SlideShare uma empresa Scribd logo

Cyber-security overview and recommendations under 40 chars

Grant Barker
Grant Barker

- Cybersecurity risks are a growing concern for organizations as high-profile data breaches continue to occur globally, exposing millions of customer records. Common causes of breaches include targeted emails, virus/malware infections, and human error. - Traditional perimeter-based security defenses are no longer sufficient as attackers become more sophisticated. Organizations need to rely on tools that monitor behavior and enable rapid response, but many have not implemented these. - Internal audit can play a key role by integrating cybersecurity into audit plans, increasing board engagement, and helping organizations assess and strengthen their ability to identify, assess, and mitigate cybersecurity risks. Regular breach detection audits and reviews of third-party access are also recommended.

Negócios
1 de 21
Baixar para ler offline
Cyber-security for IA & Risk functions Overview and recommendations! June 2015!
2 © 2015 Protiviti Inc. Global cyber-breach examples “It takes twenty years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently.” – Warren Buffett! In 2013, Target’s network was hacked and was compromised for credit card information and other customer data of 70 million customers.! The company suffered a loss of $162 million and has also proposed to pay $10 million to settle a class-action lawsuit.! All TV5Monde broadcasts were brought down in a blackout between 10pm and 1am local time on March 8 and 9 by hackers claiming allegiance to Isis. They were able to seize control of the television network founded by the French government in 1984, simultaneously hacking 11 channels as well as its website and social media accounts.! Malware installed on cash register system across 2,200 The Home Depot stores syphoned credit card details of up to 56 million customers. The same group of Russian and Ukrainian hackers responsible for the data breaches at Target, Sally Beauty and P.F. Chang’s, among others are reported to be behind the breach. ! Anthem, one of the USA’s largest health insurers said that the personal information of tens of millions of its customers and employees, including its chief executive, was the subject of a “very sophisticated external cyber-attack.”. Hackers were able to breach a database that contained as many as 80 million records of current and former customers, as well as employees. ! In July 2014 , JP Morgan Chase, US's largest bank was compromised by hackers, stealing names, addresses, phone numbers and emails of account holders. The hack began in June but was not discovered until July, when the hackers had already obtained the highest level of administrative privilege to dozens of the bank’s computer servers.!
3 © 2015 Protiviti Inc. Australian cyber-breach examples “Privacy is not for the passive” – Jeffrey Rosen! The personal details of 31 of the world's leading political figures were leaked to the organisers of a soccer tournament late last year, in a major data breach caused by an email autofill error. The breach was caused by a staff member at Australia's Department of Immigration and related to world leaders attending the G20 Leaders' Summit in Australia last year.! Pizza Hut Australia confirmed that its customer data was compromised during a hacking attack on its website in 2012. The website was allegedly hacked by a group called 0-Day and Pyknic with claims that 240,000 credit card details were stolen in the process. ! Chinese hackers ‘breach Australian media organisations’ ahead of G20 2014 meeting. The group called “Deep Panda” is believed to be affiliated with the Chinese government. Deep Panda targeted Australian media organizations in an attempt to understand the domestic media climate when Chinese president Xi Jinping arrived.! A database containing the personal details of almost 10,000 asylum seekers in Australia, both adults and children, was mistakenly made available on the Web site of the country's Department of Immigration and Border Protection in 2014. The database included names, nationalities, locations, arrival dates and boat arrival information. !
4 © 2015 Protiviti Inc. Global and local cyber-breach statistics No sector is immune to cyber-breaches and the cost is growing everywhere! 325   303   277   235   223   164   146   141   95   65   28   27   23   22   17   10   10   6   2   2   1   Unknown! Public! Finance! Manufacturing! Accommodation! Retail! Professional! Healthcare! Information! Education! Other! Administrative! Entertainment! Transportation! Mining! Real Estate! Utilities! Trade! Agriculture! Construction! Management!  16.2      10.4      8.8      8.1      7.6      5.1      4.3     United States! Germany! Japan! France! United Kingdom! Australia! Russia! Average company loss AUD millionSecurity incidents with confirmed data loss Source: Verizon 2015 Data Breach Investigations Report; Ponemon Institute; Hewlett-Packard (HP Enterprise Security), October 2014! 10% average increase year-on- year! 30 days average resolution time
5 © 2015 Protiviti Inc. Types of cyber-breach A major type of cyber-security incidents remains socially engineered targeted emails! ! Source: 2013 CERT Australia Cyber Crime and Security Survey! 63% 52% 46% 35% 26% 17% 17% 17% Targeted emails! Virus or worm infection! Trojan or rootkit malware! Theft of mobile devices! Unauthorised access! Ransomware! DDoS! Unauthorised access to information from an •  Businesses across a wide range of industry sectors are exposed to potentially enormous physical losses as well as liabilities and costs as a result of cyber-attacks and data breaches.! •  Spammers and other cyber-criminals are moving away from exploit-kits in favour of phishing messages containing malicious email attachments, a tried-and-true attack technique.!
6 © 2015 Protiviti Inc. 57%   50%   48%   48%   41%   22%   16%   11%   Staff error and/or omission! Poor security culture! Unpatched or unprotected software! Misconfigured systems, applications Lack of technical security controls! Lack of IT security staff! Malicious leak! Other! Contributors to cyber-breaches Staff errors and/or omissions followed by poor security culture, unpatched or unprotected software are major internal factors! Source: 2013 CERT Australia Cyber Crime and Security Survey! 51% 49% 38% 36% 31% 16% Targeted attack! Third party risks and/or vulnerabilities! Sophisticated attackers! Powerful automated attack tools! Volume of attacks! Other! Internal Contributors External Contributors
7 © 2015 Protiviti Inc. Cyber-security investments & reality All organisations must recognise that perimeter defences will be breached! ! •  Boards should not be fooled into believing that good practices will prevent a well conceived targeted attack: they reduce vulnerability! •  The reality is that it is simply not possible to secure everything, let alone the perimeter.! •  Even if it was possible to secure the perimeter, this would not be enough, as it is far too easy to get behind it.! o All you have to do is be invited in! o Alternatively, it is possible to use social engineering techniques to get somebody behind the perimeter to open the door! •  The large amounts that have been invested in perimeter defences are of limited value.!
8 © 2015 Protiviti Inc. The need for new tools Organisations now need to rely on a different set of controls and associated tools to manage cyber-security risk! •  Solutions are all too often seen as purely technology rather than having a critical people element.! •  Over 70% of organisations* have not implemented the types of tools we would expect to see in place behind the perimeter.! •  ‘Intelligent’ security monitoring techniques that highlight abnormal behaviour or potential incidents and enable a real time response are increasingly important.! •  IT rarely presents a business case for these solutions to the Board nor clearly explain the value.! •  Boards have been seen to invest in these solutions where a clear business risk and the value proposition around the solution and target investment has been presented.! * Recent Protiviti study!
9 © 2015 Protiviti Inc. The cyber-security challenge in summary Organisations are now faced with a challenging cyber-threat environment exacerbated by operational hurdles! We often find companies fill a Security Lead role and fail to support them with complementary resources. As a result, the security function reflects the Lead’s particular strengths… and weaknesses. ! Cyber-security is too often seen as a technology problem and not handled as a core business risk! The personnel market for cyber- security professionals is highly competitive and those with strong business focus are even harder to find and hire! The attack surface is increasing as more devices are attached and the internet-of-things becomes reality! The sophistication of today’s threat-actors is increasing often they are often well run organisations or state-controlled groups with significant funding and capability! The annual direct costs of detecting, diagnosing and remediating cyber- breaches is increasing at over 10% p.a.! Cyber-risk is now a Board level risk item often in the top five risks!
