SlideShare a Scribd company logo

Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019

Download as PPTX, PDF
Codemotion
Codemotion

Eward Driehuis, SecureLink's research chief, will guide you through the bumpy ride we call the cyber threat landscape. As the industry has over a decade of experience of dealing with increasingly sophisticated attacks, you might be surprised to hear more attacks slip through the cracks than ever. From analyzing 20.000 of them in 2018, backed by a quarter of a million security events and over ten trillion data points, Eward will outline why this happens, how attacks are changing, and why it doesn't matter how neatly or securely you code.

Technology
1 of 18
SAFELY ENABLING BUSINESS www.securelink.net 2 0 . 0 0 0 a t t a c k s b y p a s s i n g o u r d e f e n s e s a n d w h y s e c u r e c o d i n g i s n ’ t t h e a n s w e r E w a r d D r i e h u i s • @ e 3 h u i s • w w w . s e c u r e l i n k . n e t
SAFELY ENABLING BUSINESS www.securelink.net THIS STORY IS BASED ON TRUE DATA • 24 years in tech / software & security • 700+ SecureLinkers • 2100 customers in 2018 • 5 Cyber Defense Centers • Over 10 trillion signals 2019-05-192 RESEARCH
SAFELY ENABLING BUSINESS www.securelink.net32019-05-19 Once upon a time….
SAFELY ENABLING BUSINESS www.securelink.net42019-05-19 2006 - 2010 2013 2017 2019
SAFELY ENABLING BUSINESS www.securelink.net19/05/2019 A LOOK AT OUR NUMBERS 5 • Signal to incident process • Layered detection: malware wins • Many “strange events”
SAFELY ENABLING BUSINESS www.securelink.net19/05/2019 • Cybercriminals & spies using same methods: social engineering • Automated scanning: software & versions, password stuffing LET’S TALK INITIAL ATTACK VECTORS 6
Safely Enabling Business www.securelink.de19/05/2019 BIGGER IS MORE SECURE 7 ATTACK FACTOR per 100/employees 9.1 1.5 1.3
SAFELY ENABLING BUSINESS www.securelink.net19/05/2019 • Ransomware is hard work • Cryptojacking super easy • Cryptojacking surpassed ransomware • … For a while. It’s not as big as some say it is. THE YEAR CRYPTOJACKING TOOK OVER? 8 jan feb mrt apr mei jun jul aug sep okt nov dec CryptoJacking Ransomware
SAFELY ENABLING BUSINESS www.securelink.net9
SAFELY ENABLING BUSINESS www.securelink.net OPPORTUNITY FOR VETERAN CRIMINALS 2019-05-1910 Quietly enter network • Look for value • Steal or extort value Plan B • Destroy online back-ups • Ransom network • Extort enterprise ransom
SAFELY ENABLING BUSINESS www.securelink.net THE POWER OF BIG NUMBERS 11 BIG DATA RETAIL FRAUD CREDIT CARD THEFT RANSOMWARE & MINING BESPOKE ATTACKS RANSOM / EXTORTION ESPIONAGE
SAFELY ENABLING BUSINESS www.securelink.net THE CRIMINAL’S PERSPECTIVE 12
SAFELY ENABLING BUSINESS www.securelink.net19/05/2019 GEOPOLITICS THE AGE OF CYBER WARFARE 13 Showing destruction Filling budget gaps Gentleman spies
SAFELY ENABLING BUSINESS www.securelink.net2019-05-1914 TOTAL SYSTEM FAILURE
SAFELY ENABLING BUSINESS www.securelink.net19/05/2019 We still encounter “Wannacry” Sometimes for understandable reasons WE NEED TO EVOLVE, BUT… WE DON’T. Depressing CSIRT tales Single factor + cloud = guaranteed pwnage 15
SAFELY ENABLING BUSINESS www.securelink.net2019-05-19 • FORCED HUMAN ERROR – Social engineering • CONFIGURATION ERROR – Website / CMS hacking • BUDGET ERROR – Diginotar • 3RD PARTY ERROR – Supply chain attacks • ARCHITECTURAL ERROR – Wannacry • BUG REASONS WE GET PWNED 16
SAFELY ENABLING BUSINESS www.securelink.net2019-05-19 • OF COURSE SECURE CODING MATTERS! • But we can’t reverse time: IF SECURE CODING ISN’T THE ANSWER… WHAT IS? • Learn & do better • APPSEC is going to be the #1 concern in the future • In the mean time, plugging holes • The system is weak & full of errors • Most attacks are “system” attacks (people, process, tech) 17
Safely Enabling Business www.securelink.de ANNUAL SECURITY REPORT https://lp.securelink.net/asr 19/05/201918 SAFELY ENABLING BUSINESS

