Whitepaper. Cybersecurity Trends 2015

Size: px
Start display at page:

Download "Whitepaper. Cybersecurity Trends 2015"

Transcription

1 Whitepaper Cybersecurity Trends 2015

2 Content 1. Compliance: Pressure on Businesses is Mounting....4 Dear Readers, Many thanks for your interest in our Cybersecurity Trends 2015 white paper. The risk of cyberattacks is growing. The private and public sector will have to invest more in IT security in In addition, cyber attackers are increasingly focusing on suppliers and medical equipment. These are only two aspects of the developments that we expect to be dealing with in the cyber security industry in The whitepaper is the result of a review of current market trends from the perspective of leading security analysts and consultants at TÜV Rheinland in Germany and at international locations, including the world s biggest market for IT security, the United States. We re looking forward to an open discussion with you. Kind regards, Björn Haan CEO, 2. APTs: More Businesses Calling on Outside Specialists The International Patient: Medical Device Cybersecurity The Internet of Things (IoT): A New Dimension in Security Risks Industry 4.0: Security Enforcement is not optional Connected Cars: To whom does the data belong? The Cloud: Expansion of Public and Private....16

3 Trend 1 Compliance: Pressure on Businesses is Mounting. Trend 2 APTs: More Businesses Calling on Outside Specialists IT security budgets will increase. So will the costs of data breaches, fines and lawsuits for violations of data protection. This is because there are more and more regulatory requirements being placed on companies at the national and European levels. These requirements include Germany s IT Security Act and the EU s data protection reform, which contains reporting requirements for companies, stronger authority for national data protection agencies, and possible fines of up to five percent of a company s annual global revenue for any company that commits a violation. Companies will be investing more and more in GRC systems. Against the backdrop of compliance and the increasing risk of becoming a victim of cyberattacks (see also APT), companies will have to invest in information security governance systems that are effective and geared towards cyber risk and adapt their processes and tools accordingly if they want to be ready for the future. More and more often, emergency management systems will be converted into business continuity management systems. Mobile versus Privacy Mobile platforms such as phones and tablets will raise security and privacy issues more often in the future, partially because of how they are designed. People on the way accustomed to managing their lives and even families on the go using mobile devices are placing ever greater value on the protection of their personal information. Investments in information security will increase above all because the threat situation has escalated further and the regulatory requirements regarding corporate security requirements are rising at a national and European level. Michael Spreng, Director Consulting, Organizations attacked, unsuspecting, and overwhelmed. Companies cannot successfully fend off targeted, sophisticated attacks using conventional tools and methods. Many organizations are compromised without even knowing it. That is why companies are increasingly resorting to innovative analytical tools and calling on outside specialists who have the skills to use cutting-edge technologies and up-to-date expertise to recognize APTs and mitigate their impact as quickly as possible. This includes detecting possible threats, recognizing and categorizing security incidents, prioritizing measures, adaptively defeating attacks, and reaching the decisions that are right for the company, for instance to redesign its emergency procedures. TÜV Rheinland expects that its security incident response team (SIRT) will be in higher demand in 2015 than ever before, not only for for small to medium-sized enterprises (SMEs) but also for major corporations. The industries at greatest risk. The risk of becoming a victim of targeted, sophisticated attacks (APT = Advanced Persistent Threats) will continue to grow. In the wake of current geopolitical conflicts and insecurities, hackers are engaging in new and innovative activities. Preferred targets include the retail, banking, financial markets and the energy sector; however, no industry will be excluded as targets for attacks. Hacking has become a powerful branch of the economy, with well-organized distribution to systematically promote attacks and security gaps. Traditional IT security systems can no longer reliably stop attacks. Organizations have to take technical, operational and organizational measures to prepare themselves for incident response cases. Frank Melber, Head of Business Development, Organizations that do not take that problem into account will be penalized. In particular consumers will use social media for making leaks public and for venting their frustration. 4 5

4 Trend 3 The International Patient: Medical Device Cybersecurity. A lot of room for improvement when it comes to effective security plans: Once again, the main risks in 2015 include attacks on medical devices that cause them to work only intermittently, or prevent them from working altogether. Suppliers increasingly targeted by attackers. Due to their increasing internationalization and structural networking, manufacturers, testing-service providers, and regulatory agencies will be asking more often about the vulnerability of third parties and their risk management. Attackers will be looking for the weakest link in the chain, chiefly among the smallest suppliers and medium-sized enterprises, but all are at risk. We can expect to see new zero-day vulnerabilities being exploited and further serious flaws discovered in Internet infrastructures, leading to a slew of emergency patch cycles. For the theft and sale of patients sensitive information, limited regional markets remain, the US for instance. The drivers for attackers targeting patient information are insurance fraud, and gaining access to medical care or prescription drugs through stolen identities. In future, the healthcare industry will become more similar to the industrial manufacturing industry and will need to place as much emphasis on protecting patients sensitive information and on the areas of safety and security, and their harmonization. That is partly because the industry both nationally and internationally has a lot of catching up to do when it comes to deploying information management systems and investing in effective security plans. Tighter regulation of medical equipment security US as pioneer. In view of the threat level, it is probable that the regional supervisory authorities tighten regulatory requirements as well. At present, there are extremely loud calls to make medical equipment more secure in the US. In late 2014, the US Food and Drug Administration (FDA) published guidance on medical device security, which will give added momentum to the area of security analysis as well as application security. We can assume that IT security for medical equipment will also become a market admission feature in the EU sooner or later. Dr. Daniel Hamburg, Head of Security Engineering, It refers to planned and verified security of applications and security management from the beginning of a project, to the development phase, to acceptance and certification. 6 7