10 © 2015 Protiviti Inc. Frameworks & reality There is no one size fits all! Complying with frameworks isn’t sufficient! •  There are so many areas to address:! –  from encryption, to application security, to disaster recovery! •  Then there is the complication of compliance with regulatory requirements, especially in multiple geographies! •  Target: PCI-DSS compliant! •  Home Depot: PCI-DSS compliant! •  JP Morgan: GLBA, FFIEC compliant! •  Anthem: HIPAA compliant! •  Aussie Travel Cover: Data not disclosed for 2 months! Plethora of frameworks and standards Compliance isn’t security
11 © 2015 Protiviti Inc. Internal audit’s role in effective cyber-security “Top performers” address cyber-security risk in their audit plan and have boards that are highly engaged with cyber-security risk! Higher board engagement in information security if cyber- security is included in audit plan! Higher level of inclusion of cyber-security in the audit plan if high board engagement in information security ! High board engagement! Other” board engagement! Included in audit plan! Not included in audit plan!
12 © 2015 Protiviti Inc. Internal audit’s role in effective cyber-security Organisations which include cyber-security in their audit plan also have a stronger ability to identify, assess and mitigate cyber-security risk! Organisations that rate themselves “very effective” at identifying/assessing/mitigating cyber-security risk Organisations that have a cyber-security risk strategy and policy in place In audit plan! Not in audit plan!
13 © 2015 Protiviti Inc. Questions to consider IA and Risk professionals can have a conversation with the business to determine and make them aware of whether they understand the threats! Do you know the value of your data? Do you know where your data is? Do you know who has access to this data? Do you know who is protecting the data? Do you know how to respond in case the data is compromised? •  A risk based approach needs to be adopted: a one size fits all approach is all too often adopted and is not practical, too costly and will ultimately fail! •  Top down ERM approach to security risk assessments is essential, identifying sensitive data, assessing threats,! capturing risk appetite, and! informing risk mitigation strategies! •  ‘Intelligent’ security monitoring techniques that highlight abnormal behaviour or potential incidents and enable a real time response are increasingly important! •  People are often the weakest link: security awareness training that works is essential! Traditional approaches to cyber-security
 are not working … … and most organisations struggle to answer five key questions
14 © 2015 Protiviti Inc. Action items for Risk and Internal Audit (1/2) Given internal audit’s key role in effective cyber-security there are ten actions that IA can take! Develop strategy & policy §  Work with management and the board to develop a cyber-security strategy and policy! Become “very effective” Recognise “internal” threats Board awareness & engagement Audit plan integration §  Seek to have the organisation become “very effective” in its ability to identify, assess and mitigate cyber-security risk to an acceptable level. ! §  Recognise the threat of a cyber-security breach resulting from the actions of an employee or business partner! §  Leverage board relationships to:! a)  heighten the board’s awareness and knowledge of cyber-security risk! b)  ensure that the board remains highly engaged with cyber-security matters and up to date on the changing nature and strategic importance of cyber-security risk. ! §  Ensure cyber-security risk is formally integrated into the audit plan. ! 1! 2! 3! 4! 5!
15 © 2015 Protiviti Inc. Action items for Risk and Internal Audit (2/2) Given internal audit’s key role in effective cyber-security there are ten actions that IA can take! Keep on top of new technologies §  Develop, and keep current, an understanding of how emerging technologies and technological trends are affecting the company and its cyber-security risk profile! Use NIST, ISO27001, ISO27002 Address people & technology Make monitoring & response a priority Address IT audit staffing §  Evaluate the organization’s cyber-security program against the NIST Cyber- security Framework, recognise that the framework does not go to the control level and therefore may require additional evaluations of ISO 27001 and 27002! §  Recognise that the strongest preventative capability requires a combination of human and technology security – a complementary blend of education, awareness, vigilance and technology tools! §  Make cyber-security monitoring and cyber-incident response a top management priority – a clear escalation protocol can help make the case for (and sustain) this priority! §  Address any IT/audit staffing and resource shortages, which represents a top technology challenge in many organisations and can hamper efforts to address cyber-security issues. ! 6! 7! 8! 9! 10!
16 © 2015 Protiviti Inc. Breach Detection Audit Key Questions •  Are there signs that the organization is currently breached or has been in the recent past? ! •  How effective are in-place security monitoring tools and processes?! •  Have potential breaches been sufficiently investigated?! Fieldwork Activities •  Forensic review of key indicators of a targeted attack (logs, network activity, systems).! •  Evaluation of breach detection capabilities and processes.! •  Review of previous potential breach incidents and organizational follow up.! Value Provided to Management •  Management will appreciate the timeliness and relevance.! •  Proven action steps that Management can take improve its ability to detect breaches.! •  Communication to stakeholders of key controls Management has invested in.! Organisations that are at high risk of cyber-attack should consider an annual Breach Detection Audit.!
17 © 2015 Protiviti Inc. Third Party Access Audit Key Questions •  Could a breach of a third party result in a breach of our organization?! •  Are vendor, contractor, and other third party accounts sufficiently restricted?! •  Would we know if a vendor account was being used improperly?! Fieldwork Activities •  Review of policies and procedures for third parties.! •  Review of a sample of third party accounts for appropriate access.! •  Attempting privilege escalation from an example third party account.! Value Provided to Management •  Topical given Target initial intrusion method.! •  Factual arguments to support limiting vendor access further.! •  Comforting stakeholders on a key area of risk (provided appropriate controls are in place).! IA and Risk can help Management limit risk associated with a hacked third party (e.g., HVAC).!
18 © 2015 Protiviti Inc. Protiviti’s cyber-security services Protiviti provides a full range of cyber-security services to help clients address the challenges of effective cyber-security! We work with clients to address IT cyber-security issues and deploy focused application and data management structures that solve problems and add business value Data Centric Security Incident Response & Forensics Security Operations & Implementation Security Program & Policy Vulnerability/Penetration Testing Identity & Access Management •  Data Governance! •  Data Classification! •  Data Leakage! •  Vendor Management &! Due Diligence! •  Privacy Management & Implementation! •  PCI and Security Compliance! •  Incident Response Strategy &! Planning! •  Emergency Response! •  Computer Forensics! •  Proactive eDiscovery Planning ! •  Reactive eDiscovery Support! •  Infrastructure Vulnerability! •  Application Vulnerability! •  Network Vulnerability! •  Database Vulnerability! •  Secure Code Reviews! •  Security Policy & Program! •  Security Strategy & Architecture! •  Security Metrics! •  Awareness & Training! •  Identity Governance! •  IAM Policy & Standards ! •  IAM Programme Support ! •  Role Based Access! •  Privileged User Access Management! •  Identity Federation ! •  Security Operations Center Design! •  SIEM Program & Operational! •  SOC Implementation & Staffing! •  Security Product Implementation!
19 © 2015 Protiviti Inc. Protiviti’s industry contributions Protiviti makes significant contributions to industry groups by actively participating, sponsoring and leading many industry associations! •  Established a position of thought leadership regarding information security, governance and regulatory compliance, through efforts such as active participation with the information security Organisations such as OWASP, I-4, ISSA, CSI, InfraGard, SANS, ISACA and CSI and release of our Bulletin and Frequently Asked Questions publications.! •  BITS Shared Assessments – on the Shared Assessments steering committee. ! •  All four PCI certifications: Qualified Security Assessor (QSA), Approved Scan Vendor (ASV), PCI Forensics Investigator (PFI) and Payment Application QSA (PA-QSA). ! •  FS-ISAC – serves on the Board and Advisors Committee.! •  I-4 – Member of industry “think-tank” focused on information security. Frequent presenter on Industry Best Practices. ! •  Board of directors member & charter member of the IT Policy Compliance Group. ! •  High Technology Crimes and Investigation Association (HTCIA).! •  FBI Infraguard. ! •  Information System Security Association (ISSA).!
20 © 2015 Protiviti Inc. Protiviti’s thought leadership Protiviti is a leading organisation in developing an disseminating pragmatic thought leadership in cyber-security and risk management!
Cyber-security overview and recommendations under 40 chars

