Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties



Similar documents
The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v

Answering your cybersecurity questions The need for continued action

Assessing the strength of your security operating model

Cyber security Building confidence in your digital future

Cyber security Building confidence in your digital future

Cybersecurity and Privacy Hot Topics 2015

Cyber Security for the Private Sector: What Companies and Their Lawyers Need to Know

We believe successful global organisations can confront fraud, corruption and abuse PwC Finland Forensic Services

Developing a robust cyber security governance framework 16 April 2015

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So?

Cybersecurity y Managing g the Risks

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re

Reputation Impact of a Data Breach Executive Summary

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?

Statement of Qualifications Cybercrime & data breach

CYBERSECURITY RISK MANAGEMENT

Law Firm Cyber Security & Compliance Risks

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements

Enterprise Security Governance. Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security

Managing cyber risks with insurance

Exercising Your Enterprise Cyber Response Crisis Management Capabilities

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC

October 24, Mitigating Legal and Business Risks of Cyber Breaches

Cybersecurity The role of Internal Audit

IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope

Privacy / Network Security Liability Insurance Discussion. January 30, Kevin Violette RT ProExec

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

Mitigating and managing cyber risk: ten issues to consider

POLICIES TO MITIGATE CYBER RISK

CYBERSECURITY INVESTIGATIONS

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

PREPARE YOUR INCIDENT RESPONSE TEAM

Cybercrime: risks, penalties and prevention

Into the cybersecurity breach

FINAL // FOR OFFICIAL USE ONLY. William Noonan

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Working with the FBI

Jefferson Glassie, FASAE Whiteford, Taylor & Preston

Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner

PCL2\ \1 CYBER RISKS: RISK MANAGEMENT STRATEGIES

Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015

Knowing Your Enemy How Your Business is Attacked. Andrew Rogoyski June 2014

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

Cybersecurity and Insurance Companies

Cybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP

Managing Cyber Risk through Insurance

Network Security & Privacy Landscape

Aftermath of a Data Breach Study

Best Practices in Incident Response. SF ISACA April 1 st Kieran Norton, Senior Manager Deloitte & Touch LLP

Getting real about cyber threats: where are you headed?

Nerds and Geeks Re-United: Towards a Practical Approach to Health Privacy Breaches. Gerard M. Stegmaier gstegmaier@wsgr.

Understanding the Business Risk

Cyber Insurance Presentation

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

Cyber Risks in the Boardroom

DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS?

January IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director

Presidential Summit Reveals Cybersecurity Concerns, Trends

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

The Importance of Senior Executive Involvement in Breach Response

How To Protect Your Business From A Cyber Attack

Defending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014

Cybersecurity: Protecting Your Business. March 11, 2015

Nuclear Security Requires Cyber Security

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION

Identifying Cyber Risks and How they Impact Your Business

Cyber Risk and the Utility Industry

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

New York State Department of Financial Services. Report on Cyber Security in the Insurance Sector

SafeBiz. Identity Theft and Data Breach Program For Small & Medium Size Businesses (SMB)

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

Adopting a Cybersecurity Framework for Governance and Risk Management

Cyber Security for audit committees

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Economic Crime: A Threat to Business Globally

DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS?

Executive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3

Transcription:

Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties Pamela Passman President and CEO Center for Responsible Enterprise And Trade (CREATe.org) Glenn T. Ware, Esq. Principal, Leader, International Anti- Corruption, Corporate Intelligence and Strategic Threat Management PriceWaterhouseCoopers -PwC Luis Canuto Global Ethics Investigations Co-Leader, Latin America Ethics Compliance Director Dell Globalized Marketplace Fragmented Value Chains Information Digitalization Mobile Workforce 1

