This document provides the slides and some notes of the guest lectures of the course Digital Organisations in the academic year .
-8/11: KPMG
-15/11: Delaware
- 22/11: B
-29/11: Umicore
-6/12: KPMG Lighthouse
-6/12 KVBV
The subjects included are how hackers opeate in the digital area, achiev...
8 NOVEMBER 2023: GUEST LECTURE KPMG: HOW HACKERS OPERATE IN THE DIGITAL AREA
THE CYBER LANDSCAPE
• By 2024
o 40% of enterprises will adopt SASE
▪ SASE = Having a network that’s is an interpolate
between cloud based components and traditional
cloud centers
▪ Security on network level
▪ With things like Microsoft Azure
▪ Not anymore only on sites
• By 2025:
o There will be roughly 200 zettabytes of data
▪ 1 Zettabytes = around a trillion gigabytes = around a billion terabytes
o 50% of ALL data will be stored in the cloud
▪ = on somebody else’s computer somewhere in the world
▪ = you trust a 3th party with it!
• By 2030:
o Roughly 25.44 billion IoT devices connected
▪ Which can be hacked!
o 4.5+ billion people on the internet
o Estimated 45 million software developers
• The dark web
o = a place on the internet where you can’t go to because of specific protocols, where you could download that
are been breadged by someone
o Also to buy guns etc.
o You usually don’t use it
o Estimated 5000 x larger than surface web
• Working remotely
o Difficult for security!
o 98% of employees want the option to work remotely
• It takes an average of 280 days to identify & contain a data breach
o Tends to go up
• Data explosion! (digitalization)
o More people on the internet (now 2/3 of population)
▪ → human is attack factor (phishing)
• The base of attack is growing
o 2021: every 5 seconds an attack
o Really profitable to be a cyber crime
o 2021: $21 billion in total
,• Global threat landscape (who are those hackers): 4 different kinds
o State sponsored
▪ A lot of funding (money, resources)
▪ You can’t do a lot with that
▪ For example Conflict Israel – Palestine → also battling virtually (hidden war)
• Israel: one of the most advanced countries when it comes to hacking, cyber, …
o Organized crime
▪ Like a gang on the street robing you
▪ Organized: people on payroll, they hire employees
▪ Example: he knew it was scam but did it anyways, an old lady gave the bank code 6 times and she lost
€60 000.
▪ More and more sophisticated
▪ More difficult to spot if it’s a phishing mail
o Hacktivists
▪ Anonymous , typically with the black hoodie
o Trusted insider
▪ Intentionally or unintentional?
▪ Employee who does something wrong
o Targets almost always financial (but can be data – intellectual property – reputation – disruption)
o 63% of security incidents caused by malicious or criminal attacks (not by accident)
o 23% was because the hacker was able to log in
o 78% reported that there was an increase in phishing attacks during covid-19
o 6% insider threat (less impact, because they’re trusted)
• Information security is CIA: 3 main concepts (protecting data)
o Confidentiality
▪ Information that should not be seen by someone else is only seen by
the people who it’s intended for
▪ Info not leaking, remain confidential
▪ For example bank account data, some messages/pictures you send
▪ Example: Ashley Madison (dating site for married people)
• Hackers stole over 300GB of data (names, banking data,
credit card, transactions, secret sexual fantasies, …)
• CEO’s, political people were on this site → huge impact!
▪ Example: Eveline (Peter Van De Veire, Sam Van Samang, Sean D’hondt) → filming for a fictious person
o Integrity
▪ Ensuring that data is delivered in the way it should be and it remains unchanged
▪ Example: uranium enrichment plant → attackers got into factory network by effected USB
• Because of malware: such speed that they broke themselves down
• Sophisticated hack: also altered the data to make it look that everything is green (nobody
noticed)
o Availability
▪ You want data to be available at all times
▪ Also your production line (IoT)
▪ Example: Asco (airplane parts) & Picanol: attack on production network (whole network was down,
couldn’t produce anymore for couple of months) → BIG ISSUE (damage of millions + a lot of time to
get back up and running)
, • Information Security is PPT
o A lot of clients buy a certain solution (a certain technology tike AI)
▪ Then you just look at technology
▪ Least import of PPT
▪ That’s only supporting you in your business
o People and process are most important
o We compare it with buying a car: we buy the best, we implement it and it’s going to solve everything, a few
moments later they crash into a wall, why? They don’t thought about getting their license
o PP → supporting our clients
o What do you do for your clients in term of PPT?
People Process Technology
Leadership Support Governance Frameworks Assets
Training & Awareness Management Systems Network
Competent Resources Policies & procedures Software
Internal Audits Security Solutions
COMMON CYBERSECURITY MYTHS
1. “We have to achieve 100 percent security.”
o Reality: 100% security is neither feasible nor the appropriate goal
o If that’s your only goal, you will miss out on effectively manage these risks
o It’s about risk management
o You can lower the likelihood, but not totally avoid it
o Balance: limited money & resources (knowledge, place, …) – as secure as possible (not 100%)
2. “The cloud is more/less secure.”
o Reality: A secure Cloud Transition is not a secure Cloud transformation
o It’s about the way you manage the cloud
o Microsoft: this is our responsibility, this is your responsibility
3. “Cybersecurity compliance is all about effective monitoring.”
o Reality: The ability to learn is just as important as the ability to monitor
o You need to do a root cause analysis and not only just fix the issue
4. “We need all the best tools the market can offer.”
o Reality: We need a coherent solution that can be monitored from a single interface
o Portfolio of measures you are managing (it’s not always the best of the market, but sometimes that’s enough.
Than you have more money for other things)
5. “Hackers break in.”
o Reality: Hackers log in, because of weak identity protection
o Multifactor authentication! = very important
o Example from his own life: A month ago: Microsoft authenticator: “give in a code” → he didn’t pressed it in
because he wasn’t logging in somewhere. Later he went to his Microsoft and saw that somebody in the US
tried to log in. → he knew his password is breached
o Password manager!!! Recommendation!! If you have different password (that’s the safest option)
o LastPass: one of the best solution → all of their credentials where breached, one of the engineers at home use
plex (watch movies you legally bought): somebody was able to breach his own network at home and get his
own passwords and by logging in in the network they were able to get all the passwords
o Haveibeenpwnd.com (to see if you’re breached) → almost always you find something here (CAN BE FAKE)
o The best way to prevent for hackers breaking in is to have everywhere another password (and so user a
password manager)
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller StudentUA8. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $6.97. You're not tied to anything after your purchase.