5 Cybersecurity becomes a condition for market admission. The FDA s new guidance recommends that manufacturers address cybersecurity during the development of devices and, as part of their risk management, to identify possible threats and vulnerabilities and assess the likelihood of those vulnerabilities being exploited. Furthermore, manufactures are obligated to define suitable mitigration strategies. Providers for information security like TÜV Rheinland and its US subsidiary, OpenSky, are helping more and more companies to perform security assessments during the medical device software development phase, especially with IT security analysis and penetrations tests. Again, in view of the high risk of cyberattacks and the growing links between medical facilities, mobile communication devices, and therapy devices that have a direct effect on people, it is becoming increasingly important to take IT security into account throughout the life cycles of products, systems, and software. In addition, suitable security architectures be established. The breakneck speed of growth of the Internet of Things (IoT) only heightens existing pressure to improve mitigation strategies. At present, it is virtually impossible to gauge with any accuracy the extent to which the IoT will impact information security in medical facilities of the future. 8 9

6 Trend 4 The Internet of Things (IoT): A New Dimension in Security Risks. Rapid expansion. Safety & security by design. The IoT is painting a clear picture of things to come. Market researchers like Gartner believe that in 2015, we will already be surrounded by 4.9 billion interconnected devices. By 2025, that number is expected to reach as many as 30 billion. The IoT is being driven by trends that include the optimization of existing business models, such as marketing, via geolocation services, smart homes, connected cars, and Germany s Industry 4.0 project. Progress is always a matter of security as well. The debate about the security of information, data, and privacy has only just begun in many areas related to the IoT. Whether they are services designed for convenience in automobiles, intelligent surveillance systems, smart thermostats and light fixtures at home, or connected production plants, things that used to be protected by walls are now exposed to completely new threats, such as cyberattacks, because of increasing networks of sensors, cloud services, and mobile devices. Recent examples involve attacks using live feeds on the Internet, including Web security cameras, microphones, and motion detectors in apartment buildings and the interruption of the power supply to multiple homes through unauthorized, external access to smart grids. The standards for the security of information, data and privacy are still want only lagging behind the technological development of the IoT and the threat due to cyberattacks. Branislav Pavlovic, Director Solutions, Germany s Federal Ministry of Economics and Technology is working to turn the country into a key market for smart homes. Their attempts will be successful if they manage to impose tough security standards and testing methods for networks, mobile devices, and software to counter current threat scenarios. After all, the impact of uncorrected weaknesses will be seen on an entirely different scale. The place to start is not with networks or authorization management, but primarily by introducing safety and security by design. It cannot be done without political pressure. In the area of medical devices, the FDA is setting the example. Without regulatory pressure on makers of IoT devices, network operators, WiFi services, and cloud service providers, there will probably be no real progress in the area of cybersecurity on the IoT. As soon as the first significant security breaches occur, the hype will die down, and effective market potential will be wiped out. It will take massive effort and expense to rebuild the confidence of consumers and decision makers. Given the general threat level and the continued lack of regulations, security incidents are highly likely

7 Trend 5 Industry 4.0: Security Enforcement is not optional. A revolution is on our doorstep key security questions still unanswered. IT solutions for remote maintenance of facilities and equipment, smart production plants and autonomous processes, even closer linking of administrative and production-related systems, high-tech automated solutions the need for people inside production facilities is going to dwindle more and more. Machines and workpieces will soon be making many decisions themselves by exchanging data. With respect to the level of automation, Germany is already number one in Europe and number three in the world. Developments in innovation readiness for Industry 4.0 are being clearly driven by Germany s automobile industry. Yet, when production facilities organize themselves, when cars equipped with RFID chips roll down the assembly line themselves, communicating information about its current status and the next step in production to machines and transporters, that gives rise to new vulnerabilities. The associated security issues are unresolved, and Germany s SMEs and manufacturing industry still have little confidence in the security of innovative solutions. The German government s establishment of a Future of Industry alliance is a step in the right direction, but it is still just one step. Information Security `Made in Germany to boost confidence. Germany will be able to keep pace with the global economy during the fourth Industrial Revolution only if it manages to further strengthen confidence in the cybersecurity of fundamental technologies like the IoT and cloud computing, namely by selling its information security as Made in Germany. The creation and enforcement of reliable regulatory standards at the national and European levels, plus bold strategic initiatives on the part of private industry, are more important than ever. Yes, once more the rule is that there is no need to reinvent cybersecurity. Ideas and solutions already exist; they just need to be applied. The future of Germany as a business location depends on whether we can keep up with the industrial revolution 4.0. But that will work if we can further boost confidence in the cybersecurity of basic technologies such as the Internet of things and the cloud, on the basis of Made in Germany information security. Björn Haan, CEO, 12 13

