SlideShare uma empresa Scribd logo

Get Prepared

Hewlett Packard Enterprise Business Value Exchange
Hewlett Packard Enterprise Business Value Exchange

Cyber security predictions

Tecnologia
1 de 9
Baixar para ler offline
Business white paper Get prepared Cyber security predictions
Page 2 Table of contents 3 The (r)evolution of cyber security 3 The threat is real 3 Evolution of the adversary 3 Uncertain cyber leadership 4 Predictions tied to trends 4 Trend 1—Major mobile exploits 5 Trend 2—Open source vulnerabilities 5 Trend 3—Supply chain will remain a critical attack vector 6 Trend 4—Industry-sector attacks and malware 6 Trend 5— Privacy concerns drive greater legislation 7 Good news—there are answers 7 Technologies to watch into 2016 8 Hewlett Packard Enterprise Security—the solution 8 About the author and contributors Business white paper
Business white paper Page 3 The (r)evolution of cyber security The digitization and interconnection of society, and, in particular, critical infrastructures, increase the risk of accidental or deliberate cyber disruptions. International cyber criminals go unpunished and an escalating cyber arms-race threatens global and regional stability. Let’s look at the trends and predictions for cyberspace over the next 18 months. The threat is real There are tectonic shifts occurring in cyberspace, from mobility to wearable technology. Those shifts drive even larger changes in the threat landscape and in how enterprises respond. The potential impact of cyber-attacks and disruptions is increasing due to continuing digitization of existing business models and adversary groups’ desires to disrupt information flows. The lack of technology sustainability and increasing connectivity are now frequently seen as a threat to society and enterprises. CEOs and business leaders recognize the importance of cyber risk and managing breaches in an effective manner. Digital privacy is now a major topic in most nations, and organizations are under pressure to regulate data collection and surveillance. Evolution of the adversary Cyber activity levels will continue increasing, and more and varied players will become involved. Cybercrime affects 378 million victims per year, with an average of 12 users falling victim every second of every day. At an average cost to each individual of $298, cybercrime has become much more than a nuisance. For companies, the average cost of cybercrime is staggering, at a whopping $7.4 billion (USD).1 We also believe this number to be significantly under reported, due in part to the sensitivity of reporting and the negative impact to brand reputations. It’s clear that cyber criminals have evolved drastically over the past decade. These days, they join forces in an online marketplace where they share and sell tools, tactics, and targets—all aimed at stealing financial information, intellectual property, and private data. These online adversaries specialize around different facets of the cyber-attack chain; working together to create, share, and act on security intelligence to exploit organizations. Uncertain cyber leadership Research, done by HPE in tandem with The Economist Intelligence Unit, found that only 33% of CEOs have a single view of information risk across their organization, and only 28% were able to attribute a monetary value to their information assets.2 Such a limited view should drive Plan for the worst; fight for the best Combatting cybercrime requires an integrated security approach, incorporating proactive planning and risk management strategies to lower risk exposure, reduce security-related costs, and gain greater control. It’s time to invest more in prevention and real-time threat detection for the application layer, and hardware and software interface. Every action in the physical, business, and interpersonal world is increasingly transacted, captured, and reflected in digital form. This increases the new challenges being faced—ranging from storing, securing, and managing information, to the bigger challenge of how to extract value from it while guaranteeing privacy, security, and data ownership. 1 Ponemon: Cost of Cyber Crime Report, 2015 2 Information Risk: Managing digital assets in a new technology landscape, The Economist Intelligence Unit Limited, 2013, http://www. economistinsights.com/sites/default/files/EIU%20 information%20risk%20white%20paper%20-%20 managing%20digital%20assets%20in%20a%20 new%20technology%20landscape%20WEB.pdf Major mobile exploits Open-source vulnerabilities Compromised supply chain Major mobile exploits Major mobile exploitsMajor mobile exploits Open-source vulnerabilities Compromised supply chain Major mobile exploits Open-source vulnerabilities Industry-sector attacks Increased privacy pressure
Business white paper Page 4 Figure 1: The adversary attack ecosystem organizations to step back and assess the state of their defenses, and, if necessary, launch a full security improvement program that might include capability maturity assessments, cyber-risk profiling, and incident-response planning. In a recent HPE and Ponemon Institute survey, 79% of senior business leaders said executive or board-level involvement is needed in the incident-response process. However, there is widespread disagreement about how that involvement should take shape. Only 44% rated their breach response plan as mature and proactive.3 Recent high-profile attacks, regardless of who’s responsible, indicate the extent to which even mature organizations are ill prepared, and senior executives can be embarrassed. Improved response, especially at the executive level, is required. However, this does not bode well with the skilled manpower shortage, now a trend in the security market. In fact, in a recent study from HPE and Frost Sullivan on adoption trends for Managed Security Services, 52% of the respondents identified staff shortages and insufficient training as primary impediments to effective security management.4 In short, organizations need to think innovatively as to how services and capabilities will be delivered and by whom. Predictions tied to trends Every organization is different in its own way, but all operate within the broader cyber-threat landscape and face similar challenges doing business in the digital economy. The advent of the collaborative threat market place, where sophisticated actors share best practices and hone their attacks, should be a wake-up call for organizations globally. Organizations are stimulated to act, but many continue to “go it alone” with reactive strategies. In doing so, the risk to those organizations grows. However, by building scenarios about what may happen, organizations and their security partners can model the threat response and address key risk areas. Trend 1—Major mobile exploits Mobility is not only a fact of life in today’s enterprise—it can be a key competitive advantage. Yet, it brings unique security challenges that combine technical, behavioral, and operational aspects. There are a number of trends flowing together that make it more likely that the next 18 months will see an increase in mobile-based breach incidents. The line between work and personal life is evaporating as enterprise and consumer experiences continue to meld. The average person moves between three to five personal devices throughout a day, including laptop, smartphone, and tablet. Now, with the introduction of wearable technology, the sensor— 3 Ponemon, “Cost of Cyber Crime Report,” October 2014 4 HPE and Frost Sullivan, “The HPE Global 2015 State of Managed Security Services Report”, July 2015 Infiltration Discovery Capture Exfiltration Firewall Stolen data Adversary Research
