Cybersecurity challenges in an interconnected world Key findings from The Global State of Information Security Survey 2015
|
|
- Nora Wilkins
- 8 years ago
- Views:
Transcription
1 Cybersecurity challenges in an interconnected world Key findings from The Global State of Information Security Survey 2015 If the recent string of high-profile cyber attacks has proved anything, it s that no industry or organization is immune from risk. In particular, compromises by nation-states, social activists and hacktivists, and employees have increased markedly in the past year. Politically motivated hacktivists took down the website of the German parliament as well as the chancellor s page. 1 State-sponsored threat actors infiltrated the systems of a third-party firm that conducts personnel background checks for US government agencies, resulting in theft of information of 25,000 employees; four months later, personal information of an estimated 40,000 federal workers was breached in an attack on another background check contractor. 2 Throughout the year, activists reacted to perceived social injustices by launching powerful distributed denial of service (DDoS) attacks that defaced and disabled the websites of smaller city governments. And the threat extends from the most powerful nation-state actors to the smallest municipal agencies. Consider, for instance, the past 12 months in cyber attacks. 1 CNET, Political hackers take on Germany over Ukraine-Russia issues, January 7, SC Magazine, 40,000 federal employees impacted by contractor breach, December 19, // 1
2 The threat from insiders, hacktivists, and nation-states continues to challenge government agencies as they deal with shrinking budgets and increased connectivity issues, said John Hunt, a Principal in PwC s Cybersecurity Practice. Government agencies must step up their efforts to invest in security personnel, processes, and technologies that address holistic information security strategies. There s every reason to believe these risks to data, applications, and networks will continue to accelerate as governments continue to shift more services and data online. Yet according to key findings from The Global State of Information Security Survey (GSISS) 2015, many public sector organizations are not taking decisive action to address cyber threats and improve their security programs. GSISS 2015: results at a glance Click or tap each title to view data 3K 2K 3,105 2,317 Incidents Sources of incidents 1K 2013 Average number of detected incidents // 2
3 The threat from insiders, hacktivists, and nation-states continues to challenge government agencies as they deal with shrinking budgets and increased connectivity issues, said John Hunt, a Principal in PwC s Cybersecurity Practice. Government agencies must step up their efforts to invest in security personnel, processes, and technologies that address holistic information security strategies. There s every reason to believe these risks to data, applications, and networks will continue to accelerate as governments continue to shift more services and data online. Yet according to key findings from The Global State of Information Security Survey (GSISS) 2015, many public sector organizations are not taking decisive action to address cyber threats and improve their security programs. GSISS 2015: results at a glance Click or tap each title to view data 40% 30% 27% 35% 26% 27% 25% Incidents Sources of incidents 20 19% 15% 11% Current employees Former employees Hackers Activists/hacktivists // 3
4 Employees remain the most-cited culprits. Despite overwhelming evidence that cyber risks continue to multiply, the number of security incidents detected by public sector respondents declined 25% in to a three-year low. (We define a security incident as any adverse incident that threatens some aspect of computer security.) Against a global backdrop of escalating cyber attacks, a drop in detected compromises is not necessarily a good thing. One explanation may be that intrusions by advanced adversaries like nation-states often go undiscovered. It s also worth pointing out that more than a quarter of respondents (26%) did not know the number of compromises, and slightly more could not determine the source of incidents. What s more, many agencies are reluctant to discuss the risks and repercussions of security events, which could explain the drop in incidents that are disclosed. It is unsurprising that current personnel remain the mostcited culprits of security incidents, followed by former employees. Increasingly, government agencies are also concerned about threats posed by insiders like service providers, consultants, and contractors who have trusted access to an organization s network and sensitive data. It s a risk that continues to inch up year over year. While incidents attributed to insiders often fly under the radar of the media, compromises by nation-states, activists, and hacktivist organizations are among the most avidly covered. These threat actors are also increasingly active: Attacks by nation-states soared 77% in over the year before, while those carried out by activists and hacktivists climbed 39%. Nation-states and activists/hacktivists are the fastest-growing sources of security incidents. Incidents and financial losses decline // 4
5 Despite mounting concerns about cyber risks, many agencies seem mired in a pattern of fiscal austerity at least when it comes to cybersecurity. Global public sector organizations in fact cut information security budgets by 6% in compared with the year before. Nowhere was this tendency clearer than among small agencies (those with revenues of $100 million or less), which slashed security spending by 25%. Large entities (revenues of $1 billion or more) trimmed security investments by a modest 1% while medium-size organizations increased spending by 39%. GSISS 2015: security spending at a glance $ 3.7M 4M 4% $ 3.5M 3.6% 3.7% 3M 3% 2M 2% Average annual information security budget Information security spend as percentage of IT budget Incidents and financial losses decline // 5