Recomendados

Data Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryData Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryInternational Institute for Learning
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin OCTF Industry Engagement
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeMurray Security Services
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Alisha Deboer
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trumpMAXfocus
 
How to safe your company from having a security breach
How to safe your company from having a security breachHow to safe your company from having a security breach
How to safe your company from having a security breachBaltimax
 
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiAddressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiKnowledge Group
 

Recomendados

Data Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryData Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryInternational Institute for Learning
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin OCTF Industry Engagement
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeMurray Security Services
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Alisha Deboer
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trumpMAXfocus
 
How to safe your company from having a security breach
How to safe your company from having a security breachHow to safe your company from having a security breach
How to safe your company from having a security breachBaltimax
 
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiAddressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiKnowledge Group
 
2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual ReportLabris Networks
 
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020Business Days
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyMark Albala
 
Ict forensics and audit bb
Ict forensics and audit bbIct forensics and audit bb
Ict forensics and audit bbmarukanda
 
Modern Adversaries (Amplify Partners)
Modern Adversaries (Amplify Partners)Modern Adversaries (Amplify Partners)
Modern Adversaries (Amplify Partners)Andrew Manoske
 
Merit Event - Closing the Back Door in Your Systems
Merit Event - Closing the Back Door in Your SystemsMerit Event - Closing the Back Door in Your Systems
Merit Event - Closing the Back Door in Your Systemsmeritnorthwest
 
Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Javier Gonzalez
 
Computerworld Conference (2002)
Computerworld Conference (2002)Computerworld Conference (2002)
Computerworld Conference (2002)Skeeve Stevens
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsGoutama Bachtiar
 
cybersecurity and cyber crime
cybersecurity and cyber crimecybersecurity and cyber crime
cybersecurity and cyber crimeDarshan Aswani
 
111cyber crimes
111cyber crimes111cyber crimes
111cyber crimesrinushalu
 
Countering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaCountering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaMurray Security Services
 
Cybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global ThreatCybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global ThreatNTT Innovation Institute Inc.
 
