20+ At risk and unready in an interconnected world
|
|
- Jennifer Wells
- 8 years ago
- Views:
Transcription
1 At risk and unready in an interconnected world Key findings from The Global State of Information Security Survey 2015 Cyber attacks against power and utilities organizations have transitioned from theoretical to indisputable. Over the past year, sophisticated cyber adversaries have infected the industrial control systems of hundreds of energy companies in the US and Europe; others successfully infiltrated a public utility via the Internet and compromised its control system network. The volume of incidents increased dramatically in the past year. respondents to The Global State of Information Security Survey (GSISS) 2015, report the average number of detected incidents skyrocketed to 7,391, a six-fold increase over the year before. (We define a incident as any adverse incident that threatens some aspect of computer.) Yet as attempts to compromise supervisory control and data acquisition (SCADA), industrial control, and information technology systems have soared, information spending has not kept pace. respondents say spending in increased by a comparatively modest 9%. In, by contrast, survey respondents reported a significant 25% boost in investments, which very well may account for a portion of this year s increase in detected incidents. After all, organizations that spend more on typically discover more incidents. 20+ Detected incidents soared to more than 20 per day, per organization // 1
2 Even though businesses have invested more heavily in ious years, spending has been stalled at 4% or less of the total IT budget for the past five years. GSISS 2015: results at a glance Click or tap each title to view data Incidents Sources of incidents Security spending This lack of investment in has very likely contributed to attrition of key capabilities, including fundamental strategies, processes, technologies, and awareness programs. We also found some noteworthy improvements in practices, but it s worth pointing out that these advances were fewer and comparatively incremental. 8K 7,391 6K 3M $ 2.4M 4K 2M All things considered, many power and utilities companies seem to be unready for the increasing risks of today s interconnected world. 1,179 $ 1.2M 1M Average number of detected incidents Estimated total financial losses // 2
3 Even though businesses have invested more heavily in ious years, spending has been stalled at 4% or less of the total IT budget for the past five years. GSISS 2015: results at a glance Click or tap each title to view data Incidents Sources of incidents Security spending This lack of investment in has very likely contributed to attrition of key capabilities, including fundamental strategies, processes, technologies, and awareness programs. We also found some noteworthy improvements in practices, but it s worth pointing out that these advances were fewer and comparatively incremental. 40% 37% 38% 31% 30% 29% 30% All things considered, many power and utilities companies seem to be unready for the increasing risks of today s interconnected world. 20% 17% 20% 14% Current employees Former employees Hackers Current service providers/ consultants/contractors // 3
4 Even though businesses have invested more heavily in ious years, spending has been stalled at 4% or less of the total IT budget for the past five years. GSISS 2015: results at a glance Click or tap each title to view data Incidents Sources of incidents Security spending This lack of investment in has very likely contributed to attrition of key capabilities, including fundamental strategies, processes, technologies, and awareness programs. We also found some noteworthy improvements in practices, but it s worth pointing out that these advances were fewer and comparatively incremental. 4M $ 3.4M $ 3.7M 3M 6% 4.0% 3.9% 2M 4% All things considered, many power and utilities companies seem to be unready for the increasing risks of today s interconnected world. 2% Average annual IS budget IS spend as percentage of IT budget // 4
5 The primary threat actors those who perpetrate incidents remained relatively constant in the past year. Current and former employees are once again the most-frequent culprits of incidents, cited by 38% and 30%, respectively, of respondents. While incidents caused by employees often fly under the radar of the media, those committed by organized crime groups, activists, and nation-states typically do not. Attacks by these threat actors remain among the least frequent, but they are also among the fastest-growing incidents. 10% 14% Often these groups employ powerful distributed denial of service (DDoS) attacks in an attempt to embarrass organizations for social or political ends, rather than to exfiltrate data or intellectual property. Similarly, the number of respondents who cited organized criminals as the source of attacks increased 31% over last year. Cyber incidents attributed to nation-states continue to garner the lion s share of attention. This year, 14% of respondents attributed incidents to activists and hacktivists, a 40% jump over. They are keenly interested in energy, and they often target critical infrastructure providers and suppliers to steal IP and trade secrets as a means to advance their own political and economic advantage. This year, incidents attributed to nation-states more than doubled over. Given the ability of nation-state adversaries to carry out attacks without detection, we believe the volume of compromises is very likely under-reported. // 5
