www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future



Similar documents
Cyber security Building confidence in your digital future

Assessing the strength of your security operating model

10Minutes. on the stark realities of cybersecurity. The Cyber Savvy CEO. A changed business environment demands a new approach:

The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v

Cybersecurity and Privacy Hot Topics 2015

Developing a robust cyber security governance framework 16 April 2015

Answering your cybersecurity questions The need for continued action

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

PwC Cybersecurity Briefing

Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Defending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Government Procurement Service

Cyber Security: from threat to opportunity

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things

Managing cyber risks with insurance

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch

Cyber Security Evolved

Building Digital Trust

PwC s Advanced Threat and Vulnerability Management Services

How To Manage Social Media Risk

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

Addressing Cyber Risk Building robust cyber governance

CONSULTING IMAGE PLACEHOLDER

CGI Cyber Risk Advisory and Management Services for Insurers

Who s next after TalkTalk?

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Cybersecurity and internal audit. August 15, 2014

Data analytics Delivering intelligence in the moment

CYBER SECURITY TRAINING SAFE AND SECURE

A NEW APPROACH TO CYBER SECURITY

The promise and pitfalls of cyber insurance January 2016

Cyber threat intelligence and the lessons from law enforcement. kpmg.com.au

Cyber security: Are consumer companies up to the challenge?

Getting real about cyber threats: where are you headed?

Protecting against cyber threats and security breaches

Managing the Shadow Cloud

External Supplier Control Requirements

National Cyber Security Policy -2013

Cyber Security for audit committees

How To Protect Your Network From Attack From A Network Security Threat

Seamus Reilly Director EY Information Security Cyber Security

Address C-level Cybersecurity issues to enable and secure Digital transformation

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

Cyber Security - What Would a Breach Really Mean for your Business?

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

Key Cyber Risks at the ERP Level

CYBER SECURITY Audit, Test & Compliance

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Managing the Shadow Cloud

Italy. EY s Global Information Security Survey 2013

Protecting your business interests through intelligent IT security services, consultancy and training

Security and Privacy Trends 2014

Statement of Qualifications Cybercrime & data breach

20+ At risk and unready in an interconnected world

IT audit updates. Current hot topics and key considerations. IT risk assessment leading practices

How To Protect Your Business From A Cyber Attack

July New Entrants: Charting the Health Industry s Risk and Regulatory Landscape Where Risk Meets Opportunity

REPORT. Next steps in cyber security

CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY

Cybersecurity: Mission integration to protect your assets

We believe successful global organisations can confront fraud, corruption and abuse PwC Finland Forensic Services

Effective risk management

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation

Into the cybersecurity breach

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

Internal Audit Takes On Emerging Technologies

2 Gabi Siboni, 1 Senior Research Fellow and Director,

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems

Threat smart: Building a cyber resilient financial institution - an East Cluster perspective

UK Corporate Governance Code: Raising the bar on risk management Why this is not business as usual and what you need to do to comply

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

Smart Security. Smart Compliance.

Australian Government Cyber Security Review

CYBER SECURITY, A GROWING CIO PRIORITY

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer

How To Manage Risk On A Scada System

Committees Date: Subject: Public Report of: For Information Summary

THE CYBER SECURITY PLAYBOOK WHAT EVERY BOARD OF DIRECTORS SHOULD KNOW BEFORE, DURING, AND AFTER AN ATTACK SECURITY REIMAGINED

CYBERSECURITY. Global cybersecurity capabilities for a digital transformation with confidence. Delivering Transformation. Together.

Cyber ROI. A practical approach to quantifying the financial benefits of cybersecurity

Do you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape

Access Governance. Delivering value. What you gain. Putting a project back on track for success

How to Develop Successful Enterprise Risk and Vendor Management Programs

Knowing Your Enemy How Your Business is Attacked. Andrew Rogoyski June 2014

Transcription:

www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future 2015

Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services

Confidence in your digital future We believe that confidence in your digital future is essential to the growth of your organisation. It means being aware of your cyber security risks, being able to assess which threats could affect your business goals and having the agility to deal with new threats as they arise. In this paper we look in more detail at how the world has changed and what this means as you operate in an increasingly connected world. We explore the importance of trust in your digital future and how cyber security can help you build digital trust. We then look at the importance of focusing your cyber security investment to protect what matters most to your organisation and how historic ways of approaching security are no longer adequate. We also illustrate the wide range of threats that enterprises now face. Finally we look at what you need to consider to assess the strength of your current cyber security and the steps you can take. We look at six lenses of confidence that help you to apply cyber security to the very heart of your business, where we believe it should be. Cyber Security Building confidence in your digital future 1

