(IN)SECURITY, RISK & THE LIFECYCLE OF VULNERABILITIES Dr. Stefan Frei Security Architect at Swisscom [email protected] Twitter @stefan_frei Cyber & Networking Security Networking security has become critical issue for § all types of industries But in many aspects, cyber security differs § fundamentally from past challenges NetSec 2015 Slide 2 What makes the cyber world special? Communication between people, machines and § devices Increase of computing performance § Price erosion § Software eats the world § NetSec 2015 Slide 3 Technology & Innovation In just two decades, new technologies and the Internet transformed society and businesses alike We had little time to learn or adopt – as individuals, society or industry We have to adopt to permanent change and high dynamics 1 Million Years 50 Years NetSec 2015 Slide 4 The Environment Internet usage has grown to more than three billion users The number of targets, revenue per target and type of exploitation has also evolved rapidly: § Networking evolved from dedicated point to point connections to ubiquitous communication between people, platforms, and applications § Vulnerabilities in applications and devices are now globally exposed and accessible NetSec 2015 Slide 5 Why is network security an issue? Infinite Interactions, Protocols, Service, Apps § Economy and our life increasingly depend on the Internet § Distributed information systems have become critical infrastructures Open Systems § technology is standardized and is no longer a secret Insecurity driven by organized adversaries § Entirely new «business models» NetSec 2015 Slide 6 Security has become critical § Security § Security is one of the hidden building blocks of the Internet § The limits of security imply the limits of the Internet § Growing online business attracts attackers § Attackers increase the cost of doing business online § But the business opportunities of being on the Internet far outweigh the risks Market acceptance Serious Use of Internet (since 2000) Time Early Hype Trough of Adoption (late 90s) Disillusionment (mid 90s) (2000-2003) NetSec 2015 Slide 7 Internet Security Evolution Figure courtesy Engin Kirda, Northwestern University NetSec 2015 Slide 8 The Threat Environment Fast growing segmen t Personal Theft Gain n o Author i t Tools created by a Personal of v experts are used ti Fame Tools o by less-skilled M Vandalism criminals, for personal gain Curiosity Script- Hobbyist Expert Kiddy Hacker Attackers’ Expertise NetSec 2015 Slide 9 complexity • complexity and interaction between systems is growing continously • complexity is the worst enemy of security
Description: