1: Cybersecurity Context & Background

CYBERSECURITY
CONTEXT &
BACKGROUND

Cybersecurity | 2019 | 4
 1: Cybersecurity Context & Background

Cybercrime alone costs nations more than

$1 trillion globally, far more than the record
$300 billion of damage due to natural disasters
in 2017. We ranked cyberattacks as the biggest
threat facing the business world today — ahead
of terrorism, asset bubbles, and other risks.” 2
Paul Mee & Til Schuermann
Harvard Business Review

Cybersecurity | 2019 | 5

Cybersecurity in a Technology Dependent Society
In today’s always-on, always-connected economy,
businesses are under pressure to enhance their
cybersecurity strategy and prove to their customers
that data protection is critical to their customer
engagement strategy.
As the world economy continues to digitise operations, supply
chains, business transactions, and employee and customer
services, cyberattacks are expected to continue to pose as
one of the major threats to the world.
With ‘Cyberattacks’ and ‘Data Fraud and Theft’ taking
3rd and 4th place on the World Economic Forum 2018 list
of Global Risks, the spotlight is on organisations to ensure
critical information remains secure and private 3.
The number of attacks is growing exponentially with hacking
and malware accounting for 48% and 30% of attack tactics 4.
The likelihood that all malware will be discovered before harm
is done is low, and the discovery time for an attack is on
average 197 days 5.
1: Cybersecurity Context & Background
This time gap provides opportunity to map the network, escalate
privileges and plan a devastating attack, ranging from extortion
(ransomware) to outright destruction of business-critical
systems. These types of cyberattacks can disrupt a business,
leading to costly remediation, revenue loss, negative publicity,
and lasting customer distrust.
The average cost of a data breach is $3.86 million, an increase
of 6.4% compared to 2017 5. The likelihood of a breach recurring
over the next two years is 27.9%.
Even with the most sophisticated security solutions, cyber
criminals are constantly learning from previous attacks and
exploiting vulnerabilities. With continued advancements in
machine learning capabilities, the threat of an attack should
not be ignored.
The following sections outline some of the motives behind
cyberattacks, the types of cyberattacks and how they intrude
on your business, and some of the common points of entry.
Cybersecurity | 2019 | 6

Cyberattacks Motives
Financial
76% of breaches are
financially motivated 6.
In particular, there has been a
huge increase in ransomware,
with attackers entering an
organisation’s systems to take
control, sending alerts to users
to notify them that their data
has been ceased until receipt
of ransom fee.
State
Sponsored
Governments have quickly
realised that cyberattacks
are quicker, cheaper and
easier than traditional
warfare methods.
With potentially detrimental
impacts to society, and even
harder to detect methods of
manipulation, government entities
are exploring the creative ways to
infect a rival state’s society.
Intelligence
Gathering
Cybercriminals leverage the
practice of scanning, monitoring,
collecting, and exfiltrating
sensitive information in order
to extort, blackmail or gain
advantage over a rival business.
Hacktivism
The use of computers and
computer networks to promote
political or social change.
Hacktivist groups such as
WikiLeaks & Anonymous have
shed light on some of the social
injustices that exist in the world
and demand those responsible,
be held accountable for their
actions. Hacktivism accounted
for 4.7% of cyberattacks in 2017 7.
1: Cybersecurity Context & Background
Terrorism
Politically motivated extremist
groups and non-state actors
using computers to cause harm
or fear pose a major threat to
critical infrastructure,
Financial services, military,
energy, utilities, transportation
and government offices are
highly attractive targets.
Cybersecurity | 2019 | 7

