1 / 19

aleksandar mujadin

aleksandar mujadin. Trends in cyber security. the need for privacy and security. Main drivers for increased investment into cyber defense Cybercrime Cyberwarfare Laws and regulations , e.g . GDPR, NIS, PSD2, CCPA, EPR Privacy consciousness. cybercrime.

hardie
Download Presentation

aleksandar mujadin

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. aleksandarmujadin Trends in cyber security

  2. the need for privacy and security Main drivers for increased investment into cyber defense Cybercrime Cyberwarfare Laws and regulations, e.g. GDPR, NIS, PSD2, CCPA, EPR Privacyconsciousness

  3. cybercrime increasedcost to society 💸

  4. cybercrime * Valimailreport **FBI examples Crypto mining malware for Monero, $56m in profit over 12 years HackingofBitcoinexchanges, ~$1bn in 2018 3.4 billion fakeemails sent eachday* Business e-mail compromise** 136% increasebetween Dec. 2016 – May 2018 100% increasebetween May 2018 – July 2019 Actual & attempted loss over 3 years: $26 billion US worldwide

  5. groupdiscussion Vad ser ni som de främsta drivkrafterna i era organisationer när det kommer till IT säkerhet? Finns det något område som ni anser är viktigast att satsa på under 2020?

  6. worldwide trends

  7. encryption Importantbuilding block for security and privacy Going towards a fullyencrypted web 2014 = ~25% of web sites used HTTPS 2019 = ~78% of web sites using HTTPS worldwide, USA ~87% Reducedcostof TLS certificatesthanks to Let’sEncrypt Issues > 1 million certificates / day Rethinkingkey management hygiene Otherinitiatives to encryptothertypesoftraffic DNS encryption

  8. Death ofevcertificates

  9. otherinitiatives STARTTLS Everywhere – preventdowngrade attacks on e-mail traffic MTA-STS Encryptionof DNS traffic – making it impossible for the ISP / network operator to see DNS queries DNS-over-TLS DNS-over-HTTPS Builtinto end userapplications, e.g. Firefox Questionableprivacybenefits Bypass DNS based filters

  10. TLS 1.3 ¹draft-camwinget-tls-use-cases-00 released aug-2018 Reducescomplexity Removesobsolete and insecureciphers Increasesperformance Introducesdowngradeprotection Enforces ”Perfect Forward Secrecy” Big impact on networksecurityappliancesthat do traffic inspection¹ Re-architectingnecessary Passive mode decryption not possible ”Fake” eTLSprotocolproposed as a workaround

  11. safeprogramming ¹ According to Microsoft SecurityResponse Center Highperformancecoding still done in C and C++ 70% ofsecurityvulnerabiltitiesdue to memorysafety issues¹ Rust to the rescue Linux

  12. passwordless Issueswithpasswordstoday; passwordspraying, credentialstuffing, phishing, brute force, offlinecracking, localdiscovery, keyloggers. Built on public keycryptography and open standards FIDO2 and WebAuthn Availabletoday in Windows 10 and Azure Active Directory Begin planning today!

  13. AI Explainable AI (XAI) Trust Understanding Accountability AI or ML techincluded in securityproducts Attacks against AI Data poisoning

  14. blockchain * https://nvlpubs.nist.gov/nistpubs/ir/2018/NIST.IR.8202.pdf Recommendedreading: NISTIR 8202 – BlockchainTechnologyOverview* Gartner Predicts 90% of Current Enterprise Blockchain Platform Implementations Will Require Replacement by 2021

  15. decentralizedidentity https://w3c-ccg.github.io/did-primer/ status update Recapofgoals: Control yourown digital identity, whatyoushare and whoyoushare it with. Based on privacy by design & data minimizationprinciples. No personal info stored on the blockchain Personal wallet W3C standards work Decentralizedidentifiers (DID) VerifiableCredentials (VC) Open standards – open source development Github, Microsoft, Sovrin etc. European Blockchain Services Infrastructure (EBSI)

  16. EBSI usecase: European Self Sovereign Identity (ESSIF) Microsoft DecentralizedIdentity Whitepaper highleveloverview

  17. Thankyou! Aleksandar Mujadin aleksandar.mujadin@pulsen.se 073 - 4213 013

  18. 11:20 Heading to digitize a business with over 600 000 employees. Daniel Hjort

More Related