Convegno Sezione Automazione ANIMP - SISTEMI DI AUTOMAZIONE: NUOVE SFIDE E OPPORTUNITA'
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
SEZIONE AUTOMAZIONE
ANIMP
Convegno Sezione Automazione ANIMP
SISTEMI DI AUTOMAZIONE:
NUOVE SFIDE E OPPORTUNITA’
6 ottobre 2016
c/o Auditorium Maire Tecnimont (Milano)
Cybersecurity
Hope or prepare for resiliency?
Security Horizon
Cyber Risks
Incidents
Motives
Countermeasure & Vulnerability Landscape
Vision
A resilient approach Francesco Faenzi
Head of Cybersecurity
Business Platform
Convegno Sezione Automazione ANIMP, Milano – 6 ottobre 2016
Security Horizon
Cyber Risk
Lloyd's Risk Index 2015
Convegno Sezione Automazione ANIMP, Milano – 6 ottobre 2016
Security Horizon
Cyber Risk
World Economic Forum Global Risk 2014
Convegno Sezione Automazione ANIMP, Milano – 6 ottobre 2016Security Horizon
Cyber Risk
Allianz Global Corporate & Specialty, A Guide to Cyber Risk 2015
Convegno Sezione Automazione ANIMP, Milano – 6 ottobre 2016Security Horizon
Incidents
New Information & Communication Technology models and trends (Consumerization, BYOD, Open Knowledge Society, Cyber (In-
)Security, Cloud Services, App Economy & Always-on Workers, Internet of Everything etc.) together with Globalization trend
thanks to Internet bring many advantages to our society (sharing of information and thoughts, global communication,
transparency, etc.) but also issues …
Together with growth of Internet and online business, organizations around are progressively more exposed to malicious activities
IBM X-Force Report 2016
Convegno Sezione Automazione ANIMP, Milano – 6 ottobre 2016Security Horizon
Motives
Nuisance Data Theft Cyber Crime Hactivism Network Attack
Objective Access & Economic & Political Financial Gain Defamation, Press Escalation,
Propagation Advantage & Policy Destruction
Example Botnets & Spam Intellectual Property Credit Card Theft Website Destroy Critical
Theft Defacements Infrastructure
Targeted No Yes Yes Yes Yes
Character Aumated Persistent Opportunistic Conspicuous Conflict Driven
Iran-based China-based
Industries Targeted Energy, State Government Agencies Most industry sectors
Victim Selection Limited based on vulnerabilities Varied and independent of vulnerabilities (zero-
days)
Available Tools Publicly available Specially created, customized, publicly available
Data of Initial Observation 2012 At least 2006
Detected by Victim 75% 33%
Average Time Spent in a 28 days 243 days
Victim Organization
Re-Compromise After the Not witnessed 40% of cases
Initial Security Incident
Mandiant 2015 Threat Report
Convegno Sezione Automazione ANIMP, Milano – 6 ottobre 2016Security Horizon
Countermeasure Landscape
Attackers are able to compromise a victim in days or less with how often defenders detect compromises within that same
time frame. Unfortunately, the proportion of breaches discovered within days still falls well below that of time to compromise.
Even worse, the two situations are diverging over the last decade, indicating a growing “detection deficit” between attackers
and defenders. We think it highlights one of the primary challenges to the security industry: prevention is failing
In
of breaches, data is
stolen in hours
of breaches are
not discovered
for months
Verizon Data Breach Investigation Report 2012
Convegno Sezione Automazione ANIMP, Milano – 6 ottobre 2016Security Horizon
Countermeasure Landscape
We cannot avoid infection
Taking control requires from 10m to 48h
Detection takes up to 1 year
Remediation up to 6 months & more
- Freddy Dezeure, Head of CERT-EU
Europol Cybercrime Conference 2014
Convegno Sezione Automazione ANIMP, Milano – 6 ottobre 2016Security Horizon
Countermeasure Landscape
Approximately 70% of breaches are discovered by external parties who then notified the victim. Far less than 10% of breaches
are detected by technologies. We think this phenomena highlights another primary challenge to the security industry: detection
is failing as well
Verizon Data Breach Investigation Report 2013
Convegno Sezione Automazione ANIMP, Milano – 6 ottobre 2016Security Horizon
Vulnerability Landscape
If it's software is hackable
If it's connected it's exposed
- Joshua Corman,
- Director | Cyber Statecraft Initiative |
- at Atlantic Council
Convegno Sezione Automazione ANIMP, Milano – 6 ottobre 2016Security Horizon
Vulnerability Landscape
Rapporto Clusit 2016 sul Sicurezza ICT in Italia Rapporto Clusit 2013 su Sicurezza ICT in Italia
Rapporto Clusit 2015 sul Sicurezza ICT in Italia Rapporto Clusit 2014 sul Sicurezza ICT in Italia
Convegno Sezione Automazione ANIMP, Milano – 6 ottobre 2016Vision
A resilient approach
Enforcement Detection Response Anticipation
Default deny vs Agility If not deny then inspect Be ready to contain Borderless Visibility
something that will beyond the know Attack Surface
happen (avoid "Maginot line")
Hardening & Encryption vs Evasion Smart data & avoid "data
deluge"
Context & Enrichment Early Warning for better Response &
at hand Prevention
If not inspect then log
& hunt
Know your defenses
Exercise & Be aware
Convegno Sezione Automazione ANIMP, Milano – 6 ottobre 2016Vision
A resilient approach
Governance, Risk &
Compliance
Enforcement Detection Response Anticipation
Solutions Optimization Data Breach & Attack Cyber Threat Intelligence
Detection, Investigation &
Reaction
Data Classification & Encryption Assessment &
Tabletop Exercise
Log Management
Application,Telco & ICS/SCADA
Defense Ethical Hacking, Physical Testing,
Incident Response SCADA/ICS & IoT Testing
Digital Forensic Cyber Training & Awareness
Convegno Sezione Automazione ANIMP, Milano – 6 ottobre 2016Grazie per la cortese attenzione
Convegno Sezione Automazione ANIMP
Milano, 6 ottobre 2016You can also read