Business white paper Page 5 such as augmented reality smart watches/bands, and smart home energy/home entertainment, there’s even more to secure. Additionally, an increasing number of vulnerabilities have been discovered in Android-based systems, exposing additional attack points and complicating support. There hasn’t been a major mobile breach yet, but it’s only a matter of time. In 2014, for example, Android saw targeted attacks using mobile devices on iOS. There was also the start of attacks on mobile cloud services, with a celebrity photo-hacking scandal attracting significant attention. This trend won’t bypass cyber adversary groups; 2015 may be the year of mobile spear- phishing and mobile Advanced Persistent Threats (APTs). New mobile functionality and form factors will make them a potential route to greater riches than can be delivered from just the device. Personal health information, geolocation, e-wallets combined with near-field communications, wearable integration, online payment systems, and access to cloud data or corporate applications create a lucrative and high-risk information store to exploit. Contactless payment systems also offer potential growth areas for attackers as a financial target. The increasing number of devices attached to increasingly complex networks, often out of an organization’s direct control, will provide more entry points to targets that matter. Recommendation: Know how users in your organization want to use their devices and ensure they understand the security issues. Also, make sure they’re protected with basic defenses such as strong passwords and the correct endpoint protection. Consider enterprise identity and access gateways to enforce corporate polices while supporting consumer choice. Trend 2—Open source vulnerabilities During the last 12 months, vulnerabilities were found in key applications and functions based on open source software—Shellshock and HeartBleed come to mind. The most common vulnerabilities will still be found amid the main commercial software vendors’ products. But, as their response to security becomes stronger, adversary research for vulnerabilities in softer target areas will increase. We have seen zero-day vulnerabilities increase over the past few years, expanding from traditional commercial off-the-shelf software to open source code that has become part of many organizations’ infrastructure—from Linux® Kernel, to GNU Utilities, Apache, and MySQL. Typically, businesses turn to open-source software as it’s generally free, continually evolves in real time, avoids vendor lock-in, and can be easily adapted. It does, however, have some disadvantages versus proprietary software, which focuses on usability, documentation, governance, and support. The major disadvantage with open systems: Many people identify bugs, and malicious users can exploit these vulnerabilities. Recommendation: It’s important organizations understand where they use open-source software and identify the significance to their business. This may require a refresh of your policies—on use, implementation, and software updates. Where a risk is identified, but not clearly defined, additional application and vulnerability testing should take place—especially when an Internet-facing function is involved. Trend 3—Supply chain will remain a critical attack vector Cyber criminals typically look for the weakest link—the most efficient, easiest way into a system; the majority of the time, suppliers are the easiest way in. Remember the headline-grabbing data breaches involving Target, AutoNation, Lowes, and ATT—all have been linked to their trusted third-party vendors as the origin of compromise.
Business white paper Page 6 The sheer breadth, scope, and interconnectedness of the global supply chain severely hampers efforts on the defenders’ side. By its very nature, it’s highly fragmented. Large enterprises are getting better at security, so criminals are turning to their partners’ networks instead. Generally, these organizations have fewer security controls, making them easier to exploit. They also hold network credentials that can be stolen. Contracts of all sizes have risks associated with sharing information. And all suppliers share information with their vendors. Even if the contract is with a small supplier for an indirect category, it carries risk. So can a top-10 critical suppliers list—even if you make sure they’re secure; that list might change or grow, or some random website created by a third party that wasn’t in the top 10 may be the risk. Recommendation: Enterprises, like yours, must consider the security governance and compliance policies of their suppliers as a key component of their overarching enterprise security approaches, including annual reviews, enforcement, and reporting. Current governance programs may require adding staffing or even outsourcing to accommodate increasingly extended supply chains. Trend 4—Industry-sector attacks and malware Over the past few years, we’ve seen ever-increasing adversary specialization in attackers’ techniques and targeted companies. An example of this was Dragonfly in 2014. This was a concerted campaign to target hundreds of energy companies in North America and Europe. It included a range of sophisticated and blended attacks aimed at organizations that use industrial control systems to manage electrical, water, and oil and gas systems. Today, it isn’t just the traditionally high-value industry sectors of financial services, telecommunications, and transportation getting targeted. There’s a new wave of sector-specific attacks and malware aimed at transportation, business process suppliers, healthcare, and manufacturing. Those planning attacks will aim at the easiest and most lucrative targets to maximize their opportunity. The more detail around an individual profile, the greater the information’s value, the better the return on investment. Criminal gangs specialize in particular industry sectors and supply chain elements. Those with healthcare information, just like those in retail, hold a wide range of information around an individual, which makes them attractive to attackers. The market for credit card data will mature into one offering individual profile data. Groups of credit card data are now being categorized into region/ZIP code and sold to maximize the time value of the stolen credentials. Even sectors such as transportation are proving tempting, with particular focus on loyalty program data and self-service check-in kiosks as sources of valuable user data. Most ports and terminals are managed by industrial control systems, which have, until very recently, been left out of the CIO’s scope. Historically, this security hasn’t been managed by company CISOs, and maritime control systems are very similar. As a consequence, improvements that many companies have made to their corporate cyber security to address the change in the threat landscape over the past three to five years haven’t been replicated in these environments. Recommendation: Ensure all defenses that already exist meet your organization’s needs and provide the best brand protection possible. Start with assessing physical and operational security stakeholders. Adopt measures from leading sectors, for example, financial and retail, and adopt a continuous monitoring approach. Finance and banking The finance industry is one of the main target pillars of cyber security. Due to the industry’s nature, the lucrative sector lures hackers and cyber criminals originating from multiple disciplines throughout the world, some of which are either crime syndicates or well-founded organizations. Telecom and media Telecom and media organizations hold the foundation and the infrastructure facilitating data communication on the planet. From wireline to wireless communication, these services need special protection that emerged in the cyber decade and have constantly evolved ever since. Critical infrastructure Protecting critical infrastructure elements becomes a key factor in industrial control system (ICS) defense strategies. SCADA and DCS systems govern the logical to physical elements that control our daily lives. General IT Today, the ever-changing and evolving technologies trends and threats present new challenges for organizations with any IT infrastructure.
Business white paper Page 7 5 BBC, “General election 2015: Youth vote ‘could be key to win,’” Dec. 29, 2014, bbc. com/news/uk-politics-30620164 6 Pew Research, “Public Perceptions of Privacy and Security in the Post-Snowden Era,” November 2014, http://www.pewinternet. org/2014/11/12/public-privacy-perceptions/ Trend 5—Privacy concerns drive greater legislation As governments grapple to improve cyber-security maturity and manage data privacy across domestic and sometimes geo-political digital landscapes, regulation and oversight are on the rise. In the last 12 months, nation-state attacks and related disclosures led to a number of governments taking a stronger interest in security and privacy issues. Specific legal requirements—for specific vertical industries such as power and energy, and healthcare—now have to be implemented, bringing them in line with the pressures that have existed for the financial sector for some years. The public mood is also changing; increased use of technologies such as cloud processing and storage requires a greater understanding and clarity of jurisdictional boundaries and the ability to clearly express these to customers and regulators. The Internet of Things (IoT)—everything connecting to everything via the Internet—will drive even more sources of individual data capture, for example, the rollout of ubiquitous solutions such as smart metering. A recent report by the BBC in the UK showed online privacy as being one of the highest topics