Embed Size (px)
Citation preview
What It Is and What It Means for Your Business
Security First
Security first is a mindset.It’s thinking about your company’s security holistically from the ground up.
Security First
That means looking beyond technical considerations to see where security fits into your:
Business modelSoftware developmentPeople and hiring practicesPricingApproach to partnershipsMarketingResearch and innovation
✔
✔
✔
✔
✔
✔
✔
Security First
To do it right, security has to come first in everything you do. It can’t ever be an after thought.
Security First
Putting security first not only keeps your business safe, it also helps you disrupt your industry.
Security First
Just think of how innovative companies are differentiating themselves by focusing on security and privacy.
Security First
Apple stands out as a great example.
Security First
They’ve taken a very public and forward-thinking stance on security and privacy.
Security First
“People would like you to believe you have to give up privacy to have AI do something for you, but we don’t buy that. It might take more work, it might take more thinking, but I don’t think we should throw our privacy away.”– Tim Cook
Security First
Apple uses hardware protection of encryption keys, end-to-end encryption on iMessage and differential privacy.
And it’s more than words…
Security First
And the strategy is working!Zero-day exploits for iOS are now going for big bucks.
Security First
“…I applaud Apple for trying to improve
privacy within its business models…”
– Bruce Schneier, internationally renowned security technologist
“The majority of enterprises still
feel it is easier for them to secure
their enterprise data on the iOS
platform.”
– Dionisio Zumerle, Gartner
Security First
The reactions Apple has been getting are very favorable.
While Apple is a great example of a company that’s getting security first right, most companies don’t.
Security First
And that’s having a major impact in lots of ways.
Security First
After Jeep Hack, Chrysler Recalls 1.4 Million Vehicles for Bug Fix
Target CEO Fired: Can You Be Fired If Your Company Is Hacked?
Ransomware attacks to quadruple in 2016, study finds
Source: Juniper Research
Security First
Not only that, by 2020, the global cost of cyber crimes is expected to reach $2.5 trillion.
To help put things in perspective, let’s take a quick look at the
history of security threats.
Security First
Little valuable data was online
Viruses weren’t a real threat
Crypto was for academics and geeks
1980s & 1990s
Back in the 1980s and 1990s, there really wasn’t much going on.
2008 – 2016 Present Day2000s
✔
✔
✔
Security First
1980s & 1990s
By the 2000s, things had changed.We had entered the age of weaponizedmalware platforms.
Security First
2008 – 2016 Present Day2000s1980s & 1990s
Stuxnet attacks Iranian enrichment
Modular, updatable and extensible malware
Botnets as a service2000s
✔
✔
✔
2008 –2016
And since 2008, we’ve seen an onslaught of security mega breaches...
Security First
2008 – 2016 Present Day2000s1980s & 1990s
Anthem: Hacked Database Included 78.8 Million People
Digitization of everything
Post-Snowden privacy mindset
End-to-end encryption in WhatsApp
Rise of blockchain and Bitcoin
2008 – 2016 Present Day2000s1980s & 1990s
Along with a variety of other important changes.
Security First
✔
✔
✔
✔
2008 –2016
Differential privacy in mainstream products
Blockchains everywhere
Passwordless authentication
Ransomware
IoT DDoS attacks
Present Day
2008 – 2016 Present Day2000s1980s & 1990s
Fast forward to present day, and the changes keep coming.
Security First
✔
✔
✔
✔
✔
Security First
Looking ahead at the intersection of security and artificial intelligence (AI), there will be challengesand opportunities.
The challenges will be in terms of AI safety and security, with hackers potentially able to…
Security First
Convince a self-driving car to swerve into oncoming traffic.
Security First
Trick a bot into thinking that someone else requested a transaction.
Security First
Or make an industrial system think that it’s not overheating.
Security First
There will also be opportunities to utilize AI to increase cyber security to...
Security First
Monitor and detect events at “beyond human”
scale.
Remove human error from
writing and patching code.
Human-like pattern matching
for access authorization.
Security First
Automated detection, evaluation and patching.
Security First
The future is arriving now:
So what can you do to help your company adopt a security first mindset?
Security First
Security First
Here are three ideas to start with:
1 Make security decisions early and often.
Security First
Build security into every facet of your business.2
Security First
Compliance is table stakes. Go well beyond security basics.3
Security First
Last but not least, keep in mind that (good) security is complex and that attackers are adaptive and don’t play by the rules.
Security First
Want to learn more about
security first?
Security First
Click here to listen to the podcast