8 Trend 6 Connected Cars: To whom does the data belong? Connectivity more crucial than horsepower. All partners need to pitch in. Real-time maintenance information, location-based recommendations, up-to-the-minute traffic advisories, and music streaming in 2015 connected car features will become the main selling points for buyers. According to a recent study by McKinsey, a vehicle s connectivity is becoming more important than its performance. That is only the beginning. By the year 2020, the global market for connected car components and services will grow more than fivefold, from 30 billion euros today to 170 billion euros then. Four-wheeled data collectors. Cars will serve as intelligent control centers for monitoring traffic conditions, weather, hazards, and infotainment. All the data collected can be analyzed and shared with other vehicles. Big Data is also being driven by car-to-x communication. Over the next five years, worldwide revenue is expected to quadruple to roughly 113 billion euros. Cars will be turned into data harvesters. Yet, some key questions concerning data protection remain unanswered. For instance, to whom does the data belong? The owner of the vehicle, the government, or the manufacturer who collects the data? There is talk of a voluntary commitment by manufacturers, but considering the overarching importance of privacy and data protection on the one hand and the safety of people and road traffic on the other, action is required on the part of legislators. No integrated solutions to the issue of end-to-end security for connected cars can be expected in Intelligent vehicles are vulnerable, whether through attacks on the in-car WiFi or interference with engine control via Bluetooth or malware downloaded through communication interfaces. The challenge of constantly keeping security up to date throughout the vehicle s lifetime is certainly not trivial and requires intelligent solutions that will take the combined, interdisciplinary efforts of all parties along the value chain: automobile manufacturers and suppliers, as well as experts on the IoT and cybersecurity. The entire industrial value chain must work hard to find solutions that prevent dangerous outside intrusion into vehicle IT from even being a possibility. Alexander Behnke, Principal Consultant, They need to prevent vehicle movement profiles or the owner s information from being stored or processed. In addition, industry s entire value chain needs to work hard to come up with solutions that make it impossible to stage dangerous attacks on vehicle IT from the outside

9 Trend 7 The Cloud: Expansion of Public and Private. Progress requires security. Today, users want round-the-clock access to their data. The Cloud is not only a key pillar of ubiquitous computing, but also of the IoT, new forms of collaboration, Industry 4.0, technological advancements in medicine, Big Data, and for processing huge amounts of data. In a nutshell: The trend toward cloud computing is irreversible. Simply because of its purported indispensability, discussion about its security will continue. Cloud service providers will increasingly have to face the question of how resilient their own cloud-based security architectures actually are against cyberattacks. Businesses focusing on private clouds. The cloud promises innovation and progress, but the two are only possible with the trust of cloud users. However, trust can only grow when solutions are secure. In 2015, the debate over cloud security will mature. Users will learn to tell more precisely what services the public cloud can be used for and what guides the market offers to the security of cloud-based services (certificates). Besides the ever growing market for public cloud computing, private clouds are also on the rise since companies are realizing that they need to migrate in business-critical areas in order to protect their digital valuables. Revolution in business models thanks to social login. The more and more frequent combination of consumer cloud solutions with mobile access and social authentication (social login via social networking sites) leads to further challenges. If consumer cloud services are used more often at work, then it will also raise security issues concerning the intellectual property of the companies concerned. That s because digital natives in particular draw hardly any connection between matters of security and freely available Internet services. At the same time, there are already indications that this trend is causing a change in thinking among companies with more traditional market access. In the competition for new markets and customers, introducing proprietary value-added services connected with social media activities may be a path to the future. It will be essential for those companies to actually leverage the leap of faith in their security that they enjoy compared to social platforms and can document, for example, through certification. The trend toward the data cloud is irreversible. Dialog within companies is very much shaped by different generations and functions. To ensure appropriate implementation, it is essential that the security debate be conducted in a less polarizing and more fact-based manner. Hendrik Reese, Principal Consultant, 2015 TÜV Rheinland. All rights reserved. In-depth information security for companies and organisations As the leading, independent service provider for information security in Germany, TÜV Rheinland provides companies and organisations with holistic information security - from strategic consultation, conceptual planning and process optimisation through to the implementation, operation and certification of systems. State-of-the-art technological expertise, comprehensive industry know-how and partnerships with market leaders all make possible the development of standardised and customised security solutions. At the heart of the business in strategic information security, quality and security for applications and portals, mobile and network security and IT security in industrial plants and critical infrastructure

10 For more information visit Credits: Scriblr - Fotolia.com; T. Michel - Fotolia.com; Scriblr - Fotolia.com; T. Michel - Fotolia.com, miceking - Fotolia.com; markus_marb - Fotolia.com; pigmentum - Fotolia.com; Julien Eichinger - Fotolia.com, Anterovium - Fotolia.com; mikkolem - Fotolia.com; Gina Sanders - Fotolia.com; Sergey Nivens - Fotolia.com, WBP - Fotolia.com, TÜV Rheinland

