Continuous Cyber Attacks: Engaging Business Leaders for the New Normal
|
|
- Natalie Ramsey
- 8 years ago
- Views:
Transcription
1 Continuous Cyber Attacks: Engaging Business Leaders for the New Normal
2 Business theft and fraud have morphed into significant new threats as companies battle well-funded, highly motivated digital adversaries. Cyber defense rules have clearly changed. Executive leaders must recognize how exposed their organizations are today and take steps to establish a holistic, end-to-end security strategy capable of protecting their most valuable assets and business operations. This starts with aligning the strategic agenda and business priorities with security. Organizations face a cybercrime wave Unexpected losses. Disrupted strategies. Damaged brands. Cyber-attacks can rapidly derail an enterprise s ability to create value and frequency, reach and levels of sophistication continue to grow. Last year, the number of cyber-attacks against large companies increased 40 percent, targeting five out of six enterprises with over 2,500 employees. 1 Attackers currently occupy the high ground in the battle for company data. The barriers to entry are low; with little investment and minimal risk, it s never been easier or more lucrative for adversaries to cash in on their efforts. What s more, cyber thieves that operate across borders rarely face prosecution. Attackers continued to evolve, their targets continued to expand, and their techniques continued to change. But the central narrative stayed the same: Far too many organizations were unprepared for the inevitable breach, allowing attackers to linger far too long in compromised environments. 2 Organizations cyber defense strategies aren t keeping pace with the new technology landscape In today s 24/7 world, global connectivity enables organizations to shrink geographic distances, bridge borders and forge real-time links. But every revolution has its casualties, and one victim of the connected age is the peace of mind companies once had regarding the security of their critical assets. Where a locked door and an onsite security team were once the frontlines of protection, today s attackers can target the company s core technology infrastructure. They can take advantage of company initiatives centered on emerging technology including cloud, analytics, mobile communications and the Internet of Things (IoT), to enter and peruse the most sensitive parts of a business all undetected. Leaders unfamiliar with the specific details of how pervasive cyber defense is becoming may fail to recognize the gaps that exist in their digital security strategies. It s easy to do: Regulators and other government bodies demand compliance with specific regulations focused on meeting baseline security standards, which can drown out other voices supporting dynamic approaches to cyber risk management. Cybersecurity was once a part of the business where meeting the lowest common denominator was an acceptable management practice. Companies soon learned that passing compliance assessments doesn t equal data security. Likewise, a strategy focused on acquiring the latest security products and add-on applications can quickly drain a security budget, while not appreciably improving the organization s defensive posture. The reality is that no organization can defend itself from everything, even if the resources existed to support such an endeavor. Leaders need to embrace a new 2
3 To thrive, business leaders should follow these three approaches to bring risk down to a manageable level: Actively engage to make the business a better security customer Strengthen the partnership between the business and security Continuously exercise organizational defenses 3
4 1 Actively engage to make the business a better security customer A solid cyber defense requires that companies interlock an organization s business stakeholders, its risk management office and the security team and develop a true relationship that asks every employee to own responsibility for security. Much like lean and total quality management drive efficiencies and cost savings in the product lifecycle, securing the enterprise requires a similar pivot organizationally to prioritize this challenge. Some organizations are inadvertently and unknowingly bad security customers, especially when they fail to understand the broader responsibilities and role the enterprise has in protecting itself. The likelihood of cyber threat detection and elimination significantly drops if the business side fails to fully interlock with the security team. Some typical challenges include: Security lacks sufficient top management access. Most companies recognize that digital security is an important agenda item, but in many cases, the chief information security officer (CISO) does not have toplevel access. More than half (54 percent) of security decision makers say security and risk at their company is still mainly technology-focused, and a similar percentage report that their CISO continues to report into IT (55 percent). 3 Consequently, most CISOs focus on technology instead of concentrating on security from a business-centered, holistic perspective. The front lines remain unengaged in security issues. Another study found that 62 percent of information security professionals say employees do not care enough about security to change their behavior. 