Recommended

Infographic - Key Issues CIO's and CISO's Face
Infographic - Key Issues CIO's and CISO's FaceInfographic - Key Issues CIO's and CISO's Face
Infographic - Key Issues CIO's and CISO's FaceElizabeth Gladen
 
Security transformation: Helping you manage digital risk
Security transformation: Helping you manage digital riskSecurity transformation: Helping you manage digital risk
Security transformation: Helping you manage digital riskCristian Garcia G.
 
Nearly 80 billion dollars were spent in 2016 to fight cybercrime
Nearly 80 billion dollars were spent in 2016 to fight cybercrimeNearly 80 billion dollars were spent in 2016 to fight cybercrime
Nearly 80 billion dollars were spent in 2016 to fight cybercrimeprcircle
 
Cybercriminalité, statut, risques et prévention
Cybercriminalité, statut, risques et préventionCybercriminalité, statut, risques et prévention
Cybercriminalité, statut, risques et préventionForums financiers de Wallonie
 
Future tech trends keynote for WCO congress, Tbilisi, Georgia, June 2017
Future tech trends keynote for WCO congress, Tbilisi, Georgia, June 2017Future tech trends keynote for WCO congress, Tbilisi, Georgia, June 2017
Future tech trends keynote for WCO congress, Tbilisi, Georgia, June 2017Simon Cocking
 
NetWatcher crowdsourcing
NetWatcher crowdsourcingNetWatcher crowdsourcing
NetWatcher crowdsourcingScott Suhy
 
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczulNtxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczulNorth Texas Chapter of the ISSA
 
Protecting your brand from fraud, infringement and data breach
Protecting your brand from fraud, infringement and data breachProtecting your brand from fraud, infringement and data breach
Protecting your brand from fraud, infringement and data breachMichael Steck, JD / CIPP-US
 

Recommended

Infographic - Key Issues CIO's and CISO's Face
Infographic - Key Issues CIO's and CISO's FaceInfographic - Key Issues CIO's and CISO's Face
Infographic - Key Issues CIO's and CISO's FaceElizabeth Gladen
 
Security transformation: Helping you manage digital risk
Security transformation: Helping you manage digital riskSecurity transformation: Helping you manage digital risk
Security transformation: Helping you manage digital riskCristian Garcia G.
 
Nearly 80 billion dollars were spent in 2016 to fight cybercrime
Nearly 80 billion dollars were spent in 2016 to fight cybercrimeNearly 80 billion dollars were spent in 2016 to fight cybercrime
Nearly 80 billion dollars were spent in 2016 to fight cybercrimeprcircle
 
Cybercriminalité, statut, risques et prévention
Cybercriminalité, statut, risques et préventionCybercriminalité, statut, risques et prévention
Cybercriminalité, statut, risques et préventionForums financiers de Wallonie
 
Future tech trends keynote for WCO congress, Tbilisi, Georgia, June 2017
Future tech trends keynote for WCO congress, Tbilisi, Georgia, June 2017Future tech trends keynote for WCO congress, Tbilisi, Georgia, June 2017
Future tech trends keynote for WCO congress, Tbilisi, Georgia, June 2017Simon Cocking
 
NetWatcher crowdsourcing
NetWatcher crowdsourcingNetWatcher crowdsourcing
NetWatcher crowdsourcingScott Suhy
 
