This document provides the slides and some notes of the guest lectures of the course Digital Organisations in the academic year .
-8/11: KPMG
-15/11: Delaware
- 22/11: B
-29/11: Umicore
-6/12: KPMG Lighthouse
-6/12 KVBV
The subjects included are how hackers opeate in the digital area, achiev...
8 NOVEMBER 2023: GUEST LECTURE KPMG: HOW HACKERS OPERATE IN THE DIGITAL AREA
THE CYBER LANDSCAPE
• By 2024
o 40% of enterprises will adopt SASE
▪ SASE = Having a network that’s is an interpolate
between cloud based components and traditional
cloud centers
▪ Security on network level
▪ With things like Microsoft Azure
▪ Not anymore only on sites
• By 2025:
o There will be roughly 200 zettabytes of data
▪ 1 Zettabytes = around a trillion gigabytes = around a billion terabytes
o 50% of ALL data will be stored in the cloud
▪ = on somebody else’s computer somewhere in the world
▪ = you trust a 3th party with it!
• By 2030:
o Roughly 25.44 billion IoT devices connected
▪ Which can be hacked!
o 4.5+ billion people on the internet
o Estimated 45 million software developers
• The dark web
o = a place on the internet where you can’t go to because of specific protocols, where you could download that
are been breadged by someone
o Also to buy guns etc.
o You usually don’t use it
o Estimated 5000 x larger than surface web
• Working remotely
o Difficult for security!
o 98% of employees want the option to work remotely
• It takes an average of 280 days to identify & contain a data breach
o Tends to go up
• Data explosion! (digitalization)
o More people on the internet (now 2/3 of population)
▪ → human is attack factor (phishing)
• The base of attack is growing
o 2021: every 5 seconds an attack
o Really profitable to be a cyber crime
o 2021: $21 billion in total
,• Global threat landscape (who are those hackers): 4 different kinds
o State sponsored
▪ A lot of funding (money, resources)
▪ You can’t do a lot with that
▪ For example Conflict Israel – Palestine → also battling virtually (hidden war)
• Israel: one of the most advanced countries when it comes to hacking, cyber, …
o Organized crime
▪ Like a gang on the street robing you
▪ Organized: people on payroll, they hire employees
▪ Example: he knew it was scam but did it anyways, an old lady gave the bank code 6 times and she lost
€60 000.
▪ More and more sophisticated
▪ More difficult to spot if it’s a phishing mail
o Hacktivists
▪ Anonymous , typically with the black hoodie
o Trusted insider
▪ Intentionally or unintentional?
▪ Employee who does something wrong
o Targets almost always financial (but can be data – intellectual property – reputation – disruption)
o 63% of security incidents caused by malicious or criminal attacks (not by accident)
o 23% was because the hacker was able to log in
o 78% reported that there was an increase in phishing attacks during covid-19
o 6% insider threat (less impact, because they’re trusted)
• Information security is CIA: 3 main concepts (protecting data)
o Confidentiality
▪ Information that should not be seen by someone else is only seen by
the people who it’s intended for
▪ Info not leaking, remain confidential
▪ For example bank account data, some messages/pictures you send
▪ Example: Ashley Madison (dating site for married people)
• Hackers stole over 300GB of data (names, banking data,
credit card, transactions, secret sexual fantasies, …)
• CEO’s, political people were on this site → huge impact!
▪ Example: Eveline (Peter Van De Veire, Sam Van Samang, Sean D’hondt) → filming for a fictious person
o Integrity
▪ Ensuring that data is delivered in the way it should be and it remains unchanged
▪ Example: uranium enrichment plant → attackers got into factory network by effected USB
• Because of malware: such speed that they broke themselves down
• Sophisticated hack: also altered the data to make it look that everything is green (nobody
noticed)
o Availability
▪ You want data to be available at all times
▪ Also your production line (IoT)
▪ Example: Asco (airplane parts) & Picanol: attack on production network (whole network was down,
couldn’t produce anymore for couple of months) → BIG ISSUE (damage of millions + a lot of time to
get back up and running)
, • Information Security is PPT
o A lot of clients buy a certain solution (a certain technology tike AI)
▪ Then you just look at technology
▪ Least import of PPT
▪ That’s only supporting you in your business
o People and process are most important
o We compare it with buying a car: we buy the best, we implement it and it’s going to solve everything, a few
moments later they crash into a wall, why? They don’t thought about getting their license
o PP → supporting our clients
o What do you do for your clients in term of PPT?
People Process Technology
Leadership Support Governance Frameworks Assets
Training & Awareness Management Systems Network
Competent Resources Policies & procedures Software
Internal Audits Security Solutions
COMMON CYBERSECURITY MYTHS
1. “We have to achieve 100 percent security.”
o Reality: 100% security is neither feasible nor the appropriate goal
o If that’s your only goal, you will miss out on effectively manage these risks
o It’s about risk management
o You can lower the likelihood, but not totally avoid it
o Balance: limited money & resources (knowledge, place, …) – as secure as possible (not 100%)
2. “The cloud is more/less secure.”
o Reality: A secure Cloud Transition is not a secure Cloud transformation
o It’s about the way you manage the cloud
o Microsoft: this is our responsibility, this is your responsibility
3. “Cybersecurity compliance is all about effective monitoring.”
o Reality: The ability to learn is just as important as the ability to monitor
o You need to do a root cause analysis and not only just fix the issue
4. “We need all the best tools the market can offer.”
o Reality: We need a coherent solution that can be monitored from a single interface
o Portfolio of measures you are managing (it’s not always the best of the market, but sometimes that’s enough.
Than you have more money for other things)
5. “Hackers break in.”
o Reality: Hackers log in, because of weak identity protection
o Multifactor authentication! = very important
o Example from his own life: A month ago: Microsoft authenticator: “give in a code” → he didn’t pressed it in
because he wasn’t logging in somewhere. Later he went to his Microsoft and saw that somebody in the US
tried to log in. → he knew his password is breached
o Password manager!!! Recommendation!! If you have different password (that’s the safest option)
o LastPass: one of the best solution → all of their credentials where breached, one of the engineers at home use
plex (watch movies you legally bought): somebody was able to breach his own network at home and get his
own passwords and by logging in in the network they were able to get all the passwords
o Haveibeenpwnd.com (to see if you’re breached) → almost always you find something here (CAN BE FAKE)
o The best way to prevent for hackers breaking in is to have everywhere another password (and so user a
password manager)
Los beneficios de comprar resúmenes en Stuvia estan en línea:
Garantiza la calidad de los comentarios
Compradores de Stuvia evaluaron más de 700.000 resúmenes. Así estas seguro que compras los mejores documentos!
Compra fácil y rápido
Puedes pagar rápidamente y en una vez con iDeal, tarjeta de crédito o con tu crédito de Stuvia. Sin tener que hacerte miembro.
Enfócate en lo más importante
Tus compañeros escriben los resúmenes. Por eso tienes la seguridad que tienes un resumen actual y confiable.
Así llegas a la conclusión rapidamente!
Preguntas frecuentes
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
100% de satisfacción garantizada: ¿Cómo funciona?
Nuestra garantía de satisfacción le asegura que siempre encontrará un documento de estudio a tu medida. Tu rellenas un formulario y nuestro equipo de atención al cliente se encarga del resto.
Who am I buying this summary from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller StudentUA8. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy this summary for 6,49 €. You're not tied to anything after your purchase.