6 Employee awareness programs and data access controls are key. In the wake of the data leak by US government contractor Edward J. Snowden, most executives understand that security breaches by insiders whether employees or trusted business partners can be even more damaging than those attributed to external adversaries. That s why the sizable increase in insider incidents this year could have critical implications for the security stance of public sector agencies. As the ability to limit and control employee access to key data assets becomes increasingly pivotal, safeguards to manage insider threats will be a hallmark of successful cybersecurity. approach needs to be holistic in nature, and include other security concerns like physical security, personnel security, information security, as well as cyber-threat intelligence. Take employee awareness and training. The weakest link in a security program is very often human, and staff education should form the spine of every information security program. So it did not inspire optimism to find that only 57% of public sector respondents have a security awareness and training program a number that is down significantly from the year before. We also saw a decline in staff training on privacy policies. The truth is, public sector agencies often focus on the latest security technologies at the expense of employee awareness and training. Another essential process is thorough background investigation of potential employees. More than a third of respondents do not perform any background checks of potential employees, among the most basic of precautions and one that has weakened from the year before. Battling these risks will demand a new focus on employee security training, airtight control of data access, and the right technologies to continuously monitor network activity. There is evidence that many agencies have not addressed these imperatives. Never before has there been a greater need to develop a risk-based approach to cybersecurity, said Jack L. Johnson Jr., a Principal in the PwC Public Sector and the National Security Practice Leader. This risk-based Battling insider risks will also demand a new focus on the right technologies to continuously monitor network activity. // 6
7 Tools to manage insider threats are often not deployed 65% 63% 61% 59% 57% 54% 49% Conduct personnel background checks Privileged user access User activity monitoring tools Unauthorized use or access monitoring tools Employee training & awareness program Threat intelligence subscription services Behavioural profiling & monitoring Enterprise-wide awareness of security risks will not be achieved by the IT function alone. It will require a cross-functional approach that includes IT, information security, corporate security, human resources, legal counsel, audit, and privacy, as well as leadership from lines of business. Yet only 52% of respondents told us they have a cross-functional team that coordinates security strategy and practices. One ascendant risk that can be mitigated by employee training is spear phishing, a tactic that adversaries often use to launch an advanced attack. Increasingly, external threat actors mount spear phishing campaigns to steal credentials of employees with privileged access to data and networks, then use that information to infiltrate the agency s network. Staff training is the best defense, but technologies such as software to discover malicious code and anti-malware solutions can also help ent phishing attacks. They are also under-utilized. Similarly, threat-intelligence subscription services can help agencies understand current spear phishing campaigns and targeted attack techniques. It s an approach that only 54% of public sector respondents have adopted. // 7
8 Anticipating risks, understanding threat actors, and rapid response are seen as key benefits. Increasingly, governments are encouraging and sometimes mandating that agencies implement processes and tools to continuously monitor and analyze IT assets and activity. They understand that doing so can help anticipate risks and inform decisionmaking, provide intelligence on threat actors techniques, and facilitate rapid response to compromises. The benefits of continuous monitoring are clear-cut, but so are the challenges. The multitude of information systems and applications in place today make visibility and analysis progressively complex and time-consuming. For many agencies, the austere spending environment makes it difficult to secure funding for any new security initiative. And there are no precise guidelines as to what constitutes the right processes and technologies. We believe that a monitoring program will require that agencies first identify their most valuable data assets and prioritize protection. This initial step is critical because most organizations do not have the resources to protect every asset with equal vigor. It is also under-utilized: Just over half (54%) told us they have a program to identify sensitive data, a number that is down from the year before. One example of this type of initiative is the Continuous Diagnostics and Mitigation (CDM) program launched by the US Department of Homeland Security. The CDM program aims to improve the cybersecurity of federal agencies by providing them with capabilities and tools that help identify cybersecurity risks, prioritize these threats based on potential impacts, and mitigate the most significant problems first. // 8