4 Articulating the importance of security and doing it in an engaging manner starts at the top. One effective method for creating user engagement is through gamification that provides employee incentives and rewards. This can be an effective tool if the organization also creates and enforces robust accountability policies, and develops easily captured reporting measures. Ambiguity regarding who owns the systems under attack. Business teams are trying to meet customer demands; they re agile and entrepreneurial and continually create new applications and data stores. When these systems are under attack, the security team needs to know who owns the compromised system and its criticality to the business in order to coordinate an effective response. Many firms do not have this asset information immediately available due to lack of collaboration between security and the business, which can impede action and reduce the effectiveness of the 4
5 2 Strengthen the partnership between the business and security Leaders should take steps to ensure the organization can preempt, detect and respond to current and future threats. Instead of relying on the security team to play clean up after a breach, organizations need to factor potential cyber threats into today s business decisions. Many cyber defense veterans feel their teams are catching frequent Hail Mary passes from the business; but as sports fans know, hope is not a strategy. Instead, leading cybersecurity players take proactive steps to align the business side s commercial needs and the security team s cyber defense requirements by forging an effective business-security-risk management partnership. Four elements of such a partnership are: Keep security on the agenda. If organizations can operate under a concept called presumption of breach, acknowledging that a hacker will get into their networks, perspective on the right security strategy becomes laser focused. Having the right security strategy and cyber defense capabilities are core elements of business resilience and brand trust. Accenture recently collaborated with the Ponemon Institute, an independent research center specializing in security trends and best practices, in a study to understand key characteristics to improving security effectiveness. The study suggests that a focus on cyber defense innovation and strategy separates leading organizations from the laggards. 5 These organizations embrace and implement new ideas, develop officially sanctioned security strategies, make information security a business priority and do a better job of making employees fully aware of the business security requirements. Recognize the complexity of the challenge. The best organizations view risk management in dynamic terms, prioritizing the protection of critical information and recognizing that future costs could rise significantly. It s important to determine where to set the bar regarding loss tolerance. Part of the challenge is recognizing the complexity of roles; the organization has revenue goals and other business targets, and the security team has its own set of objectives. While the aims may differ, each group should align fundamentally in its dedication to the company s success. Work together to identify the organization s critical data. While all risk can t be mitigated, it can become manageable by applying a level of triage. Most organizations can pinpoint their most consequential risk in a small percentage of their networks giving them a greater level of protection. By triaging and prioritizing what is truly critical, an organization can reduce the bulk of its risk and mitigate the line of the attacker. In addition, from a data management perspective, as part of a continuous cycle, organizations should industrialize processes to delete, rationalize or encrypt dated and non-critical information with regular cadence. Volume matters; to cash in on PII [personally identifiable information], cybercriminals want to steal as many customer records as possible. Hackers pick their victim organization carefully, learn its business, understand its partner relationships, and test for weaknesses and vulnerabilities. 6 Evolve the organizational culture to attract and retain top-tier security talent. Given the intense focus on digital security, the war for top talent has reached new levels, triggering bidding wars for the elite cyber defense talent. More organizations are evaluating traditional hiring guidelines to attract and retain Millennials with in-demand skills. Today s security talent want challenging roles with opportunities to continuously develop technology skills. Organizations that fail to deliver face increased attrition and recruiting cost. Think proactively about talent pools, working with universities to develop key cyber defense recruits, and looking for expertise outside of normal channels. 5
