Nick Ellsmore
[Trustwave]
Nick Ellsmore has started, built, merged, acquired and sold multiple cyber-security businesses.
Now Director, CPS (Pacific) at Trustwave, an Optus company following the sale of Hivint to Trustwave in 2018, Nick previously co-founded SIFT (acquired Safecoms, merged with Stratsec), sold to BAE Systems in 2010. Named the inaugural “AISA Information Security Professional of the Year” in 2012, Nick has served on boards and forums including the Internet Industry Association, the NATA AAC for Software Testing, UNSW Advisory Boards, and the APEC TEL Security & Prosperity Steering Group.
Nick is an advisor to fast-growth cyber security startups including Bugcrowd, is a published author on the topic of cyber security in the context of Intelligence and the Function of Government, and a keynote speaker on various things cyber and startups.
The Case for “Back Burning” Your Data Environment
Technical Level (3 being the highest score): 1
One of the key techniques used in fire management is back burning: starting small fires in an intentional way, to reduce the amount of fuel that's available to an uncontrolled fire.
Cyber security has similar dynamics.
With big data driving a trend towards 'if in doubt, store the data', despite billions of records being breached, it is time that we look at the concept of back burning our data environments.
A significant number of publicly reported incidents - and a significant number of unreported incidents we have investigated for our clients - have involved old databases, with the 2018 Reddit breach being a recent example.
The key to the back burning concept is the intent, and the philosophy that data is "fuel" to a data breach, and the risk of a data breach can be reduced simply through minimising the amount of data held. Supporting this belief is a model originally developed for the economic analysis of breach likelihood, which has a core premise that if an organisation has so much data, that the value it is able to extract from that data is lower than the value of that data to a hacker, a breach is almost inevitable.
This presentation will provide specific examples of recent breaches and value-perrecord / revenue-per-record data, to highlight this dynamic and provide direct evidence of the fact that reducing the number of records held (and hence increasing the revenue-per-record) will directly change the economic calculations for protecting an organisation's data.
This presentation blends theory with practice, providing highly practical recommendations about how to go about a "data back burn" on a periodic basis, and how to assess the additional risk that additional data held by the organisation exposes it to.
Now Director, CPS (Pacific) at Trustwave, an Optus company following the sale of Hivint to Trustwave in 2018, Nick previously co-founded SIFT (acquired Safecoms, merged with Stratsec), sold to BAE Systems in 2010. Named the inaugural “AISA Information Security Professional of the Year” in 2012, Nick has served on boards and forums including the Internet Industry Association, the NATA AAC for Software Testing, UNSW Advisory Boards, and the APEC TEL Security & Prosperity Steering Group.
Nick is an advisor to fast-growth cyber security startups including Bugcrowd, is a published author on the topic of cyber security in the context of Intelligence and the Function of Government, and a keynote speaker on various things cyber and startups.
The Case for “Back Burning” Your Data Environment
Technical Level (3 being the highest score): 1
One of the key techniques used in fire management is back burning: starting small fires in an intentional way, to reduce the amount of fuel that's available to an uncontrolled fire.
Cyber security has similar dynamics.
With big data driving a trend towards 'if in doubt, store the data', despite billions of records being breached, it is time that we look at the concept of back burning our data environments.
A significant number of publicly reported incidents - and a significant number of unreported incidents we have investigated for our clients - have involved old databases, with the 2018 Reddit breach being a recent example.
The key to the back burning concept is the intent, and the philosophy that data is "fuel" to a data breach, and the risk of a data breach can be reduced simply through minimising the amount of data held. Supporting this belief is a model originally developed for the economic analysis of breach likelihood, which has a core premise that if an organisation has so much data, that the value it is able to extract from that data is lower than the value of that data to a hacker, a breach is almost inevitable.
This presentation will provide specific examples of recent breaches and value-perrecord / revenue-per-record data, to highlight this dynamic and provide direct evidence of the fact that reducing the number of records held (and hence increasing the revenue-per-record) will directly change the economic calculations for protecting an organisation's data.
This presentation blends theory with practice, providing highly practical recommendations about how to go about a "data back burn" on a periodic basis, and how to assess the additional risk that additional data held by the organisation exposes it to.