on the political agenda for first-time voters.5 This trend is also appearing in the U.S., where recent polls show that more than 90% of Americans think that consumers have lost control of their personal data.6 This will drive even more political attention to this topic. Recommendation: Understand what individual data is held through privacy assessments to ensure you have a robust data-loss prevention capability in place. The applications that access and process data will need consistent testing routines. Also, assess and understand your data “crown jewels”—don’t just let compliance drive data protection. Understand and take advantage of suppliers’ Safe Harbor agreements to not overly complicate global operations and risk overlooking real security needs. Good news—there are answers It’s not all doom and gloom as new defense capabilities come to the forefront. So perhaps the biggest challenge or opportunity that security professionals face is understanding these and ensuring that the need is reflected in future budget cycles, including investments in strategy, design, and skills acquisition. • Security intelligence continues to grow, and the concept of trust between parties is being automated. Being able to share intelligence data on attacks between specific parties such as a group of similar organizations in the same vertical must be a priority. • Big Data and automated analysis will become increasingly available to identify the most subtle APT. This is needed to cope with the huge increase in scale created by the sheer growth in users, attack vectors, and targets. • Cooperation and collaboration between security players will start and enable linked- up services. More of these will be based in the cloud, enabling more rapid and scalable deployments through integration and automation. • New technology solutions are gaining traction; this provides greater insight into who’s logging in and using your data. This, when combined with the capabilities provided by Big Data, will enable organizations to identify errant users with greater granularity and speed—by using fraud and behavioral analysis. Technologies to watch into- 2016 “Signatureless” APT and anti-malware technologies are getting more and more mature. Besides their current network and desktop/notebook focus, they are now extending into the mobile space. With dramatic trends toward IoT, more and more security technologies and services are IoT—Connected consumer/person. Connected home. Connected with existing stakeholders. To ensure security, assess early projects, and embed “enterprise view” for risk management early in project lifecycle.
Business white paper Page 8 moving into the cloud. Instead of having them locally installed, they’ll more likely be consumed as a Service. From a technology point of view, the technologies used aren’t necessarily new, but they’re getting virtualized and made available from everywhere. The business model is also changing with a focus toward pay for use. In the identity and access management (IAM) arena, there’s a similar move toward cloud. With the New Style of Business, and a focus on mobility and cloud, IAM services are shifting and enabling companies to provision and manage identities within all these platforms. The technologies used are not totally new; they’re adapting to the new challenges of the innovation economy. Final prediction: Enterprises and governments will have a constant demand for increased and better managed security. Hewlett Packard Enterprise Security—the solution Hewlett Packard Enterprise Security focuses on securing future agencies and enterprises in the ever-evolving connected world. We are committed to enhancing defenses against the many evolving cyber threats to governments, individuals, commerce, and critical global infrastructure by developing international standards, policies, and legislation that encourage outcome-based approaches to cyber security. Hewlett Packard Enterprise Labs is leading major new research that addresses how cloud service providers use and protect personal and confidential information in the cloud. Our TrustCloud project addresses key issues and challenges in achieving a trusted cloud environment. In addition, under the Dynamic Defense research project, Hewlett Packard Enterprise Labs also tackles the application security problem by developing technologies that present a constantly changing surface to attackers, limiting their ability to detect and exploit vulnerabilities. The HPE cyber-security capability covers 67 countries across all industry verticals. Our 5000 security professionals manage more than 10,000 enterprise clients and see 100 billion security events each month. HPE security research identifies more zero-day vulnerabilities than anyone else7 and has a community of 2800 cyber researchers globally. Our 10 Global Cyber Security Centers enable us to deliver an end-to-end security capability anywhere in the world and share threat intelligence instantaneously. At HPE, we have over 1000 security consultants who advise, transform, and manage adoption of new cyber capabilities, processes, and technologies. Learn more at hp.com/enterprise/security About the author and contributors Andrzej Kawalec Andrzej Kawalec, chief technology officer, Enterprise Security Services, HPE, is responsible for information security strategy, solutions, portfolio, and market-facing activities. Kawalec leads a global research and innovation team that focuses on cloud, consumerism, cyber security, and business risks surrounding information security systems, policies, users, and processes. A recognized leader in security and business-continuity planning, Kawalec is a frequent speaker at industry events. Hewlett Packard Enterprise Security Research publishes free security summary briefings available to the public on our website and iTunes, which provide the most current security intelligence available. HPE also launched the Threat Central Partner Network, where a collection of like-minded companies share cyber intelligence with the larger community to identify and stop attacks before they start. 7 hp.com/t5/HP-Security-Research-Blog/ ZDI-10-10-fascinating-factsabout-10-years-of- bug-hunting/ba-p/6770127#.VcP-P9h0yHs
Business white paper Rate this document Sign up for updates Richard Archdeacon Richard Archdeacon, chief technologist, Information Security Strategy, HPE, leads the development of new strategic concepts and solutions in the cyber market. He came to HPE with 25 years of experience in consulting with major corporations across Europe, the Middle East, and the U.S. Archdeacon served on the IAAC board and IISP Accreditation Committee, and holds an MBA from Cranfield University. He is currently an industry advisor to Coventry University for their new MBA program in cyber security. Simon Ian Arnell Simon Ian Arnell, chief technologist, Research and Development, HPE, worked within the Enterprise Security Services organization in pre-sales, delivery, innovation, and thought- leadership capacities. He frequently hosts C-level clients at our Hewlett Packard Enterprise Labs Executive Briefing Center, enabling him to validate research and development concepts with services previews and pilots. Arnell architected a number of enterprise security services and filed a number of supporting patents in security software, security Big Data analysis, and software-defined systems. Rhodri Davies, PhD Rhodri Davies, chief technologist, Managed Security Services, HPE, specializes in designing security services. Davies works with a variety of HPE client organizations—large and small. He examines how they currently manage information security and gives them advice on how to best protect themselves in the future. Prior to entering the commercial sector, Dr. Davies worked as a post-doctoral researcher at the University of Manchester in the United Kingdom. Andreas Wuchner Andreas Wuchner, chief technologist, Security Innovation, HPE, is a recognized practitioner with 20 years of experience in information security, IT security, and IT-risk management. Before joining HPE, Wuchner was the CIO security technology and a managing director for UBS in Switzerland, where he also served as group information security officer (GISO) and head of IT Risk Control within the bank. He has a master’s degree in electronics and computer science from the University of Applied Sciences in Offenburg, Germany. © Copyright 2015 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for HPE products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HPE shall not be liable for technical or editorial errors or omissions contained herein. Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries. 4AA6-0910ENW, November 2015, Rev. 1

