Upload
peter-jones
View
226
Download
0
Embed Size (px)
Citation preview
SouthWestCSC.org@SouthWestCSC
4 Simple Steps to Cyber Security
Torbay Business Forum 12th Jan 2016
Geoff Revill – Krowdthink LtdPeter Jones - Dynamiq
SouthWestCSC.org
SouthWestCSC.org@SouthWestCSC
Who we are
Organisations and stakeholders in the South West of England who are actively engaged in, or dependent on, cyber and digital security
Our membership includes academia, the police, businesses and enterprises from across the region that either:
•supply cyber security services•rely on cyber security for the provision of other services•have a public service interest in cyber, or•are engaged in cyber training, education or research
SouthWestCSC.org@SouthWestCSC
What do we provide?
• Access to cyber skills and knowledge• Share latest cyber thinking and best practice• Help make your business more resilient• Cyber Careers advice • Cyber Professional development • Learn how to protect yourself online
Be part of a cyber resilient future!
SouthWestCSC.org@SouthWestCSC
• Securious are passionate about getting the message out to SMEs that they need to build resilience against the cyber threats.
• The only Cyber Essentials Certification Body in the South West• Pete Woodward PCI QSA|CISSP|CEH|CCNP|CCDP - a highly qualified and very
experienced cyber security consultant.• PCI QSA - Payment Card Industry Qualified Security Assessor• CISSP - Certified Information Systems Security Professional• CEH - Certified Ethical Hacker• CCNP, CCDP - CISCO Certified Network and Design Professional
SouthWestCSC.org@SouthWestCSC
• Cyber Security solutions provider.
• Data Recovery.
• Digital Forensics.
• IT Support Services.
• Installations, Development and Support.
• Secure Cloud Storage.
• Website Development.
• ISO 9001 / 14001 / 27001 Auditors.
• Cyber Essentials Auditors.
0800 069 9788
@dynamiqthinking
www.dynamiq.co
SAFER, SMARTER, BETTER - TOGETHER
SouthWestCSC.org@SouthWestCSC
• Addressing the Human Factor• Resilience and crisis response for military & commercial
clients• Combatting the cyber threat:– Cyber strategy development– Board-level engagement– Business risk and value analysis– Awareness training– Incident response planning– Scenario analysis– Table-top and simulated exercising
SouthWestCSC.org@SouthWestCSC
Supporting the Privacy Perspective of Security
• Provide guidance on individual digital identity management
• Help people online maintain their privacy• Help you develop privacy preserving systems
• In SWCSC – Contact Geoff Revill for Event & Marketing co-operation or support– [email protected]
SouthWestCSC.org@SouthWestCSC
Anthony OdhamsSecureSearch
• 15 years expertise Search & Placement of Information Security, Risk Management, Digital Forensics, e-Discovery specialists
• Clients – Banks, Advisory & Consultancies, Solicitors, Retailers, Vendors & Academia
• Role Levels – Director, Partner, Manager & Technical with > 6 years cyber experience
• Membership Secretary SWCSC
SouthWestCSC.org@SouthWestCSC
• Protect: against current and future threats of internet related crime
• Prepare: by increasing awareness and resilience to enable communities and businesses to do more for themselves.
• Prevent: people from engaging in crime and from continuing in crime whilst supporting communities and partners to be more effective in stopping crime.
• Pursue: The criminals
SouthWestCSC.org@SouthWestCSC
The DARK WEB
The Threats
SouthWestCSC.org@SouthWestCSC
3.5Bn OnlineHow Many Have Been Hacked?
1.2 Billion login details 0.5 Billion email addresses
Reported for sale in 2014 on the Dark Web byOne Russian Cyber Gang
76M Bank Account user detailshacked at JP Morgan Bank
38% growth in cyber security incidents 2014->2015
Only 12% are reported!
SouthWestCSC.org@SouthWestCSC
Business Consequences
•breach of privacy law obligations•regulatory fines•individual loss claims
Loss of personal data
•breach of contract•loss of commercial advantage•breach of regulatory obligations•regulatory fines
Loss of confidential information
•financial fraud•extortion•breach of regulatory obligations•regulatory fines
Financial systems
•denial of service•physical damage to plant and machinery•industrial accidents
Operational control systems
SouthWestCSC.org@SouthWestCSC
Who is accountable?
• Managing Directors blame:– 57% hold themselves
accountable for major cyber security breaches
– Some MDs also hold IT accountable for major cyber security breaches
• Financial Directors blame:– mainly hold IT contractors
accountableWho do MD’s blame apart from themselves?
SouthWestCSC.org@SouthWestCSC
The Weakest link
SouthWestCSC.org@SouthWestCSC
4 Simple Steps to Cyber Security1 Basic Principle to Understand
Basic Principle
If unauthorised code cannot run you are protected from 85% of cyber threats
SouthWestCSC.org@SouthWestCSC
4 Simple Steps to Cyber Security
①Patch your Operating Systems regularly②Patch your key Applications regularly– Browser, Java, Flash, PDF Viewer, Office apps
③Restrict Administrator Privileges to those that really need them
④WhiteList the Applications you use
SouthWestCSC.org@SouthWestCSC
Lost?
SouthWestCSC.org@SouthWestCSC
That is what we are here for
SecureSearch
SouthWestCSC.org@SouthWestCSC