2. The Expanding Internet – Past 15 years
2013THE SUPERHIGHWAY, Circa 1998
1 3
2
1
2
3
Analogy 1998 2013
Cars Billions (1,000,000,000)
60 mph
Quintillions (1,000,000,000,000,000,000)
60,000 mph
Lanes 4 4,000
On/Off Ramps Millions (1,000,000) Hundreds of Millions (800,000,000)
3. “Digital Currency”
Setting the Stage: The Global Economy
Global Overview
Broad Money
$65.5 trillion
Monetary Base
$16.1 trillion
Gold Reserves
$1.8 trillion
Capital stock
(bonds, stocks)
$212 trillion
U.S. Overview
Broad Money
$10.3 trillion
Monetary Base
$2.6 trillion
Gold Reserves
$462.8 billion
Combined Market Value
(bonds, Stocks)
$47.6 trillion
Approximate percentage
of digital currency in the
global market93.6%
Cash and gold available as
a proportion of banking &
commerce funds6.4%
Physical reserves
(printed money, gold, etc.)Sources: CIA World Fact-book as of YE 2011 ; Global Capital stock est. by McKinsey
FS-ISAC: For Official Use Only | 3
5. Developing Innovative Trends & Opportunities
Cloud
Social Digital
banking
45%
Ranking in top ten
strategic technologies
list, according to
Gartner
Mobile
of U.S. adults own a
smartphone
15%
annual growth of U.S.
Bank retail mobile
channel
1 Billion Approximate number
of users on Facebook
62%
of adults globally use
social media
1 Facebook-based
virtual bank, and
Facebook online
banking apps
New sign-ups for
Square’s smartphone-
based payment card-
processing service
2015
the year when online
banking becomes the
new norm
1m
phone owners used
mobile banking services
in last year21%
#1
$40 Billion
Estimated spend by
business on cloud
computing this year
Flexible…
Collaborative… Disruptive…
Enabling…
60%
of the public cloud will
serve software by 2016
PayPal account
holders100m
6. Setting the Stage: Social Media
Social networking
Content communities
Blogs / microblogs
Virtual / game worlds
Collaborative projects
Locational
Facebook
Most popular
1bn users
LinkedIn
Professionals
175m users
Google+
Integrated apps
500m users
Myspace
Entertainment
25m users
Klout
Measures influence
YouTube
Video
1tr views
Flickr
Image gallery
80m visitors
Pinterest
Scrapbooking
25m visitors
LiveJournal
User generated
1.7m users
DeviantArt
Art portfolios
36m visitors
Instagram
Photo editing
100m users
Twitter
Microblog
500m users
Tumblr
User generated
77m blogs
Huffington Post
News / political blogging content provider
54m visitors monthly
Steam
Service
54m users
Xbox Live
Microsoft
35m users
WoW
Gaming
10m players
Second Life
Virtual world
1m users
Habbo
Virtual chat
10m users
Reddit
Social news
43m users
Wikipedia
Crowd-sourced Encyclopedia
1.5bn users
Coursera
educational
1m students
Kickstarter
Virtual chat
73k projects
Foursquare
Mobile / geo
20m users Reposting/Retweeting: No delete key on the Internet
Smartphones
Geographic data Key tenet
*user counts approximate as of Nov 2012
8. Cybersecurity Threats: Actor Groups
• Cybercrime is a mature industry with marketing, support, advertising, R&D,
and economies of scale
Insiders
Hacktivists
Nation-states
• Can be difficult to detect
• Usually low-tech, relying on access privileges
• Responsible for 58% of all data stolen in 2011
• 2011 targets included CIA, FBI, Visa, MasterCard, Sony, Amazon, others
• Since 2010, nation-state linked malware increased from 1 to 9; 5 in 2012
• Malware for espionage, creating breach opportunities, even sabotage
Organized crime
9. Strategies Must Be Intelligence-Driven
Regulatory Intelligence
Expect we provide evidence of a STRONG
information security program
Employee Intelligence
Strive for excellence and are interested in
how and where they WORK.