Types of Cyberattack
On average, advanced
cyberattacks go
197 days undetected 5.
Being aware of how
cyberattackers infect systems
Malware
can help your business detect Malware refers to the practice of
abnormal activity and potentially deploying malicious software, including
ransomware, spyware, viruses and
help detect an attack early on. worms to infect and breach a network.
This can result in blocked access to
Here are some of the common files and systems, criminals covertly
types of cyberattack: obtaining sensitive information, and
disruption to service, amongst others.
Distributed Denial of Service
This type of attack uses multiple compromised
systems to attack servers, networks, and
systems to flood and exhaust resources
forcing the network to fail and deny service
to legitimate users.
Data Integrity
Malicious data manipulation can be detrimental
to a business. This is a highly sophisticated, and
easily undetectable cyberattack that causes users to
doubt the accuracy of their information. Manipulating
public opinion through smear campaigns or changing
information in a medical system are two examples of
how this type of attack poses a huge threat to society.
and even corporate spies to gather intelligence
on rivals, cyber collection is similar to snooping
Snooping
Similar to the act of eavesdropping, snooping is the
practice of unauthorised access to systems and data.
This can include monitoring of keystrokes, passwords,
login information, communications, webcams etc.
1: Cybersecurity Context & Background
SQL Injection
Deploying malicious code into an SQL-based
server can force the server into revealing
information it wouldn’t normally reveal.
This type of attack can allow attackers
to tamper with services enabling them to
pose as other individuals, void transactions,
change data, destroy data and approve
administrative access to users.
Cyber-Collection
Used by nation states to conduct espionage
but is with the intention to scan, collect and
exfiltrate sensitive information. An example
of this is the famous Stuxnet computer
worm first uncovered in 2010.
Cybersecurity | 2019 | 8
 1: Cybersecurity Context & Background

Points of Entry Unused Systems

Being aware of vulnerable

points of entry will help
protect the business.
Web Browser
Here are some common points Browsers are constantly connecting users
to the outside world. These browsers rely
of entry for cybercriminals: on plugins (Flash, JavaScript etc.), but like
other software, these plug-ins come with
security flaws that cybercriminals love to
take advantage of. 64% of companies have
experienced web-based attacks. (8) Perhaps
more worryingly, 77% of compromised
attacks in 2017 were file-less. (9)
Social Media
Platforms
Third party applications, instant
messaging services and comments
sections are all quick ways for
cybercriminals to deploy malicious
software to vulnerable users.
Outdated
Infrastructure
It is crucial to update and patch
infrastructure. As technology
continues to rapidly accelerate and
develop, cybercriminals will look to
exploit legacy infrastructure. In 2018
outdated security controls was the
2nd greatest vulnerability. (11)
Unused Systems
Cybercriminals target unused
systems and resources because
they typically aren’t monitored
and it's easier to go undetected
for longer.
Zero-Day Exploit

Social Engineering

Insider
Zero-Day Exploit
28% of cyberattacks
When network vulnerabilities
come from an insider with
are announced, cybercriminals
legitimate access (4). These
will actively seek opportunities
attacks are particularly hard
to guard against.
Phishing Emails Social Engineering to exploit this before a patch is
issued and implemented.
Arguably the most commonly used point
Exploiting the human element of
of entry, phishing exploits the naivety of
IT, cybercriminals seek to deceive,
users by sending emails that appear to
manipulate, or intimidate people to
be from a reputable source but contain
hand over information and gain
malicious software. These emails require
access to information systems.
users to engage with a link or a login portal
In 2017, 43% of cyberattacks
etc. for the software to be deployed.
involved social engineering. (10)

Cybersecurity | 2019 | 9
 1: Cybersecurity Context & Background

Dell Technologies Security Transformation

Dell Technologies unites seven technology

leaders in one company with the power
to drive digital and security transformation.
Dell Technologies provides a wide range of cybersecurity solutions
underpinned by a robust cybersecurity delivery methodology.

Dell Technologies' cybersecurity framework is focused on ensuring

our clients manage cyber risk to grow and protect business value.