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczulNtxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczulNorth Texas Chapter of the ISSA
 
Protecting your brand from fraud, infringement and data breach
Protecting your brand from fraud, infringement and data breachProtecting your brand from fraud, infringement and data breach
Protecting your brand from fraud, infringement and data breachMichael Steck, JD / CIPP-US
 
Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessLucy Denver
 
Find IT & Marketing’s Common Ground: Make Your Site Faster
Find IT & Marketing’s Common Ground: Make Your Site FasterFind IT & Marketing’s Common Ground: Make Your Site Faster
Find IT & Marketing’s Common Ground: Make Your Site FasterGhostery, Inc.
 
IoT And Inevitable Decentralization of The Internet
IoT And Inevitable Decentralization of The InternetIoT And Inevitable Decentralization of The Internet
IoT And Inevitable Decentralization of The InternetPaul Brody
 
Nvis pitch deck version 4 - 2021 dec
Nvis pitch deck version 4 - 2021 decNvis pitch deck version 4 - 2021 dec
Nvis pitch deck version 4 - 2021 decPhilSmith151163
 
Cyber - it's all now a matter of time!
Cyber - it's all now a matter of time!Cyber - it's all now a matter of time!
Cyber - it's all now a matter of time!Gloucestershire Professionals
 
MSP Webcast - Leveraging Cloud Security to Become a Virtual CIO
MSP Webcast - Leveraging Cloud Security to Become a Virtual CIOMSP Webcast - Leveraging Cloud Security to Become a Virtual CIO
MSP Webcast - Leveraging Cloud Security to Become a Virtual CIOOpenDNS
 
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...CODE BLUE
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19Citrin Cooperman
 
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...Citrin Cooperman
 
Symantec Portfolio - Sales Play
Symantec Portfolio - Sales PlaySymantec Portfolio - Sales Play
Symantec Portfolio - Sales PlayIftikhar Ali Iqbal
 
2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber SecurityPhil Agcaoili
 
2016: The Year to Align Marketing & IT Departments
2016: The Year to Align Marketing & IT Departments2016: The Year to Align Marketing & IT Departments
2016: The Year to Align Marketing & IT DepartmentsYottaa
 
Protecting Your IP: Data Security for Software Technology
Protecting Your IP: Data Security for Software TechnologyProtecting Your IP: Data Security for Software Technology
Protecting Your IP: Data Security for Software TechnologyShawn Tuma
 
TIC-TOC: VPN Is Dead; Are you Monetizing Its Replacement?
TIC-TOC: VPN Is Dead; Are you Monetizing Its Replacement?TIC-TOC: VPN Is Dead; Are you Monetizing Its Replacement?
TIC-TOC: VPN Is Dead; Are you Monetizing Its Replacement?SaraPia5
 
Navigating Today’s Threat Landscape: Discussing Hype vs. Reality
Navigating Today’s Threat Landscape: Discussing Hype vs. RealityNavigating Today’s Threat Landscape: Discussing Hype vs. Reality
Navigating Today’s Threat Landscape: Discussing Hype vs. RealityEnterprise Management Associates
 
The only way to survive is to automate your SOC
The only way to survive is to automate your SOCThe only way to survive is to automate your SOC
The only way to survive is to automate your SOCRoberto Sponchioni
 
sc_can0315_28373
sc_can0315_28373sc_can0315_28373
sc_can0315_28373Katherine Thompson
 
Cybersecurity During the COVID Era
Cybersecurity During the COVID EraCybersecurity During the COVID Era
Cybersecurity During the COVID EraCitrin Cooperman
 
Moving Sucks. Making Secure Cloud Migration Painless
Moving Sucks. Making Secure Cloud Migration PainlessMoving Sucks. Making Secure Cloud Migration Painless
Moving Sucks. Making Secure Cloud Migration PainlessJoAnna Cheshire
 
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Codemotion
 
Pompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyPompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyCodemotion
 

More Related Content

Similar to Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019

Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessLucy Denver
 
Find IT & Marketing’s Common Ground: Make Your Site Faster
Find IT & Marketing’s Common Ground: Make Your Site FasterFind IT & Marketing’s Common Ground: Make Your Site Faster
Find IT & Marketing’s Common Ground: Make Your Site FasterGhostery, Inc.
 