Recomendados

Plan for the Worst; Fight for the Best
Plan for the Worst; Fight for the BestPlan for the Worst; Fight for the Best
Plan for the Worst; Fight for the BestHewlett Packard Enterprise Business Value Exchange
 
Cyber Security Infographic
Cyber Security InfographicCyber Security Infographic
Cyber Security InfographicBooz Allen Hamilton
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRBill Besse
 
The Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian OrganizationsThe Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian OrganizationsScalar Decisions
 
Strengthening Security with Continuous Monitoring
Strengthening Security with Continuous MonitoringStrengthening Security with Continuous Monitoring
Strengthening Security with Continuous MonitoringBooz Allen Hamilton
 
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...Microsoft
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITEnvision Technology Advisors
 
The Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian OrganizationsThe Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian OrganizationsBrian Rushton-Phillips
 

Recomendados

Plan for the Worst; Fight for the Best
Plan for the Worst; Fight for the BestPlan for the Worst; Fight for the Best
Plan for the Worst; Fight for the BestHewlett Packard Enterprise Business Value Exchange
 
Cyber Security Infographic
Cyber Security InfographicCyber Security Infographic
Cyber Security InfographicBooz Allen Hamilton
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRBill Besse
 
The Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian OrganizationsThe Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian OrganizationsScalar Decisions
 
Strengthening Security with Continuous Monitoring
Strengthening Security with Continuous MonitoringStrengthening Security with Continuous Monitoring
Strengthening Security with Continuous MonitoringBooz Allen Hamilton
 
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...Microsoft
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITEnvision Technology Advisors
 
The Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian OrganizationsThe Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian OrganizationsBrian Rushton-Phillips
 
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...Scalar Decisions
 
Whitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationWhitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationNexon Asia Pacific
 
Top Risks of Enterprise Mobility
Top Risks of Enterprise MobilityTop Risks of Enterprise Mobility
Top Risks of Enterprise MobilitySymantec
 
The Three Pitfalls of Data Security
The Three Pitfalls of Data SecurityThe Three Pitfalls of Data Security
The Three Pitfalls of Data SecurityMarkLogic
 
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them SrikanthRaju7
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data SecurityImperva
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyScalar Decisions
 
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ... 2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...Proofpoint
 
Cost of Cybercrime Study in Financial Services: 2019 Report
Cost of Cybercrime Study in Financial Services: 2019 ReportCost of Cybercrime Study in Financial Services: 2019 Report
Cost of Cybercrime Study in Financial Services: 2019 Reportaccenture
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessAyham Kochaji
 
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOsGlobal Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOsArgyle Executive Forum
 
Cyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionCyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionRamón Gómez de Olea y Bustinza
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...Symantec
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks- Mark - Fullbright
 
Cyber security investments 2021
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021Management Events
 
The Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreThe Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreVeracode
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for InsuranceAccenture Insurance
 
Scalar security study2017_slideshare_rev[1]
Scalar security study2017_slideshare_rev[1]Scalar security study2017_slideshare_rev[1]
Scalar security study2017_slideshare_rev[1]Tracey Ong
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityRahul Tyagi
 
Time for co-operation
Time for co-operationTime for co-operation
Time for co-operationHewlett Packard Enterprise Business Value Exchange
 
Technology rethink for next generation loyalty programmes
Technology rethink for next generation loyalty programmesTechnology rethink for next generation loyalty programmes
Technology rethink for next generation loyalty programmesHewlett Packard Enterprise Business Value Exchange
 

Mais conteúdo relacionado

Mais procurados

2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...Scalar Decisions
 
Whitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationWhitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationNexon Asia Pacific
 
Top Risks of Enterprise Mobility
Top Risks of Enterprise MobilityTop Risks of Enterprise Mobility
Top Risks of Enterprise MobilitySymantec
 
The Three Pitfalls of Data Security
The Three Pitfalls of Data SecurityThe Three Pitfalls of Data Security
The Three Pitfalls of Data SecurityMarkLogic
 
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them SrikanthRaju7
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data SecurityImperva
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyScalar Decisions
 
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ... 2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...Proofpoint
 
Cost of Cybercrime Study in Financial Services: 2019 Report
Cost of Cybercrime Study in Financial Services: 2019 ReportCost of Cybercrime Study in Financial Services: 2019 Report
Cost of Cybercrime Study in Financial Services: 2019 Reportaccenture
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessAyham Kochaji
 
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOsGlobal Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOsArgyle Executive Forum
 
Cyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionCyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionRamón Gómez de Olea y Bustinza
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...Symantec
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks- Mark - Fullbright
 
Cyber security investments 2021
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021Management Events
 
The Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreThe Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreVeracode
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for InsuranceAccenture Insurance
 
Scalar security study2017_slideshare_rev[1]
Scalar security study2017_slideshare_rev[1]Scalar security study2017_slideshare_rev[1]
Scalar security study2017_slideshare_rev[1]Tracey Ong
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityRahul Tyagi
 

Mais procurados (20)

2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
 
Whitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationWhitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformation
 
Top Risks of Enterprise Mobility
Top Risks of Enterprise MobilityTop Risks of Enterprise Mobility
Top Risks of Enterprise Mobility
 
The Three Pitfalls of Data Security
The Three Pitfalls of Data SecurityThe Three Pitfalls of Data Security
The Three Pitfalls of Data Security
 
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data Security
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security Study
 
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ... 2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
 
Cost of Cybercrime Study in Financial Services: 2019 Report
Cost of Cybercrime Study in Financial Services: 2019 ReportCost of Cybercrime Study in Financial Services: 2019 Report
Cost of Cybercrime Study in Financial Services: 2019 Report
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-Effectiveness
 
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOsGlobal Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs
 
Cyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionCyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attention
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
 
Cyber security investments 2021
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021
 
The Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreThe Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t Ignore
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance
 
Scalar security study2017_slideshare_rev[1]
Scalar security study2017_slideshare_rev[1]Scalar security study2017_slideshare_rev[1]
Scalar security study2017_slideshare_rev[1]
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
 

Destaque

Destaque (14)

Time for co-operation
Time for co-operationTime for co-operation
Time for co-operation
 
Technology rethink for next generation loyalty programmes
Technology rethink for next generation loyalty programmesTechnology rethink for next generation loyalty programmes
Technology rethink for next generation loyalty programmes
 
Can customer experience thrive in the age of the io t
Can customer experience thrive in the age of the io tCan customer experience thrive in the age of the io t
Can customer experience thrive in the age of the io t
 
To Accelerate IT Innovation, Think like a Rocket Scientist
To Accelerate IT Innovation, Think like a Rocket ScientistTo Accelerate IT Innovation, Think like a Rocket Scientist
To Accelerate IT Innovation, Think like a Rocket Scientist
 
EFMA & HP: Evolution of the Workplace in Financial Services
EFMA & HP: Evolution of the Workplace in Financial ServicesEFMA & HP: Evolution of the Workplace in Financial Services
EFMA & HP: Evolution of the Workplace in Financial Services
 
The Path to Self-Disruption
The Path to Self-DisruptionThe Path to Self-Disruption
The Path to Self-Disruption
 
Customer Experience in the Age of the Internet of Things
Customer Experience in the Age of the Internet of ThingsCustomer Experience in the Age of the Internet of Things
Customer Experience in the Age of the Internet of Things
 
Hp pultik 1000x1000_out_en
Hp pultik 1000x1000_out_enHp pultik 1000x1000_out_en
Hp pultik 1000x1000_out_en
 
Cape to Cape Challenge Reveals Potentials: Big Data Analytics for the Car of ...
Cape to Cape Challenge Reveals Potentials: Big Data Analytics for the Car of ...Cape to Cape Challenge Reveals Potentials: Big Data Analytics for the Car of ...
Cape to Cape Challenge Reveals Potentials: Big Data Analytics for the Car of ...
 