6 The fastest-growing sources of incidents Increase over 118% 48% 40% 31% Foreign nation-states Information brokers Activists/activist organizations/hacktivists Organized crime Security executives of power and utilities companies have told us that they also see -incident patterns in which criminals seem to be indiscriminately exploring the network to find any data of any value. Once they find data, they quickly siphon it off and try to sell it. That, in part, may account for the 43% rise in respondents who report that data was exploited as a result of incidents, the most cited impact. // 6
7 While the number of detected incidents increased dramatically, organizations say the financial impact of these compromises lessened. respondents say total financial losses resulting from incidents declined to an average of $1.2 million, a 51% drop over. This finding seems counter-intuitive, given the huge upsurge in detected compromises. In part, the discrepancy may be attributed to the 25% rise in spending in, which may have enabled organizations to more quickly detect and mitigate incidents before they caused real financial harm. Another explanation may be that, while adversaries have been able to gain access to power and utilities companies networks, they are typically stopped before they can wreak havoc on operational and SCADA systems. And unlike the retail sector, which has been hit by a barrage of breaches, power and utilities companies hold comparatively few payment card records and therefore are not liable for costly mitigation of card theft and customer data. We also looked into how power and utilities respondents calculate the financial consequences of incidents, and found that many do not consider a full range of possible impacts, including costs associated with legal defense fees, court settlements, forensics, and reputational damage. // 7
8 As risks to IT, operational, and connected-field assets continue to rise, some power and utilities companies may need to take a more strategic approach to information. At the core of this initiative should be a riskbased cyber program that enhances the ability to identify, manage, and respond to privacy and threats. It all starts with an information strategy or at least it should. However, we found the number of organizations that have an overall information strategy dropped to 70% this year, down from 79% in. Moreover, those that have a strategy that is aligned with the specific needs of the business declined to 45%, from 65% last year. An effective strategy will allocate spending to the assets that are most valuable to the business. respondents show a more solid, if incomplete, commitment in this area: 62% say their investments are allocated to the organization s most profitable lines of business. companies seem to be falling short of the fundamentals: Only 54% say they have a unified and controls framework and/or enterprise riskmanagement framework to address cyber risks. Last year that number was 61%. A basic tenet of an effective information strategy is that it should be founded on risk management. A strategic approach is lacking // 8
9 70% 79% 57% 65% 59% 56% Many key safeguards weaken Have information strategy Secure access-control measures Patch-management tools 55% Intrusion-detection tools 50% 54% 66% Privileged user access 55% 49% 68% 63% 63% 55% Vulnerability scanning tools 39% 48% Before resources can be allocated, however, it will be necessary to first identify the organization s most valuable assets and determine who owns responsibility for them. This is an area in which we found great potential for improvement: Only 54% of respondents have a program to identify sensitive assets, and the same number (54%) have an inventory of all third parties that handle personal data of customers and employees. Inventory of all third parties that handle personal data of employees and customers 47% 57% Active monitoring/analysis of information intelligence 50% 44% Risk assessments of third-party vendors 58% 43% Cyber and privacy should be embedded into an organization s core, with a top-down commitment to and ongoing employee training programs. Employee awareness and training program 43% 56% Security-event correlation tools Established standards for external partners, suppliers, vendors and customers Require employees to complete privacy training The number of organizations that have employee -awareness training programs (47%) actually declined over last year, as did those that require personnel to complete training on privacy practices and policies (43%). Considering that employees are the leading source of incidents, we believe that training should be universal and that accountability should cascade from the C-suite to every employee and thirdparty vendor and supplier. A strategic approach is lacking // 9
