Mark Fernandes Principal, Cyber Risk Services
+ FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT ITY How cyber is becoming a key aspect of the “ubiquity” generation. CYBER SUMMIT
More to come 3 2018 Deloitte Cyber Risk Services
4 2018 Deloitte Cyber Risk Services
+ TOPIC 1 1 - CYBE YBER SING NGULARIT RITY What does the future hold for cyber and the role it plays in business modernization. NEXT GENERATION CYBER DEFENCE
The The c cha hanging b busi usine ness a and nd c cyber risk sk la land ndscape 1990 - 2002 of Infra rastru ructu ture Era of S T E A M 2002 - 2010 of Com Complia liance Era of E L E CT R I C 2011 - 2016 D I G I T A L of Ris Risk Era of H Y P E R - CO N N E CT E D 2016+ A N D I N T E L L I G E N T of Ubiqu quity ty Era of 7 2018 Deloitte Cyber Risk Services
Source: Richard Watson: A Timeline of 2018 Deloitte Cyber Risk Services Emerging Science and Technology
Key sectors in the economy are likely to face significant disruption in the next few years Digital Potential & Time to Close the Gap w/ Contribution to Employment Long Fuse Short Fuse Big Bang Big Bang 4.5 Manufacturing Infocom Admin/Supp 4.0 Retail/Trade ort Services Admin & FSI/Insurance support activities Digital Potential (pts) Professional & Scientific activities Education Utilities 3.5 Health & Social Services Transportation Arts, Entert. & Storage & recreation Accommodation and Food Accomod. 3.0 Public Admin & Food & defence Wholesale Trade Short Fuse Construction 2.5 Smaller Bang Long Fuse & real estate Smaller Bang 3.5 3.0 2.0 1.5 0 4.0 0.0 Time to close the gap (years) Source :Administrative Records and Labor Force Survey, Manpower Research Statistics Department, MOM (December, 2015) ; Deloitte Global Center for Cyber Innovation Analysis Low Impact Medium Impact High Impact 8 2018 Deloitte Cyber Risk Services
+ TOPIC 2 2 2 - THR THREAT T LANDSC SCAPE APE What does the future hold for threats and sophistication of methods. NEXT GENERATION CYBER DEFENCE
10 2018 Deloitte Cyber Risk Services
+ TOPIC 3 3 3 - NEED ED F FOR R NEX NEXT GENERA NERATIO ION N SOC SOC Why does the future of cyber and business modernization require fresh thinking in Security Operations. NEXT GENERATION CYBER DEFENCE
Chara racteri eristi tics of a Next Genera eration on SOC Frictionless Designed to support and demonstrate value to the business, whilst driving frictionless enablement. Adaptive Is designed with adaptive capability in mind. That is with the assumption that the adversary (including AI) never sits still. Dwell Time Designed to combat actor dwell time. Context Is built on cyber insights and context. Threats are mapped to elements to accelerate value to the business. 2018 Deloitte Cyber Risk Services
Red Reducing C Cyber Dwell Tim ll Time Reduction n of Imp Impact to the he Busi Busine ness ss A Next Generation SOC is a key aspect for reducing Dwell time (Dwell time from Aberdeen Group). 60 Day 60 D ay – Full B Busines ness I Impac pact 28 Day 28 D ays – 22% 22% R Redu eduction 21 D 21 Day ay – 40% 40% R Redu eduction 14 Day 14 D ays – 58% R 58% Redu eduction 7 D 7 Day ay – 77% 77% R Redu eduction 1 Day 1 D ay – 96% R 96% Redu eduction 2018 Deloitte Cyber Risk Services
Ev Evol olution on of SO SOCs Cs with N Next Generation ion S SOC ( C (illu lustrativ ive c capabilit ility) Matur urity ty 1 1 Matur urity ty 2 2 Matur urity ty 3 3 Traditio itional S l SOC’s Cont ntinuo nuous us R Readine ness S SOC’s Iterative tive S SOC’s Traditional SOC models based on NOC centric SOC designed to address an ever changing SOC that operates in a continuous capability. Typically characterized by use case adversary (typical threat actors). Emphasis on state of readiness. What methods, predominant emphasis on SLA and hunting, behavioral profiling, actor attribution characterizes this SOC is the ticket statistics. etc.. employment of “elite” objective testers on an ongoing basis. Self Defending Continuous Behavior Continuous Campaign Alert and Hunting Exploit Enterprise Red T eaming Threat Analysis Correlation Detection Content 2018 Deloitte Cyber Risk Services
+ TOPIC 1 4 4 - IN IN SUMMA MMARY The constraint of cyber singularity. NEXT GENERATION CYBER DEFENCE
CYB YBER POWERIN ING COMM OMMERCIAL INNOVATION ON HUMAN IMAGINATION AND APPLICATION OF INNOVATION IS LIMITLESS The rate of global disruption, powered by cyber is virtually limitless. Rate is constrained by a number of factors. Some of the key aspects include. 01 02 03 04 R ESO U R C ES C O MPR EH EN SIO N W ILLIN G N ESS C A PA B ILITY The allocation of resources, The ability to comprehend the rate The willingness to embrace change The availability of enabling innovators, funding and capability of change and how it applies to and challenging institutional capability to enable innovation. to assign to transformation and their industry, customer and orthodoxy. cyber enabled innovation. stakeholders.
More to come 18 2018 Deloitte Cyber Risk Services
19 2018 Deloitte Cyber Risk Services
Recommend
More recommend