Legal Your digital world just got bigger The new business ecosystem Global Industry Industry Regulatory The issue The digital age is bringing rapid change: new customer connections; tighter supply chain integration; new sourcing models; new ways of exploiting bulk data; faster R&D processes; mobility; and much more. Businesses now operate in an interconnected ecosystem. As a result, securing critical data, transactions and operations means working beyond the walls of the enterprise. Environmental Customer Consumer Enterprise Suppliers Service providers The new reality: Increase in reliance on technology Organisations are built on trust and collaboration Information and data ubiquity throughout the business ecosystem Transactions and operations span multiple parties Geo-Political Partners Socio-Cultural New and advanced threats which take advantage of the new reality Technology 2 Cyber Security Building confidence in your digital future

The impact of an interconnected world Digital technology has transformed the scope, scale and potential for business over the past decade. In doing so, it has disrupted the business models of traditional organisations at a rate never experienced before. And it won t stop there. Businesses are facing rapidly increasing exposure to cyber security risk. Cyber security should be treated as an enterprise risk for which boards need to develop a clear risk appetite to suit their specific business circumstances and associated action plan; and need to seek regular assurance that risks are appropriately monitored and managed. In an interconnected world, organisations are dependent on digital business processes. This amplifies the business impact of cyber attacks, affecting intellectual property, financial security, competitive advantage, operational stability, regulatory compliance, and reputation. Businesses that seize the digital advantage must be confident that they are able to manage cyber security risk. Those that are able to build trust with customers and other stakeholders for their digital strategies will be successful. That is, trust that data and transactions will be safe, that identity and privacy issues have been dealt with and trust that systems and processes will be available when needed. Trust takes a long time to build but can be lost in an instant. In short, successful businesses in the digital age will get to grips with cyber security. Old security models are no longer adequate While cyber security risks have evolved, the approach businesses use to manage them has not kept pace. The traditional information security model one that is technology focused, compliancebased, perimeter-oriented, and aimed at securing the back-office does not address the realities of today. When looking beyond the enterprise boundaries, organisations need to re-evaluate security priorities. Cyber risk management today is a complex issue, requiring board and management engagement, sophisticated techniques, and new skills and capabilities. 13.138 92% 28% 13.138: average number of security incidents per year for large organisations Organizations reporting financial hits of $20 million or more increased 92% over 2013. 28% increase in financial loss in Europe arising from security breaches 243 average number of days that a system has been compromised before it is being detected Source: 2015 global state of information security Cyber Security Building confidence in your digital future Kunnen we de volgende twee kengetallen ook opnemen: - 28 % increase in financial loss in Europe arising from security breaches 3

Cyber threats are business risks When CEOs and boards evaluated their market threats or competitors, few previously considered cyber threats. Today, the sheer volume and concentration of data and digital transactions, coupled with easy global access throughout the business ecosystem, magnifies exposure to cyber attack. The reward of a successful attack and the ability to remain anonymous and undetected presents an opportunity for anyone with a computer and Internet connection to infiltrate the business ecosystem. Cyber breaches damage reputations and destroy trust both are vital ingredients for success in the digital age. Organisations must establish a capability to provide continual insight and intelligence on the cyber threats facing the business. Armed with this insight, business leaders can anticipate and react dynamically to changes in their cyber threat profile. Adversary Motives Targets Impact Nation state Economic, political, and/ Trade secrets Loss of competitive or military advantage advantage Sensitive business information Emerging technologies Critical infrastructure Disruption to critical infrastructure Organised crime Immediate financial gain Collect information for future financial gains Financial/payment systems Personally identifiable information Payment card information Protected health information Costly regulatory inquiries and penalties Consumer and shareholder lawsuits Loss of consumer confidence Financial loss Hacktivists Influence political and/or social change Pressure business to change their practices Corporate secrets Sensitive business information Information related to key executives, employees, customers and business partners Disruption of business activities Brand and reputation Loss of consumer confidence Insiders Personal advantage, monetary gain Professional revenge Patriotism Sales, deals, market strategies Corporate secrets, IP, R&D Business operations Personnel information Trade secret disclosure Operational disruption Brand and reputation National security impact 4 Cyber Security Building confidence in your digital future

Adapting your cyber security approach Traditional information security approach Scope of the challenge Limited to the four walls and the extended enterprise Cyber security approach Spans your whole business ecosystem Ownership and accountability IT led and operated Business-aligned and owned; CEO and board accountable Cyber threat characteristics One-off and opportunistic; motivated by notoriety, technical challenge, and individual gain Asset protection One-size-fits-all approach focused on data Defence posture Protect the perimeter; respond if attacked Organised, funded and targeted; motivated by economic, monetary and political gain Prioritise and protect the data, transactions and operations that are most important to your business strategy Plan, monitor, and rapidly respond when attacked Security intelligence and information sharing Keep to yourself Public/private partnerships; collaboration with industry working groups Be prepared for regulatory requirement to report breaches Not all assets are equal. Information, digital transactions and smart devices continue to proliferate at an extraordinary rate. Safeguarding all at the highest level is not realistic or possible. Incidents in some areas can be troubling; others can destroy key elements of your business. Targeting security investment in the right places Cyber Security Building confidence in your digital future 5

Gaining advantage Boards and executives that keep a sustained focus on cyber security do more than protect their business; they enable growth in the digital age. All activities and investments are driven by the best available knowledge about information assets, threats, and vulnerabilities, and are evaluated within the context of business activity. There are three areas we think you should consider when assessing your cyber security posture. 1. Enhance your cyber security strategy and capability Is an integrated cyber security strategy a pivotal part of your business model? Does the strategy consider the full scope of security: technical, physical, legal process, and people? Have you applied the required resources and investments, including seeking legal advice? Do you have the security capability to advise internal business leaders on critical threats, emerging technology, and strategic initiatives? Do you have the policies in place to communicate this strategy? Can you explain your cyber security strategy to your stakeholders: your investors? Your regulators? Your business partners? Your customers? 2. Understand and adapt to changes in the security risk environment Do you know what information and transactions are most valuable to your business? Have you prioritised security to protect those assets accordingly? Have you quantified the business impact if the assets were impaired or manipulated? Do you understand the significant changes in the threats facing your business? Who are your adversaries? What would they target? What techniques might they use? Are you actively acquiring and adapting to internal and external sources of intelligence? How are your controls and countermeasures responsive to events and activities? Are you actively involved in relevant public-private partnerships? Are you investigating incidents when they occur and communicating with regulators? 3. Advance your security posture through a shared vision and culture Does the chief information security officer role report, independent of IT, to the board or an executive leadership team committed to cyber security? Do your people understand their role in protecting information assets and digital transactions have you provided the necessary tools and training? Does the HR function understand how to deal with security breaches by employees? What measures do you have in place to manage risk associated with the loss of trust? How do you currently preserve the trust of your customers when launching a new digital experience? What contractual and other assurances do you require from suppliers and service providers? Do you actively monitor, audit, and remediate your risk portfolio? Do you have standards in place to protect your assets throughout the ecosystem? 61% According to the Global CEO Survey, one-third of CEOs don t think a cyber attack would negatively impact their business. Yet 61% of consumers 1 would stop using a company s product or services if an attack resulted in a known breach. 1. 2012 PwC Consumer Intelligence Series 6 Cyber Security Building confidence in your digital future

Cyber security at the heart of your business Cyber security isn t just about technology. It also involves people, information, systems, processes, culture and physical surroundings. It aims to create a secure environment where businesses can remain resilient in the event of an attack. Below are the six confidences that will help you to apply cyber security to the heart of your business. People Confidence in your people Technology Confidence in your technology Connections Confidence in your connections Your people make critical security decisions every day. Disappearing organisational boundaries mean that you can no longer rely on technology alone. You need to make sure your people understand security and act securely. We can help you foster secure behaviours by shaping your culture and designing processes, systems and roles with human vulnerability in mind. Technology underpins your business. As your business changes so should your technology. While embracing the new, you still need to protect legacy technology and information against cyber threats. We can help you understand the inherent risks of your technology and how to mitigate them. Organisations exist in an increasingly complex digital ecosystem. We share information and transact digitally more than ever before. Your digital relationships with customers, suppliers and others expose you to new areas of risk which need to be managed. We can help you assess your connections, negotiate robust contracts and build an agile risk management framework, adept at keeping pace as your collaborative networks evolve. Risk Confidence to take risks Crisis Confidence during a crisis Priorities Confidence in your priorities Digital opportunities cannot be realised without managing the inherent risks. Some risks are worth taking, but if you re struggling to manage the downside, you won t be able to take advantage of the upside. We can help you consider your interactions within the digital world and assess where and how they impact your past, present and future. Cyber attacks are now commonplace. Resilience means being able to react quickly and effectively when compromised. Being aware of and prepared for threats will help you prevent incidents and react to them quickly enough to reduce their impact, and prevent them becoming a crisis. We can help you protect what s important, detect intruders, deal with the regulators and minimise your exposure when you are compromised. Addressing cyber threats helps you prioritise what matters most. Being prepared for changes in the digital era will help you get your priorities straight. A cyber savvy governance and management structure means you can prioritise opportunities and know where you can afford to take risks. We can help you to recognise your key tangible and intangible assets and align your security strategy to your priorities. Cyber Security Building confidence in your digital future 7