IoT And Inevitable Decentralization of The Internet
IoT And Inevitable Decentralization of The InternetIoT And Inevitable Decentralization of The Internet
IoT And Inevitable Decentralization of The InternetPaul Brody
 
Nvis pitch deck version 4 - 2021 dec
Nvis pitch deck version 4 - 2021 decNvis pitch deck version 4 - 2021 dec
Nvis pitch deck version 4 - 2021 decPhilSmith151163
 
MSP Webcast - Leveraging Cloud Security to Become a Virtual CIO
MSP Webcast - Leveraging Cloud Security to Become a Virtual CIOMSP Webcast - Leveraging Cloud Security to Become a Virtual CIO
MSP Webcast - Leveraging Cloud Security to Become a Virtual CIOOpenDNS
 
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...CODE BLUE
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19Citrin Cooperman
 
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...Citrin Cooperman
 
Symantec Portfolio - Sales Play
Symantec Portfolio - Sales PlaySymantec Portfolio - Sales Play
Symantec Portfolio - Sales PlayIftikhar Ali Iqbal
 
2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber SecurityPhil Agcaoili
 
2016: The Year to Align Marketing & IT Departments
2016: The Year to Align Marketing & IT Departments2016: The Year to Align Marketing & IT Departments
2016: The Year to Align Marketing & IT DepartmentsYottaa
 
Protecting Your IP: Data Security for Software Technology
Protecting Your IP: Data Security for Software TechnologyProtecting Your IP: Data Security for Software Technology
Protecting Your IP: Data Security for Software TechnologyShawn Tuma
 
TIC-TOC: VPN Is Dead; Are you Monetizing Its Replacement?
TIC-TOC: VPN Is Dead; Are you Monetizing Its Replacement?TIC-TOC: VPN Is Dead; Are you Monetizing Its Replacement?
TIC-TOC: VPN Is Dead; Are you Monetizing Its Replacement?SaraPia5
 
Navigating Today’s Threat Landscape: Discussing Hype vs. Reality
Navigating Today’s Threat Landscape: Discussing Hype vs. RealityNavigating Today’s Threat Landscape: Discussing Hype vs. Reality
Navigating Today’s Threat Landscape: Discussing Hype vs. RealityEnterprise Management Associates
 
The only way to survive is to automate your SOC
The only way to survive is to automate your SOCThe only way to survive is to automate your SOC
The only way to survive is to automate your SOCRoberto Sponchioni
 
Cybersecurity During the COVID Era
Cybersecurity During the COVID EraCybersecurity During the COVID Era
Cybersecurity During the COVID EraCitrin Cooperman
 
Moving Sucks. Making Secure Cloud Migration Painless
Moving Sucks. Making Secure Cloud Migration PainlessMoving Sucks. Making Secure Cloud Migration Painless
Moving Sucks. Making Secure Cloud Migration PainlessJoAnna Cheshire
 

Similar to Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019 (20)

Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your Business
 
Find IT & Marketing’s Common Ground: Make Your Site Faster
Find IT & Marketing’s Common Ground: Make Your Site FasterFind IT & Marketing’s Common Ground: Make Your Site Faster
Find IT & Marketing’s Common Ground: Make Your Site Faster
 
IoT And Inevitable Decentralization of The Internet
IoT And Inevitable Decentralization of The InternetIoT And Inevitable Decentralization of The Internet
IoT And Inevitable Decentralization of The Internet
 
Nvis pitch deck version 4 - 2021 dec
Nvis pitch deck version 4 - 2021 decNvis pitch deck version 4 - 2021 dec
Nvis pitch deck version 4 - 2021 dec
 
Cyber - it's all now a matter of time!
Cyber - it's all now a matter of time!Cyber - it's all now a matter of time!
Cyber - it's all now a matter of time!
 