6 3 Continuously exercise organizational defenses The cyber defense story is compelling, but what can leaders do to improve the enterprise s data security? Focus on developing organizational defenses: Relentlessly test cyber defenses. One way to become more resilient is to train like a professional athlete. Athletes who train exclusively with a static punching bag won t stand a chance against a real opponent. Likewise, an enterprise focused totally on conventional defenses will quickly fall prey to today s increasingly aggressive digital attackers. Individual hackers and organized criminal groups are using state-ofthe-art techniques to infect hundreds of thousands sometimes millions of computers and cause massive financial losses, all while becoming increasingly difficult to detect. 7 Organizations leading the way in cyber defense are training with third-party sparring partners equipped with the skills and technologies (but none of the malice) that attackers bring to bear. Organizations that consistently engage in sparring sessions benefit from the feedback loop such training provides, developing a real understanding of how well the enterprise detects, defends and responds to cyber-attacks. They learn from mistakes without facing the catastrophic effects of a real attack. Hunt inside the organization s defenses. When leaders assume the enterprise is already compromised, they find better methods to constantly look for intruders across the entire enterprise. Design security architectures and business processes for emerging technologies and proactively hunt across systems to better anticipate attacks and significantly reduce detection timeframes versus waiting for a static indicator of compromise, which will likely happen too late to minimize the impact of an attack. Improve response effectiveness. As the organization spars with an elite security assessment team going through the same tactics as the attacker would use over time they develop much needed muscle memory. The more time fighters spend in the ring, the more their comfort levels increase and their performance improves. Likewise, organizations that spar repetitively and consistently work more effectively to minimize an event s impact. They read their opponent more effectively and improve their abilities to actively defend their business with speed, strength and accuracy. As companies become more adroit in response to incursions, the better they become at mitigating 6
7 Put the 100-day cyber defense plan into action Once an enterprise takes the pulse of its cyber defense strengths and weaknesses, developing an action plan is critical. That means assessing where the organization needs to invest and architecting triage procedures to handle security concerns now and in the future. By following assessments with clear-cut 100-day and 365-day plans, organizations can build the momentum needed to realize their cyber defense goals. Conclusion Fraud and theft are nothing new, but the intensity, impact and level of sophistication of current digital attacks make cybercrimes uniquely dangerous for digital businesses and governments. In this everchanging environment, business leaders need real solutions to improve resilience and that starts with aligning security to strategic imperatives. 7
8 Contributors Bill Phelps Managing Director, Global Security Services Ryan LaSalle Managing Director, Security Growth & Strategy Lead Kevin Richards Managing Director, North America Security Practice Matt Devost Co-founder and CEO of FusionX Steve Culp Senior Managing Director, Accenture Finance & Risk Services David Smith Senior Managing Director, Talent & Organization References 1. Internet Security Threat Report, Volume 20, Symantec Corp. symantec.com/security_response/publications/threatreport.jsp 2. Mandiant, M-Trends 2015, A View from the Front Lines, Forrester, Evolve to Become the CISO of 2018 or Face Extinction, August 14, Clearswift survey of 4,000 employees and 500 decision makers in the UK, Germany, the US and Australia. state-of-security/security-data-protection/cyber-security/one-thirdof-employees-would-sell-corporate-information-for-the-right-pricereveals-clearswift-survey/ 5. The Cyber Security Leap: From Laggard to Leader, Accenture and the Ponemon Institute 6. Forrester, The Cybercriminal s Prize: Your Customer Data and Intellectual Property, Sept. 2, Source: Department of Justice, ASSURING Authority for Courts to Shut down Botnets, March 11, assuring-authority-courts-shut-down-botnets About Accenture Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions underpinned by the world s largest delivery network Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With more than 358,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at DISCLAIMER: This document is intended for general informational purposes only and does not take into account the reader s specific circumstances, and may not reflect the most current developments. Accenture disclaims, to the fullest extent permitted by applicable law, any and all liability for the accuracy and completeness of the information in this document and for any acts or omissions made based on such information. Accenture does not provide legal, regulatory, audit, or tax advice. Readers are responsible for obtaining such advice from their own legal counsel or other licensed professionals. Copyright 2015 Accenture All rights reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Rights to trademarks referenced herein, other than Accenture trademarks, belong to their respective owners. We disclaim proprietary interest in the marks and names of others.
