SlideShare uma empresa Scribd logo

Resilience in the Cyber Era

Booz Allen Hamilton
Booz Allen Hamilton

Building an Infrastructure that Secures and Protects In June and July 2011, the Economist Intelligence Unit conducted a global survey, sponsored by Booz Allen Hamilton, of 387 executives to assess attitudes toward cybersecurity, and their progress towards implementing resilience strategies. Learn more: http://www.boozallen.com/insights/expertvoices/cyber-power

TecnologiaNegócios
1 de 20
Resilience in the Cyber Era Building an Infrastructure that Secures and Protects An Economist Intelligence Unit research program sponsored by Booz Allen Hamilton
List of Interviewees About the Survey Karen evans National Director, In June and July 2011, the Economist Intelligence U.S. Cyber Challenge Unit conducted a global survey, sponsored nigel inKster Director of Transnational by Booz Allen Hamilton, of 387 executives to Threats and Political Risk, International assess attitudes toward cybersecurity, and Institute for Strategic Studies their progress towards implementing resilience strategies. Nearly one-half (48 percent) of survey linDa laUn Global Business Continuity respondents are board members or C-level and Resiliency Services Consulting Portfolio executives, including 92 CEOs. The respondents and Methods Manager, IBM are based in Asia-Pacific (29 percent), North len PaDilla Senior Director America (26 percent), Western Europe of Technology, NTT Europe (26 percent), Latin America (9 percent), Middle ernie raKaczKy Principal Security East and Africa (7 percent) and Eastern Europe Architect, Invensys (3 percent). More than one-half of the survey respondents (55 percent) work for companies Dave scott Head of Solution with global annual revenues exceeding Consulting, NTT Europe US$500 million. Nineteen different industries Michael shinn CEO, Prometheus Global are represented in the survey sample, including garry siDaway Director of Security financial services (20 percent), professional Strategy, Integralis services (14 percent), energy and natural resources (12 percent), IT and technology JaMes P. g. sterbenz Associate Professor, (10 percent), and manufacturing (8 percent). Department of Electrical Engineering and Computer Science, Communications and Networking Systems Laboratory, University of Kansas
Contents Executive Summary .................................................................................................................. 2 Introduction ................................................................................................................................ 3 Resilience: Definitions Matter ............................................................................................... 5 The Proliferating Threat........................................................................................................... 6 The Corporate Response ........................................................................................................ 7 The Government Response ................................................................................................... 9 Sidebar: The Role of Private Public Partnerships..........................................................10 Critical infrastructure issues: Developing Better System Architectures ..............10 Application issues: Resilience Through Better Software ...........................................11 Access issues: Greater Availability by Focusing on Data ...........................................12 Workforce issues: Becoming Resilience Aware .............................................................13 Sidebar: The Industry Differences .....................................................................................15 Conclusion .................................................................................................................................16 About Booz Allen ....................................................................................................................17 About Economist Intelligence Unit ...................................................................................17 Resilience in the Cyber Era 1
Executive Summary • the cyber threat has evolveD froM hacKers fUnc tioning as hobbyists to soMething More serioUs anD organizeD. Today’s malicious agents are members of a growing industry of companies designed to infiltrate data centers to capture private information. • resilience can be DefineD as the ability of a system or domain to withstand attacks or failures, and to reestablish itself quickly. But other definitions of resilience vary widely. • the new attitUDe towarD resilience accePts that coMPanies cannot achieve Perfect secUrity or absolUte continUity. Businesses are moving away from the “bunker mentality” that encouraged them to retreat behind so-called “hardened endpoints.” Instead of aiming for a security standard that is impossible to achieve, they should focus on balancing resilience with productivity. • organizations can iMProve resilience by iMProving their critical Data centers and by making access to their systems more secure. Virtualization strategies and off-premise cloud architectures enable these data centers to be more secure than ever. Resilience should be about making data continuously available to those who should have access to it, and invisible to those who do not. • a trUly resilient enterPrise DynaMically innovates anD changes its Practices, Policies, anD Processes, in response to changing threats from the outside and changing requirements from the inside. Organizations must accept that data are protected by people, not machines. To improve resilience, they must enable and educate their workforce. • • Worldwide Internet Penetration 70 % 94 % of hoUseholDs of bUsinesses with are online 10 or More eMPloyees are online 2 Resilience in the Cyber Era
Introduction the internet has PenetrateD almost every corner of human activity. Among members of the Organization for Economic Co-operation and Development (OECD), 70 percent of households and 94 percent of businesses with 10 or more employees are online. Worldwide, the number of Internet users is projected to rise from 6.4 per 100 inhabitants in 2000 to 29.7 per 100 by 2010. F IguRE 1 Ever-rising Internet penetration 30 Global ICT Developments, 2000-2010 25 Per 100 inhabitants 20 15 10 5 0 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 Internet users Fixed (wired) broadband subscriptions Source: ITU World Telecommunication/ICT Indicators database But as the world‘s digital market expands, so do One-third (32 percent) of executives say their the threats to its security. The estimated median country‘s economy relies on cyber infrastructure to cost of cyber crime for an organization—including an overwhelming extent. A further 54 percent say loss of property, loss of productivity, and cost cyber infrastructure is at least of equal importance to remediate—rose from US$3.8 million in 2010 to their country‘s growth as other factors. When to US$5.9 million in 2011, according to Ponemon executives were asked the same question Institute’s Second Annual Cost of Cyber Crime with respect to the economic growth of their Study (2011). The number of cyber attacks has also organizations, 41 percent of respondents consider increased by 44 percent per year, to an average of cyber infrastructure more important to their 1.4 successful attacks per week, per organization. organization‘s growth than other factors, and 48 percent consider it of equal importance. A survey conducted for this research program has confirmed the Internet‘s benefits and its risks. Resilience in the Cyber Era 3
F IguRE 2 To what extent does the economic performance of your organization and the country where you are located rely on cyber infrastructure? Your Company 100% 41% 48% 10% 1% Your Country 100% 32% 54% 11% 3% To an overwhelming extent (cyber infrastructure is more important to growth than other factors) To some extent (cyber infrastructure is of equal importance to growth as other factors) To a small extent (cyber infrastructure is less important to growth than other factors) Don’t know Source: Economist Intelligence Unit survey, July 2011 While the threats to cybersecurity for the world‘s resilient enterprise dynamically innovates and businesses remain serious—and evolving, changes its practices, policies, and processes, businesses are moving away from the “bunker in response to changing threats from the outside mentality” that encouraged them to retreat and changing requirements from the inside. behind so-called “hardened endpoints”. Web- Educating its workforce about the nature and based applications, mobile devices, and cloud function of these changes is one of the key paths infrastructures are changing the business and to greater resiliency. technology landscape simultaneously. A truly “The number of cyber attacks has also increased by 44 percent per year, to an average of 1.4 successful attacks per week, per organization.” 4 Resilience in the Cyber Era
Resilience: Definitions Matter nigel inKster, Director of Transnational Threats Resilience means something entirely different and Political Risk at the International Institute for to companies that are closely integrated into Strategic Studies, offers a scientific definition of a nation’s critical infrastructure—be it the cyber resilience: “the ability of a system or domain stock market, electric rail networks, or nuclear to withstand attacks or failures, and in such events, power stations. “We talk to our customers about to reestablish itself quickly.” what we call continuous service delivery,” says Garry Sidaway, Director of Security Strategy for But other definitions of resilience vary widely. In Integralis, a global security consulting firm. “Whilst 2010, the US Department of Homeland Security components might fail or you might have an commissioned a study on how institutions were incident, it’s about ensuring that service is still implementing resilience principles. Its analysts being delivered and the integrity of that service came up with 119 different definitions, and is still there.” concluded that a broader, more cohesive definition of resilience should include The new attitude in achieving resilience is to plan flexibility and adaptability. for acceptable levels of data loss, unit failures, and compromise. This may seem alien to executives Professor James P. G. Sterbenz, from the who have historically maintained a “zero-tolerance” Communications and Networking Systems policy toward failures. But new cloud hardware Laboratory at Kansas University, has been architectures are demonstrating that everyday working on clarifying the concept of resilience for events like storage device failures and data loss governments and organizations. The principles he can be tolerated when redundancies are built and his colleagues have developed as part of the into the system. university’s ResiliNets data network architecture project have been adopted by the European The US Department of Homeland Security Union’s government security agency, ENISA, and concluded in recent studies that “zero-tolerance” are in the process of becoming adopted by the policies led to the perception that every unit of the US Department of Homeland Security. business, whether digital or human, was critically important. When everything is critical, nothing is Professor Sterbenz points out that notions of critical. When organizations enact more flexible resilience can include several concepts that mean tolerance principles, failures that would have shut different things to different people. “Reliability down processes or even entire networks in an and availability are very different,” he explains. “A earlier era, won‘t even be noticed by customers. reliable system is one that operates for a specified period of time, and you say what the probability is. Availability, on the other hand, is the probability that something will be there when you need it.” Resilience in the Cyber Era 5
The Proliferating Threat the cyber threat has evolveD from hackers leading up to these reports than in the preceding functioning as hobbyists to something more 18 years combined. serious and organized. Today‘s malicious agents “From a risk management point of view, there’s are members of a growing industry of companies a whole new set of variables that have to be designed to infiltrate data centers to capture considered,” says Mike Shinn, CEO of US-based private information. Their primary strategy is to Prometheus Global, a security consulting firm induce unsuspecting users to install malware on whose clients have included the White House and their PCs. Once installed, the malware converts US Department of Defense (DoD). “There’s a fairly the PCs into inadvertent attackers of the agents‘ widespread increase in economically directed final targets—data centers at Amazon, Rackspace, criminal activity [for] the theft of intellectual and elsewhere. In the summer of 2011, a number property. Cyber criminals are now targeting of security providers, including UK-based security everything from client lists, internal strategy services provider Webroot and other members of documents, designs—everything up to and the Cloud Security Alliance, produced reports on including information held by governments that these malware attacks. More instances of malware- would be of economic value.” based attacks were reported in the 18 months F Igu RE 3 What type(s) of cyber incident(s) has your organization experienced in the past year? Select all that apply. Phishing 46% Malware 45% Denial of service attack against website 19% External data breach 17% Internal data breach 17% Cyber espionage 10% Other, please specify 2% We did not experience any cyber incident in the past year 16% Don’t know 13% Source: Economist Intelligence Unit survey, July 2011 6 Resilience in the Cyber Era
The Corporate Response the initial corPorate resPonses to cyber Linda Laun, Global Consulting Portfolio and attacks have failed to address deficiencies in Methods Manager for IBM’s Business Continuity network architectures that allow the latest cyber and Resiliency Services team, notes that attacks to occur. Ernie Rakaczky, Principal Security companies tend to focus on event-driven issues, Architect with Invensys’ process automation group, things that are huge in scope—such as natural believes that companies‘ efforts throughout disasters, pandemics, power failures, and civil the last decade have led businesses to adopt a unrest—as triggers for invoking security measures. “fortress mentality” to protect their infrastructure. Laun believes that most companies know how to Although setting up firewalls and zones, policies, approach risks associated with security and data and procedures makes sense, they should not be issues such as data loss or corruption, viruses, done in a “reactionary mode,” Rakaczky says. and worms, but she says they still struggle when dealing with risks associated with business issues The survey paints a mixed picture of the current like governance, compliance, audits, scalability, state of corporate cybersecurity strategies. and performance. Some 53% of our survey respondents say their organization has a cybersecurity strategy already Laun believes the problem is that responsibilities in place. Thirty-three percent of respondents admit for these other security issues are confined within they have no cyber-resilience strategy in place, organizational silos. IBM advocates what it calls and 14 percent were unsure. When asked to check a Business Resiliency Management Framework three of the biggest barriers to their companies (BRF) to distribute responsibility across multiple developing cybersecurity initiatives, among a list business units. The goal is to establish a centralized of nine, 41 percent of respondents cite lack of governance structure that allows stakeholders knowledge of the threat as holding back within the silos to set the direction of the program their companies. together through policy, measure success, and then “enforce” its policies. Resilience in the Cyber Era 7
41% When asked to check three of the biggest barriers to their companies developing saiD lacK of KnowleDge cybersecurity of the threat was holDing bacK their coMPanies initiatives The new attitude toward resilience accepts that be more productive no matter where they are or companies cannot achieve perfect security or what devices they are using. “Whether it’s working absolute continuity. Instead of aiming for a security regular hours or out-of-hours, whether it’s on a standard that is impossible to achieve, they should personal device or business device, how do we focus on balancing resilience with productivity. “It enable them to work and be productive in their is all about enablement,” proclaims Integralis’ Garry jobs? That is the change in information security Sidaway. Instead of being seen as forces that say that we’ve got to drive towards, and we have a “No,” he believes IT departments should ask how great opportunity to do that.” they can enable their company’s employees to F IguRE 4 Does your organization have a cybersecurity strategy? 14% Don’t know 53% Yes 33% No Source: Economist Intelligence Unit survey, July 2011 “Whether it’s working regular hours or out-of-hours, whether it’s on a personal device or business device, how do we enable them to work and be productive in their jobs? That is the change in information security that we’ve got to drive towards, and we have a great opportunity to do that.” 8 Resilience in the Cyber Era
The Government Response all aroUnD the worlD, governments are think governments could encourage greater expected to provide the leadership role for cooperation between public and private sectors; cybersecurity and resilience—a topic they are and 56 percent think governments could promote only just beginning to address. Executives believe technology innovation through programs such as their organizations and their governments cyber competitions. could devote more resources to security issues. Although 87 percent of respondents believe Approximately 67 percent say their organization improved understanding should come from needs to pay more attention to cyber risks, and a greater partnership between government less than one-quarter (23 percent) think their and private industry, a far lesser number government is doing enough to promote cyber (36 percent) believe government should actually resilience. When asked whether they believed take the leadership role in maintaining cyber their country could do more to promote resilience, security. In short, businesses want help, and they 57 percent of respondents said they think their want it from government. But they do not want governments could improve communication government to take control of the issue. and awareness of cybersecurity issues; 60 percent F IguRE 5 In your opinion, who is primarily responsible for maintaining cybersecurity? National government(s) 36% Individual organization(s) 27% Multilateral organization(s) 24% Industry 11% Other, please specify 1% Don’t know 1% Source: Economist Intelligence Unit survey, July 2011 Resilience in the Cyber Era 9
Critical Infrastructure Issues: Developing Better System The Role of Public/ Architectures Private Partnerships DesPite the MoDest sUccess of PUblic/Private the first way to iMProve resilience is to PartnershiPs (PPP) to Date, executives see some value improve an organization‘s critical infrastructure— in promoting collaboration. Eighty-seven percent of survey its data center. Newer infrastructures enable respondents agree that cyber resilience relies on some form of these data centers to be more secure than ever, partnership between government, civil society, and business. primarily because fault tolerance, replication, and workload balancing are all built into newer DARPA, the (DoD) agency tasked with technological innovation, operating systems and newer hardware. These offers a successful example of how to stimulate private sector new structures are more effective than the innovation for the greater good. The agency assembles teams “endpoint” hardening approach to system security, of experts who pursue innovative ideas. Little money is lost if which focused on hardening security at PCs, they are unsuccessful, while successful projects are picked up by smartphones, and other endpoint devices. the private sector. One such case was ARPANET, the precursor to today‘s Internet. Among more recent examples are the DARPA Dave Scott, the head of NTT Europe‘s Solution Grand Challenges, a cash prize competition last held in 2007 Consulting team admits that, although he that stimulated the development of driverless vehicles. was once an advocate of that approach, the More recently, the DoD rolled out the Defense Industrial Base precautions he took weren‘t enough. “I may have (DIB), a PPP initiative designed to share cyber threat information been naïve until my first data center outage,” Scott among organizations that support the US defense industry. says, “at which point, I wised up quite quickly. In August 2011, the trial was pronounced successful, and You can put together what you think are the best the initiative is now being extended to include certain security endpoints and resilience within a single critical infrastructures. facility, and something will still happen that takes the whole thing out. You assume then that true The U.S. Cyber Challenge offers yet another model of public/ resilience and true availability mean more than just private partnership. Karen Evans, the organization‘s national endpoint security.” director, said she first got involved in the U.S. Cyber Challenge, “to test the hypothesis that you could hold an online competition To improve security at data centers, it is necessary and identify talent.” The U.S. Cyber Challenge holds numerous to address the three classes of operations they competitions and events throughout the year and now also involve: processing (the execution of programs hosts a summer camp program, which in 2011 received 1,000 and the production of data, often called registrants for 200 available slots. Evans and her colleagues “compute power” by service providers); storage seek to harness the competitive nature of Americans and, in the (the containment of data); and interconnect (the process, identify highly talented individuals. The goal is to use the transmission of data and functionality). In an competition to eventually get 10,000 very skilled people to enter the workforce, taking modern resilience principles with them. • • 10 Resilience in the Cyber Era
earlier era, the processor was a central processing Organizations may use a hosted provider such unit (CPU), the storage amounted to a couple of as Rackspace for their servers, or a cloud service hard disk drives, and interconnect was managed provider (CSP) such as Rackspace, Amazon, GoGrid, through Ethernet cables. or BlueLock to host all or part of their data center at various times. This allows them to lease more Two new factors have changed the way data compute power during peak usage times as well as centers are managed. First, companies often other efficiencies. employ virtualization strategies to improve compute power and storage in their data centers. Len Padilla, Senior Director of Technology for A vast array of storage devices—on- and off- NTT Europe, believes that cloud architecture premise and clusters of processors—are made to allows more companies to build failure and fault appear to the operating system as a single pool tolerance into their data architecture. Companies of storage and a single processing engine. These now have new ways to make their systems pools are then “connected” to the network by geographically blind and ramp up resources way of software that simulates a physical network to address a load in a particular way. “That’s adapter. The result is a virtual machine whose size something that very big organizations with very and location can be changed while it is still running. big IT budgets have always been able to do, but now cloud computing allows even smaller and Companies may also move part or all of their medium companies to do the same thing,” infrastructure off-premise via the cloud. explains Padilla. Application Issues: Resilience Through Better Software another way to iMProve resilience be used across a firm with auditing and versioning is through more modern applications. Newer services are far more concrete and trustworthy. software can be better managed than older Similarly, many company employees send sensitive software. However, too many organizations rely documents as attachments to one another via on work processes geared around old and even e-mail and institute security measures for ensuring outmoded applications. For example, law firms encryption and validating receipts. A better institute chains of custody around their document- alternative is to create shared storage spaces where handling processes that presume that documents only permitted individuals may be made aware are transferred from person to person. Newer of a document‘s existence. collaboration software that allows documents to Resilience in the Cyber Era 11
Invensys’ Rakaczky explains that he still works with software before the end of a cycle, the cost often customers who use software and methods that gets counted as a budget overrun. date back to the turn of the century. In some cases, Instead, Rakaczky tries to help his customers he has had to employ virtualization just to enable keep their systems in more of a continually old systems to work on current hardware. He says concurrent state to make it easier to adapt to that his customers often resist migrating to newer, newer platforms. Planned, deliberate, and slow more secure operating systems because they are migrations distributed throughout the lifecycle of restricted by notions of 3-year or 5-year software a software product can be more efficient than a refresh cycles. If businesses try to upgrade 5-year overhaul. Access Issues: Greater Availability by Focusing on Data bUsinesses can also iMProve resilience Now, Sidaway believes, we’ve arrived at a sensible by making access to their systems more secure. model: A company‘s core asset to be protected is Existing networks often use a variety of different its data—not its servers or its firewall, or a dotted- security measures. Internet connections are line perimeter in the sand. Resilience should be secured with firewalls. Mobile users are secured about making data continuously available to those with virtual private networks. Data is secured with who should have access to it, and invisible to those encryption. Sidaway believes these disparate who do not. He believes modern data centers must “bolt-on” security technologies have created an be designed from the top down without arbitrary overly complex environment that is difficult to compartmentalization. To increase resilience, manage. “We need to start thinking in terms of businesses need to change their mindset from everything we need to do to enable our consumer securing devices to securing data. to access that information in a secure way, and work productively in a secure environment that’s easy to use,” he says. 12 Resilience in the Cyber Era
Workforce Issues: Becoming Resilience-Aware Organizations must also accept that data are NTT collects a list of mistakes made during protected by people, not machines. To improve everyday work and emergency response. IT resilience, they must enable and educate their workforce members assigned to security then workforce. But few companies seem to be aware make it a point to communicate directly, person- of this requirement. Less than one-third of to-person—not via e-mail or voice mail or Twitter. survey respondents from companies that have a Next, the IT department follows up to make certain cybersecurity plan say employees are important employees are following those best practices stakeholders; in companies without a plan, even as directed. fewer recognize the importance of employees. Sidaway points out that information security Padilla has thoroughly documented his policies need to be acceptable to the people who company‘s resilience principles to help educate will carry them out. “If they‘re not acceptable to his workforce. At his company, a power outage, or the employee, people will start working around a strike affecting the subway system, or a severe it. You‘ve got to get that balance right, so you can thunderstorm becomes an opportunity that allows enforce it with technology. That becomes the part the workforce to train for a more critical situation. we have to monitor against compliance. Once you architect security into the system with technology, What NTT learns from these drills it then you‘ve got to monitor that. But there‘s also that documents, with results that can then be human element that comes into play, and it‘s shared with its own customers. often ignored when organizations look at risk and information security. It‘s people.” Resilience in the Cyber Era 13
The Number of Cyber Attacks Has Increased... 44% Per year, to an average of... 1.4 sUccessfUl attacKs Per weeK, Per organization 14 Resilience in the Cyber Era
The Industry Differences th e P e r c ePt i o n s o f t h e c h a l l e n g e s a nD o P Po r t U n i t i e s o f a cyber econoMy differ by industry. In a survey conducted by the Economist Intelligence Unit in June and July 2011, for example, 53 percent of respondents from financial services say that their industry relies on cyber infrastructure to an overwhelming extent, compared with 36 percent for the entire survey sample. Forty-seven percent of them also say their industry is more susceptible to cyber threats than their country or organization, compared with 23 percent overall. Respondents from the energy sector tend to see the greatest risk at the national level, perhaps because energy systems—whether electric power networks or supplies of oil and gas—frequently have national security implications. Invensys manages such networks in real time and, therefore, cannot afford to utilize public cloud resources precisely because those resources lie outside of Invensys‘ direct control, says Rakaczky. But it can utilize technologies internally such as virtualization (the principal ingredient of cloud architectures) to enable greater direct control, and more avenues for fault tolerance and response to failures. Invensys designs its networks to literally calculate resilience in real time—for example, maintaining the status of oil refineries with assets throughout North America, and registering the capacity and flow of fuel through every segment of pipe. According to Rakaczky, private cloud architectures can actually help Invensys utilize its data centers‘ processor power more efficiently, increasing the reliability of the real-time data it perceives. They can also distribute those data over systems in such a way that loss of data from one file—which will happen—does not and cannot destroy any single database. “A power company will buy one of our systems and deploy it across its generation stations, controlling maybe five turbines generating a couple of hundred megawatts of power for a whole network of the grid in the United States,” he explains. For those clients, security has always been provided by people, whether they are IT professionals or armed guards. So it only makes sense that performance, reliability, agility, confidentiality, and other resilience factors are managed directly by designated, responsible people as well. Not every industry requires a level of sensitivity to real-time data as Invensys‘ clients. But the resilience principles it has pioneered can apply just as easily to a financial services provider, for example, as it does to a continental power grid. • • Resilience in the Cyber Era 15
Conclusion the cyber threats facing coMPanies have certainly increaseD, but they have been met by a host of powerful new ways to respond to them. Virtualization and cloud strategies now allow large and small companies to manage their data architecture with a flexibility that was impossible a few years ago. New collaboration software allows them to share documents more reliably on secure storage spaces. Modern data centers allow them to make their data continuously available to those who should have access to it, and invisible to those who don’t. A well-trained workforce familiar with cybersecurity issues can help companies train for emergencies, respond effectively, and learn from their experiences. A truly resilient enterprise dynamically innovates and changes its practices, policies, and processes, in response to changing threats from the outside and changing requirements from the inside. Resilience is achievable, but companies will have to change the way they operate to reach their goals. Resilient companies are stronger companies. By facing the resilience challenge, businesses can give their customers the trustworthiness and reliability they expect and deserve. 16 Resilience in the Cyber Era
About Booz Allen Hamilton booz allen haMilton is a leaDing ProviDer of management and technology consulting services to the US government in defense, intelligence, and civil markets, and to major corporations, institutions, and not-for-profit organizations. Booz Allen is headquartered in McLean, Virginia, employs more than 25,000 people, and had revenue of $5.59 billion for the 12 months ended March 31, 2011. Booz Allen understands that cybersecurity is no longer just about protecting assets. It’s about enabling organizations to take full advantage of the vast opportunities that the ecosystem of cyberspace now offers for business, government and virtually every aspect of our society. Those opportunities can be imperiled, however, by rapidly emerging cyber threats from hackers (hacktivists), organized crime, nation states and terrorists. We help our clients in both business and government understand the full spectrum of threats and system vulnerabilities, and address them effectively and efficiently. Booz Allen believes the key to cybersecurity today is integration – creating a framework that “thinks bigger” than technology to encompass policy, operations, people and management as well. Through such a Mission Integration Framework, organizations can align these essential areas to address the real issues, and develop cyber strategies and solutions that keep pace with a fast-changing world. To learn more, visit www.boozallen.com. (NYSE: BAH) About the Economist Intelligence Unit the econoMist in t e l l i g e n c e U n i t i s Pa r t o f t h e e co n o Mi s t g r oU P, the leading source of analysis on international business and world affairs. Founded in 1946 as an in-house research unit for The Economist newspaper, we deliver business intelligence, forecasting and advice to over 1.5m decision-makers from the world’s leading companies, financial institutions, governments and universities. Our analysts are known for the rigour, accuracy and consistency of their analysis and forecasts, and their commitment to objectivity, clarity and timeliness. Resilience in the Cyber Era 17
An Economist Intelligence Unit research program sponsored by Booz Allen Hamilton ©2011 Booz Allen Hamilton Inc.

