the state of cybersecurity in switzerland - fintechday 2017
TRANSCRIPT
BinaryEdge.ioBe Ready. Be Safe. Be Secure.
State of Cybersecurity in Switzerland
Focus on Cybersecurity, Data science and Machine
learning. Scale via software, automation and re-usable
technology.
HEADQUARTERS
ENGINEERING TEAM
ENGINEERING TEAM
ZÜRICH, SWITZERLAND
BINARYEDGE
WHO ARE WE?
DATA SCIENCE
MSc Pharmaceutical Sciences.
Ana BarbosaBSc Computer Engineering.
Florentino BexigaMSc Biophysics and
Biomedical Engineering.
Filipa Rodrigues
MSc Telecommunications and Informatics Engineering
CTOMarco Silva
ENGINEERING
BSc ComputerEngineering.
Pedro Fernandes
CEOMSc by Research
Computer Security and Forensics.
Tiago HenriquesManaging Partner at
Bär & Karrer AG. EntrepreneurPhD in Law,
Attorney at Law.
Till SpillmannHead of Finance at
UBS WM Switzerland MSc Biochemistry.
Pekka Jäckli
MANAGEMENT
WHAT WE DO
INSURANCEBANKING PHARMA
WHAT WE’RE GOING TO TALK ABOUT TODAY
SECURITY OF A COUNTRY: SWITZERLAND
https://blog.binaryedge.io
WEB: HEADERS
1,738X-XSS-PROTECTION
2,034X-CONTENT-TYPE-OPTIONS
100X-CONTENT-SECURITY-POLICY
9PUBLIC-KEY-PINS
67ACCESS-CONTROL-ALLOW-ORIGIN
967REFERRER-POLICY
3,493X-FRAME OPTIONS
995STRICT-TRANSPORT-SECURITY
.ch websites218,710
DATA EXPOSED BY SWITZERLAND (VS. WORLD)
131 IP addresses out of 59,370
31.5 GB of data exposed out of 66 TB
194 IP addresses out of 125,883
6.6 GB of data exposed out of 9.2 TB
21 IP addresses out of 16,203
107 MB of data exposed out of 1.3 TB
95 IP addresses out of 137,022
441 IP addresses38 GB of data exposed
AutomaticTank
Gauge
2,974
Niagara fox
2,110
dnp3
2,036
CODESYS
107
Ethernet/IP Packet
12
SiemensS7 PLC
devices
62
PCWorx
5
ProCon0s
0
BACnet
43
Modicon
2
OMRON
2
CSPV4
1
number of IPs
SCADAprotocol
CRITICAL SYSTEMS: DISTRIBUTION IN THE COUNTRY
FOUND IN SWITZERLAND
compromised email addresses
BANKING INDUSTRY
DATALEAKS
82121,294 1,324 90
BANK 1
41,676
BANK 2 BANK 3 BANK 5BANK 4
compromised email addresses
INSURANCE INDUSTRY
DATALEAKS
385
INSURER 6
6974,205 877 4155,574
INSURER 4INSURER 2 INSURER 3 INSURER 5INSURER 1
compromised email addresses
PHARMA 1 PHARMA 2 PHARMA 3 PHARMA 5PHARMA 4
DATALEAKS
PHARMA INDUSTRY
9,86626,988 16,395 3,51529,691
https://securityrating.io
When we heard this, we felt there was a need for an open-framework, where the formula to calculate these rat-ings is exposed to the public, so that, both a standard can be created and people can understand exactly how they are being rated.
No data Constant Changes How to Evaluate Cyber?
For over two years we've been collecting internet data and watched as IP Addresses expose an ever growing number of services to the internet. We've also seen over the last year a trend where insurance companies with products in cyber-insurance will create their own ratings. We started looking into these issues and by talking to the insurance companies we heard a common set of complaints:
SECURITY RATING
BANKING INDUSTRY
SECURITY RATING
0
�
�
�
�
�
�
5 10 15
5
10
15
20
25
30
35
Security Rating Bank 3
Number of IP Addresses
Secu
rity R
atin
g
0
�
�
�
�
4 6 8 10 12 14 16
5
10
15
20
Security Rating Bank 4
Number of IP Addresses
Secu
rity R
atin
g
�
�
�
�
�
�
�
�
0100 200 300 400 500 600
5
10
15
20
25
30
Security Rating Bank 1
Number of IP Addresses
Secu
rity R
atin
g
0
�
�
�
2 4 6 8 10 12
5
10
15
20
Security Rating Bank 5
Number of IP Addresses
Secu
rity R
atin
g
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
0200 400 600 800 1000
10
20
30
40
50 Security Rating Bank 2
Number of IP Addresses Se
curit
y Rat
ing
0
�
�
�
�
�
�
�
�
�
�
�
�
�
�
020 40 60 80 100 120
10
20
30
40
50
Security Rating Insurer 5
Number of IP Addresses
Secu
rity R
atin
g
�
�
�
�
�
�
�
05 10 15 20 25 30
5
10
15
20
25
30Security Rating Insurer 6
Number of IP Addresses
Secu
rity R
atin
g
�
�
�
�
�
5 10 15 20 25
5
10
15
20
25
30Security Rating Insurer 4
Number of IP Addresses
Secu
rity R
atin
g
INSURANCE INDUSTRY
SECURITY RATING
�
�
�
�
�
�
�
�
010 20 30 40
5
10
15
20
25
30Security Rating of Insurer 1
Number of IP Addresses
Secu
rity R
atin
g
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
01000 2000 3000 4000
10
20
30
40
50
60
Security Rating of Insurer 3
Number of IP Addresses
Secu
rity R
atin
g
0
�
�
�
�
�
�
�
�
�
�
�
5 10 15
10
20
30
40
50
60 Security Rating of Insurer 2
Number of IP Addresses
Secu
rity R
atin
g
SECURITY RATING
PHARMA INDUSTRY
�
�
�
�
�
�
��
� �
�
�
�
�
��
�
��
�
�
�
�
�
��
�
�
�
01000 2000 3000
20
40
60
80 Security Rating Pharma 1
Number of IP Addresses
Secu
rity R
atin
g
�
�
�
�
�
�
�
�
050 100 150 200 250 300
5
10
15
20
25
30 Security Rating Pharma 3
Number of IP Addresses
Secu
rity R
atin
g
0
�
�
�
�
�
�
�
�
5 10 15
10
20
30
40
50Security Rating Pharma 5
Number of IP Addresses
Secu
rity R
atin
g
�
�
�
�
�
�
�
�
�
�
�
�
�
�
050 100 150 200 250 300
10
20
30
40
50
60Security Rating Pharma 2
Number of IP Addresses
Secu
rity R
atin
g
BE READY. BE SAFE. BE SECURE.
BinaryEdge AGFreigutstrasse 40, 8001 ZurichSwitzerland
+ 41 78 713 40 00
CONTIGENCY THREAT SAFE IRRELEVANT