Cyber Security: Confronting the Threat
09 Cyber Security: Confronting the Threat Cyber Security: Confronting the Threat 09 In Short Cyber Threat Awareness and Preparedness Active Testing Likelihood of Attack Privacy Breaches 9% 67% Only 9%
More informationContinuous Cyber Attacks: Achieving Operational Excellence for the New Normal
Continuous Cyber Attacks: Achieving Operational Excellence for the New Normal Even the best cyber defense strategy will fail if it s not executed effectively. A security team s ground game will determine
More informationAddress C-level Cybersecurity issues to enable and secure Digital transformation
Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,
More informationThe Cyber Security Leap: From Laggard to Leader. April 2015
The Cyber Security Leap: From Laggard to Leader April 2015 How do some organizations achieve better security performance? We compared organizations that were able to leapfrog their security effectiveness
More informationCybersecurity: A View from the Boardroom
An Executive Brief from Cisco Cybersecurity: A View from the Boardroom In the modern economy, every company runs on IT. That makes security the business of every person in the organization, from the chief
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationSecurity Technology Vision 2016: Empowering Your Cyber Defenders to Enable Digital Trust Executive Summary
Security Technology Vision 2016: Empowering Your Cyber Defenders to Enable Digital Trust Executive Summary 2 Security Technology Vision 2016 Empowering Your Cyber Defenders to Enable Digital Trust Fighter
More informationwww.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14
www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the
More informationHow To Protect Your Network From Attack From A Network Security Threat
Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your
More informationAddressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model
White Paper Addressing the Full Attack Continuum: Before, During, and After an Attack It s Time for a New Security Model Today s threat landscape is nothing like that of just 10 years ago. Simple attacks
More informationManaging cyber risks with insurance
www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive
More informationRETHINKING CYBER SECURITY
RETHINKING CYBER SECURITY Introduction Advanced Persistent Threats (APTs) and advanced malware have been plaguing IT professionals for over a decade. During that time, the traditional cyber security vendor
More informationCyber threat intelligence and the lessons from law enforcement. kpmg.com/cybersecurity
Cyber threat intelligence and the lessons from law enforcement kpmg.com/cybersecurity Introduction Cyber security breaches are rarely out of the media s eye. As adversary sophistication increases, many
More informationCyber Security Protecting critical health care information
OnTrend APRIL 2016 ISSUE Cyber Security Protecting critical health care information The trend Cyber Security As health care data security breaches proliferate, putting members data at risk for fraud or
More informationCYBERSECURITY: Is Your Business Ready?
CYBERSECURITY: Is Your Business Ready? Cybersecurity: Is your business ready? Cyber risk is just like any other corporate risk and it must be managed from the top. An organization will spend time monitoring
More informationRETHINKING CYBER SECURITY
RETHINKING CYBER SECURITY CHANGING THE BUSINESS CONVERSATION INTRODUCTION Advanced Persistent Threats (APTs) and advanced malware have been plaguing IT professionals for over a decade. During that time,
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More informationCyber ROI. A practical approach to quantifying the financial benefits of cybersecurity
Cyber ROI A practical approach to quantifying the financial benefits of cybersecurity Cyber Investment Challenges In 2015, global cybersecurity spending is expected to reach an all-time high of $76.9
More informationHP Fortify Software Security Center
HP Fortify Software Security Center Proactively Eliminate Risk in Software Trust Your Software 92% of exploitable vulnerabilities are in software National Institute for Standards and Technology (NIST)
More informationSolving the Security Puzzle
Solving the Security Puzzle How Government Agencies Can Mitigate Today s Threats Abstract The federal government is in the midst of a massive IT revolution. The rapid adoption of mobile, cloud and Big
More informationHow to Evaluate DDoS Mitigation Providers:
Akamai White Paper How to Evaluate DDoS Mitigation Providers: Four Critical Criteria How to Evaluate DDoS Mitigation Providers 2 TABLE OF CONTENTS INTRODUCTION 3 CRITERIA #1: THREAT INTELLIGENCE 3 CRITERIA
More informationWRITTEN TESTIMONY OF
WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you
More informationwww.pwc.com Cybersecurity and Privacy Hot Topics 2015
www.pwc.com Cybersecurity and Privacy Hot Topics 2015 Table of Contents Cybersecurity and Privacy Incidents are on the rise Executives and Boards are focused on Emerging Risks Banking & Capital Markets
More informationPCI Compliance for Healthcare
PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?
