State of Security Survey GLOBAL FINDINGS

Size: px
Start display at page:

Download "State of Security Survey GLOBAL FINDINGS"

Transcription

1 2011 State of Security Survey GLOBAL FINDINGS

2

3 CONTENTS Introduction... 4 Methodology... 6 Finding 1: Cybersecurity is important to business... 8 Finding 2: The drivers of security are changing Finding 3: Details about cyberattacks for business Finding 4: What are businesses doing about security? Key Recommendations State of Security Survey 3

4 Introduction In its 2011 State of Security Survey, Symantec sought to update its global perspective on key security threats, trends and responses across a range of businesses worldwide, including SMBs and larger enterprises 3,300 in all. Of course, the insights from this survey provide a strategic market outlook for Symantec. At the same time, however, sharing its results with the industry in general and IT professionals in particular will help provide benchmarks for assessing the state of their own cybersecurity readiness. Overall, survey participants consider safeguarding their networks and data to be critically important to their business. Many see a growing menace in cyberattacks, with substantial hard and soft costs resulting from them. As the IT landscape continues its migration from desktop to mobile computing, along with increasing numbers of mobile and remote employees, the industry drivers of cybersecurity are reflecting these changes. Organizations are getting better at fighting the war against cybersecurity threats. While the majority of respondents suffered damages as a result of cyberattacks, more respondents reported a decline in the number and frequency of attacks compared to However, the survey revealed that many companies nearly half of the respondents could still do more to secure their networks and information assets. In response, companies are increasing their cybersecurity staffing and budgets. This report provides greater detail on Symantec s 2011 State of Security Survey, including our four key findings. Recommendations for improving cybersecurity follow, as does a compilation of the survey s most pertinent data behind our findings. For more information about any of the contents of this report, please contact your Symantec representative or visit 4 State of Security Survey

5 State of Security Survey 5

6 Methodology Symantec commissioned Applied Research to conduct the 2011 State of Security Survey in April and May of Researchers contacted a total of 3,300 businesses, ranging from five to more than 5,000 employees. The businesses represented a variety of industries. In the case of small businesses, the respondents were responsible for computing resources at the company, while enterprise respondents were tactical IT, strategic IT or C-level executives. The poll has a reliability of 95% confidence with +/- 1.8% margin of error. 6 State of Security Survey

7 How many employees does your organization have worldwide? 5 to 49 6% 50 to 99 6% 100 to % 250 to % 500 to % 1,000 to 2,499 (small enterprise) 12% 2,500 to 4,999 (medium enterprise) 12% 5,000 or more (large enterprise) 12% 0% 5% 10% 15% 20% 25% 30% State of Security Survey 7

8 Finding 1 Cybersecurity is important to business Businesses today are concerned about a variety of threats, including criminal activity, brand-related events, natural disasters and state-level attacks such as terrorism. According to our survey results, however, their most serious fears relate to cybersecurity. Specifically, their top worry is cyberattacks followed by IT incidents caused by well-meaning insiders and internally generated IT-related threats. Not only have cyberthreats risen to the top of organizations watch lists, but also the importance of these threats has increased for many respondents. In fact, 41 percent think cybersecurity is more important today than it was just a year ago. This compares to just 15 percent who say cybersecurity s importance is somewhat or significantly decreasing. Clearly, businesses increasingly believe that keeping their networks and information secure is of vital importance to their operations. Threats 8 State of Security Survey

9 Please rank the following business risks in order of significance to your organization. (1 being most significant, 7 being least significant, Average ranks) 0 Cyberattacks IT incidents caused by well-meaning insiders Internally generated Traditional criminal IT-related threats activity Brand-related events Natural disasters Terrorism How has the importance of securing your organization s platforms and information changed from 12 months ago? Significantly more important 13% Somewhat more important 28% About the same 45% Somewhat less important 11% Significantly less important 4% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% The security of IT is threatened by trends including: Mobile computing Social media Consumerization of IT The most critical threats are: Well-meaning insiders Hackers Targeted attacks State of Security Survey 9

