/120W Grade 3 Emergency Warning System Sales Presentation Rev 2 21 Nov 18 T-Gen2 The VIGILANT T-Gen2 is an Emergency Warning System (EWS) that generates emergency warning tones and messages for

602 views • 10 slides
Crisis Early Warning Crisis Early Warning ILO Crisis Response : Trainers Guide InFocus

Crisis Early Warning Crisis Early Warning ILO Crisis Response : Trainers Guide InFocus

SESSION Crisis Early Warning V 1 Crisis Early Warning Crisis Early Warning ILO Crisis Response : Trainers Guide InFocus Programme on Crisis Response and Reconstruction IFP/CRISIS SESSION Crisis Early Warning V Crisis Early Warning and

268 views • 11 slides
E ARLY WARNING SYSTE M AND DISASTE R E ARLY WARNING SYSTE M AND DISASTE R MANAGE ME NT

E ARLY WARNING SYSTE M AND DISASTE R E ARLY WARNING SYSTE M AND DISASTE R MANAGE ME NT

E ARLY WARNING SYSTE M AND DISASTE R E ARLY WARNING SYSTE M AND DISASTE R MANAGE ME NT CONCE PT IN INDONE SIA MANAGE ME NT CONCE PT IN INDONE SIA BY: ANALIS WIDODO ADI DIRECTORATE GENERAL OF POSTS AND TELECOMMUNICATIONS REPUBLIC

288 views • 10 slides
DRAFT COMMISSION DELEGATED REGULATION ON INTELLIGENT SPEED ASSISTANCE (ISA) DRAFT DELEGATED ACT

DRAFT COMMISSION DELEGATED REGULATION ON INTELLIGENT SPEED ASSISTANCE (ISA) DRAFT DELEGATED ACT

ETSC RESPONSE TO THE DRAFT COMMISSION DELEGATED REGULATION ON INTELLIGENT SPEED ASSISTANCE (ISA) DRAFT DELEGATED ACT ALLOWS FOR 4 TYPES OF FEEDBACK 1. visual warning + cascaded acoustic warning 2. visual warning + cascaded haptic warning:

410 views • 19 slides
Transforming Secondary Schools Using an Early Warning System ROBERT BALFANZ, PHD EVERYONE

Transforming Secondary Schools Using an Early Warning System ROBERT BALFANZ, PHD EVERYONE

Transforming Secondary Schools Using an Early Warning System ROBERT BALFANZ, PHD EVERYONE GRADUATES CENTER JOHNS HOPKINS UNIVERSITY SCHOOL OF EDUCATION Early Warning and Student Support Systems as the Foundation for School Improvement

677 views • 40 slides
Third Quarter 2014 Opinions and estimates offered constitute our judgment and are subject to

Third Quarter 2014 Opinions and estimates offered constitute our judgment and are subject to

Capital Markets Flash Summary Third Quarter 2014 Opinions and estimates offered constitute our judgment and are subject to change without notice, as are statements of financial market trends, which are based on current market conditions. We

551 views • 7 slides
Moving Your Own Cheese Karyn Scott Director, Enterprise Segment Marketing Cisco Systems, Inc.

Moving Your Own Cheese Karyn Scott Director, Enterprise Segment Marketing Cisco Systems, Inc.

Moving Your Own Cheese Karyn Scott Director, Enterprise Segment Marketing Cisco Systems, Inc. Cisco Systems The Early Years (19841995) 1984 1985 1986 1987 1988 1989 1990 1991 1992 1993 1994 1995 1984 1990 1995 John Chambers

578 views • 23 slides
Kanban: Naturally suited for Enterprise Adoption Boston SPIN Ajay Reddy CIO, CodeGenesys.com,

Kanban: Naturally suited for Enterprise Adoption Boston SPIN Ajay Reddy CIO, CodeGenesys.com,

Kanban: Naturally suited for Enterprise Adoption Boston SPIN Ajay Reddy CIO, CodeGenesys.com, ScrumDo.com ajay@codegenesys.com @ajrdy @scrumdo @codegenesys The End of Methodology *** End of Methodology slides credit to: David Anderson

1.08k views • 43 slides
NOAALink 101 Pre-Award Training Visit us at: http://www.cio.noaa.gov/NOAALink/index.html FY 12

NOAALink 101 Pre-Award Training Visit us at: http://www.cio.noaa.gov/NOAALink/index.html FY 12

NOAALink 101 Pre-Award Training Visit us at: http://www.cio.noaa.gov/NOAALink/index.html FY 12 Pre-Award v1 v3 03/31/11 1 Introduction FY 12 Pre-Award v1 v3 03/31/11 2 Introduction: Expected Outcomes At the end of this training course,

898 views • 43 slides
Introduction & Nigels Top 5 Elizabeth Sexton-Kennedy CIO All Hands 30 April 2019 Top 5

Introduction & Nigels Top 5 Elizabeth Sexton-Kennedy CIO All Hands 30 April 2019 Top 5

Introduction & Nigels Top 5 Elizabeth Sexton-Kennedy CIO All Hands 30 April 2019 Top 5 from directors September all-hands meeting 1. Re-emphasize safety across the site. - We do not want anyone at Fermilab to experience a life-altering

297 views • 7 slides
NCHIMA 66 th Annual Meeting Panel Discussion: HOT TOPICS in Health Information Management,

NCHIMA 66 th Annual Meeting Panel Discussion: HOT TOPICS in Health Information Management,

NCHIMA 66 th Annual Meeting Panel Discussion: HOT TOPICS in Health Information Management, Technology and Legislative Advocacy Friday, May 6, 2016 8am 9am Moderator: Jean Foster, RHIA, NCHIMANCHICA Liaison Valerie Dobson, MHS, RHIA,

383 views • 12 slides
On abstraction and compositionality for weak-memory linearisability Brijesh Dongol Radha

On abstraction and compositionality for weak-memory linearisability Brijesh Dongol Radha

On abstraction and compositionality for weak-memory linearisability Brijesh Dongol Radha Jagadeesan James Riely Alasdair Armstrong Atomicity abstraction and weak memory How do we provide reliable atomicity abstractions? Concurrent

1.03k views • 59 slides
TUCASI data Infrastructure Project (TIP) Richard J. Marciano A collaborative project of

TUCASI data Infrastructure Project (TIP) Richard J. Marciano A collaborative project of

Managing Shared Digital Research Data in Federated Storage Clouds for Higher Education TUCASI data Infrastructure Project (TIP) Richard J. Marciano A collaborative project of Duke, UNC, NC State, and RENCI Deployment of a prototype

349 views • 18 slides

More recommend