mobile security trends and emerging threats
play

Mobile Security Trends and Emerging Threats Sandra J.H. Rolnicki - PowerPoint PPT Presentation

Mobile Security Trends and Emerging Threats Sandra J.H. Rolnicki ForenSecure April 28, 2017 Agenda (1) Macro- and Micro-Trends Impacting Mobile (2) Vulnerabilities in the Mobile Ecosystem (3) Threat Actors and Emerging Threats (4) Mobile


  1. Mobile Security Trends and Emerging Threats Sandra J.H. Rolnicki ForenSecure April 28, 2017

  2. Agenda (1) Macro- and Micro-Trends Impacting Mobile (2) Vulnerabilities in the Mobile Ecosystem (3) Threat Actors and Emerging Threats (4) Mobile Security Controls and Considerations (5) Conclusion and Q&A ForenSecure 2017 2

  3. (1) Macro- and Micro-Trends Impacting Mobile Macro-trends Internet of Artificial Intelligence & Hyperconnectivity Things (IoT) Machine Learning ForenSecure 2017 3

  4. (1) Macro- and Micro-Trends Impacting Mobile Micro-trends What does this mean for ...? • Mobile network infrastructure • Mobile network operators • Mobile device manufacturers • Mobile operating systems • App developers • Organizations (governments, businesses, non-profits) - Enterprise-owned device or bring your own device (BYOD)? • Individuals ForenSecure 2017 4

  5. (2) Vulnerabilities in the Mobile Ecosystem Leveraging the SCAN Principle by NowSecure TM • Network and infrastructure • Device and operating system • Device configuration • App stores and apps ForenSecure 2017 5

  6. (3) Threat Actors and Emerging Threats Threat actors have different motivations and represent different risks • Insider: From honest mistake to malicious intent • Hacktivist: From Robin Hood to Guy Fawkes • Cyber-criminal: From petty thief to organized crime • State sponsors: Cyber-warfare / Cyber-espionage with intent to destroy or disrupt ForenSecure 2017 6

  7. (3) Threat Actors and Emerging Threats Emerging threats represent emerged threats that capitalize on macro-trends • Spear-phishing • Malware / Spyware • Socially engineered attacks • Ransomware • Botnets using IoT • Rise of the “fakes” ForenSecure 2017 7

  8. (4) Mobile Security Controls and Considerations Layered security based on ISO Guide 73: 2009 Risk Management • Deterrent • Preventive • Detective • Recovery • Corrective • Compensating ForenSecure 2017 8

  9. (5) Conclusion and Q&A Be ready! • Macro- and micro-trends are driving ubiquity of mobile • Opportunities from vulnerabilities are rising for threat actors • Macro-trends are leveraged for increasingly sophisticated threats • Controls and layered security are more important than ever! Questions? ForenSecure 2017 9

  10. Sandra J.H. Rolnicki is part of the Supervision and Regulation (S&R) Department of the Federal Reserve Bank of Chicago (FRBC), the 7 th District of the Federal Reserve System (FRS). She leads a team of risk management professionals who are responsible for assessing inherent and residual Information Technology (IT) and Operational risk at institutions within the 7 th District and across the FRS. In addition, Ms. Rolnicki is a member of the instructor team with the FRBC’s STREAM Technology Lab, a hand-on training facility for U.S. and international regulators. She focuses on classes that feature topics such as Mobile Banking, Information Security Vulnerability Management and Virtual Currency. Prior to joining the FRBC, Ms. Rolnicki’s professional experience includes leadership roles in Internal Audit and Quality Assurance in the real estate, investment, telecommunications and consumer electronics industries. Ms. Rolnicki holds a Bachelor of Science degree in Industrial Engineering and a Master of Science degree in Information Technology, both from Northwestern University’s McCormick School of Engineering. She is currently pursuing a PhD degree in Management Science from Illinois Institution of Technology’s Stuart School of Business. Ms. Rolnicki maintains the following certifications: · CISSP, Certified Information System Security Professional, (ISC) 2 · CRMA, Certification in Risk Management Assurance, The Institute of Internal Auditors · CFE, Certified Fraud Examiner, Association of Certified Fraud Examiners · CISA, Certified Information Systems Auditor, Information Systems Audit and Control Association · CIA, Certified Internal Auditor, The Institute of Internal Auditors ForenSecure 2017 10

  11. The opinions expressed in this presentation are those of the presenter, and are not formal opinions of, nor binding on, the Federal Reserve Bank of Chicago or the Board of Governors of the Federal Reserve System. Reference to a product or service provider does not imply endorsement. ForenSecure 2017 11

Recommend


More recommend