Cyber Security Landscape 2022

Similar documents
Cybersecurity The role of Internal Audit

FACT SHEET: Ransomware and HIPAA

Into the cybersecurity breach

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Developing National Frameworks & Engaging the Private Sector

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Where insights lead Cybersecurity and the role of internal audit: An urgent call to action

Defending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

Cyber Security Evolved

IT AUDIT WHO WE ARE. Current Trends and Top Risks of /9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Data Security: Fight Insider Threats & Protect Your Sensitive Data

IBM Security Strategy

Cybersecurity and internal audit. August 15, 2014

I N T E L L I G E N C E A S S E S S M E N T

Standing together for financial industry cyber resilience Quantum Dawn 3 after-action report. November 23, 2015

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

National Cyber Security Policy -2013

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Information Security Services

Knowing Your Enemy How Your Business is Attacked. Andrew Rogoyski June 2014

Perspectives on Cybersecurity in Healthcare June 2015

CONSULTING IMAGE PLACEHOLDER

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

The Onslaught of Cyber Security Threats and What that Means to You

Cybersecurity Strategic Consulting

Appendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises

The NIST Cybersecurity Framework (CSF) Unlocking CSF - An Educational Session

Teradata and Protegrity High-Value Protection for High-Value Data

THE SECURITY EXECUTIVE S GUIDE TO A SECURE INBOX. How to create a thriving business through trust

New York State Department of Financial Services. Report on Cyber Security in the Insurance Sector

WHITE PAPER. Managed Security. Five Reasons to Adopt a Managed Security Service

Defending against modern threats Kruger National Park ICCWS 2015

Cyber security Building confidence in your digital future

Managing cyber risks with insurance

Seamus Reilly Director EY Information Security Cyber Security

I ve been breached! Now what?

CYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS. Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015

IBM Security re-defines enterprise endpoint protection against advanced malware

CYBER SECURITY INFORMATION SHARING & COLLABORATION

Bridging the data gap in the insurance industry. Cyber crisis management: Readiness, response, and recovery

Stay ahead of insiderthreats with predictive,intelligent security

Gregg Gerber. Strategic Engagement, Emerging Markets

CKAHU Symposium Cyber-Security

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath

SPEAR-PHISHING ATTACKS

Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement

Table of Contents. Application Vulnerability Trends Report Introduction. 99% of Tested Applications Have Vulnerabilities

Information Security for the Rest of Us

ISO27032 Guidelines for Cyber Security

Defending Against Data Beaches: Internal Controls for Cybersecurity

BladeLogic Software-as-a- Service (SaaS) Solution. Help reduce operating cost, improve security compliance, strengthen cybersecurity posture

Cybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015

Protecting against cyber threats and security breaches

Internal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015

PwC Cybersecurity Briefing

Cybersecurity in the States 2012: Priorities, Issues and Trends

Key Cyber Risks at the ERP Level

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Impact of Data Breaches

Driving Success in 2013: Enabling a Smart Protection Strategy in the age of Consumerization, Cloud and new Cyber Threats. Eva Chen CEO and Co-Founder

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊

Cyber intelligence exchange in business environment : a battle for trust and data

NGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity;

Central Asian Information Security Survey Results (2014) Insight into the information security maturity of organisations, with a

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)

FFIEC Cybersecurity Assessment Tool

Middle Class Economics: Cybersecurity Updated August 7, 2015

Cyber Insurance: How to Investigate the Right Coverage for Your Company

APT Advanced Persistent Threat Time to rethink?