9 Implementation of monitoring & diagnostics tools falls short 68% 60% Malicious code detection tools Vulnerability scanning tools 62% 57% Intrusion detection tools User activity monitoring tools 61% Security-event correlation tools Penetration testing 52% Some governments are beginning to require that their agencies deploy processes and tools to monitor and analyze valuable data assets. Similarly, a commitment to monitor and analyze data and networks seems to be slipping. In, 61% of agencies told us they have implemented processes to monitor and assess security intelligence such as log files, network activity, and vulnerability reports. The year before, 73% said they have these processes, indicating that the trend appears to be heading in the wrong direction. A look at specific tools for monitoring and analysis reveals a similar tendency: Adoption of technologies like security-event correlation software, vulnerability scanning, penetration testing, and monitoring of user activity declined in. Overall, there seems to be a disconnect between voicing support for these tools and actual implementation. // 9
10 Automated identity and access controls are fundamental tools yet are often not deployed. Identity and access management is a core component of information security, one that is progressively essential to an effective program. Yet many public sector agencies continue to grapple with automated solutions. In, only half (50%) of respondents told us they have implemented identity management tools. Other technologies that are central to managing access and monitoring employee behavior are also sparsely deployed. These include automated account provisioning and de-provisioning, role-based authorization, and user recertification. respondents said they leverage biometrics, up from 18% two years ago, and 58% said they have implemented multifactor log-ins. The step may be linking physical and logical access with identity management tools. Among European nations, for instance, there is a movement to build centralized identity management systems that leverage electronic identity cards. 3 The cryptographic cards, which contain an embedded chip that stores an individual s personal data, employ the Extended Access Control Protocol. This combination of chip and software provides a foundation upon which public sector agencies could overlay IT security controls to better enforce access to systems and data. Many agencies do not use identity management tools Secure access control measures Role-based authorization Automated password reset 60% 60% 69% More advanced organizations are starting to use biometrics such as a fingerprint scanner to log onto a computer and multifactor authentication to improve identity and access management. In, 37% of survey Many believe centralized identity management can yield a number of benefits that include improved secure access to multiple networks and applications, operational efficiencies, lower costs of access control administration, and a better audit trail. It s a trend we will continue to monitor. Multifactor authentication 58% 55% User recertification Half of public sector respondents tell us they have not implemented identity management tools. Automated account provisioning/de-provisioning 47% 54% 3 IEEE Security & Privacy, Electronic Identity Cards for User Authentication Promise and Practice, February 2012 Risk-based authorization/authentication // 10
11 Increasingly, governments are encouraging public and private entities to share cyber-threat intelligence. It s good news that many industries are embracing external collaboration to improve cybersecurity threat awareness and response techniques. But much more could be done to leverage the power of collaboration across industries and governments local, regional, and global. Over the past several years, government, regulatory and law-enforcement bodies have proposed guidelines and legislation to promote information sharing. Recently, the US and United Kingdom announced an agreement on cybersecurity cooperation that includes threat information sharing and educational exchanges. 4 And industry-specific initiatives known as Information Sharing and Analysis Centers (ISAC) have been created across sectors including finance, healthcare, energy, and public transit, to name a few and now have a global reach. But much remains to be done in the public sector. Despite calls for increased public-private collaboration, government agencies remain somewhat reluctant to share information. In, only 43% of respondents told us they work with others to improve security, down from 48% the year before. What s more, industries such as technology, telecommunications, and financial services are considerably more likely to collaborate with others. For many, a lack of a unified framework for information sharing between private and public sectors remains a significant barrier to information sharing. Certain guidelines exist, such as the ISO/IEC standard, which includes some details on information sharing. But a lack of a specific, detailed standard has undoubtedly hobbled the adoption of collaboration. In the US, recent initiatives to advance public-private information sharing have centered on safeguarding critical infrastructure. To that end, the National Institute of Standards and Technology (NIST) in April issued a voluntary standard to assess and improve cybersecurity of critical infrastructure providers, as well as create a common language for discussion and collaboration. Already, 21% of US public sector respondents say they have adopted the NIST Cybersecurity Framework, and 11% say it is a future priority. Even though the Framework targets US critical infrastructure providers, it offers an effective model for risk-based security and information sharing that could benefit organizations across industries and across the globe. We believe it s well worth adopting. Despite calls for increased information sharing, only 43% of public sector respondents say they collaborate with others. 4 White House Office of the Press Secretary, FACT SHEET: US-United Kingdom Cybersecurity Cooperation, January 16, 2015 // 11
