PwC Cybersecurity Briefing



Similar documents
The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v

Cyber security Building confidence in your digital future

Cyber security Building confidence in your digital future

Cybersecurity and Privacy Hot Topics 2015

Defending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

Managing cyber risks with insurance

Why you should adopt the NIST Cybersecurity Framework

10Minutes. on the stark realities of cybersecurity. The Cyber Savvy CEO. A changed business environment demands a new approach:

Defending yesterday. Retail & Consumer. Key findings from The Global State of Information Security Survey 2014

Assessing the strength of your security operating model

Information Technology in the Automotive Aftermarket

US cybercrime: Rising risks, reduced readiness Key findings from the 2014 US State of Cybercrime Survey

January IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director

POLICIES TO MITIGATE CYBER RISK

Cyber Risks in the Boardroom

Getting real about cyber threats: where are you headed?

Do you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Surviving Contact with Reality Crisis exercises as a key element of cyber incident and crisis management response.

Don t Get Left in the Dust: How to Evolve from CISO to CIRO

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

The Path Ahead for Security Leaders

Data Centric Security Management. Protecting information in a rapidly evolving and interconnected future

Developing a robust cyber security governance framework 16 April 2015

Logging In: Auditing Cybersecurity in an Unsecure World

FFIEC Cybersecurity Assessment Tool

Zak Khan Director, Advanced Cyber Defence

CYBER SECURITY, A GROWING CIO PRIORITY

Answering your cybersecurity questions The need for continued action

Managing the Unpredictable Human Element of Cybersecurity

Italy. EY s Global Information Security Survey 2013

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch

Data Security: Fight Insider Threats & Protect Your Sensitive Data

Executive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3

Cyber security: Are Australian CEOs sleepwalking or a step ahead? kpmg.com.au

Cybersecurity The role of Internal Audit

The Current State of Cyber Security

Protecting against cyber threats and security breaches

Security and Privacy Trends 2014

RETHINKING ORC: NRF S CYBER SECURITY EFFORTS. OMG Cross Domain Threat & Risk Information Exchange Day, March 23, 2015

Seamus Reilly Director EY Information Security Cyber Security

ICBA Summary of FFIEC Cybersecurity Assessment Tool

Cyber Security From The Front Lines

Actions and Recommendations (A/R) Summary

Separating Security and Information Management into Two Industry-Leading Technology Companies

Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA

Cyber Security Risks for Banking Institutions.

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

The promise and pitfalls of cyber insurance January 2016

Developing National Frameworks & Engaging the Private Sector

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Cybersecurity in the States 2012: Priorities, Issues and Trends

Partnership for Cyber Resilience

2011 Cyber Security and the Advanced Persistent Threat A Holistic View

Microsoft s cybersecurity commitment

Symantec Cyber Security Services: DeepSight Intelligence

Data Breach Response Planning: Laying the Right Foundation

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties

Security Intelligence

FREQUENTLY ASKED QUESTIONS

Identifying and Managing Third Party Data Security Risk

Attack Intelligence: Why It Matters

BECAUSE CYBERSECURITY RISKS ARE ENTERPRISE RISKS.

Cyber Risk to Help Shape Industry Trends in 2014

Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security

Transcription:

www.pwc.com/cybersecurity Cybersecurity Briefing June 25, 2014 The views expressed in these slides are solely the views of the presenters and do not necessarily reflect the views of the PCAOB, the members of the Board, or the Board's staff. The PCAOB makes no representation as to the accuracy or completeness of this information.

Environmental The cyber challenge now extends beyond the enterprise Customer Global Business Ecosystem Economic Industry/ Competitors Enterprise Suppliers The Evolution: Technology-led innovation has enabled business models to evolve The extended enterprise has moved beyond supply chain and consumer integration Connectivity and collaboration now extends to all facets of business Consumer JV/ Partners Technology Service Providers Leading to: A dynamic environment that is increasingly interconnected, integrated, and interdependent Where changing business drivers create opportunity and risk Pressures and changes which create opportunity and risk 2

Scope of cybersecurity Technology types Information Technology Operational Technology Consumer (Products and Services) Technology Computing resources and connectivity for processing and managing data to support organizational functions and transactions Systems and related automation assets for the purpose of monitoring and controlling physical processes and events or supporting the creation and delivery of products and services Computing resources and connectivity integrated with or supporting external end-user focused products and services Cybersecurity encompasses all three technology types 3

