Australia's cyber security landscape Threats, Challenges and Opportunities
THINK AHEAD, CHANGE THE WORLD, CREATE THE FUTURE
$139Bn industry by 2020
81,000 new jobs needed by 2020
IoT FAST FACTS IoT consists of all the web-enabled devices that collect, send and act on data they acquire from their surrounding environments using embedded sensors, processors and communication hardware. • Industry predicts that by 2020, the number of Internet-connected things will reach or even exceed 50 billion • By 2020, a quarter of a billion vehicles will be connected to the Internet • As the world becomes more connected, business requires a way to manage the unprecedented amounts of Data • IOT will deeper embed technology into our society • IOT closely related to AI, in fact IOT would not be as powerful without AI • Design is critical to ensure relevant security built into device
What is Cyber Security? • Cyber security is a failure to protect systems, processes or data and therefore enabling exploitation • Risk Management • Around since PC conception, data system breaches didn’t occur until the internet • Must form part of every product, database & electronic communication • Education, awareness & proactive change are required to move forward • Cyber crime is only going to increase • Cyber Security is not optional
THREATS Reliance on automation focuses on single points of failure • $500 billion/yr - Cyber attacks costing global business • 63% breaches are caused by weak passwords • 90% breaches discovered by 3 rd parties • 50% of people click on links from strangers • 93% hackers took minutes to breach • 95% of attacks are financially motivated • Top 3 countries for cyber attacks - China (37%), USA (18%), UK (11%)
CHALLANGES • Lack of security focused design in devices • Collaboration between Cyber criminals – Data, Techniques, Knowledge • Lack of collaboration – Government, Industry • Lack of skilled workers in Cyber Security • Legal & Regulatory – sharing information • Services & Privacy – Data collection & storage • Perception & Practicality – Australia not a leader in Cyber Security
What can be hacked? • Smart phones • Web cams & CCTV • Networks • Medical devices • Toys • Smart TV’s • Google home • Cars & navigation systems • Internet connected fridges • Almost anything controlled by technology will have a weak spot
Organised Crime: Example values of credentials • 1,000 stolen email addresses $0.50 to $10 • Credit card details $0.5 to $20 • Scans of real passports $1 to $2 • Custom malware $12 to $3,500 • Stolen cloud accounts $7 to $8 • One million verified email spam mailouts $70 to $150
OPPORTUNITIES • Machine learning, AI & IOT will allow for data analysis which will drive new ideas, products & ways of living • Opportunity for Australia to be a leader in Cyber Security innovation • 15 vendors in Australia, over 1400 Globally • Employment & the Development of speciality skills in Australia
RISK MANAGEMENT • Cyber risk is an enterprise risk that affects the whole organisation • Cybersecurity is aimed at mitigating these risks • Planning for the mitigation of cyber risks is an activity that will involve many parts of the organisation • Risk assessments require an understanding of wider risks and opportunities than would normally be considered by IT • Many organisations are starting to separate cyber risk assessment and strategy from the IT function
WHAT RISKS TO CONSIDER • the risk that an increased use of IT provides a greater target for Cybersecurity attacks; • the risk of significant remediation costs following a Cyber Security attack • the risk of inadvertently breaching legislative requirements for cybersecurity through poor levels of oversight of these activities; and • the risk of liabilities for management if they do not exercise appropriate governance and oversight of Cybersecurity
CYBER SECURITY ASSESSMENT Adopt a framework based approach • (1) Clearly determine the current state of cybersecurity across the organisation through a risk based assessment of all systems, infrastructure, policies and procedures (possibly using external help) • (2) Identify short term (12 month) goals for management or mitigation based on an assessment of risk and cost • (3) Similarly identify longer term (1-5 year) goals
STRATEGY IMPLEMENTATION 1. Agree the framework and approach to be adopted 2. Arrange for a current state security review to be undertaken 3. Assess the outcomes of the review and determine current risk 4. Agree on the businesses desired risk profiles for short, medium and long terms 5. Develop and implement a plan to go from current to the agreed future profiles 6. Undertake regular monitoring and status reporting
INCIDENT RESPONSE • Manage all security incidents appropriately – processes & systems • Include security aspects in infrastructure design • Liaise with law enforcement and security agencies • Develop, Operate and Maintain an Incident Management System • Collect forensic evidence on security incidents • Provide a “hands on” incident response as required • Produce regular security statistics and summary reports to the business
IT’S UP TO YOU! • Assess current security risks – passwords, access, process & systems to make immediate improvements • How do you handle Data? • Unknown emails we click • Research longer term solutions to securing data, technology & devices • Take a pro active approach • Report any cyber breaches to authorities – Mandatory February 28 th 2018
IT’S UP TO YOU! • Use complex passwords – password manager if you have several • 2 factor authentication when offered • Review business processes, systems & procedures • Learn to recognise email scams • Keep operating systems up to date • Many more, conduct a cyber security audit!
Thank You Ross Medina QLD State Manager ross.medina@acs.org.au
Recommend
More recommend