Shareholder Intelligence
Require we protect revenue to enable
GROWTH
Business Line Intelligence
Require AGILITY and fast time to market to
meet business goals and customer demand
Cyber-Threat Intelligence
Exploit vulnerabilities and require the
capability of a MATURE prevention and
recovery response environment
Customer Intelligence
Place TRUST in us and demand we are
careful stewards of their data
FS-ISAC: For Official Use Only | 9
10. Threat Intelligence Service Architecture
Financial Industry
FS-ISACBITSFSSCC
Malware Intelligence
Vulnerability Intelligence
Microsoft
Vulnerabilities
MSDN
OWASPCommon
Vulnerabilities
& Exposures
Cyber Threat
Intelligence
Fraud & Phishing IntelligenceGovernment Agencies
Homeland Security USSS Other
Agencies
FBI
FS-ISAC: For Official Use Only | 10
11. Strategies Must Be Comprehensive
DEVICES
Are secure and patched regularly to keep secure over time
THIRD PARTIES
& VENDORS
Control parity is risk-based and
protections are appropriate
NETWORKS
Are monitored 24x7
IDENTITY & ACCESS
Is appropriate based on job role
INDUSTRY & PARTNERSHIPS
Provide actionable cost-effective threat
and risk intelligence
DATA & INFORMATION
Is secure at rest and in transit
CUSTOMERS & CLIENTS
Are educated on cyber-risks and their role
protecting their devices
APPLICATIONS
Are secure in development and
production
13. Cloud Computing: Real or Hype?
Both!
Next Phase of the Internet
Early „90s – Mid „00s: Compute
Connectivity (networks abound)
Mid „00s – Mid „20s: Compute Utility
Overhyped in the short term,
underhyped in the long term
Convert NY Times Articles
(1851-1922) TIFF->PDF
Nov 1, 2007 - Derek
Gottfrid – NY Times
“Thanks to the swell people
at Amazon, I got access to
a few more machines and
churned through all 11
million articles in just under
24 hours using 100 EC2
instances, and generated
another 1.5TB of data to
store in S3.”
14. Nightmare Scenario
June 2009 – UK IaaS provider, VAServ has 100,000
customer websites deleted at one time
Initial reports “attacked by zero-day exploit in version
2.0.7992 of the LXLabs-developed HyperVM.”
50% of VAServ customers lost all data:
Had opted for unmanaged service – no backups
CEO of HyperVM Suicide
Hypervisor Password
“Web Host Hack Deletes 100k Sites”
SOURCES
•http://en.wikipedia.org/wiki/HyperVM
•http://www.theregister.co.uk/2009/06/08/webhost_attack
•http://www.thewhir.com/web-hosting-
news/060809_Web_Host_Hack_Deletes_100k_Sites
15. Virtualized N-Tier Control Equivalence
“Old Way” “New Way”
HypervisorInternet
Users
Presentation
Layer
Data Layer
How do we
ensure control
parity?