220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?Spire Research and Consulting
 
Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say? Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say? Phil Agcaoili
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10seadeloitte
 
Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShowAdam Heller
 
Cosmin Vilcu - Sonicwal - prezentare - Cyber Security Trends 2020
Cosmin Vilcu - Sonicwal - prezentare - Cyber Security Trends 2020Cosmin Vilcu - Sonicwal - prezentare - Cyber Security Trends 2020
Cosmin Vilcu - Sonicwal - prezentare - Cyber Security Trends 2020Business Days
 
Cyber Insecurity --The battle to protect data rages on as hackers find new wa...
Cyber Insecurity --The battle to protect data rages on as hackers find new wa...Cyber Insecurity --The battle to protect data rages on as hackers find new wa...
Cyber Insecurity --The battle to protect data rages on as hackers find new wa...InnovatioNews
 
Software Backdoors, Chiaravalle
Software Backdoors, ChiaravalleSoftware Backdoors, Chiaravalle
Software Backdoors, ChiaravalleAdam Chiaravalle
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Accounting_Whitepapers
 
Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...
Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...
Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...Cybersecurity Education and Research Centre
 

Mais conteúdo relacionado

Mais procurados

2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual ReportLabris Networks
 
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020Business Days
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyMark Albala
 
Ict forensics and audit bb
Ict forensics and audit bbIct forensics and audit bb
Ict forensics and audit bbmarukanda
 
Modern Adversaries (Amplify Partners)
Modern Adversaries (Amplify Partners)Modern Adversaries (Amplify Partners)
Modern Adversaries (Amplify Partners)Andrew Manoske
 
Merit Event - Closing the Back Door in Your Systems
Merit Event - Closing the Back Door in Your SystemsMerit Event - Closing the Back Door in Your Systems
Merit Event - Closing the Back Door in Your Systemsmeritnorthwest
 
Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Javier Gonzalez
 
Computerworld Conference (2002)
Computerworld Conference (2002)Computerworld Conference (2002)
Computerworld Conference (2002)Skeeve Stevens
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsGoutama Bachtiar
 
cybersecurity and cyber crime
cybersecurity and cyber crimecybersecurity and cyber crime
cybersecurity and cyber crimeDarshan Aswani
 
111cyber crimes
111cyber crimes111cyber crimes
111cyber crimesrinushalu
 
Countering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaCountering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaMurray Security Services
 
Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say? Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say? Phil Agcaoili
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10seadeloitte
 
Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShowAdam Heller
 
Cosmin Vilcu - Sonicwal - prezentare - Cyber Security Trends 2020
Cosmin Vilcu - Sonicwal - prezentare - Cyber Security Trends 2020Cosmin Vilcu - Sonicwal - prezentare - Cyber Security Trends 2020
Cosmin Vilcu - Sonicwal - prezentare - Cyber Security Trends 2020Business Days
 
Cyber Insecurity --The battle to protect data rages on as hackers find new wa...
Cyber Insecurity --The battle to protect data rages on as hackers find new wa...Cyber Insecurity --The battle to protect data rages on as hackers find new wa...
Cyber Insecurity --The battle to protect data rages on as hackers find new wa...InnovatioNews
 
Software Backdoors, Chiaravalle
Software Backdoors, ChiaravalleSoftware Backdoors, Chiaravalle
Software Backdoors, ChiaravalleAdam Chiaravalle
 

Mais procurados (20)

2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual Report
 
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
 
Ict forensics and audit bb
Ict forensics and audit bbIct forensics and audit bb
Ict forensics and audit bb
 
Modern Adversaries (Amplify Partners)
Modern Adversaries (Amplify Partners)Modern Adversaries (Amplify Partners)
Modern Adversaries (Amplify Partners)
 
Merit Event - Closing the Back Door in Your Systems
Merit Event - Closing the Back Door in Your SystemsMerit Event - Closing the Back Door in Your Systems
Merit Event - Closing the Back Door in Your Systems
 
Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0
 
Computerworld Conference (2002)
Computerworld Conference (2002)Computerworld Conference (2002)
Computerworld Conference (2002)
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and Solutions
 
cybersecurity and cyber crime
cybersecurity and cyber crimecybersecurity and cyber crime
cybersecurity and cyber crime
 
111cyber crimes
111cyber crimes111cyber crimes
111cyber crimes
 
Countering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaCountering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from China
 
Cybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global ThreatCybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global Threat
 
220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?
 
Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say? Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say?
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10
 
Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShow
 
Cosmin Vilcu - Sonicwal - prezentare - Cyber Security Trends 2020
Cosmin Vilcu - Sonicwal - prezentare - Cyber Security Trends 2020Cosmin Vilcu - Sonicwal - prezentare - Cyber Security Trends 2020
Cosmin Vilcu - Sonicwal - prezentare - Cyber Security Trends 2020
 
Cyber Insecurity --The battle to protect data rages on as hackers find new wa...
Cyber Insecurity --The battle to protect data rages on as hackers find new wa...Cyber Insecurity --The battle to protect data rages on as hackers find new wa...
Cyber Insecurity --The battle to protect data rages on as hackers find new wa...
 