10 Strategic processes are often lacking 45% 61% 65% 65% 54% 52% 54% 54% 45% 46% 36% 33% Program to identify sensitive assets Have a unified and controls framework for cyber risks Information strategy is aligned with specific business needs A senior executive communicates importance of to entire enterprise Collaborate with others to improve Have cyber insurance An effective program will require top-down commitment and communication. Yet fewer than half (46%) of organizations have a senior executive who communicates the importance of information to the entire enterprise. That s a substantial drop from last year (65%) and demonstrates that the executive team may not be taking adequate ownership of cyber risks. To do so, senior executives should proactively ensure that the Board of Directors understands how the organization will detect, defend against, and respond to cyber threats. Despite all the discussion following high-profile retailer breaches, many power and utilities companies have not elevated to a Board-level discussion. Consider, for instance, that only 26% of respondents say their Board of Directors participates in the overall strategy. Fewer (23%) say their Board is involved in reviews of current and privacy risks a crucial component of any effective program. The area in which Boards are most likely to participate is the budget (40%). Finally, cyber threats, technologies, and vulnerabilities are evolving at lightning speed, and sharing information among public and private entities has become central to a strong cyber program. More than half (55%) of overall survey respondents across industries say they collaborate with others to share intelligence and tactics. Among power and utilities sector, however, the number of organizations that collaborate sank to 36% this year, a sharp drop over. A strategic approach is lacking // 10
11 This year s survey indicates that power and utilities organizations are falling behind in key practices. For many, it may be necessary to reposition the strategy by more closely linking technologies, processes, and tools with the organization s broader risk-management activities. International standards provide a good measure to gauge preparedness and build a strong cyber program. Some of the most widely used include ISO/IEC 27001, COBIT 5, and ISA A new set of guidelines from the US National Institute of Standards and Technology (NIST) compiles these global standards into one framework, providing an up-to-date model for implementing and improving risk-based. The voluntary NIST Cyber Framework, which targets critical infrastructure providers and suppliers, has been adopted by 11% of US power and utilities respondents; an additional 22% say adoption is a future priority. This comparatively low implementation rate is not necessarily discouraging; it s a matter of timing. The Framework was released in February, and our survey was conducted from March 27, to May 25,, giving organizations little time to embrace the Framework. 22% 11% Among those that have, most (54%) say they have leveraged the Framework to determine their risk based on Implementation Tiers, which are designed to help companies understand the maturity of their current cyber risk-management capabilities. It seems very likely that organizations with mature practices may have adopted some of the Framework s controls and standards, while not formally implementing the entire set of guidelines. No matter whether companies have adopted the Framework fully or partially, it seems to be elevating the discussion on cyber. We believe that organizations across industries and even geographies can gain significant benefits by adopting the guidelines at the highest possible risk-tolerance level. As the world s sophisticated organized criminals and nation-states devise new ways to compromise systems and steal intellectual property of power and utilities companies, the Framework provides the right foundation for proactive, risk-based cyber. // 11
12 The convergence of information, operational, and consumer technologies will very likely introduce tremendous benefits for businesses and significant conveniences for their customers. It also will create a new world of risks, a possibility that power and utilities respondents are beginning to address. In fact, 25% of respondents say they have already implemented a strategy for the convergence of information, operational, and consumer technologies, most often referred to as the Internet of Things. An additional 27% say they are working on a strategy. When asked to name primary drivers for spending, this year 17% of respondents cited modernization of field assets such as IP-connected process control systems, compared with 6% last year. This increased focus on connected field assets suggests that power and utilities respondents are gearing up for the Internet of Things. // 12
