Transcript HP Angle Light 16x9
MANAGING DIGITAL RISK: TRENDS, ISSUES AND IMPLICATIONS FOR BUSINESS
1 PRITH BANERJEE — SENIOR VICE PRESIDENT, RESEARCH & DIRECTOR, HP LABS
MANAGING DIGITAL RISKS – Rapid progress of technology and business reliance on technology mean companies face a growing problem with digital risk. – The rate, scale and sophistication of attacks will continue to adapt and grow with changing technology – Digital risk needs to become a Board-level concern – Risk managers need to develop comprehensive digital risk management strategies 2 © Copyright 2010 Hewlett-Packard Development Company, L.P.
3 HP MOBILE/CLOUD: A COMPLETE SYSTEM Next-generation information infrastructure MOBILITY Always-connected Devices Smartphones, slates, notebooks, printers Consumer Services + Mobile Apps Snapfish, MagCloud, Melodeo, ePrint, Gloe, Friendlee, Gabble… 4000+ Apps on WebOS Enterprise Cloud Solutions Help instant-on enterprises build, consume, manage and secure cloud services in hybrid environments Infrastructure as a Service Compute and storage resources, on-demand “Arms dealer” to Service Providers From BladeMatrix to Indigo CLOUD © Copyright 2010 Hewlett-Packard Development Company, L.P.
THE RAPID PACE OF TECHNOLOGY CHANGE Information Explosion Connected Technology Connected People Virtual Business 4 © Copyright 2010 Hewlett-Packard Development Company, L.P.
THE CHANGING NATURE OF THREATS – 10 years ago: Disruption from fast spreading malware – 5 years ago: Money stealing – Today: Well-funded, hidden, sophisticated and targeted attacks 2009/10 Stuxnet, Aurora and Conficker 2001 Email viruses & network worms (ILOVEYOU, NIMDA) 2005 Drive by downloads & Command & Control (Zeus) 5 © Copyright 2010 Hewlett-Packard Development Company, L.P.
2003/4 Combined techniques to spread (Blaster, Sasser)
1. Explore Target 2. Initial intrusion 3. Establish a foothold 4. Obtain security information 5. Spread to other systems 6. Steal data
6 © Copyright 2010 Hewlett-Packard Development Company, L.P.
THE DIGITAL THREAT ENVIRONMENT
Human errors Extortion Service providers Cyber-activism Cyber-fraud Hackers Crime-ware tools and services marketplace Cyber-theft Computer failures Cyber-warfare 7 © Copyright 2010 Hewlett-Packard Development Company, L.P.
Insiders/ Employees Industrial espionage Cyber-terrorism Natural disasters
THE ATTACK ENVIRONMENT RESPONDS TOO QUICKLY TO NEW OPPORTUNITIES
New Technology Varied Regulatory response Consumers & Businesses Adapt Security response Attack environment adapts
8 © Copyright 2010 Hewlett-Packard Development Company, L.P.
HOW SHOULD COMPANIES RESPOND?
– A number of suggestions on • Risk mitigation – realm of the IT department • Risk transfer – increasing opportunity to insure • Risk research – to deal with complexity – Regular intelligent review of the digital threat environment and the business dependency on technology – Need for more Collaboration, Communication and Co-operation to combat the threat environment 9 © Copyright 2010 Hewlett-Packard Development Company, L.P.