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure Home Secure digital transformation SMACT Advise, Protect & Monitor Why Capgemini & Sogeti? In safe hands Capgemini & Sogeti Cybersecurity Services Guiding enterprises and government through digital transformation

More information

The Internet of Things (IoT) Opportunities and Risks

The Internet of Things (IoT) Opportunities and Risks Session No. 744 The Internet of Things (IoT) Opportunities and Risks David Loomis, CSP Risk Specialist Chubb Group of Insurance Companies Brian Wohnsiedler, CSP Risk Specialist Chubb Group of Insurance

More information

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored. It takes an average

More information

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights)

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights) Impact of Cybersecurity Innovations in Key Sectors (Technical Insights) Customized cybersecurity measures help overcome Industry specific challenges September 2014 Table of Contents Section Slide Number

More information

Cyber Security: Confronting the Threat

Cyber Security: Confronting the Threat 09 Cyber Security: Confronting the Threat Cyber Security: Confronting the Threat 09 In Short Cyber Threat Awareness and Preparedness Active Testing Likelihood of Attack Privacy Breaches 9% 67% Only 9%

More information

CYBER SECURITY, A GROWING CIO PRIORITY

CYBER SECURITY, A GROWING CIO PRIORITY www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------

More information

CONNECTED HEALTHCARE. Trends, Challenges & Solutions

CONNECTED HEALTHCARE. Trends, Challenges & Solutions CONNECTED HEALTHCARE Trends, Challenges & Solutions Trend > Remote monitoring and telemedicine are growing Digital technology for healthcare is accelerating. Changes are being driven by the digitization

More information

Combating a new generation of cybercriminal with in-depth security monitoring

Combating a new generation of cybercriminal with in-depth security monitoring Cybersecurity Services Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored.

More information

Cyber Security Metrics Dashboards & Analytics

Cyber Security Metrics Dashboards & Analytics Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics

More information

Fostering Incident Response and Digital Forensics Research

Fostering Incident Response and Digital Forensics Research Fostering Incident Response and Digital Forensics Research Bruce J. Nikkel bruce.nikkel@ubs.com September 8, 2014 Abstract This article highlights different incident response topics with a focus on digital

More information

Address C-level Cybersecurity issues to enable and secure Digital transformation

Address C-level Cybersecurity issues to enable and secure Digital transformation Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

Cybersecurity Enhancement Account. FY 2017 President s Budget

Cybersecurity Enhancement Account. FY 2017 President s Budget Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities

More information

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015 Cybersecurity: Considerations for Internal Audit IIA Atlanta Chapter Meeting January 9, 2015 Agenda Key Risks Incorporating Internal Audit Resources for Internal Auditors Questions 2 Key Risks 3 4 Key

More information

Reducing Cyber Risk in Your Organization

Reducing Cyber Risk in Your Organization Reducing Cyber Risk in Your Organization White Paper 2016 The First Step to Reducing Cyber Risk Understanding Your Cyber Assets With nearly 80,000 cyber security incidents worldwide in 2014 and more than

More information

Identity, Security and Risk Management. transforming. risk into. value and efficiency. Your business technologists.

Identity, Security and Risk Management. transforming. risk into. value and efficiency. Your business technologists. Identity, Security and Risk Management transforming risk into value and efficiency Your business technologists. Powering progress Securing your business while maximizing opportunities Protecting the privacy

More information

Connecting things. Creating possibilities. A point of view

Connecting things. Creating possibilities. A point of view Connecting things. Creating possibilities. A point of view Is the next technological revolution already here? The Internet of Things is already transforming our daily lives, our health, education and businesses.

More information

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015 Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders

More information

Seamless Mobile Security for Network Operators. Build a secure foundation for winning new wireless services revenue.

Seamless Mobile Security for Network Operators. Build a secure foundation for winning new wireless services revenue. Seamless Mobile Security for Network Operators Build a secure foundation for winning new wireless services revenue. New wireless services drive revenues. Faced with the dual challenges of increasing revenues

More information

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION

More information

OT PRODUCTS AND SOLUTIONS MACHINE TO MACHINE

OT PRODUCTS AND SOLUTIONS MACHINE TO MACHINE OT PRODUCTS AND SOLUTIONS MACHINE TO MACHINE MACHINE-TO-MACHINE ENABLE AND SECURE A CONNECTED LIFE DRIVEN BY GOVERNMENT REGULATIONS, COMPANY AND CONSUMER NEEDS, PRODUCTS ARE TRANSFORMED INTO INTELLIGENT,

More information

HEALTH CARE AND CYBER SECURITY:

HEALTH CARE AND CYBER SECURITY: HEALTH CARE AND CYBER SECURITY: Increasing Threats Require Increased Capabilities kpmg.com 1 HEALTH CARE AND CYBER SECURITY EXECUTIVE SUMMARY Four-fifths of executives at healthcare providers and payers

More information

Cyber Security for your Connected Health Device

Cyber Security for your Connected Health Device Cyber Security for your Connected Health Device Agenda Cyber Security Emerging Threats Implications to Healthcare Healthcare Response OpenSky s timeline Service Evolution Launch IT Optimization 2014 Geographic