13 To have a deeper conversation about cyber, please contact: United States Brad Bauch Principal brad.bauch@us.pwc.com Darren Highfill Director darren.highfill@us.pwc.com // PwC helps organisations and individuals create the value they re looking for. We re a network of firms in 157 countries with more than 184,000 people who are committed to delivering quality in assurance, tax and advisory services. Tell us what matters to you and find out more by visiting us at This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PwC does not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it. PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see for further details. The Global State of Information Security is a registered trademark of International Data Group, Inc. // 13
Driving cybersecurity advances in an interconnected world Key findings from The Global State of Information Security Survey 2015
Driving cybersecurity advances in an interconnected world Key findings from The Global State of Information Security Survey 2015 Technology advances like telematics, networked manufacturing tools, and
More informationSecurity deficits in an interconnected world Key findings from The Global State of Information Security Survey 2015
Security deficits in an interconnected world Key findings from The Global State of Information Security Survey 2015 It will come as no surprise to most financial services executives that information security
More informationCybersecurity challenges in an interconnected world Key findings from The Global State of Information Security Survey 2015
Cybersecurity challenges in an interconnected world Key findings from The Global State of Information Security Survey 2015 If the recent string of high-profile cyber attacks has proved anything, it s that
More informationImproving cyber readiness in an interconnected world Key findings from The Global State of Information Security Survey 2015
Improving cyber readiness in an interconnected world Key findings from The Global State of Information Security Survey 2015 organizations tend to have comparatively robust and mature cybersecurity programs.
More informationHealthcare cybersecurity challenges in an interconnected world Key findings from The Global State of Information Security Survey 2015
Healthcare cybersecurity challenges in an interconnected world Key findings from The Global State of Information Security Survey 2015 Healthcare payers Technology is not the only agent of change. Innovations
More informationCybersecurity challenges in an interconnected world Key findings from The Global State of Information Security Survey 2015
Cybersecurity challenges in an interconnected world Key findings from The Global State of Information Security Survey 2015 Over the past year, the phrase data breach has become closely associated with
More informationDefending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014
www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday
More informationManaging cyber risks with insurance
www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive
More informationGlobal State of Information Security Survey 2015
www.pwc.ch/cybersecurity Global State of Information Security Survey 2015 The risks and repercussions of security incidents continue to rise as preparedness falls. Agenda Methodology Key findings Focus
More informationDefending yesterday. Power & Utilities. Key findings from The Global State of Information Security Survey 2014
www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday
More informationJanuary IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director
January IIA / ISACA Joint Meeting Pre-meeting Cybersecurity Update for Internal Auditors Matt Wilson, Risk Assurance Director Introduction and agenda Themes from The Global State of Information Security
More informationwww.pwc.co.uk Cyber security Building confidence in your digital future
www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in
More informationwww.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14
www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the
More informationDefending yesterday. Retail & Consumer. Key findings from The Global State of Information Security Survey 2014
www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday
More informationThe promise and pitfalls of cyber insurance January 2016
www.pwc.com/us/insurance The promise and pitfalls of cyber insurance January 2016 2 top issues The promise and pitfalls of cyber insurance Cyber insurance is a potentially huge but still largely untapped
More informationInformation Technology in the Automotive Aftermarket
Information Technology in the Automotive Aftermarket March 2015 AASA Thought Leadership: The following white paper consists of key takeaways from three AASA surveys conducted in 2014, which focused on
More informationGetting real about cyber threats: where are you headed?
