3 About The Presenter Mike Sanchez, Senior Vice President at ERM Captain, USMC (Ret.) COBIT 5 Certified Possesses over 20 years of experience in IT Security, Payment Card Industry, and Business Development. CYBER SECURITY REGULATORY COMPLIANCE DIGITAL FORENSICS Helped senior management, business owners, and key stakeholders decipher the 10,000 foot view of information security. Former Executive Vice President at Transworld Payment Solutions, Inc.; global payment processing provider Former Vice President of Emerging Technologies for Visa International Part of the team which developed and launched Visa (LAC) emerging technology platforms related to electronic payment processing.
4 2014 Enterprise Risk Management, Inc. Objectives
5 the numbers don t lie 2014 Enterprise Risk Management, Inc.
6 2014 Enterprise Risk Management, Inc. Source:
7 2014 Enterprise Risk Management, Inc. Source:
8 2014 Enterprise Risk Management, Inc. Source:
9 2014 Enterprise Risk Management, Inc. Source:
10 Have you asked Yourself? 1 How safe is my Organization from cyber attacks? 2 What s the potential impact to my organization? 3 What can I do about it? 2014 Enterprise Risk Management, Inc.
11 Have you asked Yourself? 1 How safe is my Organization from cyber attacks? 2 What s the potential impact to my organization? 3 What can I do about it? 2014 Enterprise Risk Management, Inc.
12 No business is immune from a data breach. It s a global problem! 2014 Enterprise Risk Management, Inc.
13 Security is a boardroom issue Enterprise Risk Management, Inc. A large number of CEOs, Board Members and other executives don t understand how breaches happen or how to respond.
14 2014 Enterprise Risk Management, Inc. Many executives don t understand their organization s information data flow or if and/or how its being protected.
15 2014 Enterprise Risk Management, Inc. threats can come in all sorts of shapes and sizes
16 Insider misuse lead to inadvertent data leakage and breaches. Accounts for about 10% of all breaches 2014 Enterprise Risk Management, Inc. 70% of the security incidents that cost enterprises money involve insiders
17 The threat is not only technical. Your own employees might be leaving the keys in the door Enterprise Risk Management, Inc.
18 BYOD Bring Your Own Device trends opens new security risks for enterprise Nearly ¾ of employees upload work files to personal Enterprise Risk Management, Inc.
19 Senior Managers are worst information security offenders Accidently send information to wrong person Take files with them after leaving a job Upload work files to personal or cloud account
20 IT takes about 33 days for a company to detect or know its been breach Enterprise Risk Management, Inc.
21 2014 Enterprise Risk Management, Inc. Some can take as long as a year to be discovered.
22 Being Compliant doesn t mean your data is secure 2014 Enterprise Risk Management, Inc.
23 Not investing in security up front will cost you dearly later Cost Records Values in Millions $1.48 $2.40 $4.62 $6.64 $5.50 Sony (2011)A CardSystems 2005 Sony (2011)B TJX (2007) Target (2013) Leaked Records and Cost in Millions
24 With cyber crimes, size really doesn t matter Enterprise Risk Management, Inc. Smaller companies are more vulnerable and attractive to attacks
25 Determined and successful attack efforts continue on the rise with different motivational factors: Steal intellectual property Disruption of services Exploitation of information security through partners, and subsidiaries Ransom 2014 Enterprise Risk Management, Inc.
26 1 How safe is my Organization from cyber attacks? 2 What s the potential impact to my organization? 3 What can I do about it?
27 One single and successful breach can have a qualitative and quantitative impact to your organization Qualitative impact includes: destroy a company s reputation (Remember ValuJet?) lead to material loss of productivity loss of market share bankruptcy lawsuits from customers or business partners potential loss of life (safety critical systems) can cost you your job! 2014 Enterprise Risk Management, Inc.
28 The average annualized cost of cyber crimes in the US is $5.85 million per company, per year. 15% increase from 2013 Globally, the average cost paid for each stolen record is $145. Significantly higher for US companies ($201 per record) 10,000 Customer Records Cost paid per record Total possible cost 10,000 X $ = $2,010,000 Quantitative impact: 2014 Enterprise Risk Management, Inc.
29 Quantitative impact: Data breach costs vary between industries $400 $350 $300 $250 $200 $150 $100 $50 $0 $359 $294 $227 $206 $155 $141 $100 Healthcare Education Pharma Financial Consumer Energy Public Includes direct costs: engaging forensic experts, outsourcing hotline support, free credit monitoring subscriptions and discounts for products and services. Indirect Costs: in-house investigations, customer loss from turnover or diminished customer acquisition rates.