Software Backdoors, Chiaravalle
Software Backdoors, ChiaravalleSoftware Backdoors, Chiaravalle
Software Backdoors, Chiaravalle
 

Destaque

Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Accounting_Whitepapers
 
Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...
Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...
Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...Cybersecurity Education and Research Centre
 
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityIT Governance Ltd
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexIBM Security
 
2015 HPSR Cyber Risk Report
2015 HPSR Cyber Risk Report2015 HPSR Cyber Risk Report
2015 HPSR Cyber Risk ReportAngela Gunn
 
RIB Cybersecurity
RIB CybersecurityRIB Cybersecurity
RIB CybersecurityAndy Kim
 

Destaque (8)

Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015
 
Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...
Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...
Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...
 
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber security
 
HP cyber risk report 2015
HP cyber risk report 2015HP cyber risk report 2015
HP cyber risk report 2015
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence Index
 
SIM Card Overview
SIM Card OverviewSIM Card Overview
SIM Card Overview
 
2015 HPSR Cyber Risk Report
2015 HPSR Cyber Risk Report2015 HPSR Cyber Risk Report
2015 HPSR Cyber Risk Report
 
RIB Cybersecurity
RIB CybersecurityRIB Cybersecurity
RIB Cybersecurity
 

Semelhante a Cyber-security overview and recommendations under 40 chars

CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...
CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...
CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...jsnyder40
 
Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Cyril Soeri
 
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...Withum
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things NetIQ
 
The Internet Is a Dog-Eat-Dog World, and Your App Is Clad in Milk-Bone Underwear
The Internet Is a Dog-Eat-Dog World, and Your App Is Clad in Milk-Bone UnderwearThe Internet Is a Dog-Eat-Dog World, and Your App Is Clad in Milk-Bone Underwear
The Internet Is a Dog-Eat-Dog World, and Your App Is Clad in Milk-Bone UnderwearBob Wall
 
Information Security and Data Breach Trends 2014-2015
Information Security and Data Breach Trends 2014-2015Information Security and Data Breach Trends 2014-2015
Information Security and Data Breach Trends 2014-2015Brian Levine
 
Mr+Pulido+-+Cybersecurity+Issues+and+Prospects+in+East+Asia.pptx
Mr+Pulido+-+Cybersecurity+Issues+and+Prospects+in+East+Asia.pptxMr+Pulido+-+Cybersecurity+Issues+and+Prospects+in+East+Asia.pptx
Mr+Pulido+-+Cybersecurity+Issues+and+Prospects+in+East+Asia.pptxEMilo8
 
Cybersecurity - Webinar Session
Cybersecurity - Webinar SessionCybersecurity - Webinar Session
Cybersecurity - Webinar SessionKalilur Rahman
 
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)PwC France
 
wp-follow-the-data
wp-follow-the-datawp-follow-the-data
wp-follow-the-dataNumaan Huq
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?PECB
 
The digital economy and cybersecurity
The digital economy and cybersecurityThe digital economy and cybersecurity
The digital economy and cybersecurityMark Albala
 
IBM X-Force Threat Intelligence Report 2016
IBM X-Force Threat Intelligence Report 2016IBM X-Force Threat Intelligence Report 2016
IBM X-Force Threat Intelligence Report 2016thinkASG
 
2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper Final2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper FinalLarry Taylor Ph.D.
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6seadeloitte
 
Threat Actors and Innovators - Webinar
Threat Actors and Innovators - Webinar Threat Actors and Innovators - Webinar
Threat Actors and Innovators - Webinar Sparity Inc.
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of securityMatthew Pascucci
 
What Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security ProvidersWhat Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security ProvidersUnited Security Providers AG
 

Semelhante a Cyber-security overview and recommendations under 40 chars (20)

CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...
CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...
CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...
 
Cyber security lifting the veil of hacking webinar
Cyber security lifting the veil of hacking webinarCyber security lifting the veil of hacking webinar
Cyber security lifting the veil of hacking webinar
 
Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.
 
IE_ERS_CyberAnalysisReport
IE_ERS_CyberAnalysisReportIE_ERS_CyberAnalysisReport
IE_ERS_CyberAnalysisReport
 
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things
 
The Internet Is a Dog-Eat-Dog World, and Your App Is Clad in Milk-Bone Underwear
The Internet Is a Dog-Eat-Dog World, and Your App Is Clad in Milk-Bone UnderwearThe Internet Is a Dog-Eat-Dog World, and Your App Is Clad in Milk-Bone Underwear
The Internet Is a Dog-Eat-Dog World, and Your App Is Clad in Milk-Bone Underwear
 
Information Security and Data Breach Trends 2014-2015
Information Security and Data Breach Trends 2014-2015Information Security and Data Breach Trends 2014-2015
Information Security and Data Breach Trends 2014-2015
 
Mr+Pulido+-+Cybersecurity+Issues+and+Prospects+in+East+Asia.pptx
Mr+Pulido+-+Cybersecurity+Issues+and+Prospects+in+East+Asia.pptxMr+Pulido+-+Cybersecurity+Issues+and+Prospects+in+East+Asia.pptx
Mr+Pulido+-+Cybersecurity+Issues+and+Prospects+in+East+Asia.pptx
 
Cybersecurity - Webinar Session
Cybersecurity - Webinar SessionCybersecurity - Webinar Session
Cybersecurity - Webinar Session
 
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
 
wp-follow-the-data
wp-follow-the-datawp-follow-the-data
wp-follow-the-data
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?
 