More information

A Forrester Consulting Thought Leadership Paper Commissioned By Zebra Technologies. November 2014

A Forrester Consulting Thought Leadership Paper Commissioned By Zebra Technologies. November 2014 A Forrester Consulting Thought Leadership Paper Commissioned By Zebra Technologies November 2014 Internet-Of-Things Solution Deployment Gains Momentum Among Firms Globally Improved Customer Experience

More information

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity Nine recommendations for alternative funds battling cyber crime kpmg.ca/cybersecurity Cyber criminals steal user names and passwords and use it to conduct financial trading activity illicitly. Hackers

More information

CONTENTS. Introduction 3. IoT- the next evolution of the internet..3. IoT today and its importance..4. Emerging opportunities of IoT 5

CONTENTS. Introduction 3. IoT- the next evolution of the internet..3. IoT today and its importance..4. Emerging opportunities of IoT 5 #924, 5 A The catchy phrase Internet of Things (IoT) or the Web of Things has become inevitable to the modern world. Today wireless technology has reached its zenith making it possible to interact with

More information

PCI Solution for Retail: Addressing Compliance and Security Best Practices

PCI Solution for Retail: Addressing Compliance and Security Best Practices PCI Solution for Retail: Addressing Compliance and Security Best Practices Executive Summary The Payment Card Industry (PCI) Data Security Standard has been revised to address an evolving risk environment

More information

Healthcare Security: Improving Network Defenses While Serving Patients

Healthcare Security: Improving Network Defenses While Serving Patients White Paper Healthcare Security: Improving Network Defenses While Serving Patients What You Will Learn Safeguarding the privacy of patient information is critical for healthcare providers. However, Cisco

More information

2012 Bit9 Cyber Security Research Report

2012 Bit9 Cyber Security Research Report 2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by

More information

The NIST Framework for Improving Critical Infrastructure Cybersecurity - An Executive Guide

The NIST Framework for Improving Critical Infrastructure Cybersecurity - An Executive Guide SOLUTION BRIEF NIST FRAMEWORK FOR IMPROVING CRITICAL INFRASTRUCTURE CYBERSECURITY The NIST Framework for Improving Critical Infrastructure Cybersecurity - An Executive Guide SOLUTION BRIEF CA DATABASE

More information

Cyber Security Trends 2016. Market trends from leading security analysts and consultants at TÜV Rheinland, OpenSky, and OpenSky UK

Cyber Security Trends 2016. Market trends from leading security analysts and consultants at TÜV Rheinland, OpenSky, and OpenSky UK Cyber Security Trends 2016 Market trends from leading security analysts and consultants at TÜV Rheinland, OpenSky, and OpenSky UK December, 2015 Cyber security Trends 2016 What do new technologies and

More information

The digital future for energy and utilities.

The digital future for energy and utilities. Digital transformation has changed the way you do business. The digital future for energy and utilities. Digital is reshaping the landscape in every industry, and the energy and utilities sectors are no

More information

Keynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation.

Keynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation. Keynote Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation 6 & 7 Nov 2013 So many of us now don t just work online but live part

More information

Today s Cybersecurity Technology: Is Your Business Getting Full Protection?

Today s Cybersecurity Technology: Is Your Business Getting Full Protection? A WHITE PAPER SDX Technologies Today s Cybersecurity Technology: Is Your Business Getting Full Protection? 1 Today s Cybersecurity Technology EXECUTIVE SUMMARY Information technology has benefited virtually

More information

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things Cyber security Digital Customer Experience Digital Employee Experience Digital Insight Internet of Things Payments IP Solutions Cyber Security Cloud 2015 CGI IT UK Ltd Contents... Securing organisations

More information

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015 Agenda Emerging cyber

More information

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved. Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control

More information

case study Core Security Technologies Summary Introductory Overview ORGANIZATION: PROJECT NAME:

case study Core Security Technologies Summary Introductory Overview ORGANIZATION: PROJECT NAME: The Computerworld Honors Program Summary developed the first comprehensive penetration testing product for accurately identifying and exploiting specific network vulnerabilities. Until recently, organizations

More information

FINANCIAL FRAUD: THE IMPACT ON CORPORATE SPEND IT SECURITY RISKS SPECIAL REPORT SERIES

FINANCIAL FRAUD: THE IMPACT ON CORPORATE SPEND IT SECURITY RISKS SPECIAL REPORT SERIES FINANCIAL FRAUD: THE IMPACT ON CORPORATE SPEND IT SECURITY RISKS SPECIAL REPORT SERIES Kaspersky Lab 2 Corporate IT Security Risks Survey details: More than 5,500 companies in 26 countries around the world

More information

2011 Cyber Security and the Advanced Persistent Threat A Holistic View

2011 Cyber Security and the Advanced Persistent Threat A Holistic View 2011 Cyber and the Advanced Persistent Threat A Holistic View Thomas Varney Cybersecurity & Privacy BM Global Business Services 1 31/10/11 Agenda The Threat We Face A View to Addressing the Four Big Problem

