managing digital risk: trends, issues and implications for business
DESCRIPTION
Managing Digital Risk: Trends, Issues and Implications for Business. PRITH BANERJEE— SENIOR VICE PRESIDENT, RESEARCH & DIRECTOR, HP LABS. Managing digital risks. Rapid progress of technology and business reliance on technology mean companies face a growing problem with digital risk. - PowerPoint PPT PresentationTRANSCRIPT
© Copyright 2010 Hewlett-Packard Development Company, L.P. 1© Copyright 2010 Hewlett-Packard Development Company, L.P.
MANAGING DIGITAL RISK: TRENDS, ISSUES AND
IMPLICATIONS FOR BUSINESS
PRITH BANERJEE—SENIOR VICE PRESIDENT, RESEARCH & DIRECTOR, HP LABS
© Copyright 2010 Hewlett-Packard Development Company, L.P. 2
MANAGING DIGITAL RISKS– Rapid progress of technology and business reliance on
technology mean companies face a growing problem with digital risk.
– The rate, scale and sophistication of attacks will continue to adapt and grow with changing technology
– Digital risk needs to become a Board-level concern– Risk managers need to develop comprehensive digital
risk management strategies
© Copyright 2010 Hewlett-Packard Development Company, L.P. 3
HP MOBILE/CLOUD: A COMPLETE SYSTEMNext-generation information infrastructureMOBILITY
Always-connected DevicesSmartphones, slates, notebooks, printers
Infrastructure as a ServiceCompute and storage resources, on-demand
Consumer Services + Mobile AppsSnapfish, MagCloud, Melodeo, ePrint, Gloe, Friendlee, Gabble… 4000+ Apps on WebOSEnterprise Cloud Solutions
Help instant-on enterprises build, consume, manage and secure cloud services in hybrid environments
CLOUD“Arms dealer” to Service Providers
From BladeMatrix to Indigo
© Copyright 2010 Hewlett-Packard Development Company, L.P. 4
THE RAPID PACE OF TECHNOLOGY CHANGE
Information
Explosion
Connected Technolog
y
Connected People
Virtual Business
© Copyright 2010 Hewlett-Packard Development Company, L.P. 5
THE CHANGING NATURE OF THREATS – 10 years ago: Disruption from
fast spreading malware– 5 years ago: Money stealing– Today: Well-funded, hidden,
sophisticated and targeted attacks
2009/10Stuxnet,
Aurora and Conficker
2001Email
viruses & network worms
(ILOVEYOU, NIMDA)
2005Drive by
downloads &
Command & Control
(Zeus)2003/4
Combined techniques to spread(Blaster, Sasser)
© Copyright 2010 Hewlett-Packard Development Company, L.P. 6
ANATOMY OF A TYPICAL ATTACKANATOMY OF A TYPICAL ATTACK1. Explore Target
2. Initial intrusion
3. Establish a
foothold
4. Obtain security
information
5. Spread to
other systems
6. Steal
data
© Copyright 2010 Hewlett-Packard Development Company, L.P. 7
THE DIGITAL THREAT ENVIRONMENT Human
errors
Hackers
Extortion
Industrial espionage
Cyber-terrorism
Insiders/Employees
Cyber-theft
Cyber-activism
Natural disaster
s
Service providers
Cyber-fraud
Cyber-warfare
Crime-ware tools and services marketplace
Computer
failures
© Copyright 2010 Hewlett-Packard Development Company, L.P. 8
THE ATTACK ENVIRONMENT RESPONDS TOO QUICKLY TO NEW OPPORTUNITIES
New Technolog
y
Consumers &
Businesses Adapt
Attack environm
ent adapts
Security response
Varied Regulator
y response
© Copyright 2010 Hewlett-Packard Development Company, L.P. 9
HOW SHOULD COMPANIES RESPOND?– A number of suggestions on • Risk mitigation – realm of the IT department• Risk transfer – increasing opportunity to insure• Risk research – to deal with complexity
– Regular intelligent review of the digital threat environment and the business dependency on technology
– Need for more Collaboration, Communication and Co-operation to combat the threat environment
© Copyright 2010 Hewlett-Packard Development Company, L.P. 1010 © Copyright 2010 Hewlett-Packard Development Company, L.P.
THANK YOU