12 How the public sector partners & collaborates 52% 52% 43% Have a senior executive who communicates importance of security Have a cross-organizational team that coordinate & communicates security issues Collaborate with others to improve security Facing the future of cyber attacks As threats from nation-states shift, cybersecurity could very well evolve into cyber warfare. You need only consider the punishing assault on a US-based entertainment company to understand the potential. The attack, which was purportedly carried out by a nation-state, was variously described as cyber vandalism, terrorism, and an act of war. The precedent has clearly been set for the elevation of a cyber attack to a matter of national significance. That s something that governments now recognize: Many are creating IT cybersecurity departments that are modeled on military defense, a trend that we expect will continue. This will be particularly pertinent to nations whose critical infrastructure is owned and operated by the government. As governments continue to use the Internet for their own purposes, cyberspace could very well become a combat zone. If it does, the risks and repercussions of cyber attacks will extend far beyond data security. // 12
13 To have a deeper conversation about cybersecurity, please contact: United States Jack L. Johnson Jr. Principal johnson.jack@us.pwc.com John Hunt Principal john.d.hunt@us.pwc.com // PwC helps organizations and individuals create the value they re looking for. We re a network of firms in 157 countries with more than 195,000 people who are committed to delivering quality in assurance, tax and advisory services. Tell us what matters to you and find out more by visiting us at This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PwC does not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see for further details. The Global State of Information Security is a registered trademark of International Data Group, Inc. LA // 13
20+ At risk and unready in an interconnected world
At risk and unready in an interconnected world Key findings from The Global State of Information Security Survey 2015 Cyber attacks against power and utilities organizations have transitioned from theoretical
More informationImproving cyber readiness in an interconnected world Key findings from The Global State of Information Security Survey 2015
Improving cyber readiness in an interconnected world Key findings from The Global State of Information Security Survey 2015 organizations tend to have comparatively robust and mature cybersecurity programs.
More informationDriving cybersecurity advances in an interconnected world Key findings from The Global State of Information Security Survey 2015
Driving cybersecurity advances in an interconnected world Key findings from The Global State of Information Security Survey 2015 Technology advances like telematics, networked manufacturing tools, and
More informationSecurity deficits in an interconnected world Key findings from The Global State of Information Security Survey 2015
Security deficits in an interconnected world Key findings from The Global State of Information Security Survey 2015 It will come as no surprise to most financial services executives that information security
More informationStatement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives
Statement for the Record Richard Bejtlich Chief Security Strategist FireEye, Inc. Before the U.S. House of Representatives Committee on Energy and Commerce Subcommittee on Oversight and Investigations
More informationHealthcare cybersecurity challenges in an interconnected world Key findings from The Global State of Information Security Survey 2015
Healthcare cybersecurity challenges in an interconnected world Key findings from The Global State of Information Security Survey 2015 Healthcare payers Technology is not the only agent of change. Innovations
More informationWhite Paper on Financial Industry Regulatory Climate
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
More informationAnswering your cybersecurity questions The need for continued action
www.pwc.com/cybersecurity Answering your cybersecurity questions The need for continued action January 2014 Boards and executives keeping a sustained focus on cybersecurity do more than protect the business:
More informationCybersecurity challenges in an interconnected world Key findings from The Global State of Information Security Survey 2015
Cybersecurity challenges in an interconnected world Key findings from The Global State of Information Security Survey 2015 Over the past year, the phrase data breach has become closely associated with
More informationDefending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014
www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday
More informationHealthcare Information Security Today
Healthcare Information Security Today 2015 Survey Analysis: Evolving Threats and Health Info Security Efforts WHITE PAPER SURVEY BACKGROUND The Information Security Media Group conducts an annual Healthcare
More informationNew York State Department of Financial Services. Report on Cyber Security in the Insurance Sector
New York State Department of Financial Services Report on Cyber Security in the Insurance Sector February 2015 Report on Cyber Security in the Insurance Sector I. Introduction Cyber attacks against financial
More informationWeb application security Executive brief Managing a growing threat: an executive s guide to Web application security.