More information

2 Gabi Siboni, 1 Senior Research Fellow and Director,

2 Gabi Siboni, 1 Senior Research Fellow and Director, Cyber Security Build-up of India s National Force 2 Gabi Siboni, 1 Senior Research Fellow and Director, Military and Strategic Affairs and Cyber Security Programs, Institute for National Security Studies,

More information

Next Internet Evolution: Getting Big Data insights from the Internet of Things

Next Internet Evolution: Getting Big Data insights from the Internet of Things Next Internet Evolution: Getting Big Data insights from the Internet of Things Internet of things are fast becoming broadly accepted in the world of computing and they should be. Advances in Cloud computing,

More information

Cybersecurity and internal audit. August 15, 2014

Cybersecurity and internal audit. August 15, 2014 Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices

More information

EU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015

EU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015 EU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015 Aristotelis Tzafalias Trust and Security Unit H.4 DG Connect European Commission Trust and Security: One Mission

More information

ALERT LOGIC FOR HIPAA COMPLIANCE

ALERT LOGIC FOR HIPAA COMPLIANCE SOLUTION OVERVIEW: ALERT LOGIC FOR HIPAA COMPLIANCE AN OUNCE OF PREVENTION IS WORTH A POUND OF CURE Alert Logic provides organizations with the most advanced and cost-effective means to secure their healthcare

More information

Cybersecurity Strategic Consulting

Cybersecurity Strategic Consulting Home Overview Challenges Global Resource Growth Impacting Industries Why Capgemini Capgemini & Sogeti Cybersecurity Strategic Consulting Enabling business ambitions, resilience and cost efficiency with

More information

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

More information

CGI Cyber Risk Advisory and Management Services for Insurers

CGI Cyber Risk Advisory and Management Services for Insurers CGI Cyber Risk Advisory and Management Services for Insurers Minimizing Cyber Risks cgi.com 3 As organizations seek to create value in today s highly interconnected world, they inherently increase their

More information

1 Introduction... 2 2 Product Description... 3 3 Strengths and Challenges... 5 4 Copyright... 5

1 Introduction... 2 2 Product Description... 3 3 Strengths and Challenges... 5 4 Copyright... 5 KuppingerCole Report EXECUTIVE VIEW by Alexei Balaganski May 2015 is a business-critical application security solution for SAP environments. It provides a context-aware, secure and cloud-ready platform

More information

MES and Industrial Internet

MES and Industrial Internet October 7, 2014 MES and Industrial Internet Jan Snoeij Board Member, MESA International Principal Consultant, CGI Do you know MESA? Agenda Introduction Internet of Things Big Data Smart Factory or Smart

More information

YOUR DATA UNDER SIEGE: GUARD THE GAPS WITH PATCH MANAGEMENT. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next

YOUR DATA UNDER SIEGE: GUARD THE GAPS WITH PATCH MANAGEMENT. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next YOUR DATA UNDER SIEGE: GUARD THE GAPS WITH PATCH MANAGEMENT. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next Your Data Under Siege: Guard the Gaps with Patch Management 1.0

More information

POLICIES TO MITIGATE CYBER RISK

POLICIES TO MITIGATE CYBER RISK POLICIES TO MITIGATE CYBER RISK http://www.tutorialspoint.com/information_security_cyber_law/policies_to_mitigate_cyber_risk.htm Copyright tutorialspoint.com This chapter takes you through the various

More information

Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape

Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape White Paper Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape Financial services organizations have a unique relationship with technology: electronic data and transactions

More information

How to leverage SAP HANA for fast ROI and business advantage 5 STEPS. to success. with SAP HANA. Unleashing the value of HANA

How to leverage SAP HANA for fast ROI and business advantage 5 STEPS. to success. with SAP HANA. Unleashing the value of HANA How to leverage SAP HANA for fast ROI and business advantage 5 STEPS to success with SAP HANA Unleashing the value of HANA 5 steps to success with SAP HANA How to leverage SAP HANA for fast ROI and business

More information

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Stéphane Hurtaud Partner Governance Risk & Compliance Deloitte Laurent De La Vaissière Director Governance Risk & Compliance

More information

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS Cybersecurity and information security have become key challenges for

More information

A strategic approach to fraud

A strategic approach to fraud A strategic approach to fraud A continuous cycle of fraud risk management The risk of fraud is rising at an unprecedented rate. Today s tough economic climate is driving a surge in first party fraud for

More information

Christos Douligeris cdoulig at unipi dot gr. Department of Informatics University of Piraeus

Christos Douligeris cdoulig at unipi dot gr. Department of Informatics University of Piraeus cdoulig at unipi dot gr Department of Informatics University of Piraeus Safety & Security in Cyber Space: Building up Trust in the EU Athens, 6-7 March 2014 Cybersecurity: where do we stand? Major Trends

More information

How to Protect Sensitive Corporate Data against Security Vulnerabilities of Your Vendors

How to Protect Sensitive Corporate Data against Security Vulnerabilities of Your Vendors How to Protect Sensitive Corporate Data against Security Vulnerabilities of Your Vendors July 2014 Executive Summary Data breaches cost organizations millions and sometimes even billions of dollars in

More information

The Cloud Balancing Act for IT: Between Promise and Peril

The Cloud Balancing Act for IT: Between Promise and Peril The Cloud Balancing Act for IT: Between Promise and Peril Table of Contents EXECUTIVE SUMMARY...2 ONBOARDING CLOUD SERVICES...3 SYSTEMS OF RECORD: THE NEXT WAVE OF CLOUD ADOPTION...6 A CULTURE OF COMPLIANCE

More information

Cyber Security :: Insights & Recommendations for Secure Operations. N-Dimension Solutions, Inc.

