cyber security and the cloud
TRANSCRIPT
Cyber Security&
The CloudTOM ILUBE, CEO
A series of round-table lunches and dinners in London and Edinburgh, hosted by Crossword Over 60 information security executives (CISOs, Heads of IT Security,
Leading Consultancy firms, supplier Executives, senior Government officials)
Question: what problems is industry concerned about 3 years out?
Discussions held under the Chatham House Rule
Some strong, consistent themes emerged. Some key points of divergence amongst the groups.
Seven themes picked to share today
The view from 2018
Within the next 3 years there will be a “cyber fatality” so large that it will fundamentally change the way industry executives relate to cyber
50:50 split on this bold assertion
1) “Prepare for a major cyber fatality”
Every entity becomes a collection of loosely-coupled organisations that form “chains of trust”
The concept of a “perimeter” is redundant. Better to think of your company as being in an ecosystem
2) “There is no perimeter”
Every employee of every supplier, partner, contractor is an “insider”
Divisions between home and work life breaks down Bring Your Own Vulnerability (BYOV)
“The fabric of peoples lives is digital”
3) “They will be inside us and we won’t even know”
Explosive growth of old style criminals into cyber
Groups of threat actors co-operating methodically e.g. crime, terrorist, state, activists
Technically adept white collar criminals, linked to manipulating shares & insider trading
Foreign nation states will leak advanced tools to the mass market
4) “Hackers for hire”
Collaboration is vital within and across industries and with Government agencies
Mutual trust is essential
Speed & standardisation of threat intelligence sharing
5) “We need a neighbourhood watch”
With the emergence of the Internet of Things the attack surface expands exponentially
Vast amounts of data to be managed. Continuous data leakage We keep everything because of the few items that
might be useful.
6) Attack surface expands massively
7) Is the Cloud secure enough yet?
DoS39%
Access63%
Insiders 43%
Hijacking
61%
Insecure APIs 41%
Source: CIO Insight 2015
A lot of money is going into Cloud security
Where is Cloud security research taking place?
A huge range of fascinating projects
COED: Computing On Encrypted Data
10011010010111110010101010100010101101110101010111010011100111000100010110010101100110101010101010010101010111
Multi Party Computation
Thank You