Date post: | 15-Feb-2017 |
Category: |
Technology |
Upload: | georgian-partners |
View: | 75 times |
Download: | 0 times |
Security First
georgianpartners.com Security First
• A holistic way of thinking about security
• Increasingly a competitive differentiator
• Not just security of data, networks, logins, web…
• Each new area of innovation has a security aspect
What Is Security First?
Security First
Why Should Any of Us Care?
georgianpartners.com Security First
Security Impact on Valuations
georgianpartners.com Security First
Global Cost of Cyber Crime
– Juniper Research
georgianpartners.com Security First
Cyber Crime: Explosive Impact
Source: Ponemon Institute
Source: Imprima
6%
5%
5%
5%
4%
Financial
Health
Services
Technology
Life Sciences
Breaches Cause Churn
$355
$246
$221
$208
$195
Healthcare
Education
Financial
Services
Life Sciences
Per Record Cost
Shutdown in 24M, 72%
Survive, 28%
Data Loss
Shutdown in 12M, 93%
Survive, 7%
Data Loss > 10 days
georgianpartners.com Security First
• J.P. Morgan Chase & Co.From $250M to $500M in 2016
• Bank of America said that “the only place in the company that didn't have a budget constraint was cybersecurity“
• U.S. govt increased budget by 35%, going from $14B in 2016 to $19B in 2017
• Morgan Stanley says that cyber security market went from $4B in 2004 to $120B in 2017 (31% CAGR)
Security: Good Growth
$1,144$1,957 $2,144
$2,814$3,830
$0
$1,000
$2,000
$3,000
$4,000
$5,000
2011 2012 2013 2014 2015
Source: Gartner
Source: CB Insights
$0
$20
$40
$60
$80
$100
2011 2012 2013 2014 2015 2016
Global Cybersecurity Spending Billions
Cybersecurity Global Yearly Funding History2011-2015
166222
264299
332
Security First
Near-Future Trends
georgianpartners.com Security First
• 10s of millions of IoT devices used for 1.2 Tbps DDoS
• Jeep hack causes recall of 1.4M cars for bug fix
• Ransomware quadruples in 2016• Apple announces differentially
private ML
2017+: Rapid Scaling
georgianpartners.com Security First
• Time to market critical• Just like software in 2000s:
function first• Weak authentication• Excessive collection of data• Potential direct harm in
physical world
The IoT (In)Security Iceberg
georgianpartners.com Security First
• GDPR – General Data Protection Regulation
• Comes into force in EU in May 2018
• Affects any company that processes data of EU residents
• Fine: max of €20M and 4% of revenue
Security and Privacy Regulations
georgianpartners.com Security First
Applications:• Convince an autonomous car
that it’s about to hit a wall• Convince a bot with 99% certainty
that someone else requested a transaction
• Convince an industrial system that it’s not overheating
• Works even without knowing the model or training data!
Security of AI (or How to Brainwash a Robot)
georgianpartners.com Security First
• Classification of binaries and network traffic
• Behavioral anomaly detection• Biometrics: ECG, face recognition,
voice recognition• Hacker Bots (DARPA)
Security by Machine Learning
georgianpartners.com Security First
The Quantum Computing Armageddon
=
Hypothesis: quantum computers can break crypto exponentially faster than classic computers
georgianpartners.com Security First
• Code replaces notarized paper• Contract executes when
conditions are met• Automated organizations
managed directly by shareholders through code (DAO)
• Automation of government functions
Smart Contracts
Blockchain
Contract code
Events
Actions
georgianpartners.com Security First
Differential Privacy
Add Noise
Add Noise
Add Noise
Aggregate Analytics
“Differential privacy lets you gain
insights from large datasets, but with
a mathematical proof that no one can learn about a single individual.”
Security First
Principles
georgianpartners.com Security First
4. Go for a win-win. Seek out synergies between security and function. 5. Avoid partners that weaken your security.
8. Design systems to reduce the impact of a compromise.9. Assume that reality is always worse than it appears. 10. Have a rapid remediation plan. Practice using it.
1. Start now.2. Make security everyone’s responsibility.3. Create new value through security and privacy.
6. Always be (threat) modeling. 7. Give customers control and oversight over their data.
Differentiate onSecurity
Build onStrength
Knowledge isPower
You Will Be Hacked
georgianpartners.com Security First
Start now.
The cost of introducing privacy and security late is the cost of undoing all past decisions that have security implications. Start a introducing a security first mindset into your business today.
1
Differentiate on Security
georgianpartners.com Security First
Make security everyone’s responsibility.
The security conversation is between the CEO and all of her direct reports. Security should be embedded in culture, hiring, business strategy, technology, and promotion.
2
Differentiate on Security
georgianpartners.com Security First
Create new value through security and privacy.
Make your commitment to security and privacy known to your customers. Provide precise and accurate guarantees for the security and privacy of your products. Educate your customers on privacy benefits and risks in your vertical.
3
Differentiate on Security
georgianpartners.com Security First
Go for a win-win. Seek out synergies between security and function.
The greatest innovations are the ones that convert a win-lose to a win-win. Starting with security increases the likelihood of a win-win outcome.
4
Build on Strength
georgianpartners.com Security First
Avoid partners that weaken your security.
Your business partners and 3rd party integrations are part of the attack surface. Ask them about their security and privacy stance, and prefer security first partners. Help your partners take a security first stance as a way to protect yourself.
5
Build on Strength
georgianpartners.com Security First
Always be (threat) modeling.
Adversarial behavior can take many forms. Be creative in understanding your assets, stakeholders and current state of the system. Plan ahead for new attack surfaces and advances in attacker capabilities.
6
Knowledge is Power
georgianpartners.com Security First
Give customers control and oversight over their data.
Customers value their data. Provide more privacy guarantees and customer control over data as a way to increase the value of your services.
7
Knowledge is Power
georgianpartners.com Security First
Design systems to reduce the impact of a compromise.
Avoid single points of failure and be fastidious in granting access to resources. Assume that each asset is part of the attack surface, assess the risk, and apply protections accordingly.
8
You Will Be Hacked
georgianpartners.com Security First
Assume that reality is always worse than it appears.
Your security is not perfect. Test your response regularly. Be prepared to survive a failure and recover quickly. If you feel uncertain whether a decision can lead to a security compromise, it probably can.
9
You Will Be Hacked
georgianpartners.com Security First
Have a rapid remediation plan. Practice using it.
When a security or privacy compromise is discovered, exercise your well practiced incident response plan and notify affected customers. Provide timely remediation to protect your brand and retain customer trust.
10
You Will Be Hacked
georgianpartners.com Security First
4. Go for a win-win. Seek out synergies between security and function. 5. Avoid partners that weaken your security.
8. Design systems to reduce the impact of a compromise.9. Assume that reality is always worse than it appears. 10. Have a rapid remediation plan. Practice using it.
1. Start now.2. Make security everyone’s responsibility.3. Create new value through security and privacy.
6. Always be (threat) modeling. 7. Give customers control and oversight over their data.
Differentiate onSecurity
Build onStrength
Knowledge isPower
You Will Be Hacked
Security First
Thank you