Building confidence We view cyber security through a series of interconnected lenses. This rounded approach is designed to provide you with confidence: in your people, technology and connections, how you manage risk, set priorities and respond to an incident or during a crisis. Our approach typically begins with an assessment of your current capability and a recommendation of areas for improvement. This will enable you to develop a cyber security strategy to build confidence in your digital future. You can t secure everything We help you set the right priorities. Enterprise security architecture Protect what matters Strategy, organisation and governance Threat intelligence Priorities Confidence in Confidence in Risk Seize the advantage We help you exploit digital opportunity with confidence. Digital trust is embedded in the strategy Privacy and cyber security legal compliance Risk management and risk appetite It s not if but when We help you build an intelligenceled defence, enabling rapid detection and containment. Continuity and resilience Crisis management Incident response and forensics Monitoring and detection Crisis Crisis Technology Technology your digital future your digital future People People Connections Connections Their risk is your risk We help you understand and manage risk in your interconnected business ecosystem. Digital channels Partner and supplier management Robust contracts Fix the basics We help you use technology to your advantage, deriving maximum return from your technology investments. Identity and access management Information technology, operations technology and consumer technology IT security hygiene Security intelligence and analytics People matter We help you build and maintain a secure culture, where people are aware of their critical security decisions. Insider threat management People and moments that matter Security culture and awareness Cyber security services Assess Build Manage Respond 8 Cyber Security Building confidence in your digital future

Our services We provide a comprehensive range of integrated cyber security services that help you assess, build and manage your cyber security capabilities, and respond to incidents and crises. Our services are designed to help you build confidence, understand your threats and vulnerabilities, and secure your environment. Our cyber security service delivery team includes incident response, legal, risk, technology and change management specialists. Assess Build Manage Respond Assess Build Manage Respond Understanding your capabilities and maturity to help you prioritise your investment Designing and delivering cyber security improvement programmes Board-led maturity assessment Breach discovery assessment Cyber security diagnostic Cyber threat assessments and modelling Penetration testing Policy and contract review Privacy and cyber security legal assessment Standards compliance and certification Strategy and roadmap Third party assurance, including cloud Threat intelligence, detection and response maturity assessment Framework development Enterprise risk management Enterprise security architecture Information governance Privacy and cyber security legal strategy Capability build Cyber security programme delivery Security technologies and SOC development Threat intelligence, detection and response capability development Embedding security Awareness and training Contracting for security CERT and policy development Cyber security programme assurance Insider threat management Legal policy development Product development support Security intelligence and analytics Assess Build Manage Respond Assess Build Manage Respond Rapid, global access to leading cyber incident containment, investigation and crisis management expertise Managing and maintaining control of your business, enabling you to focus on strategic priorities Breach notification Computer, network and malware forensics Crisis management Cyber incident response and forensic investigation e-discovery and disclosure Fraud and ecrime data analytics Network intrusion containment and remediation Advanced threat detection and monitoring Data leakage monitoring Legal support to compliance officers and general counsel Managed vulnerability as sessment Retained incident response services Threat intelligence Training

Contact Erwin de Horde Partner Risk Assurance +31 (0) 88 792 51 85 erwin.de.horde@nl.pwc.com Bram van Tiel Director Risk Assurance +31 (0) 88 792 53 88 bram.van.tiel@nl.pwc.com Otto Vermeulen Partner Consulting Technology +31 (0) 88 792 63 74 otto.vermeulen@nl.pwc.com Erik Ploegmakers Director Consulting Technology erik.ploegmakers@nl.pwc.com Gerwin Naber Partner Forensic Services +31 (0)88 792 63 02 gerwin.naber@nl.pwc.com Matthijs van der Wel Director Forensics Services +31 (0) 88 792 31 19 matthijs.van.der.wel@nl.pwc.com www.pwc.nl/cybersecurity This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors. 2015 PricewaterhouseCoopers B.V. (KvK 34180289). All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. 131202-084656-LM-OS

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information