190 likes | 220 Views
aleksandar mujadin. Trends in cyber security. the need for privacy and security. Main drivers for increased investment into cyber defense Cybercrime Cyberwarfare Laws and regulations , e.g . GDPR, NIS, PSD2, CCPA, EPR Privacy consciousness. cybercrime.
E N D
aleksandarmujadin Trends in cyber security
the need for privacy and security Main drivers for increased investment into cyber defense Cybercrime Cyberwarfare Laws and regulations, e.g. GDPR, NIS, PSD2, CCPA, EPR Privacyconsciousness
cybercrime increasedcost to society 💸
cybercrime * Valimailreport **FBI examples Crypto mining malware for Monero, $56m in profit over 12 years HackingofBitcoinexchanges, ~$1bn in 2018 3.4 billion fakeemails sent eachday* Business e-mail compromise** 136% increasebetween Dec. 2016 – May 2018 100% increasebetween May 2018 – July 2019 Actual & attempted loss over 3 years: $26 billion US worldwide
groupdiscussion Vad ser ni som de främsta drivkrafterna i era organisationer när det kommer till IT säkerhet? Finns det något område som ni anser är viktigast att satsa på under 2020?
encryption Importantbuilding block for security and privacy Going towards a fullyencrypted web 2014 = ~25% of web sites used HTTPS 2019 = ~78% of web sites using HTTPS worldwide, USA ~87% Reducedcostof TLS certificatesthanks to Let’sEncrypt Issues > 1 million certificates / day Rethinkingkey management hygiene Otherinitiatives to encryptothertypesoftraffic DNS encryption
otherinitiatives STARTTLS Everywhere – preventdowngrade attacks on e-mail traffic MTA-STS Encryptionof DNS traffic – making it impossible for the ISP / network operator to see DNS queries DNS-over-TLS DNS-over-HTTPS Builtinto end userapplications, e.g. Firefox Questionableprivacybenefits Bypass DNS based filters
TLS 1.3 ¹draft-camwinget-tls-use-cases-00 released aug-2018 Reducescomplexity Removesobsolete and insecureciphers Increasesperformance Introducesdowngradeprotection Enforces ”Perfect Forward Secrecy” Big impact on networksecurityappliancesthat do traffic inspection¹ Re-architectingnecessary Passive mode decryption not possible ”Fake” eTLSprotocolproposed as a workaround
safeprogramming ¹ According to Microsoft SecurityResponse Center Highperformancecoding still done in C and C++ 70% ofsecurityvulnerabiltitiesdue to memorysafety issues¹ Rust to the rescue Linux
passwordless Issueswithpasswordstoday; passwordspraying, credentialstuffing, phishing, brute force, offlinecracking, localdiscovery, keyloggers. Built on public keycryptography and open standards FIDO2 and WebAuthn Availabletoday in Windows 10 and Azure Active Directory Begin planning today!
AI Explainable AI (XAI) Trust Understanding Accountability AI or ML techincluded in securityproducts Attacks against AI Data poisoning
blockchain * https://nvlpubs.nist.gov/nistpubs/ir/2018/NIST.IR.8202.pdf Recommendedreading: NISTIR 8202 – BlockchainTechnologyOverview* Gartner Predicts 90% of Current Enterprise Blockchain Platform Implementations Will Require Replacement by 2021
decentralizedidentity https://w3c-ccg.github.io/did-primer/ status update Recapofgoals: Control yourown digital identity, whatyoushare and whoyoushare it with. Based on privacy by design & data minimizationprinciples. No personal info stored on the blockchain Personal wallet W3C standards work Decentralizedidentifiers (DID) VerifiableCredentials (VC) Open standards – open source development Github, Microsoft, Sovrin etc. European Blockchain Services Infrastructure (EBSI)
EBSI usecase: European Self Sovereign Identity (ESSIF) Microsoft DecentralizedIdentity Whitepaper highleveloverview
Thankyou! Aleksandar Mujadin aleksandar.mujadin@pulsen.se 073 - 4213 013
11:20 Heading to digitize a business with over 600 000 employees. Daniel Hjort