Addressing Cyber Risk Building robust cyber governance

Microsoft s cybersecurity commitment

Technology and Cyber Resilience Benchmarking Report December 2013

Advanced Threat Protection with Dell SecureWorks Security Services

Post-Access Cyber Defense

Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape

Risk Considerations for Internal Audit

Cisco Master Security Specialization Practice Areas Summary. February 2016

OCIE Technology Controls Program

2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security

The Protection Mission a constant endeavor

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses

Testimony of Dan Nutkis CEO of HITRUST Alliance. Before the Oversight and Government Reform Committee, Subcommittee on Information Technology

Transcription:

Cyber Security Landscape 2022 Andrew Morrison, Principal, US Leader Cyber Strategy February 2022

ENTERPRISES CAN THRIVE IN AN ERA OF COMPLEXITY Digital interaction with clients and customers Leveraging the latest technological innovation Converging IT/OT and interconnecting supply chains 1

THE BUSINESS LANDSCAPE IS CHANGING AND LAUNCHING THE START OF THE 4 TH INDUSTRIAL REVOLUTION Steam Electricity Digital Hyper-connected and Intelligent 2

THE EVOLUTION OF CYBER RISK The evolution of cyber risk is generally cumulative. That is, the drivers and opportunities in one era do not replace those of the preceding era. Rather, they expand the horizon. 2005-2012 2013-2021 2022 and beyond The era of compliance The era of risk The era of maturity and ubiquity In the wake of the Internet revolution, organizations focused on new standards for information security. The financial crisis also brought intensified focus on regulatory compliance in the areas of information and technology risk. Chief Information Security Officers (CISOs) IT Risk Officers (ITROs) IT Risk assessment and strategy Large-scale risk and security program development Identity and access management system implementation ERP security High-profile cyber attacks across multiple industries stimulated the attention of the media, the public, boards and executive management, inspiring many organizations to move beyond compliance examine the fundamental business risks of cyber. CISOs and ITROs Chief Risk Officers (CROs) Chief Information Officers (CIOs) CEOs, CFOs, CLOs and line-of-business leaders Boards of Directors Cyber Security Cyber Vigilance Cyber Resilience Growing maturity across the capabilities and solutions of the past 15 years will drive many organizations to seek better cost efficiency. At the same time, the increasingly ubiquitous connectivity of products and infrastructure will intensify focus on managing risk in the Internet of Things. CISOs, CIOs, ITROs, CROs, CEOs, CFOs, CLOs, LOB leaders, Boards Product managers and engineers Cyber-managed services Cloud-based cyber solutions Connected device security Market drivers Key Decision Makers Key new opportunities 23

SCALE, SOPHISTICATION AND IMPACT OF TODAY S CYBER THREATS ARE INCREASING Growing exploitation of our digital ecosystem Threat actors moving with the age of digitalisation Increasingly sustained and sophisticated attacks 4

MORE DETERMINED ACTORS OPERATING ON A GLOBAL SCALE Maximising options for opportunistic gain Shifting to direct targeting of internal networks Advancing social engineering and malware capability 5

Why is Ransomware an Issue? Ransomware is the Most Prevalent Emerging Business Risk Ransomware attacks now pose not only a cybersecurity risk, but also an enterprise-wide risk, threatening business continuity and operations. Through all the Deloitte Cyber Capabilities, different enterprise risks can be mitigated to build resiliency and fuel organization s preparedness when it comes to ransomware. G R O W I N G T H R E A T 4,000 Ransomware attacks occur daily 8 F I N A N C I A L T U R M O I L $265 BILLION Ransomware attacks will cost its targets $265 billion by 2031 9a B U S I N E S S I M P A C T S 19 days The average time of system outages 5 80% of Companies who paid the ransom experienced another attack 3 80% $350 M Victims paid $350 million in ransom in 2020 10 92% 92% of companies who paid ransom do not get all their data restored 6 191 days The average number of days an organization takes to identify a breach 2 104% increase In the average ransom payment amount from Q4 2019 2 53% 32% 53% of companies reported that their brand suffered 3 32% of companies lost C-level talent as a direct result of a ransomware incident 3 8.7% increase In the average number of cases that are exfiltrating and dropping ransomware from Q1 2020 5 42% 42% of companies with cyber insurance did not have all losses covered by insurance 3 26% 26% of organizations report a requirement to close operations for some period of time 3 Copyright 2022 Deloitte Development LLC. All rights reserved. Sources: [1] SecurityMetrics [2] PurpleSec [3] CyberReason [4] HG Report [5] Coveware [6] Sophos [7] Deloitte [8] FBI [9] Cybercrime Magazine [10] IST 6