Web application security Executive brief Managing a growing threat: an executive s guide to Web application security. Danny Allan, strategic research analyst, IBM Software Group Contents 2 Introduction
More informationTHE WHITE HOUSE Office of the Press Secretary
FOR IMMEDIATE RELEASE February 13, 2015 THE WHITE HOUSE Office of the Press Secretary FACT SHEET: White House Summit on Cybersecurity and Consumer Protection As a nation, the United States has become highly
More informationExperience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.
Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies
More informationCYBER SECURITY INFORMATION SHARING & COLLABORATION
Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers
More informationwww.pwc.com Cybersecurity and Privacy Hot Topics 2015
www.pwc.com Cybersecurity and Privacy Hot Topics 2015 Table of Contents Cybersecurity and Privacy Incidents are on the rise Executives and Boards are focused on Emerging Risks Banking & Capital Markets
More informationWhy you should adopt the NIST Cybersecurity Framework
www.pwc.com/cybersecurity Why you should adopt the NIST Cybersecurity Framework May 2014 The National Institute of Standards and Technology Cybersecurity Framework may be voluntary, but it offers potential
More informationTestimony of PETER J. BESHAR. Executive Vice President and General Counsel. Marsh & McLennan Companies
Marsh & McLennan Companies, Inc. 1166 Avenue of the Americas New York, NY 10036 +1 212 345 5000 Fax +1 212 345 4808 Testimony of PETER J. BESHAR Executive Vice President and General Counsel Marsh & McLennan
More informationManaging cyber risks with insurance
www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive
More informationSeven Things To Consider When Evaluating Privileged Account Security Solutions
Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?
More informationThe promise and pitfalls of cyber insurance January 2016
www.pwc.com/us/insurance The promise and pitfalls of cyber insurance January 2016 2 top issues The promise and pitfalls of cyber insurance Cyber insurance is a potentially huge but still largely untapped
More informationJanuary IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director
January IIA / ISACA Joint Meeting Pre-meeting Cybersecurity Update for Internal Auditors Matt Wilson, Risk Assurance Director Introduction and agenda Themes from The Global State of Information Security
More informationPreemptive security solutions for healthcare
Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare
More informationStrengthen security with intelligent identity and access management
Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers
More informationLeveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs
IBM Global Technology Services Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs Achieving a secure government
More informationwww.pwc.co.uk Cyber security Building confidence in your digital future
www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in
More informationMiddle Class Economics: Cybersecurity Updated August 7, 2015
Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest
More informationInformation Technology in the Automotive Aftermarket
Information Technology in the Automotive Aftermarket March 2015 AASA Thought Leadership: The following white paper consists of key takeaways from three AASA surveys conducted in 2014, which focused on
More informationCyber Risk to Help Shape Industry Trends in 2014
Cyber Risk to Help Shape Industry Trends in 2014 Rigzone Staff 12/18/2013 URL: http://www.rigzone.com/news/oil_gas/a/130621/cyber_risk_to_help_shape_industry_trends_i n_2014 The oil and gas industry s
More informationSolving the Security Puzzle
Solving the Security Puzzle How Government Agencies Can Mitigate Today s Threats Abstract The federal government is in the midst of a massive IT revolution. The rapid adoption of mobile, cloud and Big
More informationManaging the Ongoing Challenge of Insider Threats
CYBERSECURITY IN THE FEDERAL GOVERNMENT Managing the Ongoing Challenge of Insider Threats A WHITE PAPER PRESENTED BY: May 2015 PREPARED BY MARKET CONNECTIONS, INC. 11350 RANDOM HILLS ROAD, SUITE 800 FAIRFAX,
More informationCybersecurity and Corporate America: Finding Opportunities in the New Executive Order
Executive Order: In the President s State of the Union Address on February 12, 2013, he announced an Executive Order Improving Critical Infrastructure Cybersecurity (EO) to strengthen US cyber defenses
More informationAttachment A. Identification of Risks/Cybersecurity Governance
Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year
More informationFIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES
FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES The implications for privacy and security in the emergence of HIEs The emergence of health information exchanges (HIE) is widely