Getting real about cyber threats: where are you headed? Energy, utilities and power generation companies that understand today s cyber threats will be in the best position to defeat them June 2011 At a
More informationwww.pwc.com Cybersecurity and Privacy Hot Topics 2015
www.pwc.com Cybersecurity and Privacy Hot Topics 2015 Table of Contents Cybersecurity and Privacy Incidents are on the rise Executives and Boards are focused on Emerging Risks Banking & Capital Markets
More informationDefending yesterday. Telecommunications. Key findings from The Global State of Information Security Survey 2014
www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday
More informationDefending yesterday. Technology. Key findings from The Global State of Information Security Survey 2014
www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday
More informationCybersecurity Awareness. Part 1
Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat
More informationAssessing the strength of your security operating model
www.pwc.com Assessing the strength of your security operating model May 2014 Assessing the strength of your security operating model Retail stores, software companies, the U.S. Federal Reserve it seems
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationWRITTEN TESTIMONY OF
WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you
More informationCYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility
CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to
More informationNine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity
Nine recommendations for alternative funds battling cyber crime kpmg.ca/cybersecurity Cyber criminals steal user names and passwords and use it to conduct financial trading activity illicitly. Hackers
More informationCyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte
Cyber security Time for a new paradigm Stéphane Hurtaud Partner Information & Technology Risk Deloitte 90 More than ever, cyberspace is a land of opportunity but also a dangerous world. As public and private
More informationCompliance & Internal Audit Collaboration
www.pwc.com Compliance & Internal Collaboration Developing a compliance third line of October 2015 The Society of Corporate Compliance & Ethics 14 th Annual Compliance & Ethics Institute Conference Introductions
More informationGaining the upper hand in today s cyber security battle
IBM Global Technology Services Managed Security Services Gaining the upper hand in today s cyber security battle How threat intelligence can help you stop attackers in their tracks 2 Gaining the upper
More informationCyber security the facts
Cyber security the facts By Dr Carolyn Patteson, Executive Manager, CERT Australia The cyber threat is real and ever present and every business is at risk. Australia s security and intelligence agencies
More informationDefending yesterday. Key findings from The Global State of Information Security Survey 2014
www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday
More informationTop 5 Global Bank Selects Resolution1 for Cyber Incident Response.
MAJOR FINANCIAL SERVICES LEADER Top 5 Global Bank Selects Resolution1 for Cyber Incident Response. Automation and remote endpoint remediation reduce incident response (IR) times from 10 days to 5 hours.
More informationAnswering your cybersecurity questions The need for continued action
www.pwc.com/cybersecurity Answering your cybersecurity questions The need for continued action January 2014 Boards and executives keeping a sustained focus on cybersecurity do more than protect the business:
More informationWhy you should adopt the NIST Cybersecurity Framework
www.pwc.com/cybersecurity Why you should adopt the NIST Cybersecurity Framework May 2014 The National Institute of Standards and Technology Cybersecurity Framework may be voluntary, but it offers potential
More informationwww.pwc.nl/cybersecurity Cyber security Building confidence in your digital future
www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future 2015 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence
More informationEnergy Industry Cybersecurity Report. July 2015
Energy Industry Cybersecurity Report July 2015 Energy Industry Cybersecurity Report INTRODUCTION Due to information sharing concerns, energy industry cybersecurity information is not readily available.
More informationDo you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape
January 2013 Do you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape At a glance Threats to data security both
More informationcyberr by e-management The Leader in Cybersecurity Risk Intelligence (RI) Cybersecurity Risk: What You Don t Know CAN Hurt You!
cyberr by e-management The Leader in Cybersecurity Risk Intelligence (RI) Cybersecurity Risk: What You Don t Know CAN Hurt You! Cybersecurity is all over the news. Target, University of Maryland, Neiman
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationWhite Paper on Financial Industry Regulatory Climate
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
More informationWILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES
WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES This special report examines the cyber risk disclosures made by the retail sector of the Fortune 1000.