What Happens During a Ransomware Attack? The Anatomy of Ransomware Before actively taking measure for preventing from a Ransomware attack, it is important to understand the overall lifecycle that takes place within an organization during an incident. Outlined below is the anatomy of ransomware and several industry specific examples. Reconnaissance Resource Development Initial Access Execution Privilege Defense Credential Lateral Persistence Discovery Collection Escalation Evasion Access Movement Command and Control Exfiltration Impact R E C O N N A I S S A N C E Gathering and analyzing information to select vulnerabilities to enter the organization D E L I V E R Y Gaining access to organization s networks and data through various entries (phishing, SQL inject, web) E X P L O I T A T I O N Installing backdoors, exploiting alternative vulnerabilities, and exfiltrating or destroying data I M P A C T Demand for Ransom and operational capabilities after recovery efforts R A N S O M W A R E I N D U S T R Y E X A M P L E S Identified a Virtual Private Network (VPN) without Multi Factor Authentication (MFA) Utilized an inactive account credential to get initial access through a remote accessed network. Stole 100 gigabytes of data and caused a shut down of operations of necessary infrastructure Paid $4.4 million to not have data leaked to attackers Information was obtained through legitimate credentials used by attacker Utilized a fake browser update from a legitimate website to inject malware Encrypted systems and ~75,000 client s PII data alongside destroying backups Paid $40 million to regain access to their network and decrypt client PII data Exploited a zero-day vulnerability for VSA software access Restricted admin access to prevent intervention and initiated malicious agent Malicious update disabled malware prevention and related backups Delayed patch development/restored, decryption key later received Purchased stolen credentials from an Initial Access Broker (IAB) and identified a lack of MFA Copyright 2022 Deloitte Development LLC. All rights reserved. Accessed systems through stolen credentials to encrypt data Encrypted and stole 150 gigabytes of data Sources: Bloomberg, EMIS, Heimdal Security, CSO Online, CSO Online, Heimdal Security, EMIS IT Governance UK Paid $4.4 million to regain data access and prevent data disclosure 7

COMPLIANCE AND RESILIENCE IN A DIGITALLY-ENABLED WORLD 1 2 3 4 Getting the fundamentals right Leveraging technology Fusing capabilities Having the right talent 8

GETTING THE FUNDAMENTALS RIGHT Understand the criticality of your most important assets Adopt a security posture relevant to your risk profile Build a robust monitoring and response plan 9

OPPORTUNITY TO BETTER LEVERAGE TECHNOLOGY Adopt new solutions for faster detection and better prevention Leverage data to increase insight and visibility Exploit the digital opportunities of privacy 10

FUSING CAPABILITIES TO INCREASE VISIBILITY Connect more to see more across the attack chain Manage risk better, with less complexity and cost Collaborate across industry to amplify effect Cyber Fraud AML Unified data and capability model Identify Respond Scenario analysis Response & investigation Threat intelligence Data model Detection & analytics Control implementtation Stress testing Prevent Detect 11

HAVING THE RIGHT TALENT Deploy critical skill sets across regions and time zones Build mixed teams of suits and hoodies Grow and enable a new breed of cyber leaders 12

Q&A

Deloitte & Touche LLPrefers to one or more of Deloitte Touche Tohmatsu Limited ("DTTL"), its global network of member firms and their related entities. DTTL (also referred to as "Deloitte Global") and each of its member firms are legally separate and independent entities. DTTL does not provide services to clients. Please see www.deloitte.nl/about to learn more. Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax and related services. Our network of member firms in more than 150 countries and territories serves four out of five Fortune Global 500 companies. Learn how Deloitte s approximately 286,000 people make an impact that matters at www.deloitte.nl. This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited, its member firms or their related entities (collectively, the Deloitte network ) is, by means of this communication, rendering professional advice or services. Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified professional adviser. No entity in the Deloitte network shall be responsible for any loss whatsoever sustained by any person who relies on this communication. 2019 Deloitte & Touche LLP

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information