The Cybersecurity Threat Protecting Big Data

Size: px

Start display at page:

Download "The Cybersecurity Threat Protecting Big Data"

Jordan Warren
8 years ago
Views:

1 The Cybersecurity Threat Protecting Big Data Nikcholas Davis Chief Information Security Officer UW-System Wisconsin Real Estate and Economic Outlook Conference September 2015

2 Recent cyber threats to big data / real estate Advanced Persistent Threat August 31, Wired (National) 225,000 iphones hit with malware September 2, HelpNet Security (National) 0-days found in widely used Belkin router, fixes still unavailable March 2015, Inman (National) To hackers, real estate agents are walking around with bull s-eye on their backs Data Breach Attacks September 8, SC Magazine (North Carolina) About 2,500 customer credit cards affected in Mohu website breach. August 27, U.S. Department of Justice (National) Business compromise. August 25, Securityweek (International) Tor increasingly used by malicious actors: IBM. University of Wisconsin Madison 2

Common Ground Cybersecurity Definitions Threat Vulnerability Risk Real Estate - Information Sharing and Analysis Center PPD-21 Critical Infrastructure Security and Resilience (Feb 2013) Facilitate

3 Common Ground Cybersecurity Definitions Threat Vulnerability Risk Real Estate - Information Sharing and Analysis Center PPD-21 Critical Infrastructure Security and Resilience (Feb 2013) Facilitate information analysis in order to detect patterns or trends Providing analytical and informational products, alerts and other communications Likelihood Fostering effective relationships Encouraging the preparedness and resilience of industry partners From RE-ISAC Portal: University of Wisconsin Madison 3

4 Knowing the holes in big data fences Commercial real estate attack surface by property type From Deloitte: Evolving cyber risk in commercial real estate, dated May 13, 2015 University of Wisconsin Madison 4

5 Relative Value of Big Data How easy is it to capture Big Data across business sectors? From US BLS and McKinsey Global Institute, Big data: The next frontier for innovation competition, and productivity University of Wisconsin Madison 5

6 The real impact Financial Impact of Cyber Crime Will Grow 10 Percent Per Year * Data breaches cost U.S. businesses $194 per compromised record Average time to resolve a cyber attack is 24 days Malware can remain undetected for 243 days on average ** Average value of a lost laptop is $49,246 after a data breach, 80 percent of which is for lost data compared to two percent for the cost Data loss increases risk and exposure* Problem increases as paper files are purged and big data transferred Options: Detection or Prevention to cloud Risk transfer to cyber liability providers increasing Regulatory environment changes* Newer laws favor victims of data breaches your clients! Impact of data loss forcing courts to prescribe remedies = From 2013 AIG report: Cyber and data security risks and the real estate industry, = From Holland Knight Report: Cybersecurity in the construction industry, April 2015 University of Wisconsin Madison 6

7 What is the Cyber Threat? Actors and Impacts Options: Detection or Prevention From Deloitte: Evolving cyber risk in commercial real estate, dated May 13, 2015 University of Wisconsin Madison 7

8 Balancing Security and Convenience Data access requirements cause cybersecurity processes and procedures to become excessive burden Lack of information to cybersecurity team is counter to best-practices Remote scans and monitoring are possible - run during off-peak hours Perceptions (and a little reality) that vulnerability and asset management scanning slows high performance networks Computing power and high bandwidth can mask criminal activity Scans can be tailored to be as non-intrusive as possible or scheduled to occur outside peak computing windows Options: Detection or Prevention Balancing the cost of cybersecurity tools and staff Cost of breach or loss of services Reputational impact Availability Integrity Confidentiality Authentication - Utility University of Wisconsin Madison 8

Cybersecurity in Layers Relationship between data and layers of control Defensive controls form a bastion relationship with implementation risk increasing the closer to the data you get Requires a

9 Cybersecurity in Layers Relationship between data and layers of control Defensive controls form a bastion relationship with implementation risk increasing the closer to the data you get Requires a greater focus on user enforced controls and training Balance between people, process and technology components Relationship between Systems Development Life Cycle (SDLC) and Risk Management Frameworks (RMF) Tailor RMF to match SDLC, taking into account the need for high functioning CMdB University of Wisconsin Madison 9

10 How can you address the cyber threat? Action Plan Elevate cybersecurity to a strategic concern Communicate vulnerability info and scan/patch status Engage leadership and system/network owners Develop defense in depth strategies Increase surveillance internally and within cloud services Persistent network and web application scanning Improve network monitoring and analytics Periodic exercises of data loss provisions within Disaster Recovery Plan University of Wisconsin Madison 10

What questions do you have? http://www.cio.wisc.

11 What questions do you have? University of Wisconsin Madison 11

Cybersecurity. Are you prepared?

Cybersecurity. Are you prepared? Cybersecurity Are you prepared? First Cash, then your customer, now YOU! What is Cybersecurity? The body of technologies, processes, practices designed to protect networks, computers, programs, and data