Share these talks and lectures with your colleagues
Invite colleaguesWe noted you are experiencing viewing problems
-
Check with your IT department that JWPlatform, JWPlayer and Amazon AWS & CloudFront are not being blocked by your network. The relevant domains are *.jwplatform.com, *.jwpsrv.com, *.jwpcdn.com, jwpltx.com, jwpsrv.a.ssl.fastly.net, *.amazonaws.com and *.cloudfront.net. The relevant ports are 80 and 443.
-
Check the following talk links to see which ones work correctly:
Auto Mode
HTTP Progressive Download Send us your results from the above test links at access@hstalks.com and we will contact you with further advice on troubleshooting your viewing problems. -
No luck yet? More tips for troubleshooting viewing issues
-
Contact HST Support access@hstalks.com
-
Please review our troubleshooting guide for tips and advice on resolving your viewing problems.
-
For additional help, please don't hesitate to contact HST support access@hstalks.com
We hope you have enjoyed this limited-length demo
This is a limited length demo talk; you may
login or
review methods of
obtaining more access.
Printable Handouts
Navigable Slide Index
- Introduction
- Contents and takeaways
- Friendly fire
- A few statistics
- A few definitions
- Data in all of its states (1)
- Location of your data
- Types of data
- Classification of data
- Data in all of its states (2)
- Knowing when your data is vulnerable
- Threat evolution over the ages
- Anatomy of a data breach - Kill chain
- Preventing and diffusing breaches (1)
- Preventing and diffusing breaches (2)
- Preventing and diffusing breaches (3)
- Preventing and diffusing breaches (4)
- Detecting a breach
- Popular questions
- prevention vs. other approaches
- Moral hazard - Whose risk is it?
- Threat prevention wins
- Can we simply prevent every threat?
- Review
This material is restricted to subscribers.
Topics Covered
- Important terms in cyber security
- Location, types and classification of data
- History and evolution of cyber threats
- The kill chain
- Preventing and diffusing breaches
Talk Citation
Thurlbeck, S. (2018, August 30). Cyber threat prevention [Video file]. In The Business & Management Collection, Henry Stewart Talks. Retrieved October 12, 2024, from https://doi.org/10.69645/EXMC2288.Export Citation (RIS)
Publication History
Other Talks in the Series: Practical Cybersecurity
Transcript
Please wait while the transcript is being prepared...
0:00
Hello my name is Stephen Thurlbeck and I am
pleased to be taking you through Cybersecurity threat prevention.
As a company that focuses on C- level thought leadership, business transformation,
and bespoke software development and integration,
Cybersecurity is front of mind and close to my heart.
In the next 30 minutes or so,
we will be exploring where vulnerable information lives,
the evolution of threats and finally
the anatomy of a data breach and preventative steps that you should be taking.
0:31
Despite training, years of preparation,
and a lot of long days troubleshooting and mitigating issues,
I continue to come across situations I've not previously seen.
As well as issues that should have been resolved years ago.
We're going to walk through a few statistics
and definitions to start
and then, I'm going to help you understand
where your data lives and when it's vulnerable.
I will provide some insight into the past to help us understand where we are now,
and we're going to walk through the evolution of a data breach;
and then talk through prevention and diffusion.
At the end of this seminar,
you will understand data states,
levels of vulnerability in the kill chain.
I'm going to respond to some frequently asked questions,
and provide details around controls,
and talk about prevention.
Finally you should walk away from this seminar with a few pointed questions for
your teams and some specific Cybersecurity risk mitigation steps to follow.
I hope you enjoy your time with me.
1:32
I like to start these types of presentations
with a little story that happened several years back.
As we were scaling up the company to be able to handle a mass influx of new business,
we had engaged with a top tier partner to provide
and support us through a migration to much faster storage.
The project ran beautifully.
We were ahead of schedule,
had overcome a seemingly never-ending series of issues,
and our team had learned a new product inside and out.
The last phase of execution was to finalize a final small data migration,
switch to the new storage,
and decommission the old storage by wiping it out.
Remember this old storage was holding in excess of tens of millions of
records and have them leave
our secure premise - without being wiped would border on the criminal.
So the final migration completed and a short while after that,
the storage service provider went to remotely wipe
the old storage, so it could be decommissioned.
Except that they didn't.
Remotely the vendor and I cannot stress enough that
this is a top tier vendor to this day,
entered the commands to wipe the disk volumes,
but instead of the old volumes,
they entered the new ones.
So a vendor sitting outside our physical perimeter,
accessed our production environment,
and wiped out current data,
and any of the deltas that had occurred since the final migration.
Why do I start with this story?
Because normally we look outside our organizations for Cybersecurity issues and
25 percent of all issues
start with people inside of your organization, who were not paying attention,
who were negligent, and who are also malicious.