CYBER RISKS TO GOLF CLUBS PRESENTED BY: LEE NORIEGA MITCH - - PowerPoint PPT Presentation

CYBER RISKS TO GOLF CLUBS

PRESENTED BY: LEE NORIEGA MITCH FENTON

TECHNOLOGY TRENDING

22.9

Billion

3.5

Billion

2010

6.0

Billion

8.7

Billion

14.4

Billion

2.0

Billion

2.5

Billion

2.9

Billion

2012 2014 2016 2018

Global Cybercrime Annual Cost

$475 – $625 Billion

Social M Media

• Established 2004
• 12 years later…
• Average 1.35 Billion Monthly Active Users
• Average 703 Million Mobile Daily Active Users

Global Population

7.125 Billion People

Most Targeted Industries through Cyberspace in 2015

12%

MANUFACTURING

19%

FINANCIAL

14%

INFORMATION

15%

HEALTHCARE

11%

RETAIL

16%

ENTERTAINMENT & SPORTS

Statistics from 2016 Verizon Data Breach Report and statista.com

IN THE NEWS

February 7, 2015 Golf Club, Yuma, AZ: 41+ Unauthorized credit transactions March 8, 2015 Hotel, Montauk, NY: Website Defacement July 15, 2016 Golf Club, Yorkshire, England: £300,000 Wire Fraud August 16, 2016 Hotel & Golf Club, Fort Worth, TX: Part of massive breach resulting in credit card theft. The culprit was determined to be malware that had been in place since March 2015

CYBER THREATS

TERRORIST ACTS CRIMINAL ELEMENTS HACKTIVISTS FOREIGN NATIONS SUPPLY CHAIN VULNERABILITY WIRELESS ACCESS POINTS REMOVABLE MEDIA NEGLIGENT USERS INSIDER THREATS

GOLF CLUB CYBER EXPOSURE

RISKS

Credit Cards Membership Information Financial Information Club Bank Accounts Reputational/Brand Damage

VARIABLES

Point of Sale (POS) Systems Restaurants Lodging Pro Shop Networks Wireless Local Area Network (LAN) IP Cameras Social Media Employees Disgruntled Colluding to Steal 3rd Party Vendors HVAC Vendors Technology Vendors

PHYSICAL SECURITY THREATS

Cybersecurity is NOT solely a technology problem. Protect your data center and computer terminals!

• LOCKS: Only as good as your key control program.
• Who has your keys? Are your doors commercial grade? Contractors use cheap material.
• LIGHTS: Security lighting is not accent lighting.
• CAMERAS: Pick a solid integrator. IP is great but keep them on a separate network.
• FIRE SUPPRESSION: Water and technology do not mix! Use FM-200 near servers.

MYTH #1 – I’M A GOLF CLUB. I’M NOT A TARGET.

Cyber criminals want the biggest bang for their buck. Reasons for this myth are:

• Membership data is more valuable than you think
• Cyber attacks are low risk and return high results
• Unmonitored / unorganized networks are easier targets
• Basic security tools are no match against today’s attacks

MYTH #2 – WE DON’T STORE PERSONAL IDENTIFIABLE INFORMATION (PII)

Your golf club may not, but the cyber hacker doesn’t know that when they breach your network. When breached:

• Your club may be a 3rd party risk to other organizations
• Your club may be used for nefarious purposes such as file storage
• Your network may be used as a launch pad to go somewhere else
• There is always information that can be used for subsequent or other attacks

MYTH #3 – WE’RE GOOD. WE HAVE A FIREWALL

• A firewall is just one aspect to protecting your organization
• A multi-layered approach to security is essential & based on people, processes,

and technology

• All organizations regardless of size should be ready to prevent, detect, and

respond to today’s cyberattacks

MYTH #4 – WE DON’T HAVE A BUDGET FOR CYBER SECURITY. IT’S TOO EXPENSIVE

Even the smallest golf clubs can implement enterprise-level protection on a

• budget. Low cost options:
• Patch your software and applications – Regularly
• Train your personnel – Empower them to be security aware
• You don’t know what you don’t know. Monitor your network so

management can make decisions based on current risk, not perceived risk

THE FALLOUT FROM A GOLF CLUB BREACH

Members and employees entrust the golf club with their personal information. Mishandling this information can put your golf club at risk:

• Reputational damage; loss of new and current membership
• Financial damage; Breach expenses, (notifications, credit monitoring, legal fees)
• Board reaction – Removing or firing of key personnel to so things are being done
• Club passed over for key golf events (Private / Corporate Events, etc.)
• Law Suits

Questions / Comments Thank You!