10 Finding 2 The drivers of security are changing If concerns over corporate cybersecurity are increasing, why? With the market saturated by mobile devices, it s no surprise that 47 percent of survey respondents consider mobile computing to be the top challenge to providing cybersecurity. Mobile computing may be revolutionizing the productivity landscape, but IT finds it a major difficulty in securing corporate networks and data. In addition to mobile computing, 46 percent of respondents indicate that the second most pressing concern is the surge in social media. While these communication channels present unique marketing and collaborative opportunities, the potential for clicking on malicious links or posting sensitive information worries IT. Next on the list of drivers is the consumerization of IT, a concern for 45 percent of respondents. As end users adopt new technologies such as tablet computers that cross over from consumer to business markets, IT must address the additional challenges of securing those endpoints as well as the corporate network connectivity for those devices. The top sources of security threats? Forty-nine percent of respondents point to hackers. Next on the list are well-meaning insiders, say 46 percent. Third, say 45 percent of those surveyed, are targeted attacks. Attacks 10 State of Security Survey

11 Somewhat/Extremely Significant Industry Trends Affecting Difficulty of Security Public Infrastructure/Platform-as-a-Service 39% Public Software-as-a-Service 40% Private cloud computing 40% Compliance 41% Changes in the threat landscape 43% Application growth 44% Virtualization 44% Consumerization of IT 45% Social media 46% Mobile computing 47% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% Somewhat/Extremely Significant Security Threats State-sponsored attacks 35% Criminals 41% Hacktivism 41% Industrial espionage 41% Malicious insiders 44% Targeted attacks 45% Well-meaning insiders 46% Hackers 49% 0% 10% 20% 30% 40% 50% 60% 71% 71% of respondents saw an attack in the last year, including malicious code, social engineering and external malicious attacks 21% 21% of respondents see the frequency of attacks increasing and almost ¼ saw the attacks as somewhat to significantly effective State of Security Survey 11

12 Finding 3 Details about cyberattacks for business Concerns about hackers are well-founded, given the number of businesses that are experiencing cyberattacks. Seventy-one percent of organizations saw attacks in the past 12 months, compared to 75 percent in Ninety-two percent of respondents report losses from such incidents, down from 100 percent last year. The percentage who reported an increasing frequency of attacks fell from 29 percent in 2010 to 21 percent in The top three losses were downtime, theft of employee s identity information and theft of intellectual property. How destructive are these attacks in hard costs? In a word, substantial. Among SMBs, 20 percent incurred at least $100,000 in expenses from attacks within the last year. And the cost was even higher for larger enterprises, with 20 percent incurring at least $271,000 in damages. Respondents say the top sources of those costs are lost productivity and revenue; lost organizational, customer, or employee data; and damage to a company s brand reputation. The methods cybercriminals use in their attacks reflect the evolving drivers of security, according to the survey s results. Malicious code attacks rank highest among respondents with 22 percent of them having experienced this kind of attack in the prior year. continued on page 14 Effects of Cyberattacks 12 State of Security Survey

13 Characterize the quantity of cyberattacks against your organization over the past 12 months: We saw an extremely large number of cyberattacks 2% We saw a large number of cyberattacks 4% We saw cyberattacks on a regular basis 21% We saw just a few cyberattacks 44% We saw no cyberattacks 29% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% Somewhat/Extremely High Number in past 12 months? Targeted attacks 13% Internal malicious attacks 13% Denial of Service attacks 14% Internal unintentional actions 15% External malicious attacks 18% Social engineering attacks 20% Malicious code attacks 22% 0% 5% 10% 15% 20% 25% 92% 92% of those attacked saw losses from cyberattacks including downtime, intellectual property and customer credit card info 84% 84% of these losses translated into actual costs (productivity, revenue, money or goods) $195k 20% of businesses lost at least $195,000 as a result of cyberattacks State of Security Survey 13

14 Finding 3 continued from page 10 Twenty percent say they suffered social engineering attacks in the past year that include phishing, spoofing and pre-texting. External malicious attacks remain ever present, seeking to breach traditional defenses such as firewalls and antivirus software. This kind of attack affected 18 percent of respondents in the past year. Interestingly, respondents also see these three cyberattack methods as the fastest growing. Attacks Growing Somewhat/Extremely Quickly Internal malicious attacks 17% Denial of Service attacks 18% Targeted attacks 19% Internal unintentional actions 19% External malicious attacks 24% Social engineering attacks 26% Malicious code attacks 30% 0% 5% 10% 15% 20% 25% 30% 35% 14 State of Security Survey

15 Cyber Losses Experienced Theft of employee PHI 10% Theft of customer PHI 14% Identity theft 16% Theft of customer financial information 17% Theft of other corporate data 18% Theft of customer PII 19% Theft of intellectual property 19% Theft of employee PII 20% Downtime of our environment 43% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% Costs of Cyberattacks Reduced stock price 11% Litigation costs Regulatory fines Direct financial cost (money or goods) Loss of customer trust/damaged customer relationships We don't know what was taken or impacted Costs to comply with regulations after an attack Damaged brand reputation Loss of organization, customer, or employee data 13% 14% 15% 15% 16% 17% 17% 17% Lost revenue 23% Lost productivity 35% 0% 5% 10% 15% 20% 25% 30% 35% 40% State of Security Survey 15