More informationTHE CYBER SECURITY PLAYBOOK WHAT EVERY BOARD OF DIRECTORS SHOULD KNOW BEFORE, DURING, AND AFTER AN ATTACK SECURITY REIMAGINED
THE CYBER SECURITY PLAYBOOK WHAT EVERY BOARD OF DIRECTORS SHOULD KNOW BEFORE, DURING, AND AFTER AN ATTACK SECURITY REIMAGINED THE CYBER SECURITY PLAYBOOK 2 03 Introduction 04 Changing Roles, Changing Threat
More informationBeyond the Hype: Advanced Persistent Threats
Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,
More informationConnecting the dots: A proactive approach to cybersecurity oversight in the boardroom. kpmg.bm
Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom kpmg.bm Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom 1 Connecting the dots:
More informationLeveraging Network and Vulnerability metrics Using RedSeal
SOLUTION BRIEF Transforming IT Security Management Via Outcome-Oriented Metrics Leveraging Network and Vulnerability metrics Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965 Freedom
More informationTHE SECURITY EXECUTIVE S GUIDE TO A SECURE INBOX. How to create a thriving business through email trust
THE SECURITY EXECUTIVE S GUIDE TO A SECURE INBOX How to create a thriving business through email trust FORWARD Today the role of the CISO is evolving rapidly. Gone are the days of the CISO as primarily
More informationMike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program
Cyber: The Catalyst to Transform the Security Program Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA A Common Language? Hyper Connected World Rapid IT Evolution Agile Targeted Threat
More informationExperience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.
Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies
More informationAccenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges
Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287
More informationGaining the upper hand in today s cyber security battle
IBM Global Technology Services Managed Security Services Gaining the upper hand in today s cyber security battle How threat intelligence can help you stop attackers in their tracks 2 Gaining the upper
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationAccess is power. Access management may be an untapped element in a hospital s cybersecurity plan. January 2016. kpmg.com
Access is power Access management may be an untapped element in a hospital s cybersecurity plan January 2016 kpmg.com Introduction Patient data is a valuable asset. Having timely access is critical for
More informationCYBERSECURITY IN HEALTHCARE: A TIME TO ACT
share: TM CYBERSECURITY IN HEALTHCARE: A TIME TO ACT Why healthcare is especially vulnerable to cyberattacks, and how it can protect data and mitigate risk At a time of well-publicized incidents of cybersecurity
More informationCyberprivacy and Cybersecurity for Health Data
Experience the commitment Cyberprivacy and Cybersecurity for Health Data Building confidence in health systems Providing better health care quality at lower cost will be the key aim of all health economies
More informationENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency
ENISA s Study on the Evolving Threat Landscape European Network and Information Security Agency Agenda Introduction to ENISA Preliminary remarks The ENISA report Major findings Conclusions 2 ENISA The
More informationHow To Create An Insight Analysis For Cyber Security
IBM i2 Enterprise Insight Analysis for Cyber Analysis Protect your organization with cyber intelligence Highlights Quickly identify threats, threat actors and hidden connections with multidimensional analytics
More informationUnderstanding the NIST Cybersecurity Framework September 30, 2014
Understanding the NIST Cybersecurity Framework September 30, 2014 Earlier this year the National Institute of Standard and Technology released the Framework for Improving Critical Infrastructure Cybersecurity
More informationSURVEY REPORT SPON. Identifying Critical Gaps in Database Security. Published April 2016. An Osterman Research Survey Report.
