5. “Data Security Solutions” business card
Specialization – IT Security
IT Security services (consulting,
audit, pen-testing, market analysis,
system testing and integration,
training and technical support)
Solutions and experience portfolio
with more than 20 different
technologies – cyber-security global
market leaders from more than 10
countries
Trusted services provider for
banks, insurance companies,
government and private companies
(critical infrastructure etc.)
6. Role of DSS in Cyber-security
Development in Baltics
Cyber-Security Awareness Raising
Technology and knowledge transfer
Most Innovative Portfolio
Trusted Advisor to its Customers
7. Cybersecurity Awareness Raising
Own organized conference “DSS ITSEC”
5th annual event this year
More than 400 visitors and more than 250 online
live streaming watchers from LV, EE, LT
4 parallel sessions with more than 40
international speakers, including Microsoft, Oracle,
Symantec, IBM, Samsung and many more –
everything free of charge
Participation in other events & sponsorship
CERT & ISACA conferences
RIGA COMM exhibition & conferences
Roadshows and events in Latvia / Lithuania /
Estonia (f.i. Vilnius Innovation Forum, Devcon,
ITSEC HeadLight, SFK, business associations)
Participation in cyber security discussions, strategy
preparations, seminaries, publications etc.
8. Innovations – technology & knowledge transfer
Innovative Technology Transfer
Number of unique projects done with
different technology global leadership
vendors
Knowledge transfer (own employees,
customers – both from private & public,
other IT companies)
Areas include:
Endpoint Security
Network Security
Security Management
Application Security
Mobile Security
Data Security
Cyber-security
Security Intelligence
13. AGENDA – IT Security basics in 20 min
Introduction of DSS and speaker
Prologue: Digital World 2014
The Saga begins – Cyber Criminals
Introduction & business card
Business behind
Examples
The Story Continues – Targets of Cyber
Criminals
Individuals
Business Owners
Government
Value of Information Security for business
Risk management
Technology
Conclusion
Q&A (if time allows)
15. Prologue: Some new technologies
3D Printers
Google Glasses (“glassh**es)
Cloud Computing
Big Data & Supercomputers
Mobile Payment & Virtual Money
Robotics and Intraday Deliveries
Internet of things
Augmented Reality
Extreme development of Aps
Digital prototyping
Gadgets (devices) & Mobility
Technology replace jobs
Geo-location power
Biometrics
Health bands and mHealth
Electronic cars
Avegant Glymph and much, much
more
20. New EU Data Protection reform (March’14)
The same rules for all companies – regardless of their
establishment: Today European companies have to adhere to
stricter standards than their competitors established outside the
EU but also doing business on our Single Market. With the
reform, companies based outside of Europe will have to apply the
same rules. European regulators will be equipped with strong
powers to enforce this: data protection authorities will be able to
fine companies who do not comply with EU rules with up to
2% of their global annual turnover. European companies
with strong procedures for protecting personal data will have a
competitive advantage on a global scale at a time when the issue
is becoming increasingly sensitive.
Source: http://europa.eu/rapid/press-release_MEMO-14-186_en.htm
26. Disaster in technology world - NSA
Governments write malware and
exploits (USA started, others follow..)
Cyber espionage
Sabotage
Infecting own citizens
Surveillance
Known NSA “partners”
Microsoft (incl. Skype)
Apple
Adobe
Facebook
Google
Many, many others
Internet is changing!!!
Questions, questions, questions!
USA thinks that internet is their
creation and foreign users should
think of USA as their masters…
28. Bright future of the internet way ahead..
1995 – 2005
1st Decade of the
Commercial Internet
2005 – 2015
2nd Decade of the
Commercial InternetMotive
Script-kiddies or hackers
Insiders
Organized crime
Competitors, hacktivists
National Security
Infrastructure Attack
Espionage
Political Activism
Monetary Gain
Revenge
Curiosity
31. Mobility and Security (cont.)
McAfee 2013 Q1 Threats Report
Federal Reserve Survey March 2013
Mobile Malware
Explodes
Mobile banking
adoption rising
End users fall victim
to mobile attacks
46. The Sage Continues: Targets
National
Security
Nation-state
actors
Stuxnet
Espionage,
Activism
Competitors and
Hacktivists
Aurora
Monetary
Gain
Organized
crime
Zeus
Revenge,
Curiosity
Insiders and
Script-kiddies
Code Red
48. Why hackers might want to “contact” You?
Business
Commercial espionage (financial, business and personal data)
An attack can stop the business, services (competition)
You are spam target
Your home page could be damaged
They can control and monitor you
They can change data in systems
Home page cross-scripting
Private person
You have the infrastructure for tests of new viruses and robots
You have server where to store illegal stuff (programs, files etc.)
They can do criminal activities using your computer
WiFi – they can just borrow the internet
You have the information which could be sold in black market
The results of damage
Financial (costs, data, market, value)
Reputation (customer, partner, HR)
Development and competitiveness
49. Conclusion: The Saga will continue anyway
For many companies security is like salt, people just
sprinkle it on top.
51. Think security first & Where are You here?
Organizations Need an Intelligent View of Their Security Posture
Proactive
AutomatedManual
Reactive
Optimized
Organizations use
predictive and
automated security
analytics to drive toward
security intelligence
Proficient
Security is layered
into the IT fabric and
business operations
Basic
Organizations
employ perimeter
protection, which
regulates access and
feeds manual reporting
53. Challenge for business ahead..
DROŠĪBAS PASĀKUMI
Costs Security costs
Optimum? Remaining part of risk
Security actions
Risks
New optimum?
Source: Māris Gabaliņš, The Art Of The Systems
54. Take-Away as conclusion
Security Maturity
Develop a Risk-aware Security Strategy
49% of C level executives have no measure
of the effectiveness of their security efforts
31% of IT professionals have no risk strategy
2012 Forrester Research Study, 2013 Global Reputational Risk & IT Study, IBM