Threat Actor Objectives Vulnerabilities Risks / Outcomes Nation States Malicious Insiders Competitors Transnational Organized Crime Hacktivists Military technology, help national companies Competitive advantage, financial gain, national goals Competitive advantage Financial gain Political/social goals Processes People Technology IP Theft Data Breaches Disrupted Business Reputational issues Lost revenues Lawsuits Fines Source: CREATe.org PwC Report: Economic Impact of Trade Secret Theft: A framework for companies to safeguard trade secrets and mitigate potential thefts, February 2014 Intellectual Property Counterfeits 7-8% total world trade is counterfeit Piracy: Consumers will spend 1.5 billion hours and US$22 billion identifying, repairing, recovering from malware Global enterprises will spend US$114 billion to deal with impact of a malware-induced cyber-attack Users of stolen software are particularly vulnerable to malware and other cyber-security threats Trade secret theft: 1-3% GDP of US and other advanced industrial economies Data Breaches On the rise: Malicious code and sustained probes have increased the most: average of 17 malicious codes/month, 12 probes/month, 10 unauthorized access incidents Greatest threat: Malicious insider or criminal attack Uncertainty about steps to take: 50% low/no confidence they are making the right investments in people, process and technologies to address threats Source: 2014 Cost of Data Breach Study: Sponsored by IBM, Conducted by Ponemon Institute LLC. 2

www.pwc.com Role of the Legal and Compliance Departments Legal & Compliance Roles Regulating cyber security, IP theft and data breaches Two types of regimes Substantive regimes: - E.O. 13636, Improving Critical Infrastructure Security, calls for Voluntary Cybersecurity Standards for Critical Infrastructure - Market forces drive a trickle-down regulation environment - Standard of care Substantive regimes: - CF Disclosure Guidance: Topic No. 2 - State breach notification laws PwC 6 3

Looking Beyond Working with 3 rd parties, increased regulatory pressure Some recent changes in the regulatory environment 1. Increase in congressional inquiries 2. FBI / USSS Cooperation 3. Increased calls for FTC involvement 4. PLA Indictment Other considerations 1. Establish line of communication in event of an attack 2. Understand obligations which result from enhanced informationsharing. PwC 7 On the cyber threat landscape, insiders can potentially cause the most damage Adversary Motives Targets Impact Nation State Economic, political, and/or military advantage Trade secrets Sensitive business information Emerging technologies Critical infrastructure Loss of competitive advantage Disruption to critical infrastructure Organized Crime Immediate financial gain Collect information for future financial gains Financial / Payment Systems Personally Identifiable Information Payment Card Information Protected Health Information Costly regulatory inquiries and penalties Consumer and shareholder lawsuits Loss of consumer confidence Hacktivists Influence political and /or social change Pressure business to change their practices Corporate secrets Sensitive business information Information related to key executives, employees, customers & business partners Disruption of business activities Brand and reputation Loss of consumer confidence Insiders Personal advantage, monetary gain Professional revenge Patriotism Sales, deals, market strategies Corporate secrets, IP, R&D Business operations Personnel information Trade secret disclosure Operational disruption Brand and reputation National security impact PwC 8 4

Building a comprehensive program for insider threat management is critical to security Program framework Sample program outcomes Program policies and governance structure Policy and Process Threat and vulnerability assessments Thorough risk analysis of facilities or product lines, with recommendations Training, Awareness, and Communication Governance & Organization Tools and Data Analytics Policies and processes for investigation, diligence, monitoring, escalation, and incident response Risk-ratings for personnel and 3 rd party corporate partners Country and region specific strategies for managing localized insider threats Threat Assessments and Analysis Training, awareness, and workforce messaging programs across ethics and information security Case management, technical tools, and data fusion analytics Insider Threat Detection and Monitoring Insider Threat Investigation Technology Consulting Threat Intelligence Host / network monitoring and surveillance Network/host sensors Internal business and HR processes Computer forensics tools and processes Data loss awareness Background investigations and due diligence Forensic investigation / interviews Honey Tokens and beacons Risk indicator ontology Evidence preservation and documentation Behavioral analytics Risk rating tools and processes Damage / data loss assessment Identity/Access management Network/host behavioral analysis Law enforcement / government coordination Threat intelligence analytics Triage, escalation, and decision support Case management platforms process PwC 9 Better mgmt. decisions: Consolidated Reporting Broader Data Analytics E-to-E Risk Management Ethics Compliance IP Breaches Secure Database Security Ethics HR IT Security Privacy 5

Legal measures Legislation Laws Contracts Law Enforcement Pamela Passman Center for Responsible Enterprise And Trade (CREATe.org) Glenn T. Ware, Esq. PriceWaterhouseCoopers - PwC Luis Canuto Dell 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information