Internet
Users
FW
WAF
NIDS / IPS
FW
WAF
NIDS / IPS
billion trillion quadrillion quintillionData measured in Terabytes now Exabytes | bandwith measured in Mbps now GbpsPackets per second move from hundreds of thousands to millionsDevices connected move from millions to hundreds of millionsGlobal internet users: 2,405,518,376internet users per 100 people 2003 12.3 2011 32.8Email 1999 400 million email accounts 2011 3.1 bn email accounts144,834 new urls every day – up 21% # of PCs in the world: 2000 164,596,6142004757,351,444 Secure Internet servers 2003 36.8(per 1 million people) 2011 183.9Hosts Jan 200072,398,092 Jan 2012 888,239,420Active sites: Jan 2000 7,542,571 Jan 2012 182,441,983Fixed broadband Internet 2003 1.7subscribers (per 100 people) 2011 8.6 Weighted Ave. 2000175.2 Mbps per 1 million peoplebandwidth: 2005 939.8 Mbps per 1 million peopleGlobal e-commerce: Dec 2011 $961 billionDataHumankind has stored more than 295 billion gigabytes (or 295 exabytes) of data since 1986, in 2007 we broadcast 1.9 zettabytes, or 1,900 exabytes, of information through technology such as televisions and GPS devices "That's equivalent to every person in the world reading 174 newspapers every day,"
This slide indicates relative proportions of physical/tangible assets (cash in circulation, mandated reserves, gold reserves – indicated by red circles) compared to ‘virtual’ funds that are either tied to commerce or banking (deposits, loans), where the money is entirely electronic (indicated by blue circles).As electronic representations of cash are considered equivalent to the physical notes (which in term are only representative of a perceived market value), there is nothing like enough physical monetary reserves (or gold reserves) to be able to cover the money held electronically. Broad Money (Actually “stock of broad money”). Stock of broad money – although includes short-to-medium-term liquid assets, reality is that this money (savings, loans, deposits, money markets) is not realizable in physical terms – the nature of fractional reserve banking is that FIs are required to only have a proportion of money held or on loan in the form of actual physical reservesStock of Broad Money comprises of:Total quantity of demand deposits (current/checking)Total quantity of time and savings depositsCredit union depositsInstitutional money market fundsTotal quantity of currency in circulation (NOT INCLUDED IN THIS FIGURE – we have subtracted it here as we account for it separately in the Monetary Base). The Stock of Broad Money figures come from CIA World FactbookThis entry covers all of "Narrow money," plus the total quantity of time and savings deposits, credit union deposits, institutional money market funds, short-term repurchase agreements between the central bank and commercial deposit banks, and other large liquid assets held by nonbank financial institutions, state and local governments, nonfinancial public enterprises, and the private sector of the economy. National currency units have been converted to US dollars at the closing exchange rate for the date of the information. Because of exchange rate movements, changes in money stocks measured in national currency units may vary significantly from those shown in US dollars, and caution is urged when making comparisons over time in US dollars. In addition to serving as a medium of exchange, broad money includes assets that are slightly less liquid than narrow money and the assets tend to function as a "store of value" - a means of holding wealth.Global OverviewVIRTUAL CAPITALCapital stock (bonds and stocks) - $212 trillion – McKinseyStock of Broad(M2+) Money - $81.61 trillion – CIA World Factbookstock of narrow (M1) money - $25.64 trillion – CIA World FactbookGlobal Monetary Base - $16.1 trillion – ballpark figure generated using data from a recent economics paper applied to Gross World Product of $69.99 trillion (CIA World Factbook) Approximately 23% of Gross World Product estimated using data from the paper Global Excess Liquidity & Asset Prices In Emerging Countries, A PVAR Approach (University of Bordeaux & Banque du France, Jan 2012)LIQUID RESERVE1,008.22 fine troy ounces in millions pegged to September 16 $1770 po -~1.785 trillion dollars - IMFAdditional figures (not used in diagram above)Gross World Product - $69.99 trillion Global Debt - $69.08 trillionU.S. OverviewMarket value of publicly traded shares - $15.64 trillion (CIA WF)Bond Market size (govt, municipal, agency, corp, mortgage) - $32.3 trillion (wikipedia, q2 2011) – this was combined with share valuation above to get 47.6 trillionStock of Broad Money - $12.99 trillion (CIA WF)Monetary base - $2.653 trillion (Fed Reserve) Fed Gold Holding (Dec 2010) -8,133.5 tons *$1770 troy ounce - $462.85 bn (Wikipedia)Info from:CIA World Factbook – All dates are December 31, 2011 unless stated otherwise.McKinsey Global Institute – Mapping Global Capital Markets Report 2011IMFAdditional figures (not used in diagram above)IMF figures for US - 141,512 billion financial assets – 46310 bn tangible assets – 12/31/2008U.S.D. Cash in circulation as of September 2012 - $1.127 trillion (Federal reserve) – included in Monetary baseUSA Stock of Narrow Money - $2.324 trillion (CIA WF)