More information10Minutes. on the stark realities of cybersecurity. The Cyber Savvy CEO. A changed business environment demands a new approach:
10Minutes on the stark realities of cybersecurity The Cyber Savvy CEO Highlights Business leaders must recognise the exposure and business impact that comes from operating within an interconnected global
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationPROMOTION // TECHNOLOGY. The Economics Of Cyber Security
PROMOTION // TECHNOLOGY The Economics Of Cyber Security Written by Peter Mills Malicious cyber activity, from hacking and identity fraud to intellectual property theft, is a growing problem within the
More informationEY Cyber Security Hacktics Center of Excellence
EY Cyber Security Hacktics Center of Excellence The Cyber Crime Underground Page 2 The Darknet Page 3 What can we find there? Hit men Page 4 What can we find there? Drug dealers Page 5 What can we find
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationCYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES
POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response
More informationSecurity and Compliance Play Critical Roles in Protecting IT Assets of Law Firms and Their Clients
Security and Compliance Play Critical Roles in Protecting IT Assets of Law Firms and Their Clients Executive Overview Within the legal sector, IT system security and compliance have changed dramatically
More informationTestimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy
Testimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy House Committee on Homeland Security Subcommittee on Cybersecurity, Infrastructure
More informationCloud Security Primer MALICIOUS NETWORK COMMUNICATIONS: WHAT ARE YOU OVERLOOKING?
A Cloud Security Primer : WHAT ARE YOU OVERLOOKING? LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and should not be construed
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationAs threat actors target various types of networks, companies with improperly configured network infrastructures risk the following repercussions:
TrendLabs Targeted attacks often employ tools and routines that can bypass traditional security and allow threat actors to move deeper into the enterprise network. Threat actors do this to access data
More informationRemarks by. Thomas J. Curry Comptroller of the Currency. Before a Meeting of CES Government. Washington, DC April 16, 2014
Remarks by Thomas J. Curry Comptroller of the Currency Before a Meeting of CES Government Washington, DC April 16, 2014 Good afternoon. It s a pleasure to finally be here with you. I had very much hoped
More informationCybersecurity: Learn Critical Strategies to Protecting Your Enterprise November 6, 2013 1:00PM EST
Cybersecurity: Learn Critical Strategies to Protecting Your Enterprise November 6, 2013 1:00PM EST November 6, 2013 Copyright 2013 Trusted Computing Group 1 November 6, 2013 Copyright 2013 Trusted Computing
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationHow To Cover A Data Breach In The European Market
SECURITY, CYBER AND NETWORK INSURANCE SECURING YOUR FUTURE Businesses today rely heavily on computer networks. Using computers, and logging on to public and private networks has become second nature to
More informationThe Dow Chemical Company. statement for the record. David E. Kepler. before
The Dow Chemical Company statement for the record of David E. Kepler Chief Sustainability Officer, Chief Information Officer, Business Services and Executive Vice President before The Senate Committee
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationCYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS
CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS 1 As regulators around the world move to tighten compliance requirements for financial institutions, improvement in cyber security controls will become
More informationRogers Insurance Client Presentation
Rogers Insurance Client Presentation Network Security and Privacy Breach Insurance Presented by Matthew Davies Director Professional, Media & Cyber Liability Chubb Insurance Company of Canada mdavies@chubb.com
More informationA Layperson s Guide To DoS Attacks
A Layperson s Guide To DoS Attacks A Rackspace Whitepaper A Layperson s Guide to DoS Attacks Cover Table of Contents 1. Introduction 2 2. Background on DoS and DDoS Attacks 3 3. Types of DoS Attacks 4
More informationCFIR - Finance IT 2015 Cyber security September 2015
www.pwc.dk Cyber security Audit. Tax. Consulting. Our global team and credentials Our team helps organisations understand dynamic cyber challenges, adapt and respond to risks inherent to their business
More informationHEALTH CARE AND CYBER SECURITY:
HEALTH CARE AND CYBER SECURITY: Increasing Threats Require Increased Capabilities kpmg.com 1 HEALTH CARE AND CYBER SECURITY EXECUTIVE SUMMARY Four-fifths of executives at healthcare providers and payers
More informationSPEAR PHISHING UNDERSTANDING THE THREAT
SPEAR PHISHING UNDERSTANDING THE THREAT SEPTEMBER 2013 Due to an organisation s reliance on email and internet connectivity, there is no guaranteed way to stop a determined intruder from accessing a business