Recomendados

Delivering on the Promise of Big Data and the Cloud
Delivering on the Promise of Big Data and the CloudDelivering on the Promise of Big Data and the Cloud
Delivering on the Promise of Big Data and the CloudBooz Allen Hamilton
 
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Booz Allen Hamilton
 
Data Lake-based Approaches to Regulatory-Driven Technology Challenges
Data Lake-based Approaches to Regulatory-Driven Technology ChallengesData Lake-based Approaches to Regulatory-Driven Technology Challenges
Data Lake-based Approaches to Regulatory-Driven Technology ChallengesBooz Allen Hamilton
 
Enabling Cloud Analytics with Data-Level Security
Enabling Cloud Analytics with Data-Level SecurityEnabling Cloud Analytics with Data-Level Security
Enabling Cloud Analytics with Data-Level SecurityBooz Allen Hamilton
 
Enabling Big Data with Data-Level Security:The Cloud Analytics Reference Arch...
Enabling Big Data with Data-Level Security:The Cloud Analytics Reference Arch...Enabling Big Data with Data-Level Security:The Cloud Analytics Reference Arch...
Enabling Big Data with Data-Level Security:The Cloud Analytics Reference Arch...Booz Allen Hamilton
 
Improving Intelligence Analysis Through Cloud Analytics
Improving Intelligence Analysis Through Cloud AnalyticsImproving Intelligence Analysis Through Cloud Analytics
Improving Intelligence Analysis Through Cloud AnalyticsBooz Allen Hamilton
 
Causal networks, learning and inference - Introduction
Causal networks, learning and inference - IntroductionCausal networks, learning and inference - Introduction
Causal networks, learning and inference - IntroductionFabio Stella
 
Big data privacy issues in public social media
Big data privacy issues in public social mediaBig data privacy issues in public social media
Big data privacy issues in public social mediaSupriya Radhakrishna
 

Recomendados

Delivering on the Promise of Big Data and the Cloud
Delivering on the Promise of Big Data and the CloudDelivering on the Promise of Big Data and the Cloud
Delivering on the Promise of Big Data and the CloudBooz Allen Hamilton
 
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Booz Allen Hamilton
 
Data Lake-based Approaches to Regulatory-Driven Technology Challenges
Data Lake-based Approaches to Regulatory-Driven Technology ChallengesData Lake-based Approaches to Regulatory-Driven Technology Challenges
Data Lake-based Approaches to Regulatory-Driven Technology ChallengesBooz Allen Hamilton
 
Enabling Cloud Analytics with Data-Level Security
Enabling Cloud Analytics with Data-Level SecurityEnabling Cloud Analytics with Data-Level Security
Enabling Cloud Analytics with Data-Level SecurityBooz Allen Hamilton
 
Enabling Big Data with Data-Level Security:The Cloud Analytics Reference Arch...
Enabling Big Data with Data-Level Security:The Cloud Analytics Reference Arch...Enabling Big Data with Data-Level Security:The Cloud Analytics Reference Arch...
Enabling Big Data with Data-Level Security:The Cloud Analytics Reference Arch...Booz Allen Hamilton
 
Improving Intelligence Analysis Through Cloud Analytics
Improving Intelligence Analysis Through Cloud AnalyticsImproving Intelligence Analysis Through Cloud Analytics
Improving Intelligence Analysis Through Cloud AnalyticsBooz Allen Hamilton
 
Causal networks, learning and inference - Introduction
Causal networks, learning and inference - IntroductionCausal networks, learning and inference - Introduction
Causal networks, learning and inference - IntroductionFabio Stella
 
Big data privacy issues in public social media
Big data privacy issues in public social mediaBig data privacy issues in public social media
Big data privacy issues in public social mediaSupriya Radhakrishna
 
Python's Role in the Future of Data Analysis
Python's Role in the Future of Data AnalysisPython's Role in the Future of Data Analysis
Python's Role in the Future of Data AnalysisPeter Wang
 
Big Data (security Issue)
Big Data (security Issue)Big Data (security Issue)
Big Data (security Issue)Export Promotion Bureau
 
Business_Analytics_Presentation_Luke_Caratan
Business_Analytics_Presentation_Luke_CaratanBusiness_Analytics_Presentation_Luke_Caratan
Business_Analytics_Presentation_Luke_CaratanLuke Caratan
 
IRJET- A Scrutiny on Research Analysis of Big Data Analytical Method and Clou...
IRJET- A Scrutiny on Research Analysis of Big Data Analytical Method and Clou...IRJET- A Scrutiny on Research Analysis of Big Data Analytical Method and Clou...
IRJET- A Scrutiny on Research Analysis of Big Data Analytical Method and Clou...IRJET Journal
 
How Global Data Availability Accelerates Collaboration And Delivers Business ...
How Global Data Availability Accelerates Collaboration And Delivers Business ...How Global Data Availability Accelerates Collaboration And Delivers Business ...
How Global Data Availability Accelerates Collaboration And Delivers Business ...Dana Gardner
 
Big Data: 8 facts and 8 fictions
Big Data: 8 facts and 8 fictionsBig Data: 8 facts and 8 fictions
Big Data: 8 facts and 8 fictionsThe Marketing Distillery
 
Big Data
Big DataBig Data
Big DataBinoopKumar
 
Solve Big Data Security Issues
Solve Big Data Security IssuesSolve Big Data Security Issues
Solve Big Data Security IssuesEditor IJCATR
 
IBM-Infoworld Big Data deep dive
IBM-Infoworld Big Data deep diveIBM-Infoworld Big Data deep dive
IBM-Infoworld Big Data deep diveKun Le
 
Big Data : Risks and Opportunities
Big Data : Risks and OpportunitiesBig Data : Risks and Opportunities
Big Data : Risks and OpportunitiesKenny Huang Ph.D.
 
big data Big Things
big data Big Thingsbig data Big Things
big data Big Thingspateelhs
 
Data foundation for analytics excellence
Data foundation for analytics excellenceData foundation for analytics excellence
Data foundation for analytics excellenceMudit Mangal
 
Developing a Business Case for Cloud
Developing a Business Case for CloudDeveloping a Business Case for Cloud
Developing a Business Case for CloudBooz Allen Hamilton
 
Capitalize On Social Media With Big Data Analytics
Capitalize On Social Media With Big Data AnalyticsCapitalize On Social Media With Big Data Analytics
Capitalize On Social Media With Big Data AnalyticsHassan Keshavarz
 
Big Data - Insights & Challenges
Big Data - Insights & ChallengesBig Data - Insights & Challenges
Big Data - Insights & ChallengesRupen Momaya
 
Big data security and privacy issues in the
Big data security and privacy issues in theBig data security and privacy issues in the
Big data security and privacy issues in theIJNSA Journal
 
How does big data impact you
How does big data impact youHow does big data impact you
How does big data impact youAnnzalie (Ann) Barrett
 
Big Data for Defense and Security
Big Data for Defense and SecurityBig Data for Defense and Security
Big Data for Defense and SecurityEMC
 
The current challenges and opportunities of big data and analytics in emergen...
The current challenges and opportunities of big data and analytics in emergen...The current challenges and opportunities of big data and analytics in emergen...
The current challenges and opportunities of big data and analytics in emergen...IBM Analytics
 
BBDO Proximity: Big-data May 2013
BBDO Proximity: Big-data May 2013BBDO Proximity: Big-data May 2013
BBDO Proximity: Big-data May 2013Brian Crotty
 
Cloud Playbook
Cloud PlaybookCloud Playbook
Cloud PlaybookBooz Allen Hamilton
 
c.v..
c.v..c.v..
c.v..JULIUS CHERUIYOT
 

Mais conteúdo relacionado

Mais procurados

Python's Role in the Future of Data Analysis
Python's Role in the Future of Data AnalysisPython's Role in the Future of Data Analysis
Python's Role in the Future of Data AnalysisPeter Wang
 
Business_Analytics_Presentation_Luke_Caratan
Business_Analytics_Presentation_Luke_CaratanBusiness_Analytics_Presentation_Luke_Caratan
Business_Analytics_Presentation_Luke_CaratanLuke Caratan
 
IRJET- A Scrutiny on Research Analysis of Big Data Analytical Method and Clou...
IRJET- A Scrutiny on Research Analysis of Big Data Analytical Method and Clou...IRJET- A Scrutiny on Research Analysis of Big Data Analytical Method and Clou...
IRJET- A Scrutiny on Research Analysis of Big Data Analytical Method and Clou...IRJET Journal
 
How Global Data Availability Accelerates Collaboration And Delivers Business ...
How Global Data Availability Accelerates Collaboration And Delivers Business ...How Global Data Availability Accelerates Collaboration And Delivers Business ...
How Global Data Availability Accelerates Collaboration And Delivers Business ...Dana Gardner
 
Solve Big Data Security Issues
Solve Big Data Security IssuesSolve Big Data Security Issues
Solve Big Data Security IssuesEditor IJCATR
 
IBM-Infoworld Big Data deep dive
IBM-Infoworld Big Data deep diveIBM-Infoworld Big Data deep dive
IBM-Infoworld Big Data deep diveKun Le
 
Big Data : Risks and Opportunities
Big Data : Risks and OpportunitiesBig Data : Risks and Opportunities
Big Data : Risks and OpportunitiesKenny Huang Ph.D.
 
big data Big Things
big data Big Thingsbig data Big Things
big data Big Thingspateelhs
 
Data foundation for analytics excellence
Data foundation for analytics excellenceData foundation for analytics excellence
Data foundation for analytics excellenceMudit Mangal
 
Developing a Business Case for Cloud
Developing a Business Case for CloudDeveloping a Business Case for Cloud
Developing a Business Case for CloudBooz Allen Hamilton
 
Capitalize On Social Media With Big Data Analytics
Capitalize On Social Media With Big Data AnalyticsCapitalize On Social Media With Big Data Analytics
Capitalize On Social Media With Big Data AnalyticsHassan Keshavarz
 
Big Data - Insights & Challenges
Big Data - Insights & ChallengesBig Data - Insights & Challenges
Big Data - Insights & ChallengesRupen Momaya
 
Big data security and privacy issues in the
Big data security and privacy issues in theBig data security and privacy issues in the
Big data security and privacy issues in theIJNSA Journal
 
Big Data for Defense and Security
Big Data for Defense and SecurityBig Data for Defense and Security
Big Data for Defense and SecurityEMC
 
The current challenges and opportunities of big data and analytics in emergen...
The current challenges and opportunities of big data and analytics in emergen...The current challenges and opportunities of big data and analytics in emergen...
The current challenges and opportunities of big data and analytics in emergen...IBM Analytics
 
BBDO Proximity: Big-data May 2013
BBDO Proximity: Big-data May 2013BBDO Proximity: Big-data May 2013
BBDO Proximity: Big-data May 2013Brian Crotty
 

Mais procurados (20)

Python's Role in the Future of Data Analysis
Python's Role in the Future of Data AnalysisPython's Role in the Future of Data Analysis
Python's Role in the Future of Data Analysis
 
Big Data (security Issue)
Big Data (security Issue)Big Data (security Issue)
Big Data (security Issue)
 
Business_Analytics_Presentation_Luke_Caratan
Business_Analytics_Presentation_Luke_CaratanBusiness_Analytics_Presentation_Luke_Caratan
Business_Analytics_Presentation_Luke_Caratan
 
IRJET- A Scrutiny on Research Analysis of Big Data Analytical Method and Clou...
IRJET- A Scrutiny on Research Analysis of Big Data Analytical Method and Clou...IRJET- A Scrutiny on Research Analysis of Big Data Analytical Method and Clou...
IRJET- A Scrutiny on Research Analysis of Big Data Analytical Method and Clou...
 
How Global Data Availability Accelerates Collaboration And Delivers Business ...
How Global Data Availability Accelerates Collaboration And Delivers Business ...How Global Data Availability Accelerates Collaboration And Delivers Business ...
How Global Data Availability Accelerates Collaboration And Delivers Business ...
 
Big Data: 8 facts and 8 fictions
Big Data: 8 facts and 8 fictionsBig Data: 8 facts and 8 fictions
Big Data: 8 facts and 8 fictions
 
Big Data
Big DataBig Data
Big Data
 
Solve Big Data Security Issues
Solve Big Data Security IssuesSolve Big Data Security Issues
Solve Big Data Security Issues
 
IBM-Infoworld Big Data deep dive
IBM-Infoworld Big Data deep diveIBM-Infoworld Big Data deep dive
IBM-Infoworld Big Data deep dive
 
Big Data : Risks and Opportunities
Big Data : Risks and OpportunitiesBig Data : Risks and Opportunities
Big Data : Risks and Opportunities
 
big data Big Things
big data Big Thingsbig data Big Things
big data Big Things
 
Data foundation for analytics excellence
Data foundation for analytics excellenceData foundation for analytics excellence
Data foundation for analytics excellence
 
Developing a Business Case for Cloud
Developing a Business Case for CloudDeveloping a Business Case for Cloud
Developing a Business Case for Cloud
 
Capitalize On Social Media With Big Data Analytics
Capitalize On Social Media With Big Data AnalyticsCapitalize On Social Media With Big Data Analytics
Capitalize On Social Media With Big Data Analytics
 
Big Data - Insights & Challenges
Big Data - Insights & ChallengesBig Data - Insights & Challenges
Big Data - Insights & Challenges
 
Big data security and privacy issues in the
Big data security and privacy issues in theBig data security and privacy issues in the
Big data security and privacy issues in the
 
How does big data impact you
How does big data impact youHow does big data impact you
How does big data impact you
 
Big Data for Defense and Security
Big Data for Defense and SecurityBig Data for Defense and Security
Big Data for Defense and Security
 
The current challenges and opportunities of big data and analytics in emergen...
The current challenges and opportunities of big data and analytics in emergen...The current challenges and opportunities of big data and analytics in emergen...
The current challenges and opportunities of big data and analytics in emergen...
 
BBDO Proximity: Big-data May 2013
BBDO Proximity: Big-data May 2013BBDO Proximity: Big-data May 2013
BBDO Proximity: Big-data May 2013
 

Destaque

the endocrine system
the endocrine system the endocrine system
the endocrine system Atheer Ahmed
 
Rango de celdas y graficos
Rango de celdas y graficosRango de celdas y graficos
Rango de celdas y graficosDiego Cardenas
 
My Resume - Rhiannon Lotze
My Resume - Rhiannon LotzeMy Resume - Rhiannon Lotze
My Resume - Rhiannon LotzeRhiannon Lotze
 
trabajo-de-internet
trabajo-de-internettrabajo-de-internet
trabajo-de-internetJoha Paguay
 
Ejercicios con funciones
Ejercicios con funcionesEjercicios con funciones
Ejercicios con funcionesDiego Cardenas
 
Bob fugerer resume
Bob fugerer resumeBob fugerer resume
Bob fugerer resumeBob Fugerer
 
ESPECIFICACIONES TECNICAS PARTICULARES ESTRUCTURAS METÁLICAS.
ESPECIFICACIONES TECNICAS PARTICULARES ESTRUCTURAS METÁLICAS.ESPECIFICACIONES TECNICAS PARTICULARES ESTRUCTURAS METÁLICAS.
ESPECIFICACIONES TECNICAS PARTICULARES ESTRUCTURAS METÁLICAS.Bea Abarca
 
Srbija od sticanja nezavisnosti 1878. do Majskog prevrata 1903.
Srbija od sticanja nezavisnosti 1878. do Majskog prevrata 1903.Srbija od sticanja nezavisnosti 1878. do Majskog prevrata 1903.
Srbija od sticanja nezavisnosti 1878. do Majskog prevrata 1903.Kristina Babic
 
sudipta-das-09-08-2016-09-20-19
sudipta-das-09-08-2016-09-20-19sudipta-das-09-08-2016-09-20-19
sudipta-das-09-08-2016-09-20-19sudipta das
 