SURVEY REPORT Gaps in Database An Osterman Research Survey Report sponsored by Published April 2016 SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 USA Tel:
More informationCybersecurity: Mission integration to protect your assets
Cybersecurity: Mission integration to protect your assets C Y B E R S O L U T I O N S P O L I C Y O P E R AT I O N S P E O P L E T E C H N O L O G Y M A N A G E M E N T Ready for what s next Cyber solutions
More informationA NEW APPROACH TO CYBER SECURITY
A NEW APPROACH TO CYBER SECURITY We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward. Positively
More informationWhy should I care about PDF application security?
Why should I care about PDF application security? What you need to know to minimize your risk Table of contents 1: Program crashes present an opportunity for attack 2: Look for software that fully uses
More informationwww.pwc.co.uk Cyber security Building confidence in your digital future
www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in
More informationSecurity and Privacy Trends 2014
2014 Agenda Today s cyber threats 3 You could be under cyber attack now! Improve 6 Awareness of cyber threats propels improvements Expand 11 Leading practices to combat cyber threats Innovate 20 To survive,
More informationMiddle Class Economics: Cybersecurity Updated August 7, 2015
Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest
More informationNine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity
Nine recommendations for alternative funds battling cyber crime kpmg.ca/cybersecurity Cyber criminals steal user names and passwords and use it to conduct financial trading activity illicitly. Hackers
More informationData Security: Fight Insider Threats & Protect Your Sensitive Data
Data Security: Fight Insider Threats & Protect Your Sensitive Data Marco Ercolani Agenda Data is challenging to secure A look at security incidents Cost of a Data Breach Data Governance and Security Understand
More informationSMB Data Breach Risk Management Best Practices. By Mark Pribish February 19, 2015
SMB Data Breach Risk Management Best Practices By Mark Pribish February 19, 2015 Presentation Agenda About Mark Pribish Information Governance The Threat Landscape Data Breach Trends Legislative and Regulatory
More informationCyber security: Are consumer companies up to the challenge?
Cyber security: Are consumer companies up to the challenge? 1 Cyber security: Are consumer companies up to the challenge? A survey of webcast participants kpmg.com 1 Cyber security: Are consumer companies
More informationCYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES
POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response
More informationEMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES
EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES Aligning information with business and operational objectives ESSENTIALS Leverage EMC Consulting as your trusted advisor to move your and compliance
More informationMicrosoft s cybersecurity commitment
Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade
More informationAccenture Technology Consulting. Clearing the Path for Business Growth
Accenture Technology Consulting Clearing the Path for Business Growth Mega technology waves are impacting and shaping organizations in a profound way When a company s executive management team considers
More informationOVERVIEW. With just 10,000 customers in your database, the cost of a data breach averages more than $2 million.
Security PLAYBOOK OVERVIEW Today, security threats to retail organizations leave little margin for error. Retailers face increasingly complex security challenges persistent threats that can undermine the
More informationThe Path Ahead for Security Leaders
The Path Ahead for Security Leaders Executive Summary What You Will Learn If you asked security leaders five years ago what their primary focus was, you would likely get a resounding: securing our operations.
More informationVMware and the Need for Cyber Supply Chain Security Assurance
White Paper VMware and the Need for Cyber Supply Chain Security Assurance By Jon Oltsik, Senior Principal Analyst September 2015 This ESG White Paper was commissioned by VMware and is distributed under
More informationCyber Security Threats: What s Next and How Do We Reduce the Risks?