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationState of Security Survey GLOBAL FINDINGS
2011 State of Security Survey GLOBAL FINDINGS CONTENTS Introduction... 4 Methodology... 6 Finding 1: Cybersecurity is important to business... 8 Finding 2: The drivers of security are changing... 10 Finding
More informationCyber Security Management
Cyber Security Management Focusing on managing your IT Security effectively. By Anthony Goodeill With the news cycles regularly announcing a recurrently theme of targets of hacker attacks and companies
More informationProtecting against cyber threats and security breaches
Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So
More informationCYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility
CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to
More informationTHE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS
THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Detection, analysis, and understanding of threat
More informationI ve been breached! Now what?
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
More informationU.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems
U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)
More informationClient Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs
1 Client Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs NEW YORK Byungkwon Lim blim@debevoise.com Gary E. Murphy gemurphy@debevoise.com Michael J. Decker mdecker@debevoise.com
More informationFive keys to a more secure data environment
Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational
More informationSecurity and Privacy
Security and Privacy Matthew McCormack, CISSP, CSSLP CTO, Global Public Sector, RSA The Security Division of EMC 1 BILLIONS OF USERS MILLIONS/BILLIONS OF APPS 2010 Cloud Big Data Social Mobile Devices
More informationOCIE CYBERSECURITY INITIATIVE
Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationAssessing the strength of your security operating model
www.pwc.com Assessing the strength of your security operating model May 2014 Assessing the strength of your security operating model Retail stores, software companies, the U.S. Federal Reserve it seems
More informationPrivilege Gone Wild: The State of Privileged Account Management in 2015
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
More informationThe Dow Chemical Company. statement for the record. David E. Kepler. before
The Dow Chemical Company statement for the record of David E. Kepler Chief Sustainability Officer, Chief Information Officer, Business Services and Executive Vice President before The Senate Committee
More informationChairman Johnson, Ranking Member Carper, and Members of the committee:
UNITED STATES OFFICE OF PERSONNEL MANAGEMENT STATEMENT OF THE HONORABLE KATHERINE ARCHULETA DIRECTOR U.S. OFFICE OF PERSONNEL MANAGEMENT before the COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
More informationCyber Governance Preparing for the Inevitable Perimeter Breach
SAP Brief SAP Extensions SAP Regulation Management by Greenlight, Cyber Governance Edition Objectives Cyber Governance Preparing for the Inevitable Perimeter Breach Augment your preventive cybersecurity
More informationHow GCs And Boards Can Brace For The Cybersecurity Storm - Law360
Page 1 of 6 Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com How GCs And Boards Can Brace For The Cybersecurity
More informationCybersecurity Enhancement Account. FY 2017 President s Budget
Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities
More informationCybersecurity Awareness. Part 1
Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationCyber Security Strategy
NEW ZEALAND S Cyber Security Strategy 2015 A secure, resilient and prosperous online New Zealand Ministerial Foreword The internet and technology have become a fundamental element in our lives. We use
More informationManaging the Unpredictable Human Element of Cybersecurity
CONTINUOUS MONITORING Managing the Unpredictable Human Element of Cybersecurity A WHITE PAPER PRESENTED BY: May 2014 PREPARED BY MARKET CONNECTIONS, INC. 14555 AVION PARKWAY, SUITE 125 CHANTILLY, VA 20151
More informationStay ahead of insiderthreats with predictive,intelligent security
Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz sarah.cucuz@spyders.ca IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent
More informationEvolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance
Evolving Threats and Attacks: A Cloud Service Provider s viewpoint John Howie Senior Director Online Services Security and Compliance Introduction Microsoft s Cloud Infrastructure Evolution of Threats
More informationCyber Security Metrics Dashboards & Analytics
Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics
More informationJOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015
JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement
More informationActions and Recommendations (A/R) Summary