The digital economy and cybersecurity
The digital economy and cybersecurityThe digital economy and cybersecurity
The digital economy and cybersecurity
 
IBM X-Force Threat Intelligence Report 2016
IBM X-Force Threat Intelligence Report 2016IBM X-Force Threat Intelligence Report 2016
IBM X-Force Threat Intelligence Report 2016
 
2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper Final2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper Final
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6
 
Threat Actors and Innovators - Webinar
Threat Actors and Innovators - Webinar Threat Actors and Innovators - Webinar
Threat Actors and Innovators - Webinar
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
 
What Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security ProvidersWhat Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security Providers
 

Último

Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Tina Ji
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024christinemoorman
 
Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni
 
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingTech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingShawn Pang
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxAndy Lambert
 
DEPED Work From Home WORKWEEK-PLAN.docx
DEPED Work From Home WORKWEEK-PLAN.docxDEPED Work From Home WORKWEEK-PLAN.docx
DEPED Work From Home WORKWEEK-PLAN.docxRodelinaLaud
 
Socio-economic-Impact-of-business-consumers-suppliers-and.pptx
Socio-economic-Impact-of-business-consumers-suppliers-and.pptxSocio-economic-Impact-of-business-consumers-suppliers-and.pptx
Socio-economic-Impact-of-business-consumers-suppliers-and.pptxtrishalcan8
 
RE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechRE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechNewman George Leech
 
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdf
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdfCatalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdf
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdfOrient Homes
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetDenis Gagné
 
Catalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfCatalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfOrient Homes
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒anilsa9823
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 

Último (20)

Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024
 
Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.
 
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingTech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
DEPED Work From Home WORKWEEK-PLAN.docx
DEPED Work From Home WORKWEEK-PLAN.docxDEPED Work From Home WORKWEEK-PLAN.docx
DEPED Work From Home WORKWEEK-PLAN.docx
 
Socio-economic-Impact-of-business-consumers-suppliers-and.pptx
Socio-economic-Impact-of-business-consumers-suppliers-and.pptxSocio-economic-Impact-of-business-consumers-suppliers-and.pptx
Socio-economic-Impact-of-business-consumers-suppliers-and.pptx
 
RE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechRE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman Leech
 
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdf
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdfCatalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdf
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdf
 
Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517
Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517
Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
 
Catalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfCatalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdf
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 

