+ All Categories
Home > Technology > Cybersecurity 3 cybersecurity costs and causes

Cybersecurity 3 cybersecurity costs and causes

Date post: 22-Jan-2015
Upload: sommerville-videos
View: 189 times
Download: 8 times
Share this document with a friend
Explains why it is difficult to estimate the costs of cyberattacks and discusses some fundamental causes for cybersecurity vulnerabilities
of 28 /28
Introduction to cybersecurity, 2013 Slide 1 Cybersecurity: costs and causes
  • 1. Cybersecurity: costs and causesIntroduction to cybersecurity, 2013Slide 1

2. The cybersecurity problem How big a problem is cybersecurity for individuals, businesses and nations? Why is it difficult to make networked systems secure?Introduction to cybersecurity, 2013Slide 2 3. The scale of the problem Its a big problem How big ? We really do not know Many surveys on cyber-security related losses but very wide variations and different methodologies Introduction to cybersecurity, 2013Slide 3 4. Individuals Cyber fraud Identity theft Cyber bullying and cyber stalkingIntroduction to cybersecurity, 2013Slide 4 5. The Guardian 2013 Introduction to cybersecurity, 2013Slide 5 6. Introduction to cybersecurity, 2013Slide 6 7. Businesses Differing estimates: The extent of losses depends on how these losses are measured and what data is collected Industry reluctant to release figures but when they do, they tend to overvalue assets Introduction to cybersecurity, 2013Slide 7 8. The Scotsman 2013 deadline.co.uk 2012 Introduction to cybersecurity, 2013Slide 8 9. The IET 2013 Introduction to cybersecurity, 2013Slide 9 10. Nations Cyberattacks on critical infrastructures are seen as a critical economic risk by all countries Significant resources now being devoted to cyberdefence Introduction to cybersecurity, 2013Slide 10 11. Wall Street Journal, 2013 Introduction to cybersecurity, 2013Slide 11 12. Introduction to cybersecurity, 2013 World Affairs Journal 2013Slide 12 13. Why has cybersecurity become such a major problem Scale and ubiquity of the internet Lower level of physical risk to criminals Fundamental business and technical reasons for insecurity Introduction to cybersecurity, 2013Slide 13 14. Business reasons Connection of computers to the internet can cut costs, improve the efficiency and responsiveness of business processes and open up new opportunities for interaction. Therefore business has focused on connectivity rather than security Introduction to cybersecurity, 2013Slide 14 15. Security is inconvenient and slows down transactions. Businesses have decided to prioritise convenience and usability over security. Accepting the cost of losses through cyber fraud may be a cost-effective strategy Introduction to cybersecurity, 2013Slide 15 16. Internet vulnerabilities The Internet was invented in the 1970s as a network between organisations that were trustworthy and which trusted each other The information maintained on their computers was non-commercial and not thought to be of interest to others Introduction to cybersecurity, 2013Slide 16 17. Consequently, security was not a factor in the design of internet protocols, practices and equipment. Security slows things down so efficiency was prioritized Introduction to cybersecurity, 2013Slide 17 18. These protocols made it easy for the Internet to be universally adopted in the 1990s However, the problems can only be properly addressed by a complete redesign of Internet protocols, which is probably commercially impractical. Introduction to cybersecurity, 2013Slide 18 19. Internet vulnerabilities Unencypted traffic by default Packets can be intercepted and the contents read by anyone who intercepts these packetsIntroduction to cybersecurity, 2013Slide 19 20. Internet vulnerabilities DNS system Possible to divert traffic from legitimate to malicious addresses Easy to hide where traffic has come from Domain name servers vulnerable to DoS attacks Introduction to cybersecurity, 2013Slide 20 21. Internet vulnerabilities Mail protocol No charging mechanism for mail Hence spam is possibleIntroduction to cybersecurity, 2013Slide 21 22. Technology is not the only problem Internet vulnerabilities make possible some kinds of cyber-attack but it is important to remember that cybersecurity is a socio-technical systems problem Problems almost always stem from a mix of technical, human and Introduction to cybersecurity, 2013Slide 22 23. Risk classification Risks due to actions of people Risks due to hardware or software Risks due to organisational processesIntroduction to cybersecurity, 2013Slide 23 24. Actions of people Deliberate or accidental exposure of legitimate credentials to attackers Failure to maintain secure personal computers and devicesIntroduction to cybersecurity, 2013Slide 24 25. Insider corruption or theft of data Preference for convenience and usability over security Weak passwords set because they are easy to remember and quick to typeIntroduction to cybersecurity, 2013Slide 25 26. Hardware and software Misconfigured firewalls and mail filters Programming errors and omissions in software lead to malicious penetration Buffer overflow attacks SQL poisoning attacksIntroduction to cybersecurity, 2013Slide 26 27. Organisational processes No established process and checks for updating and patching software Lack of security auditing Lack of systematic backup processesIntroduction to cybersecurity, 2013Slide 27 28. Summary Cyber attacks are a major cost for business, government and individuals. But quantifying this cost is difficult. The Internet was not designed as a secure network and making it secure is practically impossible To make systems useable, people take actions that introduce vulnerabilities into sociotechnical systems. Introduction to cybersecurity, 2013Slide 28