Actions and Recommendations (A/R) Summary Priority I: A National Cyberspace Security Response System A/R 1-1: DHS will create a single point-ofcontact for the federal government s interaction with industry
More informationCYBER SECURITY THREAT REPORT Q1
CYBER SECURITY THREAT REPORT Q1 Moving Forward Published by UMC IT Security April 2015 0 U.S. computer networks and databases are under daily cyber-attack by nation states, international crime organizations,
More informationUS Cyber Marathon. David Ambrose, Chief Security Officer and Chief Privacy Officer Bureau of the Fiscal Service U.S. Department of the Treasury
US Cyber Marathon David Ambrose, Chief Security Officer and Chief Privacy Officer Bureau of the Fiscal Service U.S. Department of the Treasury Context: US Government Scope/Scale 320M US citizens 4.1M Government
More informationPROPOSED INTERPRETIVE NOTICE
August 28, 2015 Via Federal Express Mr. Christopher J. Kirkpatrick Secretary Office of the Secretariat Commodity Futures Trading Commission Three Lafayette Centre 1155 21st Street, N.W. Washington, DC
More informationWRITTEN TESTIMONY OF
WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you
More informationIBM Security QRadar Risk Manager
IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Collect network security device configuration data to
More informationAddressing Cyber Threats Multi-Factor Authentication for Privileged User Accounts
Addressing Cyber Threats Multi-Factor Authentication for Privileged User Accounts Contents 3 Introduction 4 Multi-factor authentication for privileged users 7 What other measures should agencies consider?
More informationThe Oracle Mobile Security Suite: Secure Adoption of BYOD
An Oracle White Paper April 2014 The Oracle Mobile Security Suite: Secure Adoption of BYOD Executive Overview BYOD (Bring Your Own Device) is the new mobile security imperative and every organization will
More informationAddressing FISMA Assessment Requirements
SOLUTION BRIEF Heeding FISMA s Call for Security Metrics and Continuous Network Monitoring Addressing FISMA Assessment Requirements Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965 Freedom
More informationUS cybercrime: Rising risks, reduced readiness Key findings from the 2014 US State of Cybercrime Survey
www.pwc.com/cybersecurity US cybercrime: Rising risks, reduced readiness Key findings from the 204 US State of Cybercrime Survey June 204 As cybersecurity incidents multiply in frequency and cost, the
More informationBoard Portal Security: How to keep one step ahead in an ever-evolving game
Board Portal Security: How to keep one step ahead in an ever-evolving game The views and opinions expressed in this paper are those of the author and do not necessarily reflect the official policy or position
More informationCyber Risks in the Boardroom
Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing
More information1 Introduction... 2 2 Product Description... 3 3 Strengths and Challenges... 5 4 Copyright... 5
KuppingerCole Report EXECUTIVE VIEW by Alexei Balaganski May 2015 is a business-critical application security solution for SAP environments. It provides a context-aware, secure and cloud-ready platform
More informationAttack Intelligence: Why It Matters
Attack Intelligence: Why It Matters WHITE PAPER Core Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com A Proactive Strategy Attacks against your organization are more prevalent than ever,
More informationInformation Protection Framework: Data Security Compliance and Today s Healthcare Industry
Information Protection Framework: Data Security Compliance and Today s Healthcare Industry Executive Summary Today s Healthcare industry is facing complex privacy and data security requirements. The movement
More informationTechnical Testing. Application, Network and Red Team Testing DATA SHEET. Test your security defenses. Expert Testing, Analysis and Assessments
DATA SHEET Technical Testing Application, Network and Red Team Testing The Dell SecureWorks Technical Testing services deliver the independent expertise, experience and perspective you need to enhance
More informationWhite Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management
White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES By James Christiansen, VP, Information Risk Management Executive Summary Security breaches in the retail sector are becoming more
More informationTHE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY
THE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY CYBER HYGIENE AND ORGANIZATIONAL PLANNING ARE AT LEAST AS INTEGRAL TO SECURING INFORMATION NETWORKS AS FIREWALLS AND ANTIVIRUS SOFTWARE Cybersecurity
More informationThe Path Ahead for Security Leaders
The Path Ahead for Security Leaders Executive Summary What You Will Learn If you asked security leaders five years ago what their primary focus was, you would likely get a resounding: securing our operations.