MSP Webcast - Leveraging Cloud Security to Become a Virtual CIO
MSP Webcast - Leveraging Cloud Security to Become a Virtual CIOMSP Webcast - Leveraging Cloud Security to Become a Virtual CIO
MSP Webcast - Leveraging Cloud Security to Become a Virtual CIO
 
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools Tactics
 
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19
 
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
 
Symantec Portfolio - Sales Play
Symantec Portfolio - Sales PlaySymantec Portfolio - Sales Play
Symantec Portfolio - Sales Play
 
2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security
 
2016: The Year to Align Marketing & IT Departments
2016: The Year to Align Marketing & IT Departments2016: The Year to Align Marketing & IT Departments
2016: The Year to Align Marketing & IT Departments
 
Protecting Your IP: Data Security for Software Technology
Protecting Your IP: Data Security for Software TechnologyProtecting Your IP: Data Security for Software Technology
Protecting Your IP: Data Security for Software Technology
 
TIC-TOC: VPN Is Dead; Are you Monetizing Its Replacement?
TIC-TOC: VPN Is Dead; Are you Monetizing Its Replacement?TIC-TOC: VPN Is Dead; Are you Monetizing Its Replacement?
TIC-TOC: VPN Is Dead; Are you Monetizing Its Replacement?
 
Navigating Today’s Threat Landscape: Discussing Hype vs. Reality
Navigating Today’s Threat Landscape: Discussing Hype vs. RealityNavigating Today’s Threat Landscape: Discussing Hype vs. Reality
Navigating Today’s Threat Landscape: Discussing Hype vs. Reality
 
The only way to survive is to automate your SOC
The only way to survive is to automate your SOCThe only way to survive is to automate your SOC
The only way to survive is to automate your SOC
 
sc_can0315_28373
sc_can0315_28373sc_can0315_28373
sc_can0315_28373
 
Cybersecurity During the COVID Era
Cybersecurity During the COVID EraCybersecurity During the COVID Era
Cybersecurity During the COVID Era
 
Moving Sucks. Making Secure Cloud Migration Painless
Moving Sucks. Making Secure Cloud Migration PainlessMoving Sucks. Making Secure Cloud Migration Painless
Moving Sucks. Making Secure Cloud Migration Painless
 

More from Codemotion

Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Codemotion
 
Pompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyPompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyCodemotion
 
Pastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storiaPastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storiaCodemotion
 
Pennisi - Essere Richard Altwasser
Pennisi - Essere Richard AltwasserPennisi - Essere Richard Altwasser
Pennisi - Essere Richard AltwasserCodemotion
 
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...Codemotion
 
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019Codemotion
 
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 - Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 - Codemotion
 
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...Codemotion
 
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...Codemotion
 
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...Codemotion
 
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...Codemotion
 
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019Codemotion
 
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019Codemotion
 
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019Codemotion
 
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...Codemotion
 
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...Codemotion
 
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019Codemotion
 
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019Codemotion
 
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019Codemotion
 
Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...
Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...
Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...Codemotion
 

More from Codemotion (20)

Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
 
Pompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyPompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending story
 
Pastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storiaPastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storia
 
Pennisi - Essere Richard Altwasser
Pennisi - Essere Richard AltwasserPennisi - Essere Richard Altwasser
Pennisi - Essere Richard Altwasser
 
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
 
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
 
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 - Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
 
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
 
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
 
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
 
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
 
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
 
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
 
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
 
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
 
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
 
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
 
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
 
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
 
Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...
Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...
Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Recently uploaded (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019

