01/11/2017
Cyberattacken – Schadenspotenzial und Schutzmaßnahmen Zürich, 20. Oktober 2017
The better the question. The better the answer. The better the world works.
We have been digitising, connecting and seeing exponential technology growth for over 35 years
1982 1994 1999 Thirsty students at Carnegie-Mellon wired up Pizza Hut launched the world’s first online Nokia launched the 7110, the first mobile their Coke vending machine with ordering system phone with a WAP browser. microswitches to report on inventory levels
Seite 2
Things are starting to get interesting the growth has just begun
35 days 50 bn For a new technology to Internet connected “things” reach a critical mass of by 2020** including sensors, 50m users RFID chips etc.
However,
Is what is actually connected out of what could be connected, according to Cisco’s CTO, Padmasree 1% Warrior.
We have reached critical inflection points in many colliding physical , biological and digital technologies
Seite 3
1 01/11/2017
The Fourth Industrial Revolution is creating a new norm of connected enablement
1700’s 1800’s 1900’s First Industrial Revolution Second Industrial Revolution Third Industrial Revolution Mechanical Electrical Automated Technology was steam Electricity made possible IT enabled programmable and water powering the the division of labour and work and an end to first factories mass production reliance on manual labour
Today Unprecedented pace For a new technology to reach a critical Fourth Industrial Revolution 35 days mass of 50m users Extreme experiences Connected Percentage of customers looking for a 87 % more seamless experience Cyber-physical systems, Connected chaos powered by IoT and fuelled by data, create a fully Internet connected “things” by 2020** 50 bn including sensors, RFID chips etc. interconnected society Digital natives
By 2025, the makeup of the workforce is 75 % projected to be majority digital native
Seite 4
CYBERSECURITY - RISIKEN & BEDROHUNGEN
Seite 5
Why accidents happen
Swiss Cheese Model by James T.Reason
Page 6
2 01/11/2017
Seek and find
010011100101100111010010100011101010101111110101010 01010011101010100100100101000100110100101001111001 01010010101010101010101010101010001001100111110101 000001111101010101010101001100100111001011111111011 01001010001110101010010100101010010100111010100110 0100100 Do you know where all your data is? 0111 10110101101001101001010010101010100101010111010111 01010101001010001001000101010101000001111110101011 010101001100100111001011001110101110100011111010100 10100101010010100111010101001001110101001100111100 1010001010101010010101010101010101010101010001001 00010101010100000111110101010101010100110011010101 00101010101011010100101010010101010111110010101010 101010101100110011100001110010010100101001
Seite 7
Evolution of cybersecurity risks
Unsophisticated attackers Sophisticated attackers Corporate espionage Organized crime State sponsored attacks (script kiddies) (hackers) (malicious insiders) (criminal gangs) Advanced Persistent Threat (APT) APT State sponsored espionage Cash Market manipulation Credit cards Competitive advantage Military / political objectives
gangs Identities criminal Inside information
Revenge Personal gain Risk
insiders Stock price manipulation
Money Embarrassment Political / social / hackers malicious environmental causes Amusement / Experimentation /
script Nuisance / kiddies Notoriety Attacker resources and sophistication 1980s/1990s 2015 ► BrainBoot/Morris Worm ► Concept Macro Virus ► Anna Kournikova ► SQL Slammer ► MyDoom ► Zeus ► Aurora ► Stuxnet ► SpyEye ► Polymorphic viruses ► Melissa ► Sircam ► Blaster ► NetSky ► Koobface ► Poison Ivy ► WikiLeaks ► Duqu ► Michelangelo ► “I Love You” ► Code Red and Nimda ► Fizzer ► Sasser ► Conficker ► agent.btz ► Anonymous ► Flame
Cyber Program Management (CPM) Framework Smithsonian’s list of the 10 most destructive viruses in red tex t above See http://www.smithsonianmag.com/science-nature/Top-Ten-Most-Destructive-Computer-Viruses.html
Seite 8
80% 20% MENSCH Technik
3 01/11/2017
DIE NÄCHSTE KRISE KOMMT.
CYBER-KRISENSIMULATION IM EY WAVE SPACE TM
EY WAVESPACE, MADRID, SPAIN
Seite 11
Cybersecurity Services
1 1.1 1.2 1.3 1.4 1.5 1.6 Cybersicherheit Sicherheits- Cyber-ökonomie IT Risiko- Cyber Cyber CxO Sicherheits- Strategie und strategie & & management Dashboard Agenda bewusstsein Umwandlung Planung Due Diligence
2 2.1 2.2 2.3 2.4 2.5 2.6 Cybersicherheit Cyber- ISMS Tools & ISMS ISO 27001 Prozesse & Maturitäts- sicherheit & Automati- IT Sicherheits- beurteilung ISO 27001 Zertifikation gesetz Steuerungen Verwaltung sierung
3 3.1 3.2 3.3 3.4 3.5 3.6 Simulierter Cyberbedrohungen & Angriff & Cyber Triage: Sicherheits- Digital Forensic Cyber War Cyberkrisen- Management Penetrations- Bin ich schon analyse Readiness Games management & test betroffen? Comms.
4 4.1 4.2 4.3 4.4 4.5 4.6 Security Cyberoperative Bedrohungs- & Cyber- Incident & SAP Sicherheits- Operations Vulnerabilitäts- bedrohungs- Response Cyberermittlung integration und - Dienste Center (SOC) management analyse Management verwaltung
5 5.1 5.2 5.3 5.4 5.5 5.6 Digitales Abbild Strategie & IAM Zugangs- und IAM Implemen- Überprüfung auf Identifizierungs- und IAM Diagnosen Zugangsmanagement Planung kontrolle Identifikations- tierung Datenabfluss management 6 6.1 6.2 6.3 6.4 6.5 6.6 Datenschutz- Bewertungen, Data Privacy Datensicherheit Datenschutz und vorgänge und Überprüfungen Management in der EU Datenschutz- Datenschutz Verwaltung Verantwortlich- und System (DSMS) Technologie Grundverordnung keiten Zertifizierung
7 7.1 7.2 7.3 7.4 7.5 7.6 Industrie- Industrie 4.0 / Widerstands- Schutz in der Sicherheit von Datenschutz von spezifische Internet der fähigkeit der Digitale Zertifikate Cloud Grund auf Grund auf Sicherheit Dinge (IoT) digitalen Welt
Seite 12
4 01/11/2017
Seite 13
5