16 Finding 4 What are businesses doing about security? When it comes to security measures, businesses need to be able to both deter attacks and also react to them when they occur. It s also important to pursue strategic initiatives that will lay the foundation for future protection. Based on the survey results, there is room for organizations to improve in how they prepare for and respond to threats. The survey revealed that organizations are the most prepared when it comes to routine security measures. Fifty-two percent report that they are doing well in this area, and 51 percent say they are doing well in addressing cyberattacks. On the other hand, only 48 percent say they are doing well in the areas of strategic security initiatives and just 45 percent are pursuing innovative security issues. To address these shortfalls, businesses are increasing staffing levels for the IT department. In particular, they are adding staff to deal with network, Web and endpoint security. In addition, they are increasing their budgets for network and Web security as well as security systems management. It s clear that organizations are stepping up their efforts in improving their protection, but many companies nearly half of those surveyed have much work still to do in safeguarding their networks and information assets. How IT is Responding 16 State of Security Survey

17 Doing Well/Extremely Well Pursuing innovative or cutting-edge security issues 45% Pursuing strategic security initiatives 48% Demonstrating compliance 48% Attending to security attacks or breaches 51% Addressing routine security measures 52% 0% 10% 20% 30% 40% 50% 60% Manpower Slowly/Rapidly Growing Security Budget Slowly/Rapidly Growing Reporting 40% Reporting 34% Auditing/Compliance 40% Incident response 34% Policies and procedures 40% Policies and procedures 35% Security for virtualized environments 40% Security for private cloud initiatives 36% Security for public cloud initiatives 41% Security for public cloud initiatives 36% Security for private cloud initiatives 42% User training and awareness 36% Vulnerability assessment/detection 42% Messaging security 37% Security systems management 42% Vulnerability assessment/detection 37% Responding to security incidents 42% Endpoint security 37% Risk management 43% Risk management 37% User training and awareness 43% IT audit and compliance 37% Messaging security 43% Security for virtualized environments 38% Preventing data loss 43% Mobile security 38% Mobile security 43% Security systems management 38% Endpoint security 45% Data loss prevention 39% Web security 46% Web security 41% Network security 46% Network security 42% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 46% 46% of respondents are increasing staffing in areas of network and web security 38% 38% of respondents are increasing security systems management budgets 41% 41% of respondents are increasing network and web security budgets State of Security Survey 17

18 Key Recommendations Organizations need to develop and enforce IT policies. By prioritizing risks and defining policies that span across all locations, customers can enforce policies through built-in automation and workflow to protect information, identify threats, and remediate incidents as they occur or anticipate them before they happen. Businesses need to protect information proactively by taking an information-centric approach to protecting both information and interactions. Taking a content-aware approach to protecting information is key in identifying and classifying confidential, sensitive information, knowing where it resides, who has access to it, and how it is coming in or leaving your organization. Proactively encrypting endpoints will also help organizations minimize the consequences associated with lost devices. To help control access, IT administrators need to validate and protect the identities of users, sites and devices throughout their organizations. Furthermore, they need to provide trusted connections and authenticate transactions where appropriate. Organizations need to manage systems by implementing secure operating environments, distributing and enforcing patch levels, automating processes to streamline efficiency, and monitoring and reporting on system status. IT administrators need to protect their infrastructure by securing all of their endpoints including the growing number of mobile devices along with messaging and Web environments. Defending critical internal servers and implementing the ability to back up and recover data should also be priorities. In addition, organizations need the visibility and security intelligence to respond to threats rapidly. 18 State of Security Survey

19 State of Security Survey 19

How To Protect Your Endpoints From Attack

How To Protect Your Endpoints From Attack 2012 Endpoint Security Best Practices Survey GLOBAL RESULTS CONTENTS Executive Summary... 4 Methodology... 6 Finding 1: Top tier organizations fare better against attacks... 8 Finding 2: Top tier organizations

More information

2012 Endpoint Security Best Practices Survey

2012 Endpoint Security Best Practices Survey WHITE PAPER: 2012 ENDPOINT SECURITY BEST PRACTICES SURVEY........................................ 2012 Endpoint Security Best Practices Survey Who should read this paper Small and medium business owners

