Key Cyber Risks at the ERP Level



Similar documents
Into the cybersecurity breach

Risk Considerations for Internal Audit

Cybersecurity The role of Internal Audit

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Address C-level Cybersecurity issues to enable and secure Digital transformation

CYBER SECURITY SERVICES PWNED

Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard

Cybersecurity and Privacy Hot Topics 2015

Cybersecurity Strategic Consulting

IT audit updates. Current hot topics and key considerations. IT risk assessment leading practices

Cyber security Building confidence in your digital future

Cyber Security: Confronting the Threat

Do you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Security and Privacy Trends 2014

Cyber security Building confidence in your digital future

Third Party Risk Management 12 April 2012

Best Practices in Incident Response. SF ISACA April 1 st Kieran Norton, Senior Manager Deloitte & Touch LLP

Managing cyber risks with insurance

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Addressing Cyber Risk Building robust cyber governance

The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v

Threat Intelligence & Analytics Cyber Threat Intelligence and how to best understand the adversary s operations

CONNECTING ACCESS GOVERNANCE AND PRIVILEGED ACCESS MANAGEMENT

BlackStratus for Managed Service Providers

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS

Quantum Dawn 2 A simulation to exercise cyber resilience and crisis management capabilities. October 21, 2013

Assessing the strength of your security operating model

Cybersecurity and internal audit. August 15, 2014

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

Standing together for financial industry cyber resilience Quantum Dawn 3 after-action report. November 23, 2015

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

A HELPING HAND TO PROTECT YOUR REPUTATION

Where insights lead Cybersecurity and the role of internal audit: An urgent call to action

Cloud security architecture

Reducing Cyber Risk in Your Organization

nfx One for Managed Service Providers

Teradata and Protegrity High-Value Protection for High-Value Data

Phone: Fax:

Deloitte Analytics. Trusting big data: Perspective on data governance as a customer analytics investment

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

WHITE PAPER OCTOBER Unified Monitoring. A Business Perspective

Conducting due diligence and managing cybersecurity in medical technology investments

Accelerate Your Enterprise Private Cloud Initiative

Title here. Successful Business Model Transformation. in the Financial Services Industry. KPMG s Evolving World of Risk Management SECTORS AND THEMES

National Security & Homeland Security Councils Review of National Cyber Security Policy. Submission of the Business Software Alliance March 19, 2009

Defending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014

How To Protect Your Network From Attack From A Network Security Threat

BSA GLOBAL CYBERSECURITY FRAMEWORK

Will risk rain on your move to the cloud? The role of Internal Audit in the Digital Enterprise

Big data The three-minute guide

How To Buy Nitro Security

The Rising Tide of Pharmacy Benefit Cost and Complexity: A health plans roadmap to optimizing pharmacy services relationships

Executive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3

Navigating the next generation of cloud ERP Insurance

CYBER SECURITY, A GROWING CIO PRIORITY

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions

Update On Smart Grid Cyber Security

A NEW APPROACH TO CYBER SECURITY

INSERT COMPANY LOGO HERE

Cyber Security: from threat to opportunity

Conquering PCI DSS Compliance

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

2012 North American Managed Security Service Providers Growth Leadership Award

White Paper. Architecting the security of the next-generation data center. why security needs to be a key component early in the design phase

PCI DSS Top 10 Reports March 2011

THE CXO S GUIDE TO MANAGING EXPANSION... WHILE CONTROLLING COSTS & COMPLIANCE CONSIDERATIONS

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Third-Party Risk Management for Life Sciences Companies

AKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.