Forrester Survey Reveals Rising Customer Expectations & Improving Efficiency ...
Forrester Survey Reveals Rising Customer Expectations & Improving Efficiency ...Forrester Survey Reveals Rising Customer Expectations & Improving Efficiency ...
Forrester Survey Reveals Rising Customer Expectations & Improving Efficiency ...
 
Game-Changers: CIOs on Digital Transformation
Game-Changers: CIOs on Digital TransformationGame-Changers: CIOs on Digital Transformation
Game-Changers: CIOs on Digital Transformation
 
Realize the Full Value
Realize the Full ValueRealize the Full Value
Realize the Full Value
 
Connecting the manufacturing industry
Connecting the manufacturing industryConnecting the manufacturing industry
Connecting the manufacturing industry
 
How to Deliver Value "Beyond the Pill"
How to Deliver Value "Beyond the Pill"How to Deliver Value "Beyond the Pill"
How to Deliver Value "Beyond the Pill"
 

Semelhante a Get Prepared

Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
 
Combating Cybersecurity Challenges with Advanced Analytics
Combating Cybersecurity Challenges with Advanced AnalyticsCombating Cybersecurity Challenges with Advanced Analytics
Combating Cybersecurity Challenges with Advanced AnalyticsCognizant
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2Adela Cocic
 
Kaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksKaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksConstantin Cocioaba
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecuritySpark Security
 
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...Invincea, Inc.
 
Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Javier Gonzalez
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeErnst & Young
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeNishantSisodiya
 
Final cyber risk report 24 feb
Final cyber risk report 24 febFinal cyber risk report 24 feb
Final cyber risk report 24 febmharbpavia
 
IBM 2015 Cyber Security Intelligence Index
IBM 2015 Cyber Security Intelligence IndexIBM 2015 Cyber Security Intelligence Index
IBM 2015 Cyber Security Intelligence IndexAndreanne Clarke
 
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018Panda Security
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceSymantec
 
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...Information Security Awareness Group
 

Semelhante a Get Prepared (20)

Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
Volume2 chapter1 security
Volume2 chapter1 securityVolume2 chapter1 security
Volume2 chapter1 security
 
Combating Cybersecurity Challenges with Advanced Analytics
Combating Cybersecurity Challenges with Advanced AnalyticsCombating Cybersecurity Challenges with Advanced Analytics
Combating Cybersecurity Challenges with Advanced Analytics
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2
 
Kaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksKaspersky: Global IT Security Risks
Kaspersky: Global IT Security Risks
 
idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutions
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for Cybersecurity
 
CII Whitepaper India Cyber Risk & Resilience Review 2018
CII Whitepaper India Cyber Risk & Resilience Review 2018CII Whitepaper India Cyber Risk & Resilience Review 2018
CII Whitepaper India Cyber Risk & Resilience Review 2018
 
2017 global-cyber-risk-transfer-report-final
2017 global-cyber-risk-transfer-report-final2017 global-cyber-risk-transfer-report-final
2017 global-cyber-risk-transfer-report-final
 
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
 
Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
 
Final cyber risk report 24 feb
Final cyber risk report 24 febFinal cyber risk report 24 feb
Final cyber risk report 24 feb
 
IBM 2015 Cyber Security Intelligence Index
IBM 2015 Cyber Security Intelligence IndexIBM 2015 Cyber Security Intelligence Index
IBM 2015 Cyber Security Intelligence Index
 
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber Resilience
 
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
IT Security Trends in 2012
IT Security Trends in 2012IT Security Trends in 2012
IT Security Trends in 2012
 

Mais de Hewlett Packard Enterprise Business Value Exchange

Mais de Hewlett Packard Enterprise Business Value Exchange (20)

Manufacturing Forum 2016
Manufacturing Forum 2016Manufacturing Forum 2016
Manufacturing Forum 2016
 
Getting to your hybrid future
Getting to your hybrid futureGetting to your hybrid future
Getting to your hybrid future
 
Hewlett Packard Enterprise Connected Manufacturing Brochure
Hewlett Packard Enterprise Connected Manufacturing Brochure Hewlett Packard Enterprise Connected Manufacturing Brochure
Hewlett Packard Enterprise Connected Manufacturing Brochure
 
FSI Key Propositions
FSI Key PropositionsFSI Key Propositions
FSI Key Propositions
 
Happy Employees Lead to Happy Customers
Happy Employees Lead to Happy CustomersHappy Employees Lead to Happy Customers
Happy Employees Lead to Happy Customers
 
The Path to Self-Disruption
The Path to Self-DisruptionThe Path to Self-Disruption
The Path to Self-Disruption
 
HPE Security Report 2016
HPE Security Report 2016HPE Security Report 2016
HPE Security Report 2016
 
Realising Potential - The Dandelion Program
Realising Potential - The Dandelion ProgramRealising Potential - The Dandelion Program
Realising Potential - The Dandelion Program
 
FinTech Innovation Model 2015
FinTech Innovation Model 2015FinTech Innovation Model 2015
FinTech Innovation Model 2015
 
Awareness is only the first step
Awareness is only the first stepAwareness is only the first step
Awareness is only the first step
 
Time for co-operation
Time for co-operationTime for co-operation
Time for co-operation
 
Personalize the Travel Experience - and Gain Insights
Personalize the Travel Experience - and Gain Insights Personalize the Travel Experience - and Gain Insights
Personalize the Travel Experience - and Gain Insights
 
BVEx Research: Open Data Unlocked
BVEx Research: Open Data UnlockedBVEx Research: Open Data Unlocked
BVEx Research: Open Data Unlocked
 
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
 
Vanilla. Vanilla. Vanilla. Strawberry. The New Imperative in Retail Banking.
Vanilla. Vanilla. Vanilla. Strawberry. The New Imperative in Retail Banking.Vanilla. Vanilla. Vanilla. Strawberry. The New Imperative in Retail Banking.
Vanilla. Vanilla. Vanilla. Strawberry. The New Imperative in Retail Banking.
 
HP Event Recap: Successful IT Governance
HP Event Recap: Successful IT GovernanceHP Event Recap: Successful IT Governance
HP Event Recap: Successful IT Governance
 
HP Event Recap: Transformation Time for Telcos
HP Event Recap: Transformation Time for TelcosHP Event Recap: Transformation Time for Telcos
HP Event Recap: Transformation Time for Telcos
 
Partner for Innovation and Growth!
Partner for Innovation and Growth!Partner for Innovation and Growth!
Partner for Innovation and Growth!
 