Cyber Security Threats: What s Next and How Do We Reduce the Risks? Agenda Cyber Security: A necessity! What threats exist today? What does the future hold? How do we reduce the risks? Key for Risk Reduction
More informationBe the Disruptor, not the Disrupted: Accenture 2015 Compliance Risk Study
Be the Disruptor, not the Disrupted: Accenture 2015 Compliance Risk Study 2015 Compliance Risk Study New research from Accenture confirms compliance officers will have a central role to play in the future
More informationBusiness resilience in the face of cyber risk. By Roger Ostvold and Brian Walker
Business resilience in the face of cyber risk By Roger Ostvold and Brian Walker When it comes to experiencing failure of at least part of an enterprise s digital environment, it is a matter of when rather
More informationFinancial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age
Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age Southern California Association for Financial Professionals February 14, 2014 Stan Stahl, Ph.D.
More informationLeveraging a Maturity Model to Achieve Proactive Compliance
Leveraging a Maturity Model to Achieve Proactive Compliance White Paper: Proactive Compliance Leveraging a Maturity Model to Achieve Proactive Compliance Contents Introduction............................................................................................
More informationTHE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS
THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Collaboration and communication between technical
More informationThe Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief The Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: ESG data indicates that many enterprise organizations
More informationSecurity for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape
White Paper Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape Financial services organizations have a unique relationship with technology: electronic data and transactions
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationMobile Security Without Barriers
SAP Mobile Secure Mobile Security Without Barriers Securing your enterprise for all the new and expanding mobile use cases is similar to protecting your home. Merely locking your doors won t suffice. You
More informationA BUSINESS CASE FOR BEHAVIORAL ANALYTICS. White Paper
A BUSINESS CASE FOR BEHAVIORAL ANALYTICS White Paper Introduction What is Behavioral 1 In a world in which web applications and websites are becoming ever more diverse and complicated, running them effectively
More informationwww.pwc.com Surviving Contact with Reality Crisis exercises as a key element of cyber incident and crisis management response.
www.pwc.com Surviving Contact with Reality Crisis exercises as a key element of cyber incident and crisis management response. What Happened to the Dinosaurs Avoiding the Extinction- Level Event Corporations
More informationCYBERCRIME AND THE HEALTHCARE INDUSTRY
CYBERCRIME AND THE HEALTHCARE INDUSTRY Access to data and information is fast becoming a target of scrutiny and risk. Healthcare professionals are in a tight spot. As administrative technologies like electronic
More informationWeb application security Executive brief Managing a growing threat: an executive s guide to Web application security.
Web application security Executive brief Managing a growing threat: an executive s guide to Web application security. Danny Allan, strategic research analyst, IBM Software Group Contents 2 Introduction
More informationState of Minnesota. Enterprise Security Strategic Plan. Fiscal Years 2009 2013
State of Minnesota Enterprise Security Strategic Plan Fiscal Years 2009 2013 Jointly Prepared By: Office of Enterprise Technology - Enterprise Security Office Members of the Information Security Council
More informationTestimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy
Testimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy House Committee on Homeland Security Subcommittee on Cybersecurity, Infrastructure
More informationEnabling and Protecting the Open Enterprise
Enabling and Protecting the Open Enterprise The Changing Role of Security A decade or so ago, security wasn t nearly as challenging as it is today. Users, data and applications were all centralized in
More informationPerspectives on Cybersecurity in Healthcare June 2015
SPONSORED BY Perspectives on Cybersecurity in Healthcare June 2015 Workgroup for Electronic Data Interchange 1984 Isaac Newton Square, Suite 304, Reston, VA. 20190 T: 202-618-8792/F: 202-684-7794 Copyright
More informationCan Your Organization Brave The New World of Advanced Cyber Attacks?
