New age of Cyber Security and Data Protection...FireEye and DarkTrace emulate the human immune system to protect us –understanding what belongs and what does not A combination of

1

Jason Gottschalk

Removing Fear, Uncertainty and Doubt

Sep 2016

New age of Cyber

Security and

Data Protection

© 2016 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of

independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has

any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG

International have any such authority to obligate or bind any member firm. All rights reserved. NDPPS 133584

3

THE THREAT CONTINUES TO RISE

• Concern over cyber attacks has grown by 7%, with 37% believing

they are a target for cyber attacks.

• 76% have seen increase in the rate of cyber attacks.

• 38% have had to deal with 1 or more

major cyber security incidents

in the last 12 months.

WHAT OUR SURVEYS HAVE FOUND





4

RECENT ATTACKS – DATA BREACH

LIFE IS SHORT, HAVE AN AFFAIR, WHAT’S THE

WORST THAT CAN HAPPEN

In July Ashley Madison, an online

platform for would-be adulterers with

the slogan “Life is short. Have an

Affair” was hacked.

• Data from about 31 million

accounts was breached with

sensitive information about the

users being published

• Data breach led to the resignation

of the website’s CEO

• Ashley Madison is now facing

multiple lawsuits for failing to take

proper security measures to

protect its users’ information





5

RECENT ATTACKS – INDUSTRIAL

NATIONS UNDER SIEGE

BlackEnergy – In December 2015

over 1.4 million people were left

without electricity in Ivano-Frankivsk

region, Ukraine.

• BlackEnergy backdoor plants a

KillDisk component which renders

computers unbootable

• Infection is through Microsoft

Office files containing malicious

macros

• The virus can overwrite its

corresponding executable file on

the hard drive with random data

which makes restoration of the

system more difficult





6

AN EVER-CHANGING THREAT LANDSCAPE

BE IN A DEFENSIBLE POSITION, BE CYBER RESILIENT

Extortion-driven attacks and ransomware attempts will increase

Pressure to disclose data breaches and threat responses will

intensify

Widespread use of mobile devices and IoT brings a parallel

increase in risk

Organisations will make greater use of real-time intelligence

tools to monitor attacks

Organisations will focus much more on risks posed by

third party vendors and suppliers





7

ATTACK SURFACES INCREASE

MORE USERS + MORE DEVICES = MORE RISK





8

“

”

WHAT IS BEING

STOLEN?Thousands of South Africans have

fallen victim to phishing and other

types of cyber fraud, and financial

institutions have lost in excess of

R80-million and continue to lose

money every day as a result.

Dries Morris, Securicom





9

IMPACTS BROAD AND DEEP

Intellectual Property Loss,

including patent, client,

commercial and financial

data.

Reputational Loss,

affecting market value,

confidence and goodwill.

Penalties, legal and regulatory,

such as fines, breach

compensation and contractual

penalties.

Administrative resource

effort to correct, replace

and restore.

Time loss due to investigation,

managing media, regulatory

authorities.

Property losses – stock,

information, and a failure to

deliver.

IT CAN TAKE UP TO 90 DAYS TO RECOVER





10

MOTIVATIONS HAVE CHANGED

FROM “TARGET OF OPPORTUNITY” TO “TARGET OF

CHOICE”





11

CLOSING THE LOOP

3 KEY PRINCIPLES

1

2

3

What are we trying to protect

and from whom?

Accept the fact that a breach is

inevitable

Focus on early detection and

response

getting an up-to-date, detailed snapshot of the current cyber

threat landscape that is understood by all

whether or not your organisation has doing enough due diligence to

mitigate risks, preparing for a breach is now mandatory

Real-time intelligence solutions, heads-up situational awareness and

proactive “hunting” of incidents is the new status-quo





12

WHO, WHAT, WHEN?

UNDERSTANDING YOUR RISK

Your Organisation

Privileged insider

Trusted insider

Insider Organisation

Group

Nation-state





13

“

”

THE ANATOMY OF AN ATTACK

THE LOCKHEED INTRUSION KILL CHAIN

The realm of

digital security is

an open-ended

arms race

between system

defenses on the

one hand and

creative, highly

persistent

attackers on the

other





14

RED TEAM

EXERCISES

Test your processes and

systems in a real-life simulation,

providing assurance on your

ability to respond rather than

prevent.

INTRUSION

TOLERANCE:

ASSUME THAT

INTRUSIONS HAVE

HAPPENED AND

WILL HAPPEN

We must maximize the probability

that we can tolerate the direct

effect of those intrusions, and that

whatever damage is done by the

intruder, the system can continue

to do its job to the extent possible.

DEPLOYMENT OF

SECURITY

INTELLIGENCE

SYSTEMS

Ponemon says, provides a

substantially higher ROI (at 23

percent) than all other

technology categories

surveyed.

THINKING BROADER THAN CIA

APPROACHES TO CYBER SECURITY HAVE CHANGED





15

“

”

ADAPT AND SURVIVE

ANALYTICS AND DATA CAN SAVE US

New behavioural analytics

solutions and threat data

analytics platforms such as

FireEye and DarkTrace

emulate the human

immune system to protect

us – understanding what

belongs and what does not

A combination of protection, early

warning signals and instant

remediation against sophisticated

attacks is a proactive stance.

THE FIVE MOST

COMMON CYBER

SECURITY

MISTAKES





17

Mistake #1:

“We have to

achieve 100 percent

security.”

Reality:

100 percent

security is

neither feasible

nor the

appropriate

goal.

THE 5 COMMON MISTAKES

100% SECURITY IS NOT FEASIBLE NOR APPROPRIATE





18

Mistake #2:

“When we invest in

best-in-class

technical tools, we

are safe.”

Reality:

Effective

cybersecurity

is less

dependent on

technology

than you

think.


TECHNOLOGY IS NOT THE BE ALL AND END ALL





19

Mistake #3:

“Our weapons have

to be better than

those of our

attackers.”

Reality:

The security

policy should

primarily be

determined

by your

goals, not

those of

your attacker


YOU DON’T NEED TO ARM YOURSELF TO THE TEETH





20

Mistake #4:

“Cybersecurity

compliance is all

about effective

monitoring.”

Reality:

The ability to

learn is just as

important as the

ability to

monitor.


BEHAVIOURAL ANALYTICS IS THE FUTURE OF MONITORING





21

Mistake #5:

“We need to recruit

the best

professionals to

defend ourselves

against cybercrime.”

Reality:

Cybersecurity

is not a

department,

but an

attitude.


EVERYONE IS RESPONSIBLE FOR CYBER SECURITY

Jason Gottschalk

Cyber Security Lead – KPMG SA

• 082 719 1804

• [email protected]

The information contained herein is of a general nature and is not

intended to address the circumstances of any particular individual or

entity. Although we endeavour to provide accurate and timely

information, there can be no guarantee that such information is

accurate as of the date it is received or that it will continue to be

accurate in the future. No one should act on such information

without appropriate professional advice after a thorough

examination of the particular situation.

© 2016 KPMG International Cooperative (“KPMG International”), a

Swiss entity. Member firms of the KPMG network of independent

firms are affiliated with KPMG International. KPMG International

provides no client services. No member firm has any authority to

obligate or bind KPMG International or any other member firm vis-à-

vis third parties, nor does KPMG International have any such

authority to obligate or bind any member firm. All rights reserved.

NDPPS 133584

KEEP IN TOUCH

Documents

New age of Cyber Security and Data Protection...FireEye and DarkTrace emulate the human immune system to protect us –understanding what belongs and what does not A combination of