Mobile: Pew Research Statistics, September 11, 2012 – 45 % of American adults own smartphones, up 10% from May 2011. They are particularly popular with young adults and those living in relatively higher income households; 66% of those ages 18-29 own smartphones, and 68% of those living in households earning $75,000 also own them.Some features we offer…Pay A Person transfersDepositPoint check depositInstant Credit appsMobile Wallet testingMobileWeb Pay A Person – transfer cash to individuals simply and easily, from checking to the person’s email or phone. DepositPoint – you can photograph a check and it deposits instantly. Additional apps include - Instant Credit Apps now on Android and iPhone – US Bank partnered with various retailers like REI & Aces Hardware to make it a snap to apply for credit cards in partner retail stores without the inconvenience of paperwork - the credit is available instantly.Cashless payments are next step, and USB has tested mobile wallet technologies that turn your smartphone into a debit card stand-in.“Susan Crawford, Harvard professor and formerly a special assistant for technology policy for President Barack Obama, points out that, “There is nothing more imaginary than a monetary system. The idea that we solemnly hand around printed slips of paper in exchange for food and water shows just how trusting and fond of patterned behavior we human beings are. So why not take the next step? Of course we'll move to even more abstract representations of value.”Pew Research Panel on the Future of Money in a Mobile Age – April 2012.Social media: 62% figure from March 28, 2012, from a survey conducted by Ipsos/Reuters. Increased our Facebook “likes” from 12,763 in April 2012 to 30,706 in August We use for CRM, awareness and promotion, marketing, reputation management, customer education (Tami) etc.ASB Bank in New Zealand has had a Facebook-based virtual bank presence for two years where you can use an app to talk with a service specialist in real time. FB is working with various banks to enable apps that allow people to make payments to third parties, etc.Digital BankingFuture is: Convenient & easyLower costAlways availableAccessible through multiple channels"Digital Banking to Be the Norm By 2015" -PricewaterhouseCooper (PwC), Jan 16, who say:The "digital tipping point" where more customers are expected to do their banking through online/digital means is estimated to be the year 2015.67% of Generation Y respondents currently use or were looking to use mobile bankingRoughly 2/3 of respondents said that they would be willing to pay nominal fees for use of these expanded digital services."To grow revenues and combat high customer inertia, banks need to focus on attracting the next generation of customers – which will be largely made up of Generation Y and the unbanked population. For these customers, a bank's digital services will be more central to their decision-making process than branch location or even brand.""The banks that provide a differentiated digital experience, with advice and relationship management elements tailored to the individual customer, will secure deeper engagement and more profitable relationships with their customers."Square: http://www.economist.com/node/21554744 - disruptive because it lowers cost of reader-ownership. Vendor actually provides the reader for free.
FraudstersHacktivistsNationsCyber-threats evolving dramaticallyTechnology advancements allow sophisticated cyber-attacksCyber-hacktivism now a major threatNation-state support a game changerNeed for actionable public-sector intelligence at all time high
Hacktivists – 58% figure from VerizonTypical pattern has two phases:stealthy investigation/infiltrationSwarming attacks to exploit vulnerabilities and/or bring down servershttp://threatpost.com/en_us/blogs/average-web-app-attacked-every-three-days-080812Threats to computing resources and data have changed significantly in the past 12-18 months. Insiders have caused major issues for many corporations. Hacktivists have used “botnets” (millions of computers under the control of an individual or group) to cause disruption to marquis sites like Visa, Mastercard, FBI, and US Department of Justice for the purpose of furthering political agendas. Organized crime has moved from a part-time market to full-time criminal corporations employing tens of thousands of people whose full-time jobs are to write viruses, exploit bugs in commercial software, distribute point-and-click hacking tools and services to less-skilled criminals, send SPAM email campaigns, rent-time on stolen computer networks, and package and distribute stolen personal records and banking information. Meanwhile, many nations have realized the asymmetric power of attacking enemies with computer-based weapons like Stuxnet, Duqu, and Flame malware which were reportedly designed to shut down nuclear enrichment facilities in the middle east. Putting this in perspective, over 100 countries have recently developed cyber-fighting capabilities and 36 countries now have formal military doctrines around cyber-warfare.