CYBERSECURITY

 

15.02.2022 - ESCP - Paris

 

Inti Rossenbach

whoami

- Inti Rossenbach, cybersecurity expert / manager since 1998

- Physics, applied cryptography then cybersecurity, sea kayak expedition in Patagonia, CISO

- University lecturer

- www.cryptosec.org

- iro@cryptosec.org

- Twitter @secucrypt

- Two real-life cyber attacks

- Threats, risks and security

- Ethics

- Vulnerabilities

- Perimetrical defenses

- In-depth defenses

- Humans

- Detection and reaction

What do you expect?


Two real-life cyber attacks

Target, 2013

Trump, 2016

https://www.theregister.com/2020/09/11/trump_twitter_account_recycled_password/

https://crackstation.net/

Threats, risks and security

- No 0 risk, life is risky

- Risk treatment: accept, reduce / mitigate, refuse, transfer

- Impacts: confidentiality, integrity, availability

- Security controls: prevention, detection, reaction

Threat landscape:

- cybercrime (frauds, ransomware...)

- script kiddies

- competitors

- espionnage & state-sponsored actors

- ...

Ethics

- Laws, regulations, privacy, GDPR...

- Always keep thinking by yourself about what you are doing

Vulnerabilities & cyber attacks

- Definition: bugs, configuration errors, conception mistakes, backdoors...

- Some samples: buffer overflows, injections, RCE, supply chain attacks ...

Perimetrical defenses

- Network

- Emails and attachments

- Web access

In-depth defenses

- Internal network segregation

- Vulnerability and patch management

- Hardening

- Antimalwares

- Cryptography

- Passwords and authentication

- Secure remote accesses

- Application security

Humans

- Social engineering: pshishing, spear phishing...

- Security policy

- Security organization

- Security awareness

Detection and reaction

- Logs and alerts

- Scans and pentests

- DFIR

- SOCs, CERTs, CSIRTs...

¡ Thank you for your attention !

iro@cryptosec.org | Twitter @secucrypt