Can Your Organization Brave The New World of Advanced Cyber Attacks? www.websense.com/apx Overview: When it comes to defending against cyber attacks, the global business community faces a dangerous new
More informationUtilizing Security Ratings for Enterprise IT Risk Mitigation Date: June 2014 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Utilizing Security Ratings for Enterprise IT Risk Mitigation Date: June 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: What do large enterprises need in order to address increasingly
More informationCYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS
CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations
More informationU.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems
U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)
More informationCFO reality check: Good intentions in cost management are not good enough. By David A.J. Axson and Aneel Delawalla
CFO reality check: Good intentions in cost management are not good enough By David A.J. Axson and Aneel Delawalla Nearly one-quarter of CFOs think that their companies as they exist today will die, according
More informationInformation Technology Risk Management
Find What Matters Information Technology Risk Management Control What Counts The Cyber-Security Discussion Series for Federal Government security experts... by Carson Associates your bridge to better IT
More informationCybersecurity Strategic Consulting
Home Overview Challenges Global Resource Growth Impacting Industries Why Capgemini Capgemini & Sogeti Cybersecurity Strategic Consulting Enabling business ambitions, resilience and cost efficiency with
More informationPrivilege Gone Wild: The State of Privileged Account Management in 2015
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
More informationCybersecurity report 2015. As technology evolves, new risks drive innovation in cybersecurity
Cybersecurity report 2015 As technology evolves, new risks drive innovation in cybersecurity 2 As the digital industry scrambles to keep up with the pace of innovation, we re seeing dramatic new opportunities
More informationBuilding a Roadmap to Robust Identity and Access Management
Building a Roadmap to Robust Identity and Access Management Elevating IAM from Responsive to Proactive From cases involving private retailers to government agencies, instances of organizations failing
More informationCyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?
Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies
More informationCYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS
CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS 1 As regulators around the world move to tighten compliance requirements for financial institutions, improvement in cyber security controls will become
More informationAchieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations
Achieving Control: The Four Critical Success Factors of Change Management Technology Concepts & Business Considerations T e c h n i c a l W H I T E P A P E R Table of Contents Executive Summary...........................................................
More informationNavigating the NIST Cybersecurity Framework
Navigating the NIST Cybersecurity Framework Explore the NIST Cybersecurity Framework and tools and processes needed for successful implementation. Abstract For federal agencies, addressing cybersecurity
More informationOECD PROJECT ON CYBER RISK INSURANCE
OECD PROJECT ON CYBER RISK INSURANCE Introduction 1. Cyber risks pose a real threat to society and the economy, the recognition of which has been given increasingly wide media coverage in recent years.
More informationRisk and responsibility in a hyperconnected world: Implications for enterprises
JANUARY 2014 Risk and responsibility in a hyperconnected world: Implications for enterprises David Chinn, James Kaplan, and Allen Weinberg For the world s economy to get full value from technological innovation,
More informationThe Cyber Security Leap: From Laggard to Leader
The Cyber Security Leap: From Laggard to Leader Contents Introduction......... 3 Ready to leapfrog?......... 4 Key study findings......... 4 THEME 1: Innovation and strategy: separating the leapfrogs from
More informationAre You A Sitting Duck?
The 7 Most Cricitcal I.T. Security Protections Every Business Must Have in Place Now to Protect Themselves from Cybercrime, Data Breaches, and Hacker Attacks Cybercrime is at an all-time high, and hackers
More informationThe Impact of Cybercrime on Business
The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted
More informationCONSULTING IMAGE PLACEHOLDER
CONSULTING IMAGE PLACEHOLDER KUDELSKI SECURITY CONSULTING SERVICES CYBERCRIME MACHINE LEARNING ECOSYSTEM & INTRUSION DETECTION: CYBERCRIME OR REALITY? ECOSYSTEM COSTS BENEFITS BIG BOSS Criminal Organization
More informationDefending against modern cyber threats
Defending against modern cyber threats Protecting Critical Assets October 2011 Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Agenda 1. The seriousness of today s situation
More informationA NEW APPROACH TO CYBERSECURITY LEVERAGING TRADITIONAL RISK MANAGEMENT METHODS
Financial Services POINT OF VIEW A NEW APPROACH TO CYBERSECURITY LEVERAGING TRADITIONAL RISK MANAGEMENT METHODS AUTHORS David X Martin Senior Advisor Raj Bector Partner 1. INTRODUCTION Businesses must
More information