Your cyber security

roadmap
Agenda

• Introduction
• Andrew Burke - Chief Technology Officer, Empired
• Sven Ross - Chief Executive Officer, Diamond Cyber
• Mark Blower - National Business Manager – Networks and Security, Empired
• Why are we vulnerable to a cyber attack?
• What can we do to mitigate the threat?
• How the threat landscape is changing
• How Empired can help
• Free offering and competition
• Questions

2
Introduction

Why are we here?

• Business beats with a digital heart
• Rates of cyber crime increasing exponentially
• Cyber crime is highly lucrative and largely anonymous
• Attacks are becoming increasingly sophisticated, targeted and
persistent risk profiles are ever increasing

We need to stay one step ahead

Why are we vulnerable to cyber attack?
Why are we so vulnerable to cyber attack

The face of cyber crime has changed

• A commercial venture with low point of entry
• Anonymous ransomware
• Large scale, industrial approach to exploitation
• New threats by the minute

5
What is hacking?

• The manipulation of people and

technology to do something other
than its original purpose
• The intention behind the hacking
dictates whether it is malicious or not
• Effective law enforcement and
prevention of cyber crime is difficult for
many reasons
Competing demands vie for our attention

In business we have competing demands:

• Market share and profitability
• Responding to customer demand
• Innovating your products and services

IT systems are connected together like never before.

Truly effective cyber security management requires a broader view
than just IT.
Where to find the time to ‘be secure’?
Source: Diamond Cyber
The attacker may be more dedicated

Time is a key construct of vulnerability to malicious activity.

• The competing demands of business vie for all our time.
• The IT teams’ available time is split between new initiatives,
innovation, break/fix, proactive management and more.

For the cyber criminal time is their most valuable asset.

• A persistent threat attacker is spending more time trying to break in
than you are trying to prevent it.
Source: Diamond Cyber
The attacker may be more dedicated

Compromise

No compromise
Efficiency
This is why a realistic threat
should dictate defensive
spend, and why defensive
efficiency (strategy) is
important

Time spent on defensive Level of security Hacker: Hacker:

measures, limited by cost, achieved, Time invested in achieving Time invested in achieving
prioritised by uptime. measured in time- compromising, limited by compromising, limited by
to-compromise. motivation. Example: Criminal motivation. Example: State

Source: Diamond Cyber

Process; a help and a hindrance

To a large extent, we are vulnerable due to 6 Months

the compliance driven approach to security.
• Some of us have an annual audit for security
• Sometimes security checks are done outside of
audits

Hackers do not wait for your yearly security 6 Months

audits to create new attacks!

Source: Diamond Cyber

The Cyber Kill Chain 1. Reconnaissance
Harvesting email addresses,
conference information, etc.

Advanced
• Targeted, coordinated,
2. Weaponisation
Couple exploit with
backdoor into a payload.
3. Delivery
Delivery of exploit to victim.

purposeful Email, web, USB, etc.

4. Installation
Persistent Installing malware on the asset
5. Exploitation
• Month after month, year Exploit a vulnerability to
execute code on the asset
after year 6. Command and control
Command channel for remote
Threat manipulation

• Person(s) with intent, 7. Actions on objective

With ‘hands on’ access the
opportunity and capability intruders accomplish their goal
Source: Diamond Cyber
What can we do to mitigate the threat?
What should businesses do?

Understand the enemy

• Persistent, advanced and human-based. Actively probing for weakness
• Multiple threat vectors, changing daily
• Likely spending more time trying to attack you than you are defending
Identify your risks and exposure
• Where are your information assets and how protected are they?
• Where are your weaknesses?
Build a defensive strategy and execute upon it
• Plan to protect what matters the most
Continuously validate its effectiveness
• Optimise your defences by probing for weaknesses
What should business do?

Develop a cyber program

 Cyber program development

Prioritise, • Identify business/mission objectives and high-level organisational priorities

• Determine the scope of systems and assets that support the selected business line or process
Scope & • Identify related systems and assets, regulatory requirements, and overall risk approach
Orient • Identify the Threat Groups most likely to target the organisation and understand why.

Create • Identify a framework to reference cyber control definitions (NIST, COBIT, ISO 27001, CIS-CSC)
Current State • Develops a Current Profile by indicating what cyber controls currently exist in the business
• Determine the maturity of controls
Profile
• Assessment is guided by the organisation’s overall risk management process or previous risk
Conduct Risk assessment activities.
• Analyse the operational environment in order to discern the likelihood of a cybersecurity event
Assessment and the impact that the event could have on the organisation.
• Identify the Most Likely and Most Dangerous threat scenario’s which could occur.
 Cyber program development

• Create a Target Profile that focuses on the assessment of the identified Controls describing the
Create Target organisation’s desired cybersecurity outcomes
State Profile • Consider influences and requirements of external stakeholders such as sector entities, customers,
and business partners when creating a Target Profile

Determine & • Compare the Current Profile and the Target Profile to determine gaps
Prioritise • Create a prioritised action plan to address those gaps that draws upon mission drivers, a
cost/benefit analysis, and understanding of risk to achieve the outcomes in the Target Profile
Gaps • Determine resources necessary to address the gaps`

Implement • Determine which actions to take in regards to the gaps, if any, identified in the previous step
Action Plan • Monitor the cybersecurity practices against the Target Profile
 Cyber program development – Core Functions

Identify
• Identify the components of your business that require
protection and how this is achieved.
• Implement process and technology to protect your
information assets.
• Build capability to detect when an attack may occur, is Recover Protect
occurring or has occurred.
• Establish people, process and technology to respond to
cyber incidents.
• Create a cyber resilient business that is capable of
recovering from cyber incidents.

Respond Detect

17
 How the threat landscape is changing

“Only two things are infinite, the universe and human

stupidity, and I'm not sure about the former” Albert Einstein
Perimeter protection

• The traditional firewall and E-mail

protection is dead
• Next generation firewalls (UTMs)
and advanced mail protection are a
step in the right direction
• We need threat analytics and real
time protection
• Considerations for bespoke vs
unified solutions
Antivirus and antimalware

Antivirus technology is dated and

not effective
We need:
• Real time protection
• Ways to enforce corporate
policy to the remote worker
• Mobile device protection
Protect your network

• We can’t consider the wired

network is safe anymore
• Provide accessibility to the
correct people
• Prepare yourself for IoT
Protect your application

Application Control Devices (ACDs)

provide visibility of who accesses what
and when.
They enable us to
• Protect the application in any
location
• Provision accessibility for the correct
user and block others
Visibility and monitoring

Insight is a crucial to effective

management of the threat landscape
No visibility = minimal benefit
Unify systems
Security Incident and Event
Management
How Empired can help
How Empired can help

Audit Enhancement Threat response

and and and
compliance remediation containment
Thank you.