cyber security
play

CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page - PowerPoint PPT Presentation

Dec 25, 2023 •121 likes •481 views

CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview 1. What is at risk? 2. Global industry trends 3. BDO/AusCERT survey 4. Recent cyber case studies 5. Cyber risk mitigation strategies Page

  1. CYBER SECURITY Nick Kervin – Partner, IT Advisory August 2017 Page 1

  2. CYBER SECURITY Overview 1. What is at risk? 2. Global industry trends 3. BDO/AusCERT survey 4. Recent cyber case studies 5. Cyber risk mitigation strategies Page 2

  3. WHAT IS AT RISK Page 3

  4. WHAT IS AT RISK 2017 World Economic Forum Page 4 S ource: The Global Risk Report 2017 – World Economic Forum

  5. WHAT IS AT RISK Who are the adversaries and what are their motives? Adversary Motives Targets Impact • • • Hacktivists Influence polit ical and / or Corporat e secret s Disrupt ion of business social change act ivities • S ensit ive business information • Pressure business t o change • Brand and reput ation • Informat ion relat ed t o key t heir pract ices • execut ives, employees, Loss of consumer confidence cust omers & business part ners • • • Cyber Immediat e financial gain Financial / payment syst ems Cost ly regulat ory inquiries criminals and penalt ies • Collect information for • Personally ident ifiable • fut ure financial gains information Consumer and shareholder lawsuit s • Payment card informat ion • Loss of consumer confidence • Prot ect ed healt h information • • • Nation state Economic, polit ical, and/ or Trade secret s Loss of compet it ive milit ary advantage advant age • S ensit ive business information • Disrupt ion t o crit ical • Emerging t echnologies infrast ruct ure • Crit ical infrast ruct ure Insiders • Personal advant age, • S ales, deals, market st rat egies • Trade secret disclosure monet ary gain • • Corporat e secret s, IP , R&D Operat ional disrupt ion • Professional revenge • Business operat ions • Brand and reput ation • Pat riot ism • • Personnel information Nat ional securit y impact Page 5

  6. WHAT IS AT RISK The actors and the information they target Adversary What’s most at risk Industrial Control Emerging Hacktivists S ystems (S CADA) technologies Payment card and Advanced materials and related information manufacturing Cyber criminals / financial markets techniques R&D and / or product Energy data design data Nation state Healthcare, pharmaceuticals, and Business deals information related technologies Health records Information and Insiders and other communication personal data technology and data Motives and tactics evolve and what adversaries target vary depending on the organisation and the products and services they provide. Page 6

  7. GLOBAL INDUSTRY TRENDS Page 7

  8. INDUSTRY TRENDS Cyber attacks on user devices & persons are rising S ource: Verizon 2016 Dat a Breach Invest igat ions Report Page 8

  9. INDUSTRY TRENDS Breach discovery methods are changing S ource: Verizon 2016 Dat a Breach Invest igat ions Report Page 9

  10. INDUSTRY TRENDS Breaches are on the rise but industry spend has not kept track Cyber attacks are on the rise $500 The est imat ed annual cost of cyber-at t acks t o t he global economy was more t han $500 billion in 2015 wit h billion $230 billion in AP AC World Economic Forum recognise cyber breaches as one of the top threats to stability of global $2.1 economy trillion Cost of dat a breaches and malware infect ions will cost t he global economy $2.1 t rillion by 2019 Cyber threats are Boards’ fastest-growing concern, but investments are not keeping track with $75 breach costs billion $75 billion spend on cyber securit y in 2015 Estimated spend on Cyber Security by 2020 will be $175 billion $175 Cyber spend will more t han double over t he next five years wit h Cyber insurance expