I’ll Give You $1k To Use Your Username & PW Over The Holidays

by

SecTor presentation by Kristin Lovejoy at

http://2015.video.sector.ca/video/144598380

kristinlovejoySector

There are several business disrupters:

  1. The Cloud is changing how software is developed and thus how security should look at the cloud
  2. Agile Programming  methodology is changing not just how we develop software but also how we look at security.   Agile programming is reducing the time from design to end product, but security is now thought about even less, since finishing a product quickly is the paramount concern.

What we need to do in the Agile programming team, is to include Security within the development team, create a risk management team, and an architecture team. Part of the sprint needs to have vulnerability assessments.

The security team must be able to plug in and integrate to the development team.

 

More Business disrupters

3. Millennials will not accept a restrictive workplace (no Facebook or other social media) and make us redefine privacy needs.

4. All bad guys that attack are getting in.

Insider attacks with outside are even more effective: “I’ll give you $1k to use your username & pw  over the holidays”

95% of all breaches tied to human error.

Developers do not develop with security in mind.

5. Threatscape: the criminals are increasing due to the increasing monetary rewards they are getting.  Due to the increasing availability of Internet connections in east Europe and the developing countries, criminal attacks will increase 50%-75%.

Political attacks (disruption) were 2% of all attacks, this will also increase to 8%-10% of all attacks.

 

So knowing all that … Detection is very important and don’t just use the SIEM (Security Information Event Management) systems, but include people and processes.

There will be higher regulations coming to us as cybersecurity regulations (because that sounds sexier).

 

The bottom line?  It is what we have been discussing all along – we must test more, but even though automating  security is not possible we can do better.

The most interesting things Kristin said:

There are no Security absolutes – instead try to improve – try to make everyone realize we will get attacked – we re trying to minimize damages.

fixvirussystemengineering

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.