Evolving perspectives Considerations for businesses adapting to the new reality Historical IT Security Perspectives Scope of the challenge Limited to your four walls and the extended enterprise Ownership and accountability Adversaries characteristics Information asset protection Today s Leading Cybersecurity Insights Spans your interconnected global business ecosystem IT led and operated Business-aligned and owned; CEO and board accountable One-off and opportunistic; motivated by notoriety, technical challenge, and individual gain Defense posture Protect the perimeter; respond if attacked Security intelligence and information sharing Organized, funded and targeted; motivated by economic, monetary and political gain One-size-fits-all approach Prioritize and protect your crown jewels Plan, monitor, and rapidly respond when attacked Keep to yourself Public/private partnerships; collaboration with industry working groups 4

The World Economic Forum ranked cyber attacks as one of the top 5 most likely risks in 2014 Source: World Economic Forum Global Risks 2014 5

Summary findings from US State of Cybercrime Survey 1. Spending with a misaligned st r a tegy isn t s m a rt Strategy should be linked to business objectives, with allocation of resources tied to risks. 38% prioritize security investments based on risk and impact to business 3. A missing link in t he supply chain Flow of data to supply chain partners continues to surge, yet they are not required to comply with privacy and security policies. 2 7 % conduct incident-response planning with supply chain partners 8% have supply chain riskmanagement capability 2. Business par t ners fl y under t he security r adar Recent contractor data leaks and payment card heists have proved that adversaries can and will infiltrate systems via third parties, but most organizations do not address third-party security. 44% have a process for evaluating third parties before launch of business operations 3 1 % include security provisions in contracts with external vendors and suppliers 4.Slow m oves in mobile security Mobile technologies and risks are proliferating but security efforts are not keeping up. 3 1 % have a mobile security strategy 38% encrypt devices 3 6 % employ mobile device management 1., CSO magazine, CIO magazine, The Global State of Information Security Survey 2014, September 2013 6

Summary findings from US State of Cybercrime Survey (cont.) 8.Untr ained employees d r ain r evenue Employee vulnerabilities are well known, but businesses do not train workers in good cybersecurity hygiene. 20% train on-site first responders to handle potential evidence 7 6 % less is spent on security events when employees are trained, yet 54% do not provide security training for new hires 7.Got suspicious employee behavior? Cybersecurity incidents carried out by employees have serious impact, yet are not addressed with the same rigor as external threats like hackers. 49% have a formal plan for responding to insider events 7 5 % handle insider incidents internally without involving legal action or law enforcement 5. Failing t o assess for t hreats is r isky business Organizations typically include cyber risks in enterprise risk-management programs but do not regularly assess threats. 4 7 % perform periodic risk assessments 2 4 % have an objective third party assess their security program 6.It t akes a team t o beat a crook External collaboration is critical to understanding today s threats and improving cybersecurity but most don t work with others. 2 5 % participate in Information Sharing and Analysis Centers (ISACs) 1 5 % work with public law enforcement agencies 1., CSO magazine, CIO magazine, The Global State of Information Security Survey 2014, September 2013 7

Evolving business risks impacting brand, competitive advantage, and shareholder value Highlights of activities impacting risk: Advancements in and evolving use of technology adoption of cloud-enabled services; Internet of Things ( IoT ) security implications; BYOD usage Value chain collaboration and information sharing persistent third party integration; tiered partner access requirements; usage and storage of critical assets throughout ecosystem Operational fragility Real-time operations; product manufacturing; service delivery; customer experience Business objectives and initiatives M&A transactions; emerging market expansion; sensitive activities of interest to adversaries Unmanaged risks with potential longterm, strategic implications Historical headlines have primarily been driven by compliance and disclosure requirements However, the real impact is often not recognized, appreciated, or reported Cybersecurity must be viewed as a strategic business imperative in order to protect brand, competitive advantage, and shareholder value 8

Steps organizations can take to address cybersecurity risks Organizations can t eliminate the risk of cyber attack, but they can minimize its consequences. Here are 5 things leading organizations do to combat cybersecurity risks. 1 2 Own Cyber risk is owned by leadership and is not relegated to the IT department. Periodic cybersecurity briefings are provided to the Board and C-Suite. Prioritize Leadership prioritizes and monitors cybersecurity investments. Investments are made in new capability, not just technology. Crown jewels have been identified and their protection prioritized. 3 4 5 Learn and Incorporate Leading organizations work with various external parties, share information on current threats and incorporate learnings into their own cybersecurity monitoring initiatives. Culture and Awareness A security culture and mindset is reinforced through testing and training so all employees, including the C-Suite, understand their role in protecting information assets. Secure All technology domains and high-risk interconnection points are continually assessed and secured, control systems, product development, 3 rd parties, the supply chain, mobile devices and the cloud. 9

Thank You 2014 PricewaterhouseCoopers LLP. All rights reserved. In this document, refers to PricewaterhouseCoopers LLP which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity. 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information