30 Quantitative impact: and by type of data breach Human Error Careless Users $117 29% $159 40% Malicious Attack Website hacking Social Engineering Criminal Insiders Malware infections $126 31% System Glitches Includes direct costs: engaging forensic experts, outsourcing hotline support, free credit monitoring subscriptions and discounts for products and services. Indirect Costs: in-house investigations, customer loss from turnover or diminished customer acquisition rates.
31 1 How safe is my Organization from cyber attacks? 2 What s the potential impact to my organization? 3 What can I do about it?
32 Safeguarding your organization s data is entirely your responsibility.
33 Governance is critical Its your responsibility to make sure its correctly deployed, implemented and enforced Enterprise Risk Management, Inc.
34 X X X Governance is critical If not. Might as well plan on FAILING X X X 2014 Enterprise Risk Management, Inc.
35 so what's next? Review your current information risk governance polices. Make sure you have it, its followed and not used as a coaster Enterprise Risk Management, Inc.
36 X When was our information reviewed and updated? X Does the board have a copy? X Who is responsible for delivering it and validating its implementation? ask questions!!! 2014 Enterprise Risk Management, Inc.
37 Risk Management Framework IDENTIFY Asset Management Governance Risk Assessment Risk Management PROTECT Access Control Strong Awareness Training Understand Data Flow Information Protection Protective Technology DETECT Anomalies and Events Continuous Monitoring Detection Processes RESPOND Response Planning Communications Plan Analysis Improvements RECOVER Recovery Planning Improvements Communications
38 IDENTIFY Asset Management Governance Risk Assessment Risk Management To do TODAY! Ensure your company I.T. Governance policies exist and are current. Verify all key stakeholders members know about it Enterprise Risk Management, Inc.
39 PROTECT Access Control Strong Awareness Training Understand Data Flow Information Protection Protective Technology Know how your data flows. Understand where it flows from and to and how it s protected. Check for vulnerabilities and data leakage. Polices exist current and follow governance. Seek insurance policies to help the risk.
40 DETECT Anomalies and Events Continuous Monitoring Detection Processes Detection for anomalies are in place. Real word testing is performed periodically.
41 RESPOND Response Planning Communications Plan Analysis Improvements Review action plans associated with the event of a breach. Are skilled personnel on hand in the event of a breach?
42 RECOVER Recovery Planning Improvements Communications Establish a recovery plan to implement after a breach Prepare communication of recovery to internal and external parties affected.
43 Sound like too much? How much is your reputation worth?
44 put the pieces together let ERM help you
45 Your go to advisors for all matters in information security. 800 S Douglas Road #940 Coral Gables, FL Phone: Mike Sanchez
SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses
Universities and Schools Under Cyber-Attack: How to Protect Your Institution of Excellence About ERM About The Speaker Information Security Expert at ERM B.S. Software Engineering and Information Technology
Data Security Breach How to Respond About ERM About The Speaker Information Security Director at ERM CISSP, CISA, CRISC, PCIP, PCI-QSA Core Experience: Information Assurance Computer Forensics Penetration
PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?
www.pwc.fi We believe successful global organisations can confront fraud, corruption and abuse Finland Who are we? Bring a robust forensics team to the table to support your organisation Our practice can
Cyber Security & Cyber Criminality: ~ The Facts ~ - Sgt Phil Cobley Firstly, an apology + + = What shall we discuss What is Cyber Crime? What are the current threats? What is the capability of local and
Cyber Incident Response Defensible Strategy To Cyber Incident Response Cyber Incident Response Plans Every company should develop a written plan (cyber incident response plan) that identifies cyber attack
CSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks Date: 16/05-2007 Written by Dennis Rand email@example.com http://www.csis.dk Table of contents Table of contents...
Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows 24 February 2015 Callum Sinclair Faith Jayne Agenda Top 10 legal need-to-knows, including: What is cyber
MAJOR FINANCIAL SERVICES LEADER Top 5 Global Bank Selects Resolution1 for Cyber Incident Response. Automation and remote endpoint remediation reduce incident response (IR) times from 10 days to 5 hours.
IBM Security Security Intelligence Security for a New Era of Computing Erno Doorenspleet Consulting Security Executive 1 PARADIGM SHIFT in crime Sophistication is INCREASING Attacks are More Targeted Attackers
CSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks - 5 month later Date: 19 th October 2007 Written by Dennis Rand firstname.lastname@example.org http://www.csis.dk Table of
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
About ERM About The Speaker Safe Browsing, Monitoring Services Product Manager, Easy Solutions Inc. 8+ years anti-fraud, fraud risk, and security intelligence programs Previously licensed Securities Principle
CYBERSECURITY: Is Your Business Ready? Cybersecurity: Is your business ready? Cyber risk is just like any other corporate risk and it must be managed from the top. An organization will spend time monitoring
Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age Southern California Association for Financial Professionals February 14, 2014 Stan Stahl, Ph.D.
