Cyber SecurityPutting technology back in the cage..

Tim Holman

CEO, 2-sec

26th February 2015

Tim Holman, CEO 2-sec

• 20 years security experience

• Cyber security, auditing, penetration testing, credit card security, ethical hacking, training, incident response

• The Times, Guardian, Computer Weekly, SC Magazine

• President ISSA-UK

• Fellow of ISSA

• Microsoft MVP Security

17/03/2015

Wall of Shame

• Apple, Dropbox, Snapchat, 2014, password guessing…• Home Depot, 2014, 56 million cards• eBay, 2014 – 145 million passwords• Facebook, 2013 – 6 million records• Adobe, 2013 – 41 million records• Target, 2013 – 110 million records• LinkedIn, 2012 – 6.5 million passwords• eHarmony 2012 – 1.5 million passwords• Sony Online, 2011 – 102 million records• Heartland Payment Systems, 2008-9 – 130 million records• National Archives & Records Admin, 2008 – 76 million records• TJX (TK Maxx), 2006-7 – 46 million records

17/03/2015

Where does all the data go?

YOUR information is for sale

• Credit Card + CCV - $3• Credit Card + CCV + DOB - $35• Credit Card + CCV + DOB + Address - $45

- Balance In Wachovia:………….24K To 80K==========180$- Balance In Boa………………….5K To 45K==========400$- Balance In Credit Union:………Any Amount:=========420$- Balance In Hallifax…………..ANY AMOUNT=========720$- Balance In Compass………….ANY AMOUNT=========700$- Balance In Wellsfargo……….ANY AMOUNT=========800$- Balance In Barclays………………8K To 10K=========550$- Balance In Abbey:…………………………82K ===========650$- Balance in Hsbc:…………………..50K========650$ and more

• Pay by MoneyGram, Bitcoin only please• 95% guarantee

Cyber Crime is BIG business

• High rewards for little risk:– 2bn+ potential victims (ie Internet users).

– Easy pickings.

• In 2013, Cyber Crime cost £266 BILLION.– It’s already overtaken the global narcotics trade:

• If cybercrime was a country, its GDP would rank 27th -above Singapore, Austria and Denmark.

• One British company told officials that it had incurred revenue losses of £770m because of one attack, through the loss of intellectual property.

Why me?

• Why us?

• We’re in the G8.

• We’ll always be targeted.

• We’ve valuable IP.

• To a hacker in a 3rd world country, we’re HNWIs.

• Hackers don’t care who you are, just what you have, or might have.

IP Theft

IP Theft

Military Systems

Industrial Control Systems

Medical Systems

Public Tenders

DNS

Liberating Technology

• Software, services and products are clearly released to the market in an insecure state.

– That’s how vendors make money.

• There’s no such thing as a vulnerability-free world.

– All major products – hardware and software, seem to be affected.

• If you’re going to buy the next big thing, think carefully as to what risks it will bring to your company.

Questions?

tim.holman@2-sec.com0844 502 2066