Cybersecurity | 2019 | 10
 1: Cybersecurity Context & Background

Dell Technologies Cybersecurity Capabilities

Dell Technologies deliver
the following capabilities
to our clients:

Deep expertise across the technology A world class threat intelligence network
stack from the datacentre right through that leverages machine learning and deep
to end-user devices learning technologies

International cyber skills and leading capability Commitment to a wider ecosystem

in cyber, digital trust and IT transformation of partners that leverages leading edge
cyber innovation

A focus on continued R&D in cyber, digital Shared commitment to sustainability

security and trust delivering technology solutions that are
sustainable and low carbon

Cybersecurity | 2019 | 11
 1: Cybersecurity Context & Background

Dell Technologies Cybersecurity Delivers Key Business Outcomes

Dell Technologies Business Outcomes and

Cybersecurity Capabilities: Deliverables Include:

Deep expertise DEFINED STRATEGY

AND ROADMAP
Dell Technologies
Cybersecurity Methodology
International cyber skills
ADVANCED PROTECTION

A focus on continued R&D

RISK AND COMPLIANCE
LEADERSHIP & CULTURE
A world class threat
Define Implement Respond and
intelligence network Cyber Strategy Cyber Strategy Recover from
an attack
OPERATIONAL RESILIENCE
Commitment to a wider ecosystem

Leverage World Class Threat Intelligence Network

REAL TIME VISIBILITY
Shared commitment to sustainability OF EMERGING THREATS

Our proven methodology is supported by a portfolio of leading

cybersecurity solutions that protect and secure your IT environment.
Cybersecurity | 2019 | 12
 1: Cybersecurity Context & Background

Dell Technologies Security Transformation Portfolio

Our methodology is enabled by our robust portfolio of cybersecurity solutions.

Assess Environment Implement Strategy Respond & Recover

& Define Strategy & Secure Environment
We assess our clients cybersecurity landscape and we We implement cybersecurity products and services in line We ensure our clients always have measures
work with them to define cyber strategies and actionable with business objectives to drive growth, protect value in place in the event of an attack.
roadmaps in line with strategic objectives. and stay on top of cyber threats.

Solutions include: Solutions include: Solutions include:

• Maturity Assessment • Infrastructure Security • Threat Detection & Response
• Adversarial Testing • Application Security • Incident Response
• Cloud Security Consulting • End-User Devices Security • Cyber Recovery Solution
• Governance, Risk, Compliance & Controls Operations

Leverage Advanced Threat Intelligence

We provide real time threat data to equip security teams to proactively detect
and manage cyber threats and respond more effectively to cyber incidents.

Cybersecurity | 2019 | 13
 1: Cybersecurity Context & Background

Dell Technologies Cybersecurity Solutions Deliver Business Outcomes

In this document, we outline some of our leading cyber solutions. This diagram illustrates which solutions deliver the
relevant business outcomes.

DEFINED STRATEGY ADVANCED RISK AND COMPLIANCE OPERATIONAL REAL TIME VISIBILITY
AND ROADMAP PROTECTION LEADERSHIP & CULTURE RESILIENCE OF EMERGING THREATS

Maturity Assessment,
Cyber Strategy and
Roadmap
Governance, Risk, Advanced Threat
Infrastructure Security Fraud Prevention
and Compliance Intelligence

Adversarial Assessment Applications Security Cybersecurity Operations Incident Response

Cloud Security End-User Device Security Cyber Recovery

Cybersecurity | 2019 | 14
 1: Cybersecurity Context & Background

Delivery Models
Dell Technologies cybersecurity solutions are categorised under the following delivery models:

ASSESSMENT MANAGED SERVICE PRODUCT

SOLUTIONS
These include solutions that determine
the risk maturity, exposure and future
cyber strategy and roadmap.
SOLUTIONS
These include solutions that are provided
by Dell Technologies' Managed Service
capability on behalf of our clients.
SOLUTIONS
These include solutions that can
be deployed and embedded within
a client environment to protect,
secure and build resilience.

Working in Partnership with Consulting Firms

We work with leading Advisory, Consulting and Partner firms to support clients to deliver successful security
transformation, risk management and cyber strategy programmes.

Cybersecurity | 2019 | 15
 67

Contact Details
www.DellTechnologies.com

@DellTech

Dayne Turbitt Margarete McGrath Chris Miller Simon Godfrey

Senior Vice President UKI Chief Digital Officer UKI RSA Regional Director, UKI Secureworks Regional Director, UKI

[email protected] [email protected] [email protected] [email protected]

bit.ly/2xGgo0p bit.ly/2NGJdUq bit.ly/2V9Tl82 bit.ly/2V5J3pD

Cybersecurity | 2019 | 67