More informationALERT LOGIC FOR HIPAA COMPLIANCE
SOLUTION OVERVIEW: ALERT LOGIC FOR HIPAA COMPLIANCE AN OUNCE OF PREVENTION IS WORTH A POUND OF CURE Alert Logic provides organizations with the most advanced and cost-effective means to secure their healthcare
More informationPresidential Summit Reveals Cybersecurity Concerns, Trends
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Presidential Summit Reveals Cybersecurity Concerns,
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationwww.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14
www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the
More informationPrivilege Gone Wild: The State of Privileged Account Management in 2015
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationDefending yesterday. Telecommunications. Key findings from The Global State of Information Security Survey 2014
www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday
More informationIDENTIFYING AND RESPONDING TO DATA BREACHES
IDENTIFYING AND RESPONDING TO DATA BREACHES Michael P. Hindelang Honigman Miller Schwartz and Cohn LLP October 14, 2015 Merit Security Summit DATA SECURITY RISKS, THREATS & REAL WORLD EXAMPLES OVERVIEW
More informationOvercoming Five Critical Cybersecurity Gaps
Overcoming Five Critical Cybersecurity Gaps How Active Threat Protection Addresses the Problems that Security Technology Doesn t Solve An esentire White Paper Copyright 2015 esentire, Inc. All rights reserved.
More informationGlobal State of Information Security Survey 2015
www.pwc.ch/cybersecurity Global State of Information Security Survey 2015 The risks and repercussions of security incidents continue to rise as preparedness falls. Agenda Methodology Key findings Focus
More informationCombatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation
Combatting the Biggest Cyber Threats to the Financial Services Industry A White Paper Presented by: Lockheed Martin Corporation Combatting the Biggest Cyber Threats to the Financial Services Industry Combatting
More informationPursuing Compliance with the FFIEC Guidance Risk Assessment 101 KPMG RISK ADVISORY SERVICES
Pursuing Compliance with the FFIEC Guidance Risk Assessment 101 KPMG RISK ADVISORY SERVICES Contents PART I An Increasing Threat: Identity Theft The FFIEC Response Risk Assessment Fundamentals The FFIEC
More informationCybercrime: risks, penalties and prevention
Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,
More informationAddressing the United States CIO Office s Cybersecurity Sprint Directives
RFP Response Addressing the United States CIO Office s Cybersecurity Sprint Directives How BeyondTrust Helps Government Agencies Address Privileged Account Management and Improve Security July 2015 Addressing
More informationTime Is Not On Our Side!
An audit sets the baseline. Restricting The next steps Authenticating help prevent, Tracking detect, and User Access? respond. It is rare for a few days to pass without news of a security breach affecting
More informationSecurity Overview. BlackBerry Corporate Infrastructure
Security Overview BlackBerry Corporate Infrastructure Published: 2015-04-23 SWD-20150423095908892 Contents Introduction... 5 History... 6 BlackBerry policies...7 Security organizations...8 Corporate Security
More informationHow To Hack A Corporate Network
PRODUCT WHITE OVERVIEW PAPER How Malware and Targeted Attacks Infiltrate Your Data Center 54% of breaches involve compromised servers Advanced targeted attacks are more focused and persistent than ever
More information