Cyber Security :: Insights & Recommendations for Secure Operations. N-Dimension Solutions, Inc. Cyber Security :: Insights & Recommendations for Secure Operations N-Dimension Solutions, Inc. Cyber Security Protection for Critical Infrastructure Assets Agenda: Cyber Landscape Cyber Threats to Your

More information

End-user Security Analytics Strengthens Protection with ArcSight

End-user Security Analytics Strengthens Protection with ArcSight Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security

More information

The Impact of Cybercrime on Business

The Impact of Cybercrime on Business The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted

More information

Enterprise Cybersecurity: Building an Effective Defense

Enterprise Cybersecurity: Building an Effective Defense Enterprise Cybersecurity: Building an Effective Defense Chris Williams Oct 29, 2015 14 Leidos 0224 1135 About the Presenter Chris Williams is an Enterprise Cybersecurity Architect at Leidos, Inc. He has

More information

Automotive Suppliers and Cybersecurity

Automotive Suppliers and Cybersecurity Automotive Suppliers and Cybersecurity OEMs sometimes specify their security requirements in an incomplete or vague way, but that certainly doesn t mean that Tier 1 automotive suppliers (Tier 1s) should

More information

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection White Paper: Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection Prepared by: Northrop Grumman Corporation Information Systems Sector Cyber Solutions Division

More information

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary

More information

Cyberprivacy and Cybersecurity for Health Data

Cyberprivacy and Cybersecurity for Health Data Experience the commitment Cyberprivacy and Cybersecurity for Health Data Building confidence in health systems Providing better health care quality at lower cost will be the key aim of all health economies

More information

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response

More information

CYBERSECURITY IN HEALTHCARE: A TIME TO ACT

CYBERSECURITY IN HEALTHCARE: A TIME TO ACT share: TM CYBERSECURITY IN HEALTHCARE: A TIME TO ACT Why healthcare is especially vulnerable to cyberattacks, and how it can protect data and mitigate risk At a time of well-publicized incidents of cybersecurity

More information

Unisys Security Insights: Germany A Consumer Viewpoint - 2015

Unisys Security Insights: Germany A Consumer Viewpoint - 2015 Unisys Security Insights: Germany A Consumer Viewpoint - 2015 How consumers in Germany feel about: Personal data security, ranked by industry Experiences concerning security of personal data Research by

More information

Board Portal Security: How to keep one step ahead in an ever-evolving game

Board Portal Security: How to keep one step ahead in an ever-evolving game Board Portal Security: How to keep one step ahead in an ever-evolving game The views and opinions expressed in this paper are those of the author and do not necessarily reflect the official policy or position

More information

Assuring Application Security: Deploying Code that Keeps Data Safe

Assuring Application Security: Deploying Code that Keeps Data Safe Assuring Application Security: Deploying Code that Keeps Data Safe Assuring Application Security: Deploying Code that Keeps Data Safe 2 Introduction There s an app for that has become the mantra of users,

More information

Internet of Things (IoT): Security Awareness. Sandra Liepkalns, CRISC sandra.liepkalns@netrus.com

Internet of Things (IoT): Security Awareness. Sandra Liepkalns, CRISC sandra.liepkalns@netrus.com Internet of Things (IoT): Security Awareness Sandra Liepkalns, CRISC sandra.liepkalns@netrus.com So What is the Internet of Things Network of physical objects embedded with: Electronics, software, sensors

More information

N-Dimension Solutions Cyber Security for Utilities

N-Dimension Solutions Cyber Security for Utilities AGENDA ITEM NO.: 3.A. MEETING DATE; 08/18/2014 N-Dimension Solutions Cyber Security for Utilities Cyber Security Protection for Critical Infrastructure Assets The cyber threat is escalating - Confidential

More information

A Guide to Successfully Implementing the NIST Cybersecurity Framework. Jerry Beasley CISM and TraceSecurity Information Security Analyst

A Guide to Successfully Implementing the NIST Cybersecurity Framework. Jerry Beasley CISM and TraceSecurity Information Security Analyst TRACESECURITY WHITE PAPER GRC Simplified... Finally. A Guide to Successfully Implementing the NIST Cybersecurity Framework Jerry Beasley CISM and TraceSecurity Information Security Analyst TRACESECURITY

More information

Cloud security architecture

Cloud security architecture ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide

More information

Cloud Vendor Benchmark 2014 A Comparison of Software Vendors and Service Providers

