Cybersecurity Overview


How to use the slides - Full screen (new tab)
Slides Content
--- title: Cybersecurity Overview description: "Key drivers around Cyber Security, Introduction to the other modules Security Awareness (40/50mn) User Centric Security in Web3 (40/50mn) Infrastructure Security (40/50mn) Application Security (1h)" duration: 30 minutes ---

Cybersecurity Overview


Outline

  1. Threat landscape
  2. Risk management
  3. Development
  4. Conclusion
  5. Q&A

Notes:

  • Threat landscape
    • Key threat actors
    • Largest crypto heists
    • Crypto incidents
  • Risk management
    • Inherent & Residual
    • Key steps of an attack
    • Importance of culture
  • Development
    • Development and key focus
    • CI/CD
  • Conclusion
  • Q&A

Cyber Threat - 6 Main Actors

Notes:

Different actors with different drivers but commonalities on modus operandi.


Largest Crypto Losses

Some were Ponzi schemes, most were breaches/exploits

Notes:

On the crypto ecosystem there have been number of cyber events! https://medium.com/ngrave/the-history-of-crypto-hacks-top-10-biggest-heists-that-shocked-the-crypto-industry-828a12495e76


More Recent Crypto Incidents

Strong cyber control foundation decrease exposure to incidents.

Notes:


InfoSec & Cyber Risk - Taxonomy

Notes:

When a threat is leveraging a vulnerability, the consequence is a risk. Usually Threats cannot be influenced, when vulnerabilities can be. Both Threats and Vulnerabilities are evolving over time based on multiple factors, so the importance of deploying controls to identify, prevent, detect and respond & recover against them (NIST)


Taxonomy - Threats Examples

  • Cyber Criminal : In the last 12 months, cyber criminal activity +200%
  • Insider / Disgruntled employee : lot of evolution on resources
  • Hacktivist : Crypto projects and web3 have some detractors
  • Terrorist : they are increasingly using cyber as a weapon
  • Nation state : Geopolitical evolution with China, North Korean, Russia/Ukraine
  • "Government" : There is lot of regulatory scrutiny on crypto area
  • Media : Web3 & cryptocurrency evolutions are regularly in the media
  • Competitors : Polkadot approach is a game changer

What Is Cyber Risk Management?


What Is Cyber Risk Management?


Inherent And Residual Risk

Having visibility of inherent risk facilitates a common view on area of focus and priorities.

Notes:

  • It is foundational to identify inherent risk. Including in partnership with asset owner. Especially from an impact perspective

  • Controls are key to :

    • Reduce likelihood of initial compromise
    • Limit the impact of compromise once a foothold has been established

And to enhance ability to detect compromise asap

Starting from the inherent risk is foundational as the threat landscape will evolve including the effectiveness of the control


Attack Kill Chain

Notes:

Usually an attacker is not attacking directly the target but :

  1. Collect information leveraging the digital footprint available (linkedin profile, dns records, website, repositories, 3rd parties, anything publicly available)
  2. Use information available and vulnerabilities to create a β€œweapon” to prepare an attack
  3. Deliver the β€œweapon” via available channels : email (prof./person.), usb, WhatsApp/Signal/Telegram, webpage (legit or squatting), code update, etc
  4. Use the β€œweapon” delivered on the victim’s system to execute code
  5. Get a foothold on the target
  6. Move laterally smoothly to reach the target objective including staying hidden for a period of time
  7. Execute final objective : ransom, denial or service, data exfiltration, corruption, fund stealing

Importance Of Culture


InfoSec & Cyber Risk - Embedded

Security embedded and partnering at each steps with key success factors:

  • Upfront threat modeling
  • Peers code review
  • Code scanning
  • Independent security code review
  • Penetration testing (pentest)
  • Secret management
  • Supply chain management
  • Monitoring
  • Playbooks

InfoSec & Cyber Risk - CI/CD

Notes:

This is a continuous process, at each step.


Conclusion


Questions


Next Practical Sessions

  • Security Awareness (40/50mn) : Context and adversaries, Attack Surface and Social Engineering
  • User Centric Security in Web3 (40/50mn) : Wallet landscape, Key management and User device protection
  • Infrastructure Security (40/50mn) : Concentration, deplatforming, supply chain risks, Key management on the nodes and Passwords management for Infrastructure
  • Application Security (60mn) : Securing SDLC, Components of AppSec and Known Attack Surfaces & Vectors

Appendix - Streetlight Effect