More information

SYMANTEC 2010 SMB INFORMATION PROTECTION SURVEY. Symantec 2010 SMB Information Protection Survey. Global Data

SYMANTEC 2010 SMB INFORMATION PROTECTION SURVEY. Symantec 2010 SMB Information Protection Survey. Global Data SYMANTEC 2010 SMB INFORMATION PROTECTION SURVEY Symantec 2010 SMB Information Protection Survey Global Data June 2010 CONTENTS Executive Summary...3 Methodology...4 Finding 1: SMBs serious about information

More information

Global IT Security Risks

Global IT Security Risks Global IT Security Risks June 17, 2011 Kaspersky Lab leverages the leading expertise in IT security risks, malware and vulnerabilities to protect its customers in the best possible way. To ensure the most

More information

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War Vulnerability Risk Management 2.0 Best Practices for Managing Risk in the New Digital War In 2015, 17 new security vulnerabilities are identified every day. One nearly every 90 minutes. This consistent

More information

Cybercrime: risks, penalties and prevention

Cybercrime: risks, penalties and prevention Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,

More information

Information Security Addressing Your Advanced Threats

Information Security Addressing Your Advanced Threats Information Security Addressing Your Advanced Threats Where We are Going Information Security Landscape The Threats You Face How To Protect Yourself This Will Not Be Boring What Is Information Security?

More information

State of Mobility Survey. France Results

State of Mobility Survey. France Results State of Mobility Survey France Results Methodology Survey performed by Applied Research 6,275 global organizations 43 countries NAM 2 LAM 14 EMEA 13 APJ 14 SMBs: Individuals in charge of computers Enterprises:

More information

INFORMATION PROTECTED

INFORMATION PROTECTED INFORMATION PROTECTED Symantec Protection Suite Effective, comprehensive threat protection Safeguarding your organization s business-critical assets in today s ever-changing threat landscape has never

More information

Cyber Security. John Leek Chief Strategist

Cyber Security. John Leek Chief Strategist Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity

More information

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist Cyber- Attacks: The New Frontier for Fraudsters Daniel Wanjohi, Technology Security Specialist What is it All about The Cyber Security Agenda ; Protecting computers, networks, programs and data from unintended

More information

Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions

Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions SURVEY REPORT: cyber security Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions Confidence in a connected world. Executive summary An online survey revealed that while U.S.

More information

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE

More information

Manage the unexpected

Manage the unexpected Manage the unexpected Navigate risks and thrive Today s business world is threatened by a multitude of online security risks. But many organizations simply do not have the resources or expertise to combat

More information

Into the cybersecurity breach

Into the cybersecurity breach Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing

More information

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations

More information

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Cyber4sight TM Threat Intelligence Services Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Preparing for Advanced Cyber Threats Cyber attacks are evolving faster than organizations

More information

Conquering PCI DSS Compliance

Conquering PCI DSS Compliance Any organization that stores, processes or transmits information related to credit and debit card payments has a responsibility to protect each cardholder s personal data. To help accomplish this goal,

More information

Building a Business Case:

Building a Business Case: Building a Business Case: Cloud-Based Security for Small and Medium-Size Businesses table of contents + Key Business Drivers... 3... 4... 6 A TechTarget White Paper brought to you by Investing in IT security

More information

Banks likely to remain top cybercrime targets

Banks likely to remain top cybercrime targets Banks likely to remain top cybercrime targets Protecting assets and reputation through a sustainable security infrastructure Contents Introduction Meeting the challenge of targeted attacks 2 3 A balancing

More information

WHITE PAPER: INFORMATION-CENTRIC SECURITY

WHITE PAPER: INFORMATION-CENTRIC SECURITY WHITE PAPER: INFORMATION-CENTRIC SECURITY PROTECTING YOUR DATA FROM THE INSIDE- OUT Despite the growing number of high profile data breaches and the anxiety they re causing organizations, too much information

More information

Cybersecurity. Are you prepared?