Cloud Vendor Benchmark 2014 A Comparison of Software Vendors and Service Providers Cloud Vendor Benchmark 2014 A Comparison of Software Vendors and Service Providers Cloud Vendor Report Executive Summary of the Cloud Vendor Benchmark 2014 for Cloud Leader 2014 Trend Micro Incorporated

More information

Position Paper: Berlin, 31 March 2014. Legislative intentions to increase IT Security

Position Paper: Berlin, 31 March 2014. Legislative intentions to increase IT Security Position Paper: Berlin, 31 March 2014 Legislative intentions to increase IT Security eco the Association of the sees itself as lobbyist and supporter of all companies that are involved in the economic

More information

RETHINKING CYBER SECURITY Changing the Business Conversation

RETHINKING CYBER SECURITY Changing the Business Conversation RETHINKING CYBER SECURITY Changing the Business Conversation October 2015 Introduction: Diane Smith Michigan Delegate Higher Education Conference Speaker Board Member 2 1 1. Historical Review Agenda 2.

More information

Cyber Security Management

Cyber Security Management Cyber Security Management Focusing on managing your IT Security effectively. By Anthony Goodeill With the news cycles regularly announcing a recurrently theme of targets of hacker attacks and companies

More information

The Oracle Mobile Security Suite: Secure Adoption of BYOD

The Oracle Mobile Security Suite: Secure Adoption of BYOD An Oracle White Paper April 2014 The Oracle Mobile Security Suite: Secure Adoption of BYOD Executive Overview BYOD (Bring Your Own Device) is the new mobile security imperative and every organization will

More information

Putting Operators at the Centre of

Putting Operators at the Centre of Putting Operators at the Centre of Enterprise Mobile Security Introduction Small and Medium Enterprises make up the majority of firms and employees in all major economies, yet are largely unidentified

More information

Understanding the impact of the connected revolution. Vodafone Power to you

Understanding the impact of the connected revolution. Vodafone Power to you Understanding the impact of the connected revolution Vodafone Power to you 02 Introduction With competitive pressures intensifying and the pace of innovation accelerating, recognising key trends, understanding

More information

INTERNET OF THINGS: SCIENCE FICTION OR BUSINESS FACT?

INTERNET OF THINGS: SCIENCE FICTION OR BUSINESS FACT? A HARVARD BUSINESS REVIEW ANALYTIC SERVICES REPORT INTERNET OF THINGS: SCIENCE FICTION OR BUSINESS FACT? Copyright 2014 Harvard Business School Publishing. sponsored by SPONSOR PERSPECTIVE Each year the

More information

THE PERFECT STORM WEATHERING CYBER THREATS IN THE HEALTHCARE INDUSTRY

THE PERFECT STORM WEATHERING CYBER THREATS IN THE HEALTHCARE INDUSTRY THE PERFECT STORM WEATHERING CYBER THREATS IN THE HEALTHCARE INDUSTRY BY DR. BRIAN MCELYEA AND DR. EMILY DARRAJ Approved for Public Release: Case # 16-0276 NORTHROP GRUMMAN WHITE PAPER 2016 Northrop Grumman

More information

Into the cybersecurity breach

Into the cybersecurity breach Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing

More information

Security Issues with Integrated Smart Buildings

Security Issues with Integrated Smart Buildings Security Issues with Integrated Smart Buildings Jim Sinopoli, Managing Principal Smart Buildings, LLC The building automation industry is now at a point where we have legitimate and reasonable concern

More information

White Paper. Data Security. The Top Threat Facing Enterprises Today

White Paper. Data Security. The Top Threat Facing Enterprises Today White Paper Data Security The Top Threat Facing Enterprises Today CONTENTS Introduction Vulnerabilities of Mobile Devices Alarming State of Mobile Insecurity Security Best Practices What if a Device is

More information

Research Report: Addressing Security Concerns for Connected Devices in the Internet of Things Era

Research Report: Addressing Security Concerns for Connected Devices in the Internet of Things Era Sponsored by Oracle Research Report: Addressing Security Concerns for Connected Devices in the Internet of Things Era Introduction About Survey Respondents The Internet of Things (IoT) and the rise of

More information

Testing the Security of your Applications

Testing the Security of your Applications Home Safeguarding Business Critical Testing the of your Applications Safeguarding business critical systems and applications 2 Safeguarding business critical systems and applications Organizations are

More information

Security: The Vital Element Of The Internet Of Things

Security: The Vital Element Of The Internet Of Things A Forrester Consulting Thought Leadership Paper Commissioned By Cisco March 2015 Security: The Vital Element Of The Internet Of Things Table Of Contents Executive Summary... 1 There Is Clear Momentum For

More information

Is the PCI Data Security Standard Enough?

Is the PCI Data Security Standard Enough? Is the PCI Data Security Standard Enough? By: Christina M. Freeman ICTN 6870 Advanced Network Security Abstract: This paper will present the researched facts on Payment Card Industry Data Security Standard

More information

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

defending against advanced persistent threats: strategies for a new era of attacks agility made possible defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been

More information

The Importance of Cybersecurity Monitoring for Utilities

The Importance of Cybersecurity Monitoring for Utilities The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive

More information

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave

More information