Cyber-security overview and recommendations under 40 chars

  • 1. Cyber-security for IA & Risk functions Overview and recommendations! June 2015!
  • 2. 2 © 2015 Protiviti Inc. Global cyber-breach examples “It takes twenty years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently.” – Warren Buffett! In 2013, Target’s network was hacked and was compromised for credit card information and other customer data of 70 million customers.! The company suffered a loss of $162 million and has also proposed to pay $10 million to settle a class-action lawsuit.! All TV5Monde broadcasts were brought down in a blackout between 10pm and 1am local time on March 8 and 9 by hackers claiming allegiance to Isis. They were able to seize control of the television network founded by the French government in 1984, simultaneously hacking 11 channels as well as its website and social media accounts.! Malware installed on cash register system across 2,200 The Home Depot stores syphoned credit card details of up to 56 million customers. The same group of Russian and Ukrainian hackers responsible for the data breaches at Target, Sally Beauty and P.F. Chang’s, among others are reported to be behind the breach. ! Anthem, one of the USA’s largest health insurers said that the personal information of tens of millions of its customers and employees, including its chief executive, was the subject of a “very sophisticated external cyber-attack.”. Hackers were able to breach a database that contained as many as 80 million records of current and former customers, as well as employees. ! In July 2014 , JP Morgan Chase, US's largest bank was compromised by hackers, stealing names, addresses, phone numbers and emails of account holders. The hack began in June but was not discovered until July, when the hackers had already obtained the highest level of administrative privilege to dozens of the bank’s computer servers.!
  • 3. 3 © 2015 Protiviti Inc. Australian cyber-breach examples “Privacy is not for the passive” – Jeffrey Rosen! The personal details of 31 of the world's leading political figures were leaked to the organisers of a soccer tournament late last year, in a major data breach caused by an email autofill error. The breach was caused by a staff member at Australia's Department of Immigration and related to world leaders attending the G20 Leaders' Summit in Australia last year.! Pizza Hut Australia confirmed that its customer data was compromised during a hacking attack on its website in 2012. The website was allegedly hacked by a group called 0-Day and Pyknic with claims that 240,000 credit card details were stolen in the process. ! Chinese hackers ‘breach Australian media organisations’ ahead of G20 2014 meeting. The group called “Deep Panda” is believed to be affiliated with the Chinese government. Deep Panda targeted Australian media organizations in an attempt to understand the domestic media climate when Chinese president Xi Jinping arrived.! A database containing the personal details of almost 10,000 asylum seekers in Australia, both adults and children, was mistakenly made available on the Web site of the country's Department of Immigration and Border Protection in 2014. The database included names, nationalities, locations, arrival dates and boat arrival information. !
  • 4. 4 © 2015 Protiviti Inc. Global and local cyber-breach statistics No sector is immune to cyber-breaches and the cost is growing everywhere! 325   303   277   235   223   164   146   141   95   65   28   27   23   22   17   10   10   6   2   2   1   Unknown! Public! Finance! Manufacturing! Accommodation! Retail! Professional! Healthcare! Information! Education! Other! Administrative! Entertainment! Transportation! Mining! Real Estate! Utilities! Trade! Agriculture! Construction! Management!  16.2      10.4      8.8      8.1      7.6      5.1      4.3     United States! Germany! Japan! France! United Kingdom! Australia! Russia! Average company loss AUD millionSecurity incidents with confirmed data loss Source: Verizon 2015 Data Breach Investigations Report; Ponemon Institute; Hewlett-Packard (HP Enterprise Security), October 2014! 10% average increase year-on- year! 30 days average resolution time
  • 5. 5 © 2015 Protiviti Inc. Types of cyber-breach A major type of cyber-security incidents remains socially engineered targeted emails! ! Source: 2013 CERT Australia Cyber Crime and Security Survey! 63% 52% 46% 35% 26% 17% 17% 17% Targeted emails! Virus or worm infection! Trojan or rootkit malware! Theft of mobile devices! Unauthorised access! Ransomware! DDoS! Unauthorised access to information from an •  Businesses across a wide range of industry sectors are exposed to potentially enormous physical losses as well as liabilities and costs as a result of cyber-attacks and data breaches.! •  Spammers and other cyber-criminals are moving away from exploit-kits in favour of phishing messages containing malicious email attachments, a tried-and-true attack technique.!
  • 6. 6 © 2015 Protiviti Inc. 57%   50%   48%   48%   41%   22%   16%   11%   Staff error and/or omission! Poor security culture! Unpatched or unprotected software! Misconfigured systems, applications Lack of technical security controls! Lack of IT security staff! Malicious leak! Other! Contributors to cyber-breaches Staff errors and/or omissions followed by poor security culture, unpatched or unprotected software are major internal factors! Source: 2013 CERT Australia Cyber Crime and Security Survey! 51% 49% 38% 36% 31% 16% Targeted attack! Third party risks and/or vulnerabilities! Sophisticated attackers! Powerful automated attack tools! Volume of attacks! Other! Internal Contributors External Contributors
  • 7. 7 © 2015 Protiviti Inc. Cyber-security investments & reality All organisations must recognise that perimeter defences will be breached! ! •  Boards should not be fooled into believing that good practices will prevent a well conceived targeted attack: they reduce vulnerability! •  The reality is that it is simply not possible to secure everything, let alone the perimeter.! •  Even if it was possible to secure the perimeter, this would not be enough, as it is far too easy to get behind it.! o All you have to do is be invited in! o Alternatively, it is possible to use social engineering techniques to get somebody behind the perimeter to open the door! •  The large amounts that have been invested in perimeter defences are of limited value.!
  • 8. 8 © 2015 Protiviti Inc. The need for new tools Organisations now need to rely on a different set of controls and associated tools to manage cyber-security risk! •  Solutions are all too often seen as purely technology rather than having a critical people element.! •  Over 70% of organisations* have not implemented the types of tools we would expect to see in place behind the perimeter.! •  ‘Intelligent’ security monitoring techniques that highlight abnormal behaviour or potential incidents and enable a real time response are increasingly important.! •  IT rarely presents a business case for these solutions to the Board nor clearly explain the value.! •  Boards have been seen to invest in these solutions where a clear business risk and the value proposition around the solution and target investment has been presented.! * Recent Protiviti study!
  • 9. 9 © 2015 Protiviti Inc. The cyber-security challenge in summary Organisations are now faced with a challenging cyber-threat environment exacerbated by operational hurdles! We often find companies fill a Security Lead role and fail to support them with complementary resources. As a result, the security function reflects the Lead’s particular strengths… and weaknesses. ! Cyber-security is too often seen as a technology problem and not handled as a core business risk! The personnel market for cyber- security professionals is highly competitive and those with strong business focus are even harder to find and hire! The attack surface is increasing as more devices are attached and the internet-of-things becomes reality! The sophistication of today’s threat-actors is increasing often they are often well run organisations or state-controlled groups with significant funding and capability! The annual direct costs of detecting, diagnosing and remediating cyber- breaches is increasing at over 10% p.a.! Cyber-risk is now a Board level risk item often in the top five risks!
  • 10. 10 © 2015 Protiviti Inc. Frameworks & reality There is no one size fits all! Complying with frameworks isn’t sufficient! •  There are so many areas to address:! –  from encryption, to application security, to disaster recovery! •  Then there is the complication of compliance with regulatory requirements, especially in multiple geographies! •  Target: PCI-DSS compliant! •  Home Depot: PCI-DSS compliant! •  JP Morgan: GLBA, FFIEC compliant! •  Anthem: HIPAA compliant! •  Aussie Travel Cover: Data not disclosed for 2 months! Plethora of frameworks and standards Compliance isn’t security