1. Understanding Big Data

Securing Industrial Control Systems Secure. Vigilant. Resilient. May 2015

RSA enables rapid transformation of Identity and Access Governance processes

Master big data to optimize the oil and gas lifecycle

Data Masking Best Practices

Sustainability Analytics The three-minute guide

InforCloudSuite. Public Sector. Overview INFOR CLOUDSUITE PUBLIC SECTOR 1

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights)

An introduction to Cryptosoft

Transcription:

Key Cyber Risks at the ERP Level Process & Industrial Products (P&IP) Sector December, 2014

Today s presenters Bhavin Barot, Sr. Manager Deloitte & Touche LLP Goran Ristovski, Manager Deloitte & Touche LLP 1

Agenda and Objectives Areas of Cyber Risk within ERP and P&IP Sector Emerging Cyber Risk Triggers, Issues and Opportunities Enterprise Resource Planning (ERP) within organizations and key trends Application Security Monitoring Expanding Application Ecosystems Managed Services Preventing Cyber Attacks Next Steps What can you do to help your organization? 2

Areas of Cyber Risks There is a preponderance of ERP platforms in the P&IP Sector. Cyber is at the heart of these environments. Changing the game on cyber risk Most reports on cyber risk revolve around a common theme: despite heightened attention and unprecedented levels of security investment, the number of cyber incidents and their associated costs continues to rise. They typically point to the growing sophistication of hackers and other adversaries as a particularly intractable problem, and some consider whether being secure is even possible in today s rapidly evolving landscape of cyber-attacks. Compound this fact with the constantly changing technology landscape, and you have a challenge that can become exceptionally complex for many ERP centric companies. Enterprise Application Integrity is at the core Companies are focused on competencies to address the ever-changing technology ecosystem, including the move of applications to the edge, the increasing application layer cyber threat, and the growing analytics opportunity for continuous security and control monitoring. They do this through core application security and controls design work, with focus on application and control monitoring, Governance, Risk and Compliance (GRC) data analytics, and enterprise application resiliency. 3 As used in this document, Deloitte means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.

P&IP industry is evolving Is your company protected? The need for a more integrated supply chain is driving producers to open up ends of their supply chain to outside vendors and customers these connections and relationships must be adequately secured to protect the organization. Recent cyber attacks highlight the urgency for organizations to contend with ever increasing risks to customer protection, continuity, fiduciary responsibility and operations. Cyber issues lead to brand degradation and change in consumer behavior. Increased government and environmental regulations can have an effect on organizations dealing within the P&IP sector greater emphasis must be placed on validating that organizations are compliant with all applicable regulations. The consolidation of companies within the sector can lead to system integration challenges when dealing with divided systems. The combination of two organizations intellectual property needs to be tightly controlled. 4

Cyber Risk Triggers, Key Issues and Opportunities The following market triggers and trends within P&IP are classic enablers for addressing Cyber Risk issues: Trigger Key Issues & Opportunities System Integration The need for combining outdated siloed systems increases the need for consolidated business processes Technology components must be secured and structured so that business process data and operations can operate smoothly Data classification and Protection P&IP data regarding margins, costs and manufacturing processes are typically regarded as highly sensitive The access and handling of this data needs to be controlled to authorized personnel Trade Secret Protection Competition in the P&IP sector and the protection of key formulas and recipes is often regarded as the most critical asset a company possesses The access and handling of this critical data needs to be restricted to limited authorized personnel and monitored Government and environmental Regulations Heavy regulations or responsibility for the storage of other organization s data cause more legal requirements and potential penalties Systems need to be setup to comply with all regulations Mergers and Acquisitions Integration of technology systems and/or processes with a child company s users, systems and/or processes is a struggle Systems need to be built so they are scalable for future growth Business Continuity Incident (internal or external) brings the system to a standstill Prevent impact on business operations and have resiliency programs ready for deployment after an incident 5

ERP within the P&IP Industry Expanding Value The traditional monolithic, Information Technology (IT)-driven world of ERP that most organizations inhabit today is coming under siege sooner than expected as the business continues to question the value they receive from their ERP investments, users complaints of inflexible and unfriendly processes, and ERP vendors struggle to deliver innovation. Secure ERP Focus Secure Secure IT Landscape Vigilant Vigilant Monitoring Resilient Strategies Resilient Traditional Business Value Future Business Value 6