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
Protecting What Matters Most Terry Ray Chief Product Strategist Trending Technologies Session 11 Cyber attacks are bad and getting Significant economic Stock price fell by 14% Impacted profits by 46% Total
Medical Information Breaches: Are Your Records Safe? Learning Objectives At the conclusion of this presentation the learner will be able to: Recognize the growing risk of data breaches Assess the potential
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH Andy Watson Grant Thornton LLP. All rights reserved. CYBERSECURITY 2 SURVEY OF CHIEF AUDIT EXECUTIVES (CAEs) GRANT THORNTON'S 2014 CAE SURVEY Data privacy and
Small businesses: What you need to know about cyber security Contents Why you need to know about cyber security... 3 Understanding the risks to your business... 4 How you can manage the risks... 5 Planning
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
Covenant University Town & Gown Seminar 2015 Information Security in Business: Issues and Solutions A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information
CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to
Information Security and Risk Management COSO and COBIT Standards and Requirements Page 1 Topics Information Security Industry Standards and COBIT Framework Relation to COSO Internal Control Risk Management
CYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison Gary Solway* Bennett Jones LLP The August release of the purported names and other details of over 35 million customers
National Cybersecurity Awareness Campaign About Stop.Think.Connect. In 2009, President Obama issued the Cyberspace Policy Review, which tasked the Department of Homeland Security with creating an ongoing
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
Protecting Your Assets: How To Safeguard Your Fund Against Cyber Security Attacks Hacks, breaches, stolen data, trade secrets hijacked, privacy violated, ransom demands made; how can you protect your data
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
Internet Gaming: The New Face of Cyber Liability Presented by John M. Link, CPCU Cottingham & Butler 1 Presenter John M. Link, Vice President email@example.com 2 What s at Risk? $300 billion in
Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...
CYBER RISK UPDATE BOARD OF GOVERNORS MEETING JUNE 25, 2014 EXECUTIVE SUMMARY Cyber risk has become a major threat to organizations around the world, as highlighted in several well-publicized data breaches
The Cost of Insecure Mobile Devices in the Workplace! Sponsored by AT&T Independently conducted by Ponemon Institute LLC Publication Date: March 2014 Part 1. Introduction The Cost of Insecure Mobile Devices
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
Making Sense of Cyber Insurance: A Guide for SMEs abi.org.uk @BritishInsurers 2 abi.org.uk Contents Introduction 4 Six Key Areas to Look Out For in Cyber Insurance Policies 5 Potential Exclusions to Look
Cyber- Attacks: The New Frontier for Fraudsters Daniel Wanjohi, Technology Security Specialist What is it All about The Cyber Security Agenda ; Protecting computers, networks, programs and data from unintended
WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. A guide for IT security from BIOS The Problem SME s, Enterprises and government agencies are under virtually constant attack today. There
A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ THIS CAREFULLY. DATA BREACH COVERAGE SCHEDULE OF COVERAGE LIMITS Coverage Limits of Insurance Data Breach Coverage $50,000 Legal Expense Coverage $5,000
Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez firstname.lastname@example.org IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So
Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties Pamela Passman President and CEO Center for Responsible Enterprise And Trade (CREATe.org)
STOP.THINK.CONNECT NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION ABOUT STOP.THINK.CONNECT. In 2009, President Obama issued the Cyberspace Policy Review, which tasked the Department
Cyber Liability Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group 877-337-3200 Ext. 7029 Today s Agenda What is Cyber Liability? What are the exposures? Reality of a
Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you
2014: A Year of Mega Breaches Sponsored by Identity Finder Independently conducted by Ponemon Institute LLC Publication Date: January 2015 Ponemon Institute Research Report Part 1. Introduction 2014: A
Privacy / Network Security Liability Insurance Discussion January 30, 2013 Kevin Violette RT ProExec 1 Irrefutable Laws of Information Security 1) Information wants to be free People want to talk, post,
Applying the 80/20 approach for Operational Excellence How to combat new age threats, optimize investments and increase security Vinod Vasudevan Agenda Current Threat Landscape The 80/20 Approach Achieving
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
Your texte here. Collateral Effects of Cyberwar by Ilia Kolochenko for Geneva Information Security Day 9 th of October 2015 Quick Facts and Numbers About Cybersecurity In 2014 the annual cost of global
2015 Cost of Data Breach Study: Global Analysis Benchmark research sponsored by IBM Independently conducted by Ponemon Institute LLC May 2015 Ponemon Institute Research Report Part 1. Introduction 2015
Educa&onal Event Spring 2015 Cyber Security - Implications for Records Managers Art Ehuan Risk to Corporate Information The protection of mission dependent intellectual property, or proprietary data critical
Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber
Global IT Security Risks June 17, 2011 Kaspersky Lab leverages the leading expertise in IT security risks, malware and vulnerabilities to protect its customers in the best possible way. To ensure the most
HEALTH IT SECURITY AND THE SMALL PROVIDER A Primer for 2013 Ben Watts EMRSOAP 2800 156TH Ave SE Suite 100 Bellevue WA 98007 Table of Contents Summary... 2 Why should a Small Provider care about protecting
Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President
Cyber: The Catalyst to Transform the Security Program Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA A Common Language? Hyper Connected World Rapid IT Evolution Agile Targeted Threat
7 th Annual Information Security Summit The Executive Forum Information Security Management Overview June 4, 2015 Copyright 2015. Citadel Information Group. All Rights Reserved. 2 Establishing Leadership.
