cyber security and the cloud

Cyber Security&

The CloudTOM ILUBE, CEO

A series of round-table lunches and dinners in London and Edinburgh, hosted by Crossword Over 60 information security executives (CISOs, Heads of IT Security,

Leading Consultancy firms, supplier Executives, senior Government officials)

Question: what problems is industry concerned about 3 years out?

Discussions held under the Chatham House Rule

Some strong, consistent themes emerged. Some key points of divergence amongst the groups.

Seven themes picked to share today

The view from 2018

Within the next 3 years there will be a “cyber fatality” so large that it will fundamentally change the way industry executives relate to cyber

50:50 split on this bold assertion

1) “Prepare for a major cyber fatality”

Every entity becomes a collection of loosely-coupled organisations that form “chains of trust”

The concept of a “perimeter” is redundant. Better to think of your company as being in an ecosystem

2) “There is no perimeter”

Every employee of every supplier, partner, contractor is an “insider”

Divisions between home and work life breaks down Bring Your Own Vulnerability (BYOV)

“The fabric of peoples lives is digital”

3) “They will be inside us and we won’t even know”

Explosive growth of old style criminals into cyber

Groups of threat actors co-operating methodically e.g. crime, terrorist, state, activists

Technically adept white collar criminals, linked to manipulating shares & insider trading

Foreign nation states will leak advanced tools to the mass market

4) “Hackers for hire”

Collaboration is vital within and across industries and with Government agencies

Mutual trust is essential

Speed & standardisation of threat intelligence sharing

5) “We need a neighbourhood watch”

With the emergence of the Internet of Things the attack surface expands exponentially

Vast amounts of data to be managed. Continuous data leakage We keep everything because of the few items that

might be useful.

6) Attack surface expands massively

7) Is the Cloud secure enough yet?

DoS39%

Access63%

Insiders 43%

Hijacking

61%

Insecure APIs 41%

Source: CIO Insight 2015

A lot of money is going into Cloud security

Where is Cloud security research taking place?

A huge range of fascinating projects

COED: Computing On Encrypted Data

10011010010111110010101010100010101101110101010111010011100111000100010110010101100110101010101010010101010111

Multi Party Computation

Thank You

@crosswordcybertom.ilube@crosswordcybersecurity.com