Cybersecurity. Are you prepared? Cybersecurity Are you prepared? First Cash, then your customer, now YOU! What is Cybersecurity? The body of technologies, processes, practices designed to protect networks, computers, programs, and data

More information

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention symantec.com One of the interesting things we ve found is that a lot of the activity you d expect to be malicious

More information

Managing cyber risks with insurance

Managing cyber risks with insurance www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive

More information

THE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY

THE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY THE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY CYBER HYGIENE AND ORGANIZATIONAL PLANNING ARE AT LEAST AS INTEGRAL TO SECURING INFORMATION NETWORKS AS FIREWALLS AND ANTIVIRUS SOFTWARE Cybersecurity

More information

North American Electric Reliability Corporation (NERC) Cyber Security Standard

North American Electric Reliability Corporation (NERC) Cyber Security Standard North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation

More information

Federal Cyber Security Outlook for 2010

Federal Cyber Security Outlook for 2010 Federal Cyber Security Outlook for 2010 National IT Security Challenges Mounting How well prepared are IT professionals within U.S. government agencies to respond to foreign cyber threats? Will government

More information

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure Home Secure digital transformation SMACT Advise, Protect & Monitor Why Capgemini & Sogeti? In safe hands Capgemini & Sogeti Cybersecurity Services Guiding enterprises and government through digital transformation

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

More information

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary

More information

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime? Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies

More information

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored. It takes an average

More information

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord Building The Human Firewall Andy Sawyer, CISM, C CISO Director of Security Locke Lord Confidentiality, Integrity, Availability Benchmarks of Cybersecurity: Confidentiality Information is protected against

More information

What Data? I m A Trucking Company!

What Data? I m A Trucking Company! What Data? I m A Trucking Company! Presented by: Marc C. Tucker 434 Fayetteville Street, Suite 2800 Raleigh, NC, 27601 919.755.8713 marc.tucker@smithmoorelaw.com Presented by: Rob D. Moseley, Jr. 2 West

More information

McAfee Security Architectures for the Public Sector

McAfee Security Architectures for the Public Sector White Paper McAfee Security Architectures for the Public Sector End-User Device Security Framework Table of Contents Business Value 3 Agility 3 Assurance 3 Cost reduction 4 Trust 4 Technology Value 4 Speed

More information

Address C-level Cybersecurity issues to enable and secure Digital transformation

Address C-level Cybersecurity issues to enable and secure Digital transformation Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,

More information

Cybersecurity. Considerations for the audit committee

Cybersecurity. Considerations for the audit committee Cybersecurity Considerations for the audit committee Insights on November 2012 governance, risk and compliance Fighting to close the gap Ernst & Young s 2012 Global Information Security Survey 2012 Global

More information

Cybersecurity and internal audit. August 15, 2014

Cybersecurity and internal audit. August 15, 2014 Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices

More information

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave

More information

NATIONAL CYBER SECURITY AWARENESS MONTH

NATIONAL CYBER SECURITY AWARENESS MONTH NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the

More information

Information Security Services

Information Security Services Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual

More information

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015 Cybersecurity: Considerations for Internal Audit IIA Atlanta Chapter Meeting January 9, 2015 Agenda Key Risks Incorporating Internal Audit Resources for Internal Auditors Questions 2 Key Risks 3 4 Key

More information

2012 Bit9 Cyber Security Research Report

2012 Bit9 Cyber Security Research Report 2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by

More information

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response

More information

Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement

Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement Copyright Elevate Consult LLC. All Rights Reserved 1 Presenter Ray Guzman MBA, CISSP, CGEIT, CRISC, CISA Over 25

More information

Hope for the best, prepare for the worst:

Hope for the best, prepare for the worst: Hope for the best, prepare for the worst: Why your customers will demand self-service back-up Presented by Ridley Ruth, COO Breaking News Yahoo email Accounts were hacked in Jan 2014 (Washington Post)

More information

CYBER SECURITY INFORMATION SHARING & COLLABORATION

CYBER SECURITY INFORMATION SHARING & COLLABORATION Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers

More information

Cybersecurity The role of Internal Audit

Cybersecurity The role of Internal Audit Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government

More information

CYBER SECURITY, A GROWING CIO PRIORITY

CYBER SECURITY, A GROWING CIO PRIORITY www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------

More information

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments Trusted protection for endpoints and messaging environments Overview Symantec Protection Suite Enterprise Edition creates a protected endpoint and messaging environment that is secure against today s complex

More information

Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape

Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape White Paper Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape Financial services organizations have a unique relationship with technology: electronic data and transactions

More information

Top 5 Global Bank Selects Resolution1 for Cyber Incident Response.

Top 5 Global Bank Selects Resolution1 for Cyber Incident Response. MAJOR FINANCIAL SERVICES LEADER Top 5 Global Bank Selects Resolution1 for Cyber Incident Response. Automation and remote endpoint remediation reduce incident response (IR) times from 10 days to 5 hours.