HP Viewpoint: Shift from Data to Insight
HP Viewpoint: Shift from Data to InsightHP Viewpoint: Shift from Data to Insight
HP Viewpoint: Shift from Data to Insight
 
New Style of IT = New Style of CIO?
New Style of IT = New Style of CIO?New Style of IT = New Style of CIO?
New Style of IT = New Style of CIO?
 

Último

Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 

Último (20)

Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 

Get Prepared

  • 1. Business white paper Get prepared Cyber security predictions
  • 2. Page 2 Table of contents 3 The (r)evolution of cyber security 3 The threat is real 3 Evolution of the adversary 3 Uncertain cyber leadership 4 Predictions tied to trends 4 Trend 1—Major mobile exploits 5 Trend 2—Open source vulnerabilities 5 Trend 3—Supply chain will remain a critical attack vector 6 Trend 4—Industry-sector attacks and malware 6 Trend 5— Privacy concerns drive greater legislation 7 Good news—there are answers 7 Technologies to watch into 2016 8 Hewlett Packard Enterprise Security—the solution 8 About the author and contributors Business white paper
  • 3. Business white paper Page 3 The (r)evolution of cyber security The digitization and interconnection of society, and, in particular, critical infrastructures, increase the risk of accidental or deliberate cyber disruptions. International cyber criminals go unpunished and an escalating cyber arms-race threatens global and regional stability. Let’s look at the trends and predictions for cyberspace over the next 18 months. The threat is real There are tectonic shifts occurring in cyberspace, from mobility to wearable technology. Those shifts drive even larger changes in the threat landscape and in how enterprises respond. The potential impact of cyber-attacks and disruptions is increasing due to continuing digitization of existing business models and adversary groups’ desires to disrupt information flows. The lack of technology sustainability and increasing connectivity are now frequently seen as a threat to society and enterprises. CEOs and business leaders recognize the importance of cyber risk and managing breaches in an effective manner. Digital privacy is now a major topic in most nations, and organizations are under pressure to regulate data collection and surveillance. Evolution of the adversary Cyber activity levels will continue increasing, and more and varied players will become involved. Cybercrime affects 378 million victims per year, with an average of 12 users falling victim every second of every day. At an average cost to each individual of $298, cybercrime has become much more than a nuisance. For companies, the average cost of cybercrime is staggering, at a whopping $7.4 billion (USD).1 We also believe this number to be significantly under reported, due in part to the sensitivity of reporting and the negative impact to brand reputations. It’s clear that cyber criminals have evolved drastically over the past decade. These days, they join forces in an online marketplace where they share and sell tools, tactics, and targets—all aimed at stealing financial information, intellectual property, and private data. These online adversaries specialize around different facets of the cyber-attack chain; working together to create, share, and act on security intelligence to exploit organizations. Uncertain cyber leadership Research, done by HPE in tandem with The Economist Intelligence Unit, found that only 33% of CEOs have a single view of information risk across their organization, and only 28% were able to attribute a monetary value to their information assets.2 Such a limited view should drive Plan for the worst; fight for the best Combatting cybercrime requires an integrated security approach, incorporating proactive planning and risk management strategies to lower risk exposure, reduce security-related costs, and gain greater control. It’s time to invest more in prevention and real-time threat detection for the application layer, and hardware and software interface. Every action in the physical, business, and interpersonal world is increasingly transacted, captured, and reflected in digital form. This increases the new challenges being faced—ranging from storing, securing, and managing information, to the bigger challenge of how to extract value from it while guaranteeing privacy, security, and data ownership. 1 Ponemon: Cost of Cyber Crime Report, 2015 2 Information Risk: Managing digital assets in a new technology landscape, The Economist Intelligence Unit Limited, 2013, http://www. economistinsights.com/sites/default/files/EIU%20 information%20risk%20white%20paper%20-%20 managing%20digital%20assets%20in%20a%20 new%20technology%20landscape%20WEB.pdf Major mobile exploits Open-source vulnerabilities Compromised supply chain Major mobile exploits Major mobile exploitsMajor mobile exploits Open-source vulnerabilities Compromised supply chain Major mobile exploits Open-source vulnerabilities Industry-sector attacks Increased privacy pressure
  • 4. Business white paper Page 4 Figure 1: The adversary attack ecosystem organizations to step back and assess the state of their defenses, and, if necessary, launch a full security improvement program that might include capability maturity assessments, cyber-risk profiling, and incident-response planning. In a recent HPE and Ponemon Institute survey, 79% of senior business leaders said executive or board-level involvement is needed in the incident-response process. However, there is widespread disagreement about how that involvement should take shape. Only 44% rated their breach response plan as mature and proactive.3 Recent high-profile attacks, regardless of who’s responsible, indicate the extent to which even mature organizations are ill prepared, and senior executives can be embarrassed. Improved response, especially at the executive level, is required. However, this does not bode well with the skilled manpower shortage, now a trend in the security market. In fact, in a recent study from HPE and Frost Sullivan on adoption trends for Managed Security Services, 52% of the respondents identified staff shortages and insufficient training as primary impediments to effective security management.4 In short, organizations need to think innovatively as to how services and capabilities will be delivered and by whom. Predictions tied to trends Every organization is different in its own way, but all operate within the broader cyber-threat landscape and face similar challenges doing business in the digital economy. The advent of the collaborative threat market place, where sophisticated actors share best practices and hone their attacks, should be a wake-up call for organizations globally. Organizations are stimulated to act, but many continue to “go it alone” with reactive strategies. In doing so, the risk to those organizations grows. However, by building scenarios about what may happen, organizations and their security partners can model the threat response and address key risk areas. Trend 1—Major mobile exploits Mobility is not only a fact of life in today’s enterprise—it can be a key competitive advantage. Yet, it brings unique security challenges that combine technical, behavioral, and operational aspects. There are a number of trends flowing together that make it more likely that the next 18 months will see an increase in mobile-based breach incidents. The line between work and personal life is evaporating as enterprise and consumer experiences continue to meld. The average person moves between three to five personal devices throughout a day, including laptop, smartphone, and tablet. Now, with the introduction of wearable technology, the sensor— 3 Ponemon, “Cost of Cyber Crime Report,” October 2014 4 HPE and Frost Sullivan, “The HPE Global 2015 State of Managed Security Services Report”, July 2015 Infiltration Discovery Capture Exfiltration Firewall Stolen data Adversary Research