  • 1. SAFELY ENABLING BUSINESS www.securelink.net 2 0 . 0 0 0 a t t a c k s b y p a s s i n g o u r d e f e n s e s a n d w h y s e c u r e c o d i n g i s n ’ t t h e a n s w e r E w a r d D r i e h u i s • @ e 3 h u i s • w w w . s e c u r e l i n k . n e t
  • 2. SAFELY ENABLING BUSINESS www.securelink.net THIS STORY IS BASED ON TRUE DATA • 24 years in tech / software & security • 700+ SecureLinkers • 2100 customers in 2018 • 5 Cyber Defense Centers • Over 10 trillion signals 2019-05-192 RESEARCH
  • 3. SAFELY ENABLING BUSINESS www.securelink.net32019-05-19 Once upon a time….
  • 4. SAFELY ENABLING BUSINESS www.securelink.net42019-05-19 2006 - 2010 2013 2017 2019
  • 5. SAFELY ENABLING BUSINESS www.securelink.net19/05/2019 A LOOK AT OUR NUMBERS 5 • Signal to incident process • Layered detection: malware wins • Many “strange events”
  • 6. SAFELY ENABLING BUSINESS www.securelink.net19/05/2019 • Cybercriminals & spies using same methods: social engineering • Automated scanning: software & versions, password stuffing LET’S TALK INITIAL ATTACK VECTORS 6
  • 7. Safely Enabling Business www.securelink.de19/05/2019 BIGGER IS MORE SECURE 7 ATTACK FACTOR per 100/employees 9.1 1.5 1.3
  • 8. SAFELY ENABLING BUSINESS www.securelink.net19/05/2019 • Ransomware is hard work • Cryptojacking super easy • Cryptojacking surpassed ransomware • … For a while. It’s not as big as some say it is. THE YEAR CRYPTOJACKING TOOK OVER? 8 jan feb mrt apr mei jun jul aug sep okt nov dec CryptoJacking Ransomware
  • 9. SAFELY ENABLING BUSINESS www.securelink.net9
  • 10. SAFELY ENABLING BUSINESS www.securelink.net OPPORTUNITY FOR VETERAN CRIMINALS 2019-05-1910 Quietly enter network • Look for value • Steal or extort value Plan B • Destroy online back-ups • Ransom network • Extort enterprise ransom
  • 11. SAFELY ENABLING BUSINESS www.securelink.net THE POWER OF BIG NUMBERS 11 BIG DATA RETAIL FRAUD CREDIT CARD THEFT RANSOMWARE & MINING BESPOKE ATTACKS RANSOM / EXTORTION ESPIONAGE
  • 12. SAFELY ENABLING BUSINESS www.securelink.net THE CRIMINAL’S PERSPECTIVE 12
  • 13. SAFELY ENABLING BUSINESS www.securelink.net19/05/2019 GEOPOLITICS THE AGE OF CYBER WARFARE 13 Showing destruction Filling budget gaps Gentleman spies
  • 14. SAFELY ENABLING BUSINESS www.securelink.net2019-05-1914 TOTAL SYSTEM FAILURE
  • 15. SAFELY ENABLING BUSINESS www.securelink.net19/05/2019 We still encounter “Wannacry” Sometimes for understandable reasons WE NEED TO EVOLVE, BUT… WE DON’T. Depressing CSIRT tales Single factor + cloud = guaranteed pwnage 15
  • 16. SAFELY ENABLING BUSINESS www.securelink.net2019-05-19 • FORCED HUMAN ERROR – Social engineering • CONFIGURATION ERROR – Website / CMS hacking • BUDGET ERROR – Diginotar • 3RD PARTY ERROR – Supply chain attacks • ARCHITECTURAL ERROR – Wannacry • BUG REASONS WE GET PWNED 16
  • 17. SAFELY ENABLING BUSINESS www.securelink.net2019-05-19 • OF COURSE SECURE CODING MATTERS! • But we can’t reverse time: IF SECURE CODING ISN’T THE ANSWER… WHAT IS? • Learn & do better • APPSEC is going to be the #1 concern in the future • In the mean time, plugging holes • The system is weak & full of errors • Most attacks are “system” attacks (people, process, tech) 17
  • 18. Safely Enabling Business www.securelink.de ANNUAL SECURITY REPORT https://lp.securelink.net/asr 19/05/201918 SAFELY ENABLING BUSINESS

Editor's Notes

  1. (With this background they now see the benefits of these “numbers”) Take your time and walk through every bullet.