More information

Preemptive security solutions for healthcare

Preemptive security solutions for healthcare Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare

More information

ITAR Compliance Best Practices Guide

ITAR Compliance Best Practices Guide ITAR Compliance Best Practices Guide 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: International Traffic in Arms Regulations

More information

Executive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3

Executive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3 GLOBAL ADVANCED THREAT LANDSCAPE SURVEY 2014 TABLE OF CONTENTS Executive Summary 3 Snowden and Retail Breaches Influencing Security Strategies 3 Attackers are on the Inside Protect Your Privileges 3 Third-Party

More information

Data Backup for Small and Medium Businesses: Priorities, Current Practices, and Risks

Data Backup for Small and Medium Businesses: Priorities, Current Practices, and Risks Data Backup for Small and Medium Businesses: Priorities, Current Practices, and Risks November 12, 2008 How safe is small business data? As the power of computers continues to grow, more and more of the

More information

Malware isn t The only Threat on Your Endpoints

Malware isn t The only Threat on Your Endpoints Malware isn t The only Threat on Your Endpoints Key Themes The cyber-threat landscape has Overview Cybersecurity has gained a much higher profile over the changed, and so have the past few years, thanks

More information

Threat Management Survey GLOBAL FINDINGS

Threat Management Survey GLOBAL FINDINGS 2011 Threat Management Survey GLOBAL FINDINGS CONTENTS Introduction... 4 Methodology... 6 Finding 1: Enterprises lack confidence in their security posture... 8 Finding 2: Organizations struggling with

More information

Hope for the best, prepare for the worst:

Hope for the best, prepare for the worst: Hope for the best, prepare for the worst: Why your customers will demand self-service back-up Presented by Ridley Ruth, COO 2014 a record year for hacking! 100K+ WordPress sites infected by mysterious

More information

DAMAGE CONTROL: THE COST OF SECURITY BREACHES IT SECURITY RISKS SPECIAL REPORT SERIES

DAMAGE CONTROL: THE COST OF SECURITY BREACHES IT SECURITY RISKS SPECIAL REPORT SERIES DAMAGE CONTROL: THE COST OF SECURITY BREACHES IT SECURITY RISKS SPECIAL REPORT SERIES Kaspersky Lab 2 Corporate IT Security Risks Survey details: More than 5500 companies in 26 countries around the world

More information

Combatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation

Combatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation Combatting the Biggest Cyber Threats to the Financial Services Industry A White Paper Presented by: Lockheed Martin Corporation Combatting the Biggest Cyber Threats to the Financial Services Industry Combatting

More information

Incident Response. Proactive Incident Management. Sean Curran Director

Incident Response. Proactive Incident Management. Sean Curran Director Incident Response Proactive Incident Management Sean Curran Director Agenda Incident Response Overview 3 Drivers for Incident Response 5 Incident Response Approach 11 Proactive Incident Response 17 2 2013

More information

Cybersecurity Awareness. Part 1

Cybersecurity Awareness. Part 1 Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat

More information

IBM Global Small and Medium Business. Keep Your IT Infrastructure and Assets Secure

IBM Global Small and Medium Business. Keep Your IT Infrastructure and Assets Secure IBM Global Small and Medium Business Keep Your IT Infrastructure and Assets Secure Contents 2 Executive overview 4 Monitor IT infrastructure to prevent malicious threats 5 Protect IT assets and information

More information

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. A guide for IT security from BIOS The Problem SME s, Enterprises and government agencies are under virtually constant attack today. There

More information

Global Corporate IT Security Risks: 2013

Global Corporate IT Security Risks: 2013 Global Corporate IT Security Risks: 2013 May 2013 For Kaspersky Lab, the world s largest private developer of advanced security solutions for home users and corporate IT infrastructures, meeting the needs

More information

VIGILANCE INTERCEPTION PROTECTION

VIGILANCE INTERCEPTION PROTECTION MINIMIZE CYBERTHREATS VIGILANCE INTERCEPTION PROTECTION CYBERSECURITY CDW FINANCIAL SERVICES 80 million identities were exposed by breaches in financial services in 2014. 1 1 symantec.com, Internet Security

More information

How To Protect Your Organization From Insider Threats

How To Protect Your Organization From Insider Threats Research Conducted by 2015 VORMETRIC INSIDER THREAT REPORT Trends and Future Directions in Data Security FINANCIAL SERVICES EDITION #2015InsiderThreat RESEARCH BRIEF US FINANCIAL SERVICES SPOTLIGHT ABOUT

More information

Small and Midsize Business Protection Guide

Small and Midsize Business Protection Guide P r o t e c t i o n G u i d e : C l o s e t h e P r o t e c t i o n G a p Small and Midsize Business Protection Guide Close the protection gap and safeguard your business future Confidence in a connected