  • 5. Business white paper Page 5 such as augmented reality smart watches/bands, and smart home energy/home entertainment, there’s even more to secure. Additionally, an increasing number of vulnerabilities have been discovered in Android-based systems, exposing additional attack points and complicating support. There hasn’t been a major mobile breach yet, but it’s only a matter of time. In 2014, for example, Android saw targeted attacks using mobile devices on iOS. There was also the start of attacks on mobile cloud services, with a celebrity photo-hacking scandal attracting significant attention. This trend won’t bypass cyber adversary groups; 2015 may be the year of mobile spear- phishing and mobile Advanced Persistent Threats (APTs). New mobile functionality and form factors will make them a potential route to greater riches than can be delivered from just the device. Personal health information, geolocation, e-wallets combined with near-field communications, wearable integration, online payment systems, and access to cloud data or corporate applications create a lucrative and high-risk information store to exploit. Contactless payment systems also offer potential growth areas for attackers as a financial target. The increasing number of devices attached to increasingly complex networks, often out of an organization’s direct control, will provide more entry points to targets that matter. Recommendation: Know how users in your organization want to use their devices and ensure they understand the security issues. Also, make sure they’re protected with basic defenses such as strong passwords and the correct endpoint protection. Consider enterprise identity and access gateways to enforce corporate polices while supporting consumer choice. Trend 2—Open source vulnerabilities During the last 12 months, vulnerabilities were found in key applications and functions based on open source software—Shellshock and HeartBleed come to mind. The most common vulnerabilities will still be found amid the main commercial software vendors’ products. But, as their response to security becomes stronger, adversary research for vulnerabilities in softer target areas will increase. We have seen zero-day vulnerabilities increase over the past few years, expanding from traditional commercial off-the-shelf software to open source code that has become part of many organizations’ infrastructure—from Linux® Kernel, to GNU Utilities, Apache, and MySQL. Typically, businesses turn to open-source software as it’s generally free, continually evolves in real time, avoids vendor lock-in, and can be easily adapted. It does, however, have some disadvantages versus proprietary software, which focuses on usability, documentation, governance, and support. The major disadvantage with open systems: Many people identify bugs, and malicious users can exploit these vulnerabilities. Recommendation: It’s important organizations understand where they use open-source software and identify the significance to their business. This may require a refresh of your policies—on use, implementation, and software updates. Where a risk is identified, but not clearly defined, additional application and vulnerability testing should take place—especially when an Internet-facing function is involved. Trend 3—Supply chain will remain a critical attack vector Cyber criminals typically look for the weakest link—the most efficient, easiest way into a system; the majority of the time, suppliers are the easiest way in. Remember the headline-grabbing data breaches involving Target, AutoNation, Lowes, and ATT—all have been linked to their trusted third-party vendors as the origin of compromise.
  • 6. Business white paper Page 6 The sheer breadth, scope, and interconnectedness of the global supply chain severely hampers efforts on the defenders’ side. By its very nature, it’s highly fragmented. Large enterprises are getting better at security, so criminals are turning to their partners’ networks instead. Generally, these organizations have fewer security controls, making them easier to exploit. They also hold network credentials that can be stolen. Contracts of all sizes have risks associated with sharing information. And all suppliers share information with their vendors. Even if the contract is with a small supplier for an indirect category, it carries risk. So can a top-10 critical suppliers list—even if you make sure they’re secure; that list might change or grow, or some random website created by a third party that wasn’t in the top 10 may be the risk. Recommendation: Enterprises, like yours, must consider the security governance and compliance policies of their suppliers as a key component of their overarching enterprise security approaches, including annual reviews, enforcement, and reporting. Current governance programs may require adding staffing or even outsourcing to accommodate increasingly extended supply chains. Trend 4—Industry-sector attacks and malware Over the past few years, we’ve seen ever-increasing adversary specialization in attackers’ techniques and targeted companies. An example of this was Dragonfly in 2014. This was a concerted campaign to target hundreds of energy companies in North America and Europe. It included a range of sophisticated and blended attacks aimed at organizations that use industrial control systems to manage electrical, water, and oil and gas systems. Today, it isn’t just the traditionally high-value industry sectors of financial services, telecommunications, and transportation getting targeted. There’s a new wave of sector-specific attacks and malware aimed at transportation, business process suppliers, healthcare, and manufacturing. Those planning attacks will aim at the easiest and most lucrative targets to maximize their opportunity. The more detail around an individual profile, the greater the information’s value, the better the return on investment. Criminal gangs specialize in particular industry sectors and supply chain elements. Those with healthcare information, just like those in retail, hold a wide range of information around an individual, which makes them attractive to attackers. The market for credit card data will mature into one offering individual profile data. Groups of credit card data are now being categorized into region/ZIP code and sold to maximize the time value of the stolen credentials. Even sectors such as transportation are proving tempting, with particular focus on loyalty program data and self-service check-in kiosks as sources of valuable user data. Most ports and terminals are managed by industrial control systems, which have, until very recently, been left out of the CIO’s scope. Historically, this security hasn’t been managed by company CISOs, and maritime control systems are very similar. As a consequence, improvements that many companies have made to their corporate cyber security to address the change in the threat landscape over the past three to five years haven’t been replicated in these environments. Recommendation: Ensure all defenses that already exist meet your organization’s needs and provide the best brand protection possible. Start with assessing physical and operational security stakeholders. Adopt measures from leading sectors, for example, financial and retail, and adopt a continuous monitoring approach. Finance and banking The finance industry is one of the main target pillars of cyber security. Due to the industry’s nature, the lucrative sector lures hackers and cyber criminals originating from multiple disciplines throughout the world, some of which are either crime syndicates or well-founded organizations. Telecom and media Telecom and media organizations hold the foundation and the infrastructure facilitating data communication on the planet. From wireline to wireless communication, these services need special protection that emerged in the cyber decade and have constantly evolved ever since. Critical infrastructure Protecting critical infrastructure elements becomes a key factor in industrial control system (ICS) defense strategies. SCADA and DCS systems govern the logical to physical elements that control our daily lives. General IT Today, the ever-changing and evolving technologies trends and threats present new challenges for organizations with any IT infrastructure.
  • 7. Business white paper Page 7 5 BBC, “General election 2015: Youth vote ‘could be key to win,’” Dec. 29, 2014, bbc. com/news/uk-politics-30620164 6 Pew Research, “Public Perceptions of Privacy and Security in the Post-Snowden Era,” November 2014, http://www.pewinternet. org/2014/11/12/public-privacy-perceptions/ Trend 5—Privacy concerns drive greater legislation As governments grapple to improve cyber-security maturity and manage data privacy across domestic and sometimes geo-political digital landscapes, regulation and oversight are on the rise. In the last 12 months, nation-state attacks and related disclosures led to a number of governments taking a stronger interest in security and privacy issues. Specific legal requirements—for specific vertical industries such as power and energy, and healthcare—now have to be implemented, bringing them in line with the pressures that have existed for the financial sector for some years. The public mood is also changing; increased use of technologies such as cloud processing and storage requires a greater understanding and clarity of jurisdictional boundaries and the ability to clearly express these to customers and regulators. The Internet of Things (IoT)—everything connecting to everything via the Internet—will drive even more sources of individual data capture, for example, the rollout of ubiquitous solutions such as smart metering. A recent