Creatividad e innovación en estudiantes universitarios
Creatividad e innovación en estudiantes universitariosCreatividad e innovación en estudiantes universitarios
Creatividad e innovación en estudiantes universitariosAlejandra Mora
 
Daily agri report by epic research limited of 01 march 2017
Daily agri report by epic research limited of 01 march 2017Daily agri report by epic research limited of 01 march 2017
Daily agri report by epic research limited of 01 march 2017Epic Research
 
Unidad ii resumen de las exposiciones
Unidad ii resumen de las exposicionesUnidad ii resumen de las exposiciones
Unidad ii resumen de las exposicionesTamy Rosero
 
Thomas Tate: Builder and Designer of Handcrafted Homes
Thomas Tate: Builder and Designer of Handcrafted HomesThomas Tate: Builder and Designer of Handcrafted Homes
Thomas Tate: Builder and Designer of Handcrafted HomesThomas Tate
 
Task2(evaluation)
Task2(evaluation)Task2(evaluation)
Task2(evaluation)Lewjam123
 
News Sleuths Game Boards
News Sleuths Game BoardsNews Sleuths Game Boards
News Sleuths Game Boardslmwallis
 

Destaque (20)

Cloud Playbook
Cloud PlaybookCloud Playbook
Cloud Playbook
 
c.v..
c.v..c.v..
c.v..
 
the endocrine system
the endocrine system the endocrine system
the endocrine system
 
Rango de celdas y graficos
Rango de celdas y graficosRango de celdas y graficos
Rango de celdas y graficos
 
My Resume - Rhiannon Lotze
My Resume - Rhiannon LotzeMy Resume - Rhiannon Lotze
My Resume - Rhiannon Lotze
 
trabajo-de-internet
trabajo-de-internettrabajo-de-internet
trabajo-de-internet
 
Ejercicios con funciones
Ejercicios con funcionesEjercicios con funciones
Ejercicios con funciones
 
Surat edaran sampah pesan2017
Surat edaran sampah pesan2017Surat edaran sampah pesan2017
Surat edaran sampah pesan2017
 
Bob fugerer resume
Bob fugerer resumeBob fugerer resume
Bob fugerer resume
 
ESPECIFICACIONES TECNICAS PARTICULARES ESTRUCTURAS METÁLICAS.
ESPECIFICACIONES TECNICAS PARTICULARES ESTRUCTURAS METÁLICAS.ESPECIFICACIONES TECNICAS PARTICULARES ESTRUCTURAS METÁLICAS.
ESPECIFICACIONES TECNICAS PARTICULARES ESTRUCTURAS METÁLICAS.
 
Srbija od sticanja nezavisnosti 1878. do Majskog prevrata 1903.
Srbija od sticanja nezavisnosti 1878. do Majskog prevrata 1903.Srbija od sticanja nezavisnosti 1878. do Majskog prevrata 1903.
Srbija od sticanja nezavisnosti 1878. do Majskog prevrata 1903.
 
N 16.08.2013-11
N 16.08.2013-11N 16.08.2013-11
N 16.08.2013-11
 
sudipta-das-09-08-2016-09-20-19
sudipta-das-09-08-2016-09-20-19sudipta-das-09-08-2016-09-20-19
sudipta-das-09-08-2016-09-20-19
 
Mini Budget PP
Mini Budget PPMini Budget PP
Mini Budget PP
 
Creatividad e innovación en estudiantes universitarios
Creatividad e innovación en estudiantes universitariosCreatividad e innovación en estudiantes universitarios
Creatividad e innovación en estudiantes universitarios
 
Daily agri report by epic research limited of 01 march 2017
Daily agri report by epic research limited of 01 march 2017Daily agri report by epic research limited of 01 march 2017
Daily agri report by epic research limited of 01 march 2017
 
Unidad ii resumen de las exposiciones
Unidad ii resumen de las exposicionesUnidad ii resumen de las exposiciones
Unidad ii resumen de las exposiciones
 
Thomas Tate: Builder and Designer of Handcrafted Homes
Thomas Tate: Builder and Designer of Handcrafted HomesThomas Tate: Builder and Designer of Handcrafted Homes
Thomas Tate: Builder and Designer of Handcrafted Homes
 
Task2(evaluation)
Task2(evaluation)Task2(evaluation)
Task2(evaluation)
 
News Sleuths Game Boards
News Sleuths Game BoardsNews Sleuths Game Boards
News Sleuths Game Boards
 

Semelhante a Resilience in the Cyber Era

Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityBooz Allen Hamilton
 
Evolving State of the Endpoint Webinar
Evolving State of the Endpoint WebinarEvolving State of the Endpoint Webinar
Evolving State of the Endpoint WebinarLumension
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurityMatthew Rosenquist
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
20101012 isa larry_clinton
20101012 isa larry_clinton20101012 isa larry_clinton
20101012 isa larry_clintonCIONET
 
20101012 CIOnet Cyber Security Final Results
20101012 CIOnet Cyber Security Final Results20101012 CIOnet Cyber Security Final Results
20101012 CIOnet Cyber Security Final ResultsCIONET
 
Economist Intelligence Unit_mobile_data_120928
Economist Intelligence Unit_mobile_data_120928Economist Intelligence Unit_mobile_data_120928
Economist Intelligence Unit_mobile_data_120928Datafield
 
Secure data access in a mobile universe
Secure data access in a mobile universeSecure data access in a mobile universe
Secure data access in a mobile universespencerharry
 
The Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseThe Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseReadWrite
 
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Troy Marshall
 
Francis Kaitano Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
Francis Kaitano Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015Francis Kaitano Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
Francis Kaitano Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015CSO_Presentations
 
SVB Cybersecurity Impact on Innovation Report - Overview
SVB Cybersecurity Impact on Innovation Report - OverviewSVB Cybersecurity Impact on Innovation Report - Overview
SVB Cybersecurity Impact on Innovation Report - OverviewSilicon Valley Bank
 
CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022SophiaPalmira1
 
CTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptxCTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptxSophia Price
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3Lumension
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3Lumension
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3Lumension
 
2014 Secure Mobility Survey Report
2014 Secure Mobility Survey Report2014 Secure Mobility Survey Report
2014 Secure Mobility Survey ReportDImension Data
 
Cloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research SummaryCloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research SummaryIntel IT Center
 
Pivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityPivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityMatthew Rosenquist
 

Semelhante a Resilience in the Cyber Era (20)

Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of Mobility
 
Evolving State of the Endpoint Webinar
Evolving State of the Endpoint WebinarEvolving State of the Endpoint Webinar
Evolving State of the Endpoint Webinar
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
20101012 isa larry_clinton
20101012 isa larry_clinton20101012 isa larry_clinton
20101012 isa larry_clinton
 
20101012 CIOnet Cyber Security Final Results
20101012 CIOnet Cyber Security Final Results20101012 CIOnet Cyber Security Final Results
20101012 CIOnet Cyber Security Final Results
 
Economist Intelligence Unit_mobile_data_120928
Economist Intelligence Unit_mobile_data_120928Economist Intelligence Unit_mobile_data_120928
Economist Intelligence Unit_mobile_data_120928
 
Secure data access in a mobile universe
Secure data access in a mobile universeSecure data access in a mobile universe
Secure data access in a mobile universe
 
The Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseThe Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's Enterprise
 
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
 
Francis Kaitano Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
Francis Kaitano Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015Francis Kaitano Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
Francis Kaitano Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
 
SVB Cybersecurity Impact on Innovation Report - Overview
SVB Cybersecurity Impact on Innovation Report - OverviewSVB Cybersecurity Impact on Innovation Report - Overview
SVB Cybersecurity Impact on Innovation Report - Overview
 
CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022
 
CTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptxCTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptx
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3
 
2014 Secure Mobility Survey Report
2014 Secure Mobility Survey Report2014 Secure Mobility Survey Report
2014 Secure Mobility Survey Report
 
Cloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research SummaryCloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research Summary
 
Pivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityPivotal Role of HR in Cybersecurity
Pivotal Role of HR in Cybersecurity
 

Mais de Booz Allen Hamilton

You Can Hack That: How to Use Hackathons to Solve Your Toughest Challenges
You Can Hack That: How to Use Hackathons to Solve Your Toughest ChallengesYou Can Hack That: How to Use Hackathons to Solve Your Toughest Challenges
You Can Hack That: How to Use Hackathons to Solve Your Toughest ChallengesBooz Allen Hamilton
 
Examining Flexibility in the Workplace for Working Moms
Examining Flexibility in the Workplace for Working MomsExamining Flexibility in the Workplace for Working Moms
Examining Flexibility in the Workplace for Working MomsBooz Allen Hamilton
 
Booz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen Hamilton
 
Homeland Threats: Today and Tomorrow
Homeland Threats: Today and TomorrowHomeland Threats: Today and Tomorrow
Homeland Threats: Today and TomorrowBooz Allen Hamilton
 
Preparing for New Healthcare Payment Models
Preparing for New Healthcare Payment ModelsPreparing for New Healthcare Payment Models
Preparing for New Healthcare Payment ModelsBooz Allen Hamilton
 
The Product Owner’s Universe: Agile Coaching
The Product Owner’s Universe: Agile CoachingThe Product Owner’s Universe: Agile Coaching
The Product Owner’s Universe: Agile CoachingBooz Allen Hamilton
 
Immersive Learning: The Future of Training is Here
Immersive Learning: The Future of Training is HereImmersive Learning: The Future of Training is Here
Immersive Learning: The Future of Training is HereBooz Allen Hamilton
 
Nuclear Promise: Reducing Cost While Improving Performance
Nuclear Promise: Reducing Cost While Improving PerformanceNuclear Promise: Reducing Cost While Improving Performance
Nuclear Promise: Reducing Cost While Improving PerformanceBooz Allen Hamilton
 
Frenemies – When Unlikely Partners Join Forces
Frenemies – When Unlikely Partners Join ForcesFrenemies – When Unlikely Partners Join Forces
Frenemies – When Unlikely Partners Join ForcesBooz Allen Hamilton
 
Booz Allen Secure Agile Development
Booz Allen Secure Agile DevelopmentBooz Allen Secure Agile Development
Booz Allen Secure Agile DevelopmentBooz Allen Hamilton
 