Key ERP Trend 1 Application Security Monitoring Overview Companies desire to be more proactive in preventing events within the IT landscape, including threats in their ERP environment. They are moving toward real-time, up-front, preventative, monitoring of enterprise application user activity to identify trends and vulnerabilities within their core business applications. Reacting to incidents after they occur, in a detective fashion, is no longer an option in the fast-paced and ever changing world of cyber risk. Impacts Real-time monitoring of ERP security, controls and transaction usage: Increased predictive and preventive controls; reduced detective controls Enhanced ability to respond to breaches and security events within their ERP environment Increased risk intelligence by correlating isolated security events across the IT landscape Improved efficiencies in overall monitoring program by incorporating them into ERP program implementation Potential Risk Mitigation Steps Implement Security Information and Event Monitoring (SIEM) Integration services Procure managed services Security Operation Center (SOC) 7

Key ERP Trend 2 Expanding Application Ecosystem Overview With the convergence of social, mobile, cloud and information into the application ecosystem; significant user expectation changes regarding how they interact with all technologies including those found in major business applications such as ERP is being created. Getting to the new world of variably coupled, user-driven ERP will create some major challenges for many organizations. Impacts Increased usage of Connective Technology integrating multiple applications from multiple vendors Shift toward Systems of Engagement allowing increased accessibility/agility to employees, vendors, and customers Increased exposure of data Potential Risk Mitigation Steps Integrate multiple technologies (e.g., Identity and Access Management (IAM)), Programs and tools Focus on personalized security that is dynamic, integrated and seamless for users based on policies and attributes Focus on data security requirements (e.g., privacy, PII) 8

Key ERP Trend 3 Application Managed Services Overview IT organizations are facing a myriad of challenges when supporting their IT infrastructure. These costs tend to grow as the need for business driven real time applications enter a company s datacenter. Business leaders and customers expect that these systems remain usable, responsive and robust, including the support and maintenance of those systems. Companies can face an uphill battle when operating a production support model for applications. The support of these applications can consume IT budgets quickly and leave little room for much needed IT projects. Outsourcing of these support services can free up a company's IT department to concentrate on driving business growth and enhancing efficiencies. Impacts Increased ability to support their organizations Reduction in the overall cost of maintaining systems and production environments Increased ability to concentrate on larger projects Potential Risk Mitigation Steps Take a broad approach to cyber risk on ERP implementations Procure Managed Service 9

Key ERP Trend 4 Preventing Cyber Attacks Overview Attacks are exploiting weaknesses in traditional controls and IT infrastructure, some very destructive. Traditional controls around IT systems are necessary but not adequate greater emphasis must be placed on preventative controls, rapid detection, and rapid response. The need for a more integrated supply chain are driving producers to open up end of their supply chain to outside vendors and customers. these connections and relationships must be adequately secured to protect the organization against unauthorized access and protect data when external entities access systems. Recent cyber attacks highlight the urgency for organizations to contend with ever increasing risks to customer protection, continuity, fiduciary responsibility and operations. Cyber issues lead to brand degradation and change in consumer behavior. Impacts Potential damage to brand position in the marketplace Financial loss due to decrease in customer confidence Loss of business function or operations due to system downtime Potential loss of intellectual property or sensitive data Potential Risk Mitigation Steps Develop security frameworks for the critical cyber infrastructure Perform threat assessments for network and infrastructure Provide investigation support, readiness support for regulatory compliance (e.g., ITAR/EAR) Develop and implement threat response procedures and plans 10

Next Steps What can you do to help your organization? 1 Be proactive and talk to the stakeholders of your company s ERPs and identity two to three Cyber security areas that may be of interest to them and discuss those topics with them. 2 Talk to your company executives about other avenues of cyber security outside of core ERP. Listen to the challenges they have and the market triggers shared today. 3 Construct a broad approach on addressing and mitigating the Cyber Security Risks. 11

This presentation contains general information only and Deloitte is not, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this presentation. Member of Deloitte Touche Tohmatsu Limited

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information