report by the BBC in the UK showed online privacy as being one of the highest topics on the political agenda for first-time voters.5 This trend is also appearing in the U.S., where recent polls show that more than 90% of Americans think that consumers have lost control of their personal data.6 This will drive even more political attention to this topic. Recommendation: Understand what individual data is held through privacy assessments to ensure you have a robust data-loss prevention capability in place. The applications that access and process data will need consistent testing routines. Also, assess and understand your data “crown jewels”—don’t just let compliance drive data protection. Understand and take advantage of suppliers’ Safe Harbor agreements to not overly complicate global operations and risk overlooking real security needs. Good news—there are answers It’s not all doom and gloom as new defense capabilities come to the forefront. So perhaps the biggest challenge or opportunity that security professionals face is understanding these and ensuring that the need is reflected in future budget cycles, including investments in strategy, design, and skills acquisition. • Security intelligence continues to grow, and the concept of trust between parties is being automated. Being able to share intelligence data on attacks between specific parties such as a group of similar organizations in the same vertical must be a priority. • Big Data and automated analysis will become increasingly available to identify the most subtle APT. This is needed to cope with the huge increase in scale created by the sheer growth in users, attack vectors, and targets. • Cooperation and collaboration between security players will start and enable linked- up services. More of these will be based in the cloud, enabling more rapid and scalable deployments through integration and automation. • New technology solutions are gaining traction; this provides greater insight into who’s logging in and using your data. This, when combined with the capabilities provided by Big Data, will enable organizations to identify errant users with greater granularity and speed—by using fraud and behavioral analysis. Technologies to watch into- 2016 “Signatureless” APT and anti-malware technologies are getting more and more mature. Besides their current network and desktop/notebook focus, they are now extending into the mobile space. With dramatic trends toward IoT, more and more security technologies and services are IoT—Connected consumer/person. Connected home. Connected with existing stakeholders. To ensure security, assess early projects, and embed “enterprise view” for risk management early in project lifecycle.
  • 8. Business white paper Page 8 moving into the cloud. Instead of having them locally installed, they’ll more likely be consumed as a Service. From a technology point of view, the technologies used aren’t necessarily new, but they’re getting virtualized and made available from everywhere. The business model is also changing with a focus toward pay for use. In the identity and access management (IAM) arena, there’s a similar move toward cloud. With the New Style of Business, and a focus on mobility and cloud, IAM services are shifting and enabling companies to provision and manage identities within all these platforms. The technologies used are not totally new; they’re adapting to the new challenges of the innovation economy. Final prediction: Enterprises and governments will have a constant demand for increased and better managed security. Hewlett Packard Enterprise Security—the solution Hewlett Packard Enterprise Security focuses on securing future agencies and enterprises in the ever-evolving connected world. We are committed to enhancing defenses against the many evolving cyber threats to governments, individuals, commerce, and critical global infrastructure by developing international standards, policies, and legislation that encourage outcome-based approaches to cyber security. Hewlett Packard Enterprise Labs is leading major new research that addresses how cloud service providers use and protect personal and confidential information in the cloud. Our TrustCloud project addresses key issues and challenges in achieving a trusted cloud environment. In addition, under the Dynamic Defense research project, Hewlett Packard Enterprise Labs also tackles the application security problem by developing technologies that present a constantly changing surface to attackers, limiting their ability to detect and exploit vulnerabilities. The HPE cyber-security capability covers 67 countries across all industry verticals. Our 5000 security professionals manage more than 10,000 enterprise clients and see 100 billion security events each month. HPE security research identifies more zero-day vulnerabilities than anyone else7 and has a community of 2800 cyber researchers globally. Our 10 Global Cyber Security Centers enable us to deliver an end-to-end security capability anywhere in the world and share threat intelligence instantaneously. At HPE, we have over 1000 security consultants who advise, transform, and manage adoption of new cyber capabilities, processes, and technologies. Learn more at hp.com/enterprise/security About the author and contributors Andrzej Kawalec Andrzej Kawalec, chief technology officer, Enterprise Security Services, HPE, is responsible for information security strategy, solutions, portfolio, and market-facing activities. Kawalec leads a global research and innovation team that focuses on cloud, consumerism, cyber security, and business risks surrounding information security systems, policies, users, and processes. A recognized leader in security and business-continuity planning, Kawalec is a frequent speaker at industry events. Hewlett Packard Enterprise Security Research publishes free security summary briefings available to the public on our website and iTunes, which provide the most current security intelligence available. HPE also launched the Threat Central Partner Network, where a collection of like-minded companies share cyber intelligence with the larger community to identify and stop attacks before they start. 7 hp.com/t5/HP-Security-Research-Blog/ ZDI-10-10-fascinating-factsabout-10-years-of- bug-hunting/ba-p/6770127#.VcP-P9h0yHs
  • 9. Business white paper Rate this document Sign up for updates Richard Archdeacon Richard Archdeacon, chief technologist, Information Security Strategy, HPE, leads the development of new strategic concepts and solutions in the cyber market. He came to HPE with 25 years of experience in consulting with major corporations across Europe, the Middle East, and the U.S. Archdeacon served on the IAAC board and IISP Accreditation Committee, and holds an MBA from Cranfield University. He is currently an industry advisor to Coventry University for their new MBA program in cyber security. Simon Ian Arnell Simon Ian Arnell, chief technologist, Research and Development, HPE, worked within the Enterprise Security Services organization in pre-sales, delivery, innovation, and thought- leadership capacities. He frequently hosts C-level clients at our Hewlett Packard Enterprise Labs Executive Briefing Center, enabling him to validate research and development concepts with services previews and pilots. Arnell architected a number of enterprise security services and filed a number of supporting patents in security software, security Big Data analysis, and software-defined systems. Rhodri Davies, PhD Rhodri Davies, chief technologist, Managed Security Services, HPE, specializes in designing security services. Davies works with a variety of HPE client organizations—large and small. He examines how they currently manage information security and gives them advice on how to best protect themselves in the future. Prior to entering the commercial sector, Dr. Davies worked as a post-doctoral researcher at the University of Manchester in the United Kingdom. Andreas Wuchner Andreas Wuchner, chief technologist, Security Innovation, HPE, is a recognized practitioner with 20 years of experience in information security, IT security, and IT-risk management. Before joining HPE, Wuchner was the CIO security technology and a managing director for UBS in Switzerland, where he also served as group information security officer (GISO) and head of IT Risk Control within the bank. He has a master’s degree in electronics and computer science from the University of Applied Sciences in Offenburg, Germany. © Copyright 2015 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for HPE products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HPE shall not be liable for technical or editorial errors or omissions contained herein. Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries. 4AA6-0910ENW, November 2015, Rev. 1