Booz Allen Industrial Cybersecurity Threat Briefing
Booz Allen Industrial Cybersecurity Threat BriefingBooz Allen Industrial Cybersecurity Threat Briefing
Booz Allen Industrial Cybersecurity Threat BriefingBooz Allen Hamilton
 
Booz Allen Hamilton and Market Connections: C4ISR Survey Report
Booz Allen Hamilton and Market Connections: C4ISR Survey ReportBooz Allen Hamilton and Market Connections: C4ISR Survey Report
Booz Allen Hamilton and Market Connections: C4ISR Survey ReportBooz Allen Hamilton
 
Modern C4ISR Integrates, Innovates and Secures Military Networks
Modern C4ISR Integrates, Innovates and Secures Military NetworksModern C4ISR Integrates, Innovates and Secures Military Networks
Modern C4ISR Integrates, Innovates and Secures Military NetworksBooz Allen Hamilton
 
Agile and Open C4ISR Systems - Helping the Military Integrate, Innovate and S...
Agile and Open C4ISR Systems - Helping the Military Integrate, Innovate and S...Agile and Open C4ISR Systems - Helping the Military Integrate, Innovate and S...
Agile and Open C4ISR Systems - Helping the Military Integrate, Innovate and S...Booz Allen Hamilton
 
Booz Allen Field Guide to Data Science
Booz Allen Field Guide to Data Science Booz Allen Field Guide to Data Science
Booz Allen Field Guide to Data Science Booz Allen Hamilton
 

Mais de Booz Allen Hamilton (20)

You Can Hack That: How to Use Hackathons to Solve Your Toughest Challenges
You Can Hack That: How to Use Hackathons to Solve Your Toughest ChallengesYou Can Hack That: How to Use Hackathons to Solve Your Toughest Challenges
You Can Hack That: How to Use Hackathons to Solve Your Toughest Challenges
 
Examining Flexibility in the Workplace for Working Moms
Examining Flexibility in the Workplace for Working MomsExamining Flexibility in the Workplace for Working Moms
Examining Flexibility in the Workplace for Working Moms
 
The True Cost of Childcare
The True Cost of ChildcareThe True Cost of Childcare
The True Cost of Childcare
 
Booz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of Directors
 
Inaugural Addresses
Inaugural AddressesInaugural Addresses
Inaugural Addresses
 
Military Spouse Career Roadmap
Military Spouse Career Roadmap Military Spouse Career Roadmap
Military Spouse Career Roadmap
 
Homeland Threats: Today and Tomorrow
Homeland Threats: Today and TomorrowHomeland Threats: Today and Tomorrow
Homeland Threats: Today and Tomorrow
 
Preparing for New Healthcare Payment Models
Preparing for New Healthcare Payment ModelsPreparing for New Healthcare Payment Models
Preparing for New Healthcare Payment Models
 
The Product Owner’s Universe: Agile Coaching
The Product Owner’s Universe: Agile CoachingThe Product Owner’s Universe: Agile Coaching
The Product Owner’s Universe: Agile Coaching
 
Immersive Learning: The Future of Training is Here
Immersive Learning: The Future of Training is HereImmersive Learning: The Future of Training is Here
Immersive Learning: The Future of Training is Here
 
Nuclear Promise: Reducing Cost While Improving Performance
Nuclear Promise: Reducing Cost While Improving PerformanceNuclear Promise: Reducing Cost While Improving Performance
Nuclear Promise: Reducing Cost While Improving Performance
 
Frenemies – When Unlikely Partners Join Forces
Frenemies – When Unlikely Partners Join ForcesFrenemies – When Unlikely Partners Join Forces
Frenemies – When Unlikely Partners Join Forces
 
Booz Allen Secure Agile Development
Booz Allen Secure Agile DevelopmentBooz Allen Secure Agile Development
Booz Allen Secure Agile Development
 
Booz Allen Industrial Cybersecurity Threat Briefing
Booz Allen Industrial Cybersecurity Threat BriefingBooz Allen Industrial Cybersecurity Threat Briefing
Booz Allen Industrial Cybersecurity Threat Briefing
 
Booz Allen Hamilton and Market Connections: C4ISR Survey Report
Booz Allen Hamilton and Market Connections: C4ISR Survey ReportBooz Allen Hamilton and Market Connections: C4ISR Survey Report
Booz Allen Hamilton and Market Connections: C4ISR Survey Report
 
CITRIX IN AMAZON WEB SERVICES
CITRIX IN AMAZON WEB SERVICESCITRIX IN AMAZON WEB SERVICES
CITRIX IN AMAZON WEB SERVICES
 
Modern C4ISR Integrates, Innovates and Secures Military Networks
Modern C4ISR Integrates, Innovates and Secures Military NetworksModern C4ISR Integrates, Innovates and Secures Military Networks
Modern C4ISR Integrates, Innovates and Secures Military Networks
 
Agile and Open C4ISR Systems - Helping the Military Integrate, Innovate and S...
Agile and Open C4ISR Systems - Helping the Military Integrate, Innovate and S...Agile and Open C4ISR Systems - Helping the Military Integrate, Innovate and S...
Agile and Open C4ISR Systems - Helping the Military Integrate, Innovate and S...
 
Women On The Leading Edge
Women On The Leading Edge Women On The Leading Edge
Women On The Leading Edge
 
Booz Allen Field Guide to Data Science
Booz Allen Field Guide to Data Science Booz Allen Field Guide to Data Science
Booz Allen Field Guide to Data Science
 

Último

UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 

Último (20)

UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 

Resilience in the Cyber Era

  • 1. Resilience in the Cyber Era Building an Infrastructure that Secures and Protects An Economist Intelligence Unit research program sponsored by Booz Allen Hamilton
  • 2. List of Interviewees About the Survey Karen evans National Director, In June and July 2011, the Economist Intelligence U.S. Cyber Challenge Unit conducted a global survey, sponsored nigel inKster Director of Transnational by Booz Allen Hamilton, of 387 executives to Threats and Political Risk, International assess attitudes toward cybersecurity, and Institute for Strategic Studies their progress towards implementing resilience strategies. Nearly one-half (48 percent) of survey linDa laUn Global Business Continuity respondents are board members or C-level and Resiliency Services Consulting Portfolio executives, including 92 CEOs. The respondents and Methods Manager, IBM are based in Asia-Pacific (29 percent), North len PaDilla Senior Director America (26 percent), Western Europe of Technology, NTT Europe (26 percent), Latin America (9 percent), Middle ernie raKaczKy Principal Security East and Africa (7 percent) and Eastern Europe Architect, Invensys (3 percent). More than one-half of the survey respondents (55 percent) work for companies Dave scott Head of Solution with global annual revenues exceeding Consulting, NTT Europe US$500 million. Nineteen different industries Michael shinn CEO, Prometheus Global are represented in the survey sample, including garry siDaway Director of Security financial services (20 percent), professional Strategy, Integralis services (14 percent), energy and natural resources (12 percent), IT and technology JaMes P. g. sterbenz Associate Professor, (10 percent), and manufacturing (8 percent). Department of Electrical Engineering and Computer Science, Communications and Networking Systems Laboratory, University of Kansas
  • 3. Contents Executive Summary .................................................................................................................. 2 Introduction ................................................................................................................................ 3 Resilience: Definitions Matter ............................................................................................... 5 The Proliferating Threat........................................................................................................... 6 The Corporate Response ........................................................................................................ 7 The Government Response ................................................................................................... 9 Sidebar: The Role of Private Public Partnerships..........................................................10 Critical infrastructure issues: Developing Better System Architectures ..............10 Application issues: Resilience Through Better Software ...........................................11 Access issues: Greater Availability by Focusing on Data ...........................................12 Workforce issues: Becoming Resilience Aware .............................................................13 Sidebar: The Industry Differences .....................................................................................15 Conclusion .................................................................................................................................16 About Booz Allen ....................................................................................................................17 About Economist Intelligence Unit ...................................................................................17 Resilience in the Cyber Era 1
  • 4. Executive Summary • the cyber threat has evolveD froM hacKers fUnc tioning as hobbyists to soMething More serioUs anD organizeD. Today’s malicious agents are members of a growing industry of companies designed to infiltrate data centers to capture private information. • resilience can be DefineD as the ability of a system or domain to withstand attacks or failures, and to reestablish itself quickly. But other definitions of resilience vary widely. • the new attitUDe towarD resilience accePts that coMPanies cannot achieve Perfect secUrity or absolUte continUity. Businesses are moving away from the “bunker mentality” that encouraged them to retreat behind so-called “hardened endpoints.” Instead of aiming for a security standard that is impossible to achieve, they should focus on balancing resilience with productivity. • organizations can iMProve resilience by iMProving their critical Data centers and by making access to their systems more secure. Virtualization strategies and off-premise cloud architectures enable these data centers to be more secure than ever. Resilience should be about making data continuously available to those who should have access to it, and invisible to those who do not. • a trUly resilient enterPrise DynaMically innovates anD changes its Practices, Policies, anD Processes, in response to changing threats from the outside and changing requirements from the inside. Organizations must accept that data are protected by people, not machines. To improve resilience, they must enable and educate their workforce. • • Worldwide Internet Penetration 70 % 94 % of hoUseholDs of bUsinesses with are online 10 or More eMPloyees are online 2 Resilience in the Cyber Era
  • 5. Introduction the internet has PenetrateD almost every corner of human activity. Among members of the Organization for Economic Co-operation and Development (OECD), 70 percent of households and 94 percent of businesses with 10 or more employees are online. Worldwide, the number of Internet users is projected to rise from 6.4 per 100 inhabitants in 2000 to 29.7 per 100 by 2010. F IguRE 1 Ever-rising Internet penetration 30 Global ICT Developments, 2000-2010 25 Per 100 inhabitants 20 15 10 5 0 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 Internet users Fixed (wired) broadband subscriptions Source: ITU World Telecommunication/ICT Indicators database But as the world‘s digital market expands, so do One-third (32 percent) of executives say their the threats to its security. The estimated median country‘s economy relies on cyber infrastructure to cost of cyber crime for an organization—including an overwhelming extent. A further 54 percent say loss of property, loss of productivity, and cost cyber infrastructure is at least of equal importance to remediate—rose from US$3.8 million in 2010 to their country‘s growth as other factors. When to US$5.9 million in 2011, according to Ponemon executives were asked the same question Institute’s Second Annual Cost of Cyber Crime with respect to the economic growth of their Study (2011). The number of cyber attacks has also organizations, 41 percent of respondents consider increased by 44 percent per year, to an average of cyber infrastructure more important to their 1.4 successful attacks per week, per organization. organization‘s growth than other factors, and 48 percent consider it of equal importance. A survey conducted for this research program has confirmed the Internet‘s benefits and its risks. Resilience in the Cyber Era 3
  • 6. F IguRE 2 To what extent does the economic performance of your organization and the country where you are located rely on cyber infrastructure? Your Company 100% 41% 48% 10% 1% Your Country 100% 32% 54% 11% 3% To an overwhelming extent (cyber infrastructure is more important to growth than other factors) To some extent (cyber infrastructure is of equal importance to growth as other factors) To a small extent (cyber infrastructure is less important to growth than other factors) Don’t know Source: Economist Intelligence Unit survey, July 2011 While the threats to cybersecurity for the world‘s resilient enterprise dynamically innovates and businesses remain serious—and evolving, changes its practices, policies, and processes, businesses are moving away from the “bunker in response to changing threats from the outside mentality” that encouraged them to retreat and changing requirements from the inside. behind so-called “hardened endpoints”. Web- Educating its workforce about the nature and based applications, mobile devices, and cloud function of these changes is one of the key paths infrastructures are changing the business and to greater resiliency. technology landscape simultaneously. A truly “The number of cyber attacks has also increased by 44 percent per year, to an average of 1.4 successful attacks per week, per organization.” 4 Resilience in the Cyber Era
  • 7. Resilience: Definitions Matter nigel inKster, Director of Transnational Threats Resilience means something entirely different and Political Risk at the International Institute for to companies that are closely integrated into Strategic Studies, offers a scientific definition of a nation’s critical infrastructure—be it the cyber resilience: “the ability of a system or domain stock market, electric rail networks, or nuclear to withstand attacks or failures, and in such events, power stations. “We talk to our customers about to reestablish itself quickly.” what we call continuous service delivery,” says Garry Sidaway, Director of Security Strategy for But other definitions of resilience vary widely. In Integralis, a global security consulting firm. “Whilst 2010, the US Department of Homeland Security components might fail or you might have an commissioned a study on how institutions were incident, it’s about ensuring that service is still implementing resilience principles. Its analysts being delivered and the integrity of that service came up with 119 different definitions, and is still there.” concluded that a broader, more cohesive definition of resilience should include The new attitude in achieving resilience is to plan flexibility and adaptability. for acceptable levels of data loss, unit failures, and compromise. This may seem alien to executives Professor James P. G. Sterbenz, from the who have historically maintained a “zero-tolerance” Communications and Networking Systems policy toward failures. But new cloud hardware Laboratory at Kansas University, has been architectures are demonstrating that everyday working on clarifying the concept of resilience for events like storage device failures and data loss governments and organizations. The principles he can be tolerated when redundancies are built and his colleagues have developed as part of the into the system. university’s ResiliNets data network architecture project have been adopted by the European The US Department of Homeland Security Union’s government security agency, ENISA, and concluded in recent studies that “zero-tolerance” are in the process of becoming adopted by the policies led to the perception that every unit of the US Department of Homeland Security. business, whether digital or human, was critically important. When everything is critical, nothing is Professor Sterbenz points out that notions of critical. When organizations enact more flexible resilience can include several concepts that mean tolerance principles, failures that would have shut different things to different people. “Reliability down processes or even entire networks in an and availability are very different,” he explains. “A earlier era, won‘t even be noticed by customers. reliable system is one that operates for a specified period of time, and you say what the probability is. Availability, on the other hand, is the probability that something will be there when you need it.” Resilience in the Cyber Era 5
  • 8. The Proliferating Threat the cyber threat has evolveD from hackers leading up to these reports than in the preceding functioning as hobbyists to something more 18 years combined. serious and organized. Today‘s malicious agents “From a risk management point of view, there’s are members of a growing industry of companies a whole new set of variables that have to be designed to infiltrate data centers to capture considered,” says Mike Shinn, CEO of US-based private information. Their primary strategy is to Prometheus Global, a security consulting firm induce unsuspecting users to install malware on whose clients have included the White House and their PCs. Once installed, the malware converts US Department of Defense (DoD). “There’s a fairly the PCs into inadvertent attackers of the agents‘ widespread increase in economically directed final targets—data centers at Amazon, Rackspace, criminal activity [for] the theft of intellectual and elsewhere. In the summer of 2011, a number property. Cyber criminals are now targeting of security providers, including UK-based security everything from client lists, internal strategy services provider Webroot and other members of documents, designs—everything up to and the Cloud Security Alliance, produced reports on including information held by governments that these malware attacks. More instances of malware- would be of economic value.” based attacks were reported in the 18 months F Igu RE 3 What type(s) of cyber incident(s) has your organization experienced in the past year? Select all that apply. Phishing 46% Malware 45% Denial of service attack against website 19% External data breach 17% Internal data breach 17% Cyber espionage 10% Other, please specify 2% We did not experience any cyber incident in the past year 16% Don’t know 13% Source: Economist Intelligence Unit survey, July 2011 6 Resilience in the Cyber Era
  • 9. The Corporate Response the initial corPorate resPonses to cyber Linda Laun, Global Consulting Portfolio and attacks have failed to address deficiencies in Methods Manager for IBM’s Business Continuity network architectures that allow the latest cyber and Resiliency Services team, notes that attacks to occur. Ernie Rakaczky, Principal Security companies tend to focus on event-driven issues, Architect with Invensys’ process automation group, things that are huge in scope—such as natural believes that companies‘ efforts throughout disasters, pandemics, power failures, and civil the last decade have led businesses to adopt a unrest—as triggers for invoking security measures. “fortress mentality” to protect their infrastructure. Laun believes that most companies know how to Although setting up firewalls and zones, policies, approach risks associated with security and data and procedures makes sense, they should not be issues such as data loss or corruption, viruses, done in a “reactionary mode,” Rakaczky says. and worms, but she says they still struggle when dealing with risks associated with business issues The survey paints a mixed picture of the current like governance, compliance, audits, scalability, state of corporate cybersecurity strategies. and performance. Some 53% of our survey respondents say their organization has a cybersecurity strategy already Laun believes the problem is that responsibilities in place. Thirty-three percent of respondents admit for these other security issues are confined within they have no cyber-resilience strategy in place, organizational silos. IBM advocates what it calls and 14 percent were unsure. When asked to check a Business Resiliency Management Framework three of the biggest barriers to their companies (BRF) to distribute responsibility across multiple developing cybersecurity initiatives, among a list business units. The goal is to establish a centralized of nine, 41 percent of respondents cite lack of governance structure that allows stakeholders knowledge of the threat as holding back within the silos to set the direction of the program their companies. together through policy, measure success, and then “enforce” its policies. Resilience in the Cyber Era 7
  • 10. 41% When asked to check three of the biggest barriers to their companies developing saiD lacK of KnowleDge cybersecurity of the threat was holDing bacK their coMPanies initiatives The new attitude toward resilience accepts that be more productive no matter where they are or companies cannot achieve perfect security or what devices they are using. “Whether it’s working absolute continuity. Instead of aiming for a security regular hours or out-of-hours, whether it’s on a standard that is impossible to achieve, they should personal device or business device, how do we focus on balancing resilience with productivity. “It enable them to work and be productive in their is all about enablement,” proclaims Integralis’ Garry jobs? That is the change in information security Sidaway. Instead of being seen as forces that say that we’ve got to drive towards, and we have a “No,” he believes IT departments should ask how great opportunity to do that.” they can enable their company’s employees to F IguRE 4 Does your organization have a cybersecurity strategy? 14% Don’t know 53% Yes 33% No Source: Economist Intelligence Unit survey, July 2011 “Whether it’s working regular hours or out-of-hours, whether it’s on a personal device or business device, how do we enable them to work and be productive in their jobs? That is the change in information security that we’ve got to drive towards, and we have a great opportunity to do that.” 8 Resilience in the Cyber Era