  • 11. 11 © 2015 Protiviti Inc. Internal audit’s role in effective cyber-security “Top performers” address cyber-security risk in their audit plan and have boards that are highly engaged with cyber-security risk! Higher board engagement in information security if cyber- security is included in audit plan! Higher level of inclusion of cyber-security in the audit plan if high board engagement in information security ! High board engagement! Other” board engagement! Included in audit plan! Not included in audit plan!
  • 12. 12 © 2015 Protiviti Inc. Internal audit’s role in effective cyber-security Organisations which include cyber-security in their audit plan also have a stronger ability to identify, assess and mitigate cyber-security risk! Organisations that rate themselves “very effective” at identifying/assessing/mitigating cyber-security risk Organisations that have a cyber-security risk strategy and policy in place In audit plan! Not in audit plan!
  • 13. 13 © 2015 Protiviti Inc. Questions to consider IA and Risk professionals can have a conversation with the business to determine and make them aware of whether they understand the threats! Do you know the value of your data? Do you know where your data is? Do you know who has access to this data? Do you know who is protecting the data? Do you know how to respond in case the data is compromised? •  A risk based approach needs to be adopted: a one size fits all approach is all too often adopted and is not practical, too costly and will ultimately fail! •  Top down ERM approach to security risk assessments is essential, identifying sensitive data, assessing threats,! capturing risk appetite, and! informing risk mitigation strategies! •  ‘Intelligent’ security monitoring techniques that highlight abnormal behaviour or potential incidents and enable a real time response are increasingly important! •  People are often the weakest link: security awareness training that works is essential! Traditional approaches to cyber-security
 are not working … … and most organisations struggle to answer five key questions
  • 14. 14 © 2015 Protiviti Inc. Action items for Risk and Internal Audit (1/2) Given internal audit’s key role in effective cyber-security there are ten actions that IA can take! Develop strategy & policy §  Work with management and the board to develop a cyber-security strategy and policy! Become “very effective” Recognise “internal” threats Board awareness & engagement Audit plan integration §  Seek to have the organisation become “very effective” in its ability to identify, assess and mitigate cyber-security risk to an acceptable level. ! §  Recognise the threat of a cyber-security breach resulting from the actions of an employee or business partner! §  Leverage board relationships to:! a)  heighten the board’s awareness and knowledge of cyber-security risk! b)  ensure that the board remains highly engaged with cyber-security matters and up to date on the changing nature and strategic importance of cyber-security risk. ! §  Ensure cyber-security risk is formally integrated into the audit plan. ! 1! 2! 3! 4! 5!
  • 15. 15 © 2015 Protiviti Inc. Action items for Risk and Internal Audit (2/2) Given internal audit’s key role in effective cyber-security there are ten actions that IA can take! Keep on top of new technologies §  Develop, and keep current, an understanding of how emerging technologies and technological trends are affecting the company and its cyber-security risk profile! Use NIST, ISO27001, ISO27002 Address people & technology Make monitoring & response a priority Address IT audit staffing §  Evaluate the organization’s cyber-security program against the NIST Cyber- security Framework, recognise that the framework does not go to the control level and therefore may require additional evaluations of ISO 27001 and 27002! §  Recognise that the strongest preventative capability requires a combination of human and technology security – a complementary blend of education, awareness, vigilance and technology tools! §  Make cyber-security monitoring and cyber-incident response a top management priority – a clear escalation protocol can help make the case for (and sustain) this priority! §  Address any IT/audit staffing and resource shortages, which represents a top technology challenge in many organisations and can hamper efforts to address cyber-security issues. ! 6! 7! 8! 9! 10!
  • 16. 16 © 2015 Protiviti Inc. Breach Detection Audit Key Questions •  Are there signs that the organization is currently breached or has been in the recent past? ! •  How effective are in-place security monitoring tools and processes?! •  Have potential breaches been sufficiently investigated?! Fieldwork Activities •  Forensic review of key indicators of a targeted attack (logs, network activity, systems).! •  Evaluation of breach detection capabilities and processes.! •  Review of previous potential breach incidents and organizational follow up.! Value Provided to Management •  Management will appreciate the timeliness and relevance.! •  Proven action steps that Management can take improve its ability to detect breaches.! •  Communication to stakeholders of key controls Management has invested in.! Organisations that are at high risk of cyber-attack should consider an annual Breach Detection Audit.!
  • 17. 17 © 2015 Protiviti Inc. Third Party Access Audit Key Questions •  Could a breach of a third party result in a breach of our organization?! •  Are vendor, contractor, and other third party accounts sufficiently restricted?! •  Would we know if a vendor account was being used improperly?! Fieldwork Activities •  Review of policies and procedures for third parties.! •  Review of a sample of third party accounts for appropriate access.! •  Attempting privilege escalation from an example third party account.! Value Provided to Management •  Topical given Target initial intrusion method.! •  Factual arguments to support limiting vendor access further.! •  Comforting stakeholders on a key area of risk (provided appropriate controls are in place).! IA and Risk can help Management limit risk associated with a hacked third party (e.g., HVAC).!
  • 18. 18 © 2015 Protiviti Inc. Protiviti’s cyber-security services Protiviti provides a full range of cyber-security services to help clients address the challenges of effective cyber-security! We work with clients to address IT cyber-security issues and deploy focused application and data management structures that solve problems and add business value Data Centric Security Incident Response & Forensics Security Operations & Implementation Security Program & Policy Vulnerability/Penetration Testing Identity & Access Management •  Data Governance! •  Data Classification! •  Data Leakage! •  Vendor Management &! Due Diligence! •  Privacy Management & Implementation! •  PCI and Security Compliance! •  Incident Response Strategy &! Planning! •  Emergency Response! •  Computer Forensics! •  Proactive eDiscovery Planning ! •  Reactive eDiscovery Support! •  Infrastructure Vulnerability! •  Application Vulnerability! •  Network Vulnerability! •  Database Vulnerability! •  Secure Code Reviews! •  Security Policy & Program! •  Security Strategy & Architecture! •  Security Metrics! •  Awareness & Training! •  Identity Governance! •  IAM Policy & Standards ! •  IAM Programme Support ! •  Role Based Access! •  Privileged User Access Management! •  Identity Federation ! •  Security Operations Center Design! •  SIEM Program & Operational! •  SOC Implementation & Staffing! •  Security Product Implementation!
  • 19. 19 © 2015 Protiviti Inc. Protiviti’s industry contributions Protiviti makes significant contributions to industry groups by actively participating, sponsoring and leading many industry associations! •  Established a position of thought leadership regarding information security, governance and regulatory compliance, through efforts such as active participation with the information security Organisations such as OWASP, I-4, ISSA, CSI, InfraGard, SANS, ISACA and CSI and release of our Bulletin and Frequently Asked Questions publications.! •  BITS Shared Assessments – on the Shared Assessments steering committee. ! •  All four PCI certifications: Qualified Security Assessor (QSA), Approved Scan Vendor (ASV), PCI Forensics Investigator (PFI) and Payment Application QSA (PA-QSA). ! •  FS-ISAC – serves on the Board and Advisors Committee.! •  I-4 – Member of industry “think-tank” focused on information security. Frequent presenter on Industry Best Practices. ! •  Board of directors member & charter member of the IT Policy Compliance Group. ! •  High Technology Crimes and Investigation Association (HTCIA).! •  FBI Infraguard. ! •  Information System Security Association (ISSA).!
  • 20. 20 © 2015 Protiviti Inc. Protiviti’s thought leadership Protiviti is a leading organisation in developing an disseminating pragmatic thought leadership in cyber-security and risk management!