More information

CORE Security and GLBA

CORE Security and GLBA CORE Security and GLBA Addressing the Graham-Leach-Bliley Act with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com

More information

The Impact of Cybercrime on Business

The Impact of Cybercrime on Business The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted

More information

Small Business Virtualization Poll APJ RESULTS

Small Business Virtualization Poll APJ RESULTS Small Business Virtualization Poll APJ RESULTS CONTENTS Introduction... 4 Methodology... 6 Finding 1: Small businesses have a strong interest in virtualization... 8 Finding 2: Small businesses are still

More information

The Attacker s Target: The Small Business

The Attacker s Target: The Small Business Check Point Whitepaper The Attacker s Target: The Small Business Even Small Businesses Need Enterprise-class Security to protect their Network July 2013 Contents Introduction 3 Enterprise-grade Protection

More information

Small Business Virtualization Poll GLOBAL RESULTS

Small Business Virtualization Poll GLOBAL RESULTS Small Business Virtualization Poll GLOBAL RESULTS CONTENTS Introduction... 4 Methodology... 6 Finding 1: Small businesses have a strong interest in virtualization... 8 Finding 2: Small businesses are

More information

4/30/2015 CYBER LIABILITY AND AVIATION AGENDA LEARNING OBJECTIVES. Presented by Hal Hunt May 3, 2015

4/30/2015 CYBER LIABILITY AND AVIATION AGENDA LEARNING OBJECTIVES. Presented by Hal Hunt May 3, 2015 CYBER LIABILITY AND AVIATION Presented by Hal Hunt May 3, 2015 AGENDA Introduction Leaning Objectives Threat Examples Underwriting Protection/Cyber Policy Summary 2 LEARNING OBJECTIVES Understand Key Terms

More information

ICBA Summary of FFIEC Cybersecurity Assessment Tool

ICBA Summary of FFIEC Cybersecurity Assessment Tool ICBA Summary of FFIEC Cybersecurity Assessment Tool July 2015 Contact: Jeremy Dalpiaz Assistant Vice President Cyber Security and Data Security Policy Jeremy.Dalpiaz@icba.org www.icba.org ICBA Summary

More information

BIG SHIFT TO CLOUD-BASED SECURITY

BIG SHIFT TO CLOUD-BASED SECURITY GUIDE THE BIG SHIFT TO CLOUD-BASED SECURITY How mid-sized and smaller organizations can manage their IT risks and meet regulatory compliance with minimal staff and budget. CONTINUOUS SECURITY TABLE OF

More information

Cybersecurity and Hospitals. What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response

Cybersecurity and Hospitals. What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response Cybersecurity and Hospitals What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response This resources was prepared exclusively for American Hospital Association members by Mary

More information

Surviving the Ever Changing Threat Landscape

Surviving the Ever Changing Threat Landscape Surviving the Ever Changing Threat Landscape Kevin Jordan Cyber Security Specialist Dell GLBA FFIEC NCUA PCI HIPAA NERC CIP FISMA 700+ Percentage of U.S. adults who Federal named online and banking state

More information

TECH GUYS. Protect Your Practice with a Security Risk Assessment. HCTechGuys.com. HCTechGuys.com TECH GUYS

TECH GUYS. Protect Your Practice with a Security Risk Assessment. HCTechGuys.com. HCTechGuys.com TECH GUYS Hill Country Protect Your Practice with a Security Risk Assessment Hill Country Protect Your Practice with a Security Risk Assessment Cyber Security in Healthcare is a Growing Problem With more healthcare

More information

Intel Cyber-Security Briefing: Trends, Solutions, and Opportunities

Intel Cyber-Security Briefing: Trends, Solutions, and Opportunities Intel Cyber-Security Briefing: Trends, Solutions, and Opportunities John Skinner, Director, Secure Enterprise and Cloud, Intel Americas, Inc. May 2012 Agenda Intel + McAfee: What it means Computing trends

More information

A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks. Alex Leemon, Sr. Manager

A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks. Alex Leemon, Sr. Manager A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks Alex Leemon, Sr. Manager 1 The New Cyber Battleground: Inside Your Network Over 90% of organizations have been breached

More information

How To Get A Cloud Service For A Small Business

How To Get A Cloud Service For A Small Business Transforming SMB Security Stephen Banbury VP, Global SMB Channel & Alliances Compelling Trends for Change Symantec as a Leader in Security Winning Together 2 NOT SO LONG AGO SMB Attitudes Towards Business