  • 11. The Government Response all aroUnD the worlD, governments are think governments could encourage greater expected to provide the leadership role for cooperation between public and private sectors; cybersecurity and resilience—a topic they are and 56 percent think governments could promote only just beginning to address. Executives believe technology innovation through programs such as their organizations and their governments cyber competitions. could devote more resources to security issues. Although 87 percent of respondents believe Approximately 67 percent say their organization improved understanding should come from needs to pay more attention to cyber risks, and a greater partnership between government less than one-quarter (23 percent) think their and private industry, a far lesser number government is doing enough to promote cyber (36 percent) believe government should actually resilience. When asked whether they believed take the leadership role in maintaining cyber their country could do more to promote resilience, security. In short, businesses want help, and they 57 percent of respondents said they think their want it from government. But they do not want governments could improve communication government to take control of the issue. and awareness of cybersecurity issues; 60 percent F IguRE 5 In your opinion, who is primarily responsible for maintaining cybersecurity? National government(s) 36% Individual organization(s) 27% Multilateral organization(s) 24% Industry 11% Other, please specify 1% Don’t know 1% Source: Economist Intelligence Unit survey, July 2011 Resilience in the Cyber Era 9
  • 12. Critical Infrastructure Issues: Developing Better System The Role of Public/ Architectures Private Partnerships DesPite the MoDest sUccess of PUblic/Private the first way to iMProve resilience is to PartnershiPs (PPP) to Date, executives see some value improve an organization‘s critical infrastructure— in promoting collaboration. Eighty-seven percent of survey its data center. Newer infrastructures enable respondents agree that cyber resilience relies on some form of these data centers to be more secure than ever, partnership between government, civil society, and business. primarily because fault tolerance, replication, and workload balancing are all built into newer DARPA, the (DoD) agency tasked with technological innovation, operating systems and newer hardware. These offers a successful example of how to stimulate private sector new structures are more effective than the innovation for the greater good. The agency assembles teams “endpoint” hardening approach to system security, of experts who pursue innovative ideas. Little money is lost if which focused on hardening security at PCs, they are unsuccessful, while successful projects are picked up by smartphones, and other endpoint devices. the private sector. One such case was ARPANET, the precursor to today‘s Internet. Among more recent examples are the DARPA Dave Scott, the head of NTT Europe‘s Solution Grand Challenges, a cash prize competition last held in 2007 Consulting team admits that, although he that stimulated the development of driverless vehicles. was once an advocate of that approach, the More recently, the DoD rolled out the Defense Industrial Base precautions he took weren‘t enough. “I may have (DIB), a PPP initiative designed to share cyber threat information been naïve until my first data center outage,” Scott among organizations that support the US defense industry. says, “at which point, I wised up quite quickly. In August 2011, the trial was pronounced successful, and You can put together what you think are the best the initiative is now being extended to include certain security endpoints and resilience within a single critical infrastructures. facility, and something will still happen that takes the whole thing out. You assume then that true The U.S. Cyber Challenge offers yet another model of public/ resilience and true availability mean more than just private partnership. Karen Evans, the organization‘s national endpoint security.” director, said she first got involved in the U.S. Cyber Challenge, “to test the hypothesis that you could hold an online competition To improve security at data centers, it is necessary and identify talent.” The U.S. Cyber Challenge holds numerous to address the three classes of operations they competitions and events throughout the year and now also involve: processing (the execution of programs hosts a summer camp program, which in 2011 received 1,000 and the production of data, often called registrants for 200 available slots. Evans and her colleagues “compute power” by service providers); storage seek to harness the competitive nature of Americans and, in the (the containment of data); and interconnect (the process, identify highly talented individuals. The goal is to use the transmission of data and functionality). In an competition to eventually get 10,000 very skilled people to enter the workforce, taking modern resilience principles with them. • • 10 Resilience in the Cyber Era
  • 13. earlier era, the processor was a central processing Organizations may use a hosted provider such unit (CPU), the storage amounted to a couple of as Rackspace for their servers, or a cloud service hard disk drives, and interconnect was managed provider (CSP) such as Rackspace, Amazon, GoGrid, through Ethernet cables. or BlueLock to host all or part of their data center at various times. This allows them to lease more Two new factors have changed the way data compute power during peak usage times as well as centers are managed. First, companies often other efficiencies. employ virtualization strategies to improve compute power and storage in their data centers. Len Padilla, Senior Director of Technology for A vast array of storage devices—on- and off- NTT Europe, believes that cloud architecture premise and clusters of processors—are made to allows more companies to build failure and fault appear to the operating system as a single pool tolerance into their data architecture. Companies of storage and a single processing engine. These now have new ways to make their systems pools are then “connected” to the network by geographically blind and ramp up resources way of software that simulates a physical network to address a load in a particular way. “That’s adapter. The result is a virtual machine whose size something that very big organizations with very and location can be changed while it is still running. big IT budgets have always been able to do, but now cloud computing allows even smaller and Companies may also move part or all of their medium companies to do the same thing,” infrastructure off-premise via the cloud. explains Padilla. Application Issues: Resilience Through Better Software another way to iMProve resilience be used across a firm with auditing and versioning is through more modern applications. Newer services are far more concrete and trustworthy. software can be better managed than older Similarly, many company employees send sensitive software. However, too many organizations rely documents as attachments to one another via on work processes geared around old and even e-mail and institute security measures for ensuring outmoded applications. For example, law firms encryption and validating receipts. A better institute chains of custody around their document- alternative is to create shared storage spaces where handling processes that presume that documents only permitted individuals may be made aware are transferred from person to person. Newer of a document‘s existence. collaboration software that allows documents to Resilience in the Cyber Era 11
  • 14. Invensys’ Rakaczky explains that he still works with software before the end of a cycle, the cost often customers who use software and methods that gets counted as a budget overrun. date back to the turn of the century. In some cases, Instead, Rakaczky tries to help his customers he has had to employ virtualization just to enable keep their systems in more of a continually old systems to work on current hardware. He says concurrent state to make it easier to adapt to that his customers often resist migrating to newer, newer platforms. Planned, deliberate, and slow more secure operating systems because they are migrations distributed throughout the lifecycle of restricted by notions of 3-year or 5-year software a software product can be more efficient than a refresh cycles. If businesses try to upgrade 5-year overhaul. Access Issues: Greater Availability by Focusing on Data bUsinesses can also iMProve resilience Now, Sidaway believes, we’ve arrived at a sensible by making access to their systems more secure. model: A company‘s core asset to be protected is Existing networks often use a variety of different its data—not its servers or its firewall, or a dotted- security measures. Internet connections are line perimeter in the sand. Resilience should be secured with firewalls. Mobile users are secured about making data continuously available to those with virtual private networks. Data is secured with who should have access to it, and invisible to those encryption. Sidaway believes these disparate who do not. He believes modern data centers must “bolt-on” security technologies have created an be designed from the top down without arbitrary overly complex environment that is difficult to compartmentalization. To increase resilience, manage. “We need to start thinking in terms of businesses need to change their mindset from everything we need to do to enable our consumer securing devices to securing data. to access that information in a secure way, and work productively in a secure environment that’s easy to use,” he says. 12 Resilience in the Cyber Era
  • 15. Workforce Issues: Becoming Resilience-Aware Organizations must also accept that data are NTT collects a list of mistakes made during protected by people, not machines. To improve everyday work and emergency response. IT resilience, they must enable and educate their workforce members assigned to security then workforce. But few companies seem to be aware make it a point to communicate directly, person- of this requirement. Less than one-third of to-person—not via e-mail or voice mail or Twitter. survey respondents from companies that have a Next, the IT department follows up to make certain cybersecurity plan say employees are important employees are following those best practices stakeholders; in companies without a plan, even as directed. fewer recognize the importance of employees. Sidaway points out that information security Padilla has thoroughly documented his policies need to be acceptable to the people who company‘s resilience principles to help educate will carry them out. “If they‘re not acceptable to his workforce. At his company, a power outage, or the employee, people will start working around a strike affecting the subway system, or a severe it. You‘ve got to get that balance right, so you can thunderstorm becomes an opportunity that allows enforce it with technology. That becomes the part the workforce to train for a more critical situation. we have to monitor against compliance. Once you architect security into the system with technology, What NTT learns from these drills it then you‘ve got to monitor that. But there‘s also that documents, with results that can then be human element that comes into play, and it‘s shared with its own customers. often ignored when organizations look at risk and information security. It‘s people.” Resilience in the Cyber Era 13
  • 16. The Number of Cyber Attacks Has Increased... 44% Per year, to an average of... 1.4 sUccessfUl attacKs Per weeK, Per organization 14 Resilience in the Cyber Era
  • 17. The Industry Differences th e P e r c ePt i o n s o f t h e c h a l l e n g e s a nD o P Po r t U n i t i e s o f a cyber econoMy differ by industry. In a survey conducted by the Economist Intelligence Unit in June and July 2011, for example, 53 percent of respondents from financial services say that their industry relies on cyber infrastructure to an overwhelming extent, compared with 36 percent for the entire survey sample. Forty-seven percent of them also say their industry is more susceptible to cyber threats than their country or organization, compared with 23 percent overall. Respondents from the energy sector tend to see the greatest risk at the national level, perhaps because energy systems—whether electric power networks or supplies of oil and gas—frequently have national security implications. Invensys manages such networks in real time and, therefore, cannot afford to utilize public cloud resources precisely because those resources lie outside of Invensys‘ direct control, says Rakaczky. But it can utilize technologies internally such as virtualization (the principal ingredient of cloud architectures) to enable greater direct control, and more avenues for fault tolerance and response to failures. Invensys designs its networks to literally calculate resilience in real time—for example, maintaining the status of oil refineries with assets throughout North America, and registering the capacity and flow of fuel through every segment of pipe. According to Rakaczky, private cloud architectures can actually help Invensys utilize its data centers‘ processor power more efficiently, increasing the reliability of the real-time data it perceives. They can also distribute those data over systems in such a way that loss of data from one file—which will happen—does not and cannot destroy any single database. “A power company will buy one of our systems and deploy it across its generation stations, controlling maybe five turbines generating a couple of hundred megawatts of power for a whole network of the grid in the United States,” he explains. For those clients, security has always been provided by people, whether they are IT professionals or armed guards. So it only makes sense that performance, reliability, agility, confidentiality, and other resilience factors are managed directly by designated, responsible people as well. Not every industry requires a level of sensitivity to real-time data as Invensys‘ clients. But the resilience principles it has pioneered can apply just as easily to a financial services provider, for example, as it does to a continental power grid. • • Resilience in the Cyber Era 15
  • 18. Conclusion the cyber threats facing coMPanies have certainly increaseD, but they have been met by a host of powerful new ways to respond to them. Virtualization and cloud strategies now allow large and small companies to manage their data architecture with a flexibility that was impossible a few years ago. New collaboration software allows them to share documents more reliably on secure storage spaces. Modern data centers allow them to make their data continuously available to those who should have access to it, and invisible to those who don’t. A well-trained workforce familiar with cybersecurity issues can help companies train for emergencies, respond effectively, and learn from their experiences. A truly resilient enterprise dynamically innovates and changes its practices, policies, and processes, in response to changing threats from the outside and changing requirements from the inside. Resilience is achievable, but companies will have to change the way they operate to reach their goals. Resilient companies are stronger companies. By facing the resilience challenge, businesses can give their customers the trustworthiness and reliability they expect and deserve. 16 Resilience in the Cyber Era
  • 19. About Booz Allen Hamilton booz allen haMilton is a leaDing ProviDer of management and technology consulting services to the US government in defense, intelligence, and civil markets, and to major corporations, institutions, and not-for-profit organizations. Booz Allen is headquartered in McLean, Virginia, employs more than 25,000 people, and had revenue of $5.59 billion for the 12 months ended March 31, 2011. Booz Allen understands that cybersecurity is no longer just about protecting assets. It’s about enabling organizations to take full advantage of the vast opportunities that the ecosystem of cyberspace now offers for business, government and virtually every aspect of our society. Those opportunities can be imperiled, however, by rapidly emerging cyber threats from hackers (hacktivists), organized crime, nation states and terrorists. We help our clients in both business and government understand the full spectrum of threats and system vulnerabilities, and address them effectively and efficiently. Booz Allen believes the key to cybersecurity today is integration – creating a framework that “thinks bigger” than technology to encompass policy, operations, people and management as well. Through such a Mission Integration Framework, organizations can align these essential areas to address the real issues, and develop cyber strategies and solutions that keep pace with a fast-changing world. To learn more, visit www.boozallen.com. (NYSE: BAH) About the Economist Intelligence Unit the econoMist in t e l l i g e n c e U n i t i s Pa r t o f t h e e co n o Mi s t g r oU P, the leading source of analysis on international business and world affairs. Founded in 1946 as an in-house research unit for The Economist newspaper, we deliver business intelligence, forecasting and advice to over 1.5m decision-makers from the world’s leading companies, financial institutions, governments and universities. Our analysts are known for the rigour, accuracy and consistency of their analysis and forecasts, and their commitment to objectivity, clarity and timeliness. Resilience in the Cyber Era 17
  • 20. An Economist Intelligence Unit research program sponsored by Booz Allen Hamilton ©2011 Booz Allen Hamilton Inc.