The Evolution of Cyber Crime · 2018-11-19 · ˃The Evolution of Cyber Crime Ensure you understand the threat to your organization. Recognize what generates value and what your critical

1 Copyright © 2018 BAE Systems. All Rights Reserved.BAE SYSTEMS is a trade mark of BAE Systems plc.(See final slide for restrictions on use.)

|

The Evolution of Cyber Crime: A New Approach to Risk is CriticalDr Colin McKinty


|

Agenda

The Challenge

The Right Places

Visibility and Transparency Matters


|

Land Sea Air Cyber


|

Our Cyber Security Expertise

PREPARE PROTECT

RESPOND MONITOR

Managed SecurityComplete Security Monitoring, Managed Detection

and Response, End-Point Detection, Vulnerability Management, Device Management

Actionable insight of attack group behaviours and techniques

Incident ResponseActive containment of live

targeted cyber attacks

Measure your true resilienceto internal and external threats

Security TestingCloud Security

Email Protection ServicesHosted Applications, Private Cloud

Cyber ConsultingStrategy and risk, Security assurance,

Improvement and SI

Threat Intelligence


|

Agenda

The Challenge


|

The Evolving Cyber Threat

Time / Confidence / Sophistication

Cri

min

al

Gain

s

Opportunistic

Individuals

Phishing Credential leaks Web-attacks

Planned

Individuals

Small Groups

CEO impersonation Off-the-shelf RATs DDoS extortion

Organised

Teams

Skills for Hire

Banking Trojans Ransomware Exploit kits

Tailored

Professional Hackers

Funded Campaigns

Network intrusion Payment system

compromises


|

7 |

What do Organisations Need?

Demonstrating business risk reduction in the face

of operational change and the evolvingthreat landscape

Ensuring ongoingaccess to skillsand experience

Enabling theorganisation tomaximise ROIfor securityinvestments


|

˃ Strategy - Operations - Management - Reporting

CISO Day-to-Day Challenges

Determining how threat relates to business operations

Communicating with key stakeholders about threats

Assessing and reporting on ways to minimise threats


|



Tracking latest IT security innovations and keeping abreast of latest cyber security technologies

Defining strategy and implementing an effective process for the reporting investigation and response to security incidents

Creating and implementing a strategy for the deployment of information security technologies


|



Communicating with key stakeholders about security investments

Capturing KPIs to demonstrate ROI

Championing and educating the organisation about the latest security strategies and technologies to maximize ROI


|

Transparency& Visibility

Confidencein Detection

ReduceBusiness Risk

MaximiseRoI

Maximiseavailable expertise


|


|

˃ Building Confident in Detection

Threat Led Development Lifecycle


|

Agenda

The Right Places


|

The RealityThe Reality


|

Choose the Security you Require

Start with the Threat

Identify the concerns you have

Threats and risks that need to mitigate

Lack of Visibility of Endpoint / User behaviour

Securing customer facing Web infrastructure

Network Intrusion

Malware

IP Theft and Data leakage

Get the detection you need

Think about data sources and detection content

Network User & Endpoint

Web

Context AUP Custom

Choose the response you require

Supplement your existing resource to improve speed and accuracy

1. Remediation Advice

2. Active Response

3. Onsite incident response


|

Considering Data and Detection

BAE SYSTEMS PROPRIETARY

Targeting Sources to Answer your Questions

Network

Vital detection of the early signs of

intrusion, compromise, control and exfiltration

User & Endpoint

Focused on Malware, Data

leakage, IP theft and unauthorised

behaviour

Web

Protection for business critical customer facing

web infrastructure

Context

Additional context to improve Triage investigation and

prioritise remediation

AUP

Testing adherence to policies and procedures and

security awareness


|

Integrated Threat Hunting


Unmasking the Unknown

CreateHypotheses

InvestigateVia TTP’s

UncoverNew Patterns

and TTP’s

Inform & Enrich

Detection content

Threat Hunting

Loop

Proactive threat hunting is a key element

Intelligence-Driven: "Threat intelligence reports, threat intelligence feeds, malware analysis, vulnerability scans“

Analytics-Driven:"Machine-learning and UEBA, used to develop aggregated risk scores that can also serve as hunting hypotheses“

Situational-Awareness Driven: "Crown Jewel analysis, enterprise risk assessments, company or employee-level trends“


|

Agenda

Visibility and Transparency Matters


|

More Than Just a Black Box

? ? ?


|

Business Relevant Reporting


|


|

Business Relevant Feedback

Eliminate ‘so what’ reporting

Every report, performance indicator or alert needs to be contextual to your unique environment

Reports that enable clear decision making

Where to focus your resources for maximum risk reduction

Show value from existing security devices

Show gaps in defences


|

Visualise Current Threat Coverage


Get the Detection you need

Map out your current coverage and ability to respond to threat. This helps highlight areas of improvement.

With this approach it is easy to see how your capabilitiesevolves as your business andthe threat landscape changes.


|

Conclusion˃ The Evolution of Cyber Crime

Ensure you understand the threatto your organization.

Recognize what generates value and what your critical assets are.

Challenge yourself: Are you able to map out your current Threat Coverage and relate it to Business Risk? Or is it a Black Box?

Do you have Confidence in your Detection?


|

Thank You

Documents

The Evolution of Cyber Crime · 2018-11-19 · ˃The Evolution of Cyber Crime Ensure you understand the threat to your organization. Recognize what generates value and what your critical