More information

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask Everything You Wanted to Know about DISA STIGs but were Afraid to Ask An EiQ Networks White Paper 2015 EiQ Networks, Inc. All Rights Reserved. EiQ, the EiQ logo, the SOCVue logo, SecureVue, ThreatVue,

More information

Security Awareness Campaigns Deliver Major, Ongoing ROI

Security Awareness Campaigns Deliver Major, Ongoing ROI Security Awareness Campaigns Deliver Major, Ongoing ROI CONTENTS 01 01 02 04 05 06 Introduction The Challenge Immediate Value Evaluating effectiveness Ongoing value Conclusion INTRODUCTION By this point,

More information

Cyber Security Management

Cyber Security Management Cyber Security Management Focusing on managing your IT Security effectively. By Anthony Goodeill With the news cycles regularly announcing a recurrently theme of targets of hacker attacks and companies

More information

Healthcare Information Security Today

Healthcare Information Security Today Healthcare Information Security Today 2015 Survey Analysis: Evolving Threats and Health Info Security Efforts WHITE PAPER SURVEY BACKGROUND The Information Security Media Group conducts an annual Healthcare

More information

2012 NCSA / Symantec. National Small Business Study

2012 NCSA / Symantec. National Small Business Study 2012 NCSA / Symantec National Small Business Study National Cyber Security Alliance Symantec JZ Analytics October 2012 Methodology and Sample Characteristics JZ Analytics was commissioned by the National

More information

Perceptions About Network Security Survey of IT & IT security practitioners in the U.S.

Perceptions About Network Security Survey of IT & IT security practitioners in the U.S. Perceptions About Network Security Survey of IT & IT security practitioners in the U.S. Sponsored by Juniper Networks Independently conducted by Ponemon Institute LLC Publication Date: June 2011 Ponemon

More information

Internal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015

Internal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015 Internal audit of cybersecurity Presentation to the Atlanta IIA Chapter January 2015 Agenda Executive summary Why is this topic important? Cyber attacks: increasing complexity arket insights: What are

More information

PCI Data Security Standards (DSS)

PCI Data Security Standards (DSS) ENTERPRISE APPLICATION WHITELISTING SOLUTION Achieving PCI Compliance at the Point of Sale Using Bit9 Parity TM to Protect Cardholder Data PCI: Protecting Cardholder Data As the technology used by merchants

More information

Professional Services Overview

Professional Services Overview Professional Services Overview INFORMATION SECURITY ASSESSMENT AND ADVISORY NETWORK APPLICATION MOBILE CLOUD IOT Praetorian Company Overview HISTORY Founded in 2010 Headquartered in Austin, TX Self-funded

More information

Reneaué Railton Sr. Informa2on Security Analyst, Duke Medicine Cyber Defense & Response

Reneaué Railton Sr. Informa2on Security Analyst, Duke Medicine Cyber Defense & Response Reneaué Railton Sr. Informa2on Security Analyst, Duke Medicine Cyber Defense & Response Incident Response What is the most importance component of an Incident Response Program? Tools? Processes? Governance?

More information

Internet Safety and Security: Strategies for Building an Internet Safety Wall

Internet Safety and Security: Strategies for Building an Internet Safety Wall Internet Safety and Security: Strategies for Building an Internet Safety Wall Sylvanus A. EHIKIOYA, PhD Director, New Media & Information Security Nigerian Communications Commission Abuja, NIGERIA Internet

More information

Appendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises

Appendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises Appendix Key Areas of Concern i. Inadequate coverage of cybersecurity risk assessment exercises The scope coverage of cybersecurity risk assessment exercises, such as cybersecurity control gap analysis

More information

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION

More information

How To Protect Your Network From Attack From A Network Security Threat

How To Protect Your Network From Attack From A Network Security Threat Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your

More information

FINANCIAL FRAUD: THE IMPACT ON CORPORATE SPEND IT SECURITY RISKS SPECIAL REPORT SERIES

FINANCIAL FRAUD: THE IMPACT ON CORPORATE SPEND IT SECURITY RISKS SPECIAL REPORT SERIES FINANCIAL FRAUD: THE IMPACT ON CORPORATE SPEND IT SECURITY RISKS SPECIAL REPORT SERIES Kaspersky Lab 2 Corporate IT Security Risks Survey details: More than 5,500 companies in 26 countries around the world

More information

Microsoft s cybersecurity commitment

Microsoft s cybersecurity commitment Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade

More information