Cyber Risk as a Component of Business Risk: Communicating with the C-Suite Jigar Kadakia DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily
Protecting What Matters Most Bartosz Kryński Senior Consultant, Clico Cyber attacks are bad and getting Leaked films and scripts Employee lawsuit Media field day There are two kinds of big companies in
Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation By Marc Ostryniec, vice president, CSID The increase in volume, severity, publicity and fallout of recent data breaches
DENIAL OF SERVICE: HOW BUSINESSES EVALUATE THE IT SECURITY RISKS SPECIAL REPORT SERIES Kaspersky Lab 2 Corporate IT Security Risks Survey details: More than 5500 companies in 26 countries around the world
HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)
Cyber Security Awareness Internet Safety Intro www.staysafeonline.org 1 What is Cyber Security? Cyber Security is the body of technologies, processes and practices designed to protect from attack, damage
The American Hospital Association s Center for Healthcare Governance 2015 Fall Symposium Adopting a Cybersecurity Framework for Governance and Risk Management Jim Giordano Vice Chairman & Chair of Finance
www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in
Cyber Security: Are You Prepared? This briefing provides a high-level overview of the cyber security issues that businesses should be aware of. You should talk to a lawyer and an IT specialist for a complete
Internet security: Shutting the doors to keep hackers off your network A Paralogic Networks Guide www.scholarisintl.com Introduction Like all revolutionary steps in technological development the Internet
Best Practices in Incident Response SF ISACA April 1 st 2009 Kieran Norton, Senior Manager Deloitte & Touch LLP Current Landscape What Large scale breaches and losses involving credit card data and PII
cdoulig at unipi dot gr Department of Informatics University of Piraeus Safety & Security in Cyber Space: Building up Trust in the EU Athens, 6-7 March 2014 Cybersecurity: where do we stand? Major Trends
ICTRECHT The impact of the personal data security breach notification law On 1 January 2016 legislation will enter into force in The Netherlands requiring organisations to report personal data security
2012 Payment Card Threat Report The second annual study of unencrypted payment card storage Automated Attacks and Card Data Handling In 2011, data breaches increased 42% and as such, last year was reported
Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing
Data Security: Fight Insider Threats & Protect Your Sensitive Data Marco Ercolani Agenda Data is challenging to secure A look at security incidents Cost of a Data Breach Data Governance and Security Understand
Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches Speakers Phillip Long CEO at Business Information Solutions Art Gross President & CEO of HIPAA
Guidance on data security breach management Organisations which process personal data must take appropriate measures against unauthorised or unlawful processing and against accidental loss, destruction
Meeting the Information Security Management Challenge in the Cyber-Age November 2015 David Lam, CISSP, CPP Vice-President Citadel Information Group Copyright 2015. Citadel Information Group. All Rights
IIABSC 2015 - Spring Conference Cyber Security With enough time, anyone can be hacked. There is no solution that will completely protect you from hackers. March 11, 2015 Chris Joye, Security + 1 2 Cyber
AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
Any organization that stores, processes or transmits information related to credit and debit card payments has a responsibility to protect each cardholder s personal data. To help accomplish this goal,
The 7 Most Cricitcal I.T. Security Protections Every Business Must Have in Place Now to Protect Themselves from Cybercrime, Data Breaches, and Hacker Attacks Cybercrime is at an all-time high, and hackers
The Future of Data Breach Risk Management Response and Recovery Increasing electronic product life and reliability The Cybersecurity Forum April 14, 2016 Today s Topics About Merchants Information Solutions,