Cyber threat prevention

Published on August 30, 2018   56 min

Other Talks in the Category: Technology & Operations

0:00
Hello my name is Stephen Thurlbeck and I am pleased to be taking you through Cybersecurity threat prevention. As a company that focuses on C- level thought leadership, business transformation, and bespoke software development and integration, Cybersecurity is front of mind and close to my heart. In the next 30 minutes or so, we will be exploring where vulnerable information lives, the evolution of threats and finally the anatomy of a data breach and preventative steps that you should be taking.
0:31
Despite training, years of preparation, and a lot of long days troubleshooting and mitigating issues, I continue to come across situations I've not previously seen. As well as issues that should have been resolved years ago. We're going to walk through a few statistics and definitions to start and then, I'm going to help you understand where your data lives and when it's vulnerable. I will provide some insight into the past to help us understand where we are now, and we're going to walk through the evolution of a data breach; and then talk through prevention and diffusion. At the end of this seminar, you will understand data states, levels of vulnerability in the kill chain. I'm going to respond to some frequently asked questions, and provide details around controls, and talk about prevention. Finally you should walk away from this seminar with a few pointed questions for your teams and some specific Cybersecurity risk mitigation steps to follow. I hope you enjoy your time with me.
1:32
I like to start these types of presentations with a little story that happened several years back. As we were scaling up the company to be able to handle a mass influx of new business, we had engaged with a top tier partner to provide and support us through a migration to much faster storage. The project ran beautifully. We were ahead of schedule, had overcome a seemingly never-ending series of issues, and our team had learned a new product inside and out. The last phase of execution was to finalize a final small data migration, switch to the new storage, and decommission the old storage by wiping it out. Remember this old storage was holding in excess of tens of millions of records and have them leave our secure premise - without being wiped would border on the criminal. So the final migration completed and a short while after that, the storage service provider went to remotely wipe the old storage, so it could be decommissioned. Except that they didn't. Remotely the vendor and I cannot stress enough that this is a top tier vendor to this day, entered the commands to wipe the disk volumes, but instead of the old volumes, they entered the new ones. So a vendor sitting outside our physical perimeter, accessed our production environment, and wiped out current data, and any of the deltas that had occurred since the final migration. Why do I start with this story? Because normally we look outside our organizations for Cybersecurity issues and 25 percent of all issues start with people inside of your organization, who were not paying attention, who were negligent, and who are also malicious.