More informationHP Fortify Software Security Center
HP Fortify Software Security Center Proactively Eliminate Risk in Software Trust Your Software 92% of exploitable vulnerabilities are in software National Institute for Standards and Technology (NIST)
More informationRemarks by Thomas J. Curry Comptroller of the Currency Before the New England Council Boston, Massachusetts May 16, 2014
Remarks by Thomas J. Curry Comptroller of the Currency Before the New England Council Boston, Massachusetts May 16, 2014 It s a pleasure to be with you back home in Boston. I was here just six weeks ago
More informationCybersecurity: What CFO s Need to Know
Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction
More informationCyber Risks in the Boardroom
Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing
More informationData Security: Fight Insider Threats & Protect Your Sensitive Data
Data Security: Fight Insider Threats & Protect Your Sensitive Data Marco Ercolani Agenda Data is challenging to secure A look at security incidents Cost of a Data Breach Data Governance and Security Understand
More informationSecurity and Privacy
Security and Privacy Matthew McCormack, CISSP, CSSLP CTO, Global Public Sector, RSA The Security Division of EMC 1 BILLIONS OF USERS MILLIONS/BILLIONS OF APPS 2010 Cloud Big Data Social Mobile Devices
More informationTHE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS
THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Investment in cyber insurance Lockton Companies
More informationMiddle Class Economics: Cybersecurity Updated August 7, 2015
Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest
More informationOCIE Technology Controls Program
OCIE Technology Controls Program Cybersecurity Update Chris Hetner Cybersecurity Lead, OCIE/TCP 212-336-5546 Introduction (Role, Disclaimer, Background and Speech Topics) SEC Cybersecurity Program Overview
More informationWeb application security Executive brief Managing a growing threat: an executive s guide to Web application security.
Web application security Executive brief Managing a growing threat: an executive s guide to Web application security. Danny Allan, strategic research analyst, IBM Software Group Contents 2 Introduction
More informationFREQUENTLY ASKED QUESTIONS
FREQUENTLY ASKED QUESTIONS Continuous Monitoring 1. What is continuous monitoring? Continuous monitoring is one of six steps in the Risk Management Framework (RMF) described in NIST Special Publication
More informationCYBER SECURITY GUIDANCE
CYBER SECURITY GUIDANCE With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation s critical infrastructure requires
More informationExecutive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3
GLOBAL ADVANCED THREAT LANDSCAPE SURVEY 2014 TABLE OF CONTENTS Executive Summary 3 Snowden and Retail Breaches Influencing Security Strategies 3 Attackers are on the Inside Protect Your Privileges 3 Third-Party
More informationTHE PERFECT STORM WEATHERING CYBER THREATS IN THE HEALTHCARE INDUSTRY
THE PERFECT STORM WEATHERING CYBER THREATS IN THE HEALTHCARE INDUSTRY BY DR. BRIAN MCELYEA AND DR. EMILY DARRAJ Approved for Public Release: Case # 16-0276 NORTHROP GRUMMAN WHITE PAPER 2016 Northrop Grumman
More informationUS cybersecurity: Progress stalled Key findings from the 2015 US State of Cybercrime Survey
www.pwc.com/cybersecurity US cybersecurity: Progress stalled Key findings from the 2015 US State of Cybercrime Survey July 2015 About the 2015 US State of Cybercrime Survey The 2015 US State of Cybercrime
More informationCyber and Operational Solutions for a Connected Industrial Era
Cyber and Operational Solutions for a Connected Industrial Era OPERATIONAL & SECURITY CHALLENGES IN A HYPER-CONNECTED INDUSTRIAL WORLD In face of increasing operational challenges and cyber threats, and
More informationProtecting against cyber threats and security breaches
Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationCyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015
Cyber Threats Insights from history and current operations Prepared by Cognitio May 5, 2015 About Cognitio Cognitio is a strategic consulting and engineering firm led by a team of former senior technology
More informationHow To Protect Your Organization From Insider Threats
Research Conducted by 2015 VORMETRIC INSIDER THREAT REPORT Trends and Future Directions in Data Security FINANCIAL SERVICES EDITION #2015InsiderThreat RESEARCH BRIEF US FINANCIAL SERVICES SPOTLIGHT ABOUT
More informationState of Minnesota. Enterprise Security Strategic Plan. Fiscal Years 2009 2013
State of Minnesota Enterprise Security Strategic Plan Fiscal Years 2009 2013 Jointly Prepared By: Office of Enterprise Technology - Enterprise Security Office Members of the Information Security Council
More informationFEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB 2014-05. Cyber Risk Management Guidance. Purpose
FEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB 2014-05 Cyber Risk Management Guidance Purpose This advisory bulletin provides Federal Housing Finance Agency (FHFA) guidance on cyber risk management.
More informationGALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability
GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the
More informationThe Four-Step Guide to Understanding Cyber Risk
Lifecycle Solutions & Services The Four-Step Guide to Understanding Cyber Risk Identifying Cyber Risks and Addressing the Cyber Security Gap TABLE OF CONTENTS Introduction: A Real Danger It is estimated
More informationVERISIGN DDoS PROTECTION SERVICES CUSTOMER HANDBOOK
HANDBOOK VERISIGN DDoS PROTECTION SERVICES CUSTOMER HANDBOOK CONSIDERATIONS FOR SERVICE ADOPTION Version 1.0 July 2014 VerisignInc.com CONTENTS 1. WHAT IS A DDOS PROTECTION SERVICE? 3 2. HOW CAN VERISIGN
More informationDeveloping National Frameworks & Engaging the Private Sector
www.pwc.com Developing National Frameworks & Engaging the Private Sector Focus on Information/Cyber Security Risk Management American Red Cross Disaster Preparedness Summit Chicago, IL September 19, 2012
More informationCHAPTER 3 : INCIDENT RESPONSE THREAT INTELLIGENCE GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
: INCIDENT RESPONSE THREAT INTELLIGENCE 1 THREAT INTELLIGENCE How it applies to our clients, and discuss some of the key components and benefits of a comprehensive threat intelligence strategy. Threat
More informationServices. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure
Home Secure digital transformation SMACT Advise, Protect & Monitor Why Capgemini & Sogeti? In safe hands Capgemini & Sogeti Cybersecurity Services Guiding enterprises and government through digital transformation
More informationTypes of cyber-attacks. And how to prevent them
Types of cyber-attacks And how to prevent them Introduction Today s cybercriminals employ several complex techniques to avoid detection as they sneak quietly into corporate networks to steal intellectual
More informationTackling the growing risk of cyber crime
Financial Institutions Customer Industry Community Tackling the growing risk of cyber crime Discussion points for financial institutions Contents Introduction 3 The scale of cyber risk 4 Zurich survey
More informationWho Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationInternal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015
Internal audit of cybersecurity Presentation to the Atlanta IIA Chapter January 2015 Agenda Executive summary Why is this topic important? Cyber attacks: increasing complexity arket insights: What are
More informationMitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationThe FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED
The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop
More informationCybersecurity..Is your PE Firm Ready? October 30, 2014
Cybersecurity..Is your PE Firm Ready? October 30, 2014 The Panel Melinda Scott, Founding Partner, Scott Goldring Eric Feldman, Chief Information Officer, The Riverside Company Joe Campbell, CTO, PEF Services
More informationWHITE PAPER. Attack the Attacker HOW A MANAGED SECURITY SERVICE IMPROVES EFFICIENCY AND SAVES COST
WHITE PAPER Attack the Attacker HOW A MANAGED SECURITY SERVICE IMPROVES EFFICIENCY AND SAVES COST Table of Contents THE SECURITY MAZE... 3 THE CHALLENGE... 4 THE IMPORTANCE OF MONITORING.... 6 RAPID INCIDENT
More information