Cyberattacken – Schadenspotenzial Und Schutzmaßnahmen Zürich, 20

01/11/2017

Cyberattacken – Schadenspotenzial und Schutzmaßnahmen Zürich, 20. Oktober 2017

The better the question. The better the answer. The better the world works.

We have been digitising, connecting and seeing exponential technology growth for over 35 years

1982 1994 1999 Thirsty students at Carnegie-Mellon wired up Pizza Hut launched the world’s first online Nokia launched the 7110, the first mobile their Coke vending machine with ordering system phone with a WAP browser. microswitches to report on inventory levels

Seite 2

Things are starting to get interesting the growth has just begun

35 days 50 bn For a new technology to Internet connected “things” reach a critical mass of by 2020** including sensors, 50m users RFID chips etc.

However,

Is what is actually connected out of what could be connected, according to Cisco’s CTO, Padmasree 1% Warrior.

We have reached critical inflection points in many colliding physical , biological and digital technologies

Seite 3

1 01/11/2017

The Fourth Industrial Revolution is creating a new norm of connected enablement

1700’s 1800’s 1900’s First Industrial Revolution Second Industrial Revolution Third Industrial Revolution Mechanical Electrical Automated Technology was steam Electricity made possible IT enabled programmable and water powering the the division of labour and work and an end to first factories mass production reliance on manual labour

Today Unprecedented pace For a new technology to reach a critical Fourth Industrial Revolution 35 days mass of 50m users Extreme experiences Connected Percentage of customers looking for a 87 % more seamless experience Cyber-physical systems, Connected chaos powered by IoT and fuelled by data, create a fully Internet connected “things” by 2020** 50 bn including sensors, RFID chips etc. interconnected society Digital natives

By 2025, the makeup of the workforce is 75 % projected to be majority digital native

Seite 4

CYBERSECURITY - RISIKEN & BEDROHUNGEN

Seite 5

Why accidents happen

Swiss Cheese Model by James T.Reason

Page 6

2 01/11/2017

Seek and find

010011100101100111010010100011101010101111110101010 01010011101010100100100101000100110100101001111001 01010010101010101010101010101010001001100111110101 000001111101010101010101001100100111001011111111011 01001010001110101010010100101010010100111010100110 0100100 Do you know where all your data is? 0111 10110101101001101001010010101010100101010111010111 01010101001010001001000101010101000001111110101011 010101001100100111001011001110101110100011111010100 10100101010010100111010101001001110101001100111100 1010001010101010010101010101010101010101010001001 00010101010100000111110101010101010100110011010101 00101010101011010100101010010101010111110010101010 101010101100110011100001110010010100101001

Seite 7

Evolution of cybersecurity risks

Unsophisticated attackers Sophisticated attackers Corporate espionage Organized crime State sponsored attacks (script kiddies) (hackers) (malicious insiders) (criminal gangs) Advanced Persistent Threat (APT) APT State sponsored espionage Cash Market manipulation Credit cards Competitive advantage Military / political objectives

gangs Identities criminal Inside information

Revenge Personal gain Risk

insiders Stock price manipulation

Money Embarrassment Political / social / hackers malicious environmental causes Amusement / Experimentation /

script Nuisance / kiddies Notoriety Attacker resources and sophistication 1980s/1990s 2015 ► BrainBoot/Morris Worm ► Concept Macro Virus ► Anna Kournikova ► SQL Slammer ► MyDoom ► Zeus ► Aurora ► Stuxnet ► SpyEye ► Polymorphic viruses ► Melissa ► Sircam ► Blaster ► NetSky ► Koobface ► Poison Ivy ► WikiLeaks ► Duqu ► Michelangelo ► “I Love You” ► Code Red and Nimda ► Fizzer ► Sasser ► Conficker ► agent.btz ► Anonymous ► Flame

Cyber Program Management (CPM) Framework Smithsonian’s list of the 10 most destructive viruses in red tex t above See http://www.smithsonianmag.com/science-nature/Top-Ten-Most-Destructive-Computer-Viruses.html

Seite 8

80% 20% MENSCH Technik

3 01/11/2017

DIE NÄCHSTE KRISE KOMMT.

CYBER-KRISENSIMULATION IM EY WAVE SPACE TM

EY WAVESPACE, MADRID, SPAIN

Seite 11

Cybersecurity Services

1 1.1 1.2 1.3 1.4 1.5 1.6 Cybersicherheit Sicherheits- Cyber-ökonomie IT Risiko- Cyber Cyber CxO Sicherheits- Strategie und strategie & & management Dashboard Agenda bewusstsein Umwandlung Planung Due Diligence

2 2.1 2.2 2.3 2.4 2.5 2.6 Cybersicherheit Cyber- ISMS Tools & ISMS ISO 27001 Prozesse & Maturitäts- sicherheit & Automati- IT Sicherheits- beurteilung ISO 27001 Zertifikation gesetz Steuerungen Verwaltung sierung

3 3.1 3.2 3.3 3.4 3.5 3.6 Simulierter Cyberbedrohungen & Angriff & Cyber Triage: Sicherheits- Digital Forensic Cyber War Cyberkrisen- Management Penetrations- Bin ich schon analyse Readiness Games management & test betroffen? Comms.

4 4.1 4.2 4.3 4.4 4.5 4.6 Security Cyberoperative Bedrohungs- & Cyber- Incident & SAP Sicherheits- Operations Vulnerabilitäts- bedrohungs- Response Cyberermittlung integration und - Dienste Center (SOC) management analyse Management verwaltung

5 5.1 5.2 5.3 5.4 5.5 5.6 Digitales Abbild Strategie & IAM Zugangs- und IAM Implemen- Überprüfung auf Identifizierungs- und IAM Diagnosen Zugangsmanagement Planung kontrolle Identifikations- tierung Datenabfluss management 6 6.1 6.2 6.3 6.4 6.5 6.6 Datenschutz- Bewertungen, Data Privacy Datensicherheit Datenschutz und vorgänge und Überprüfungen Management in der EU Datenschutz- Datenschutz Verwaltung Verantwortlich- und System (DSMS) Technologie Grundverordnung keiten Zertifizierung

7 7.1 7.2 7.3 7.4 7.5 7.6 Industrie- Industrie 4.0 / Widerstands- Schutz in der Sicherheit von Datenschutz von spezifische Internet der fähigkeit der Digitale Zertifikate Cloud Grund auf Grund auf Sicherheit Dinge (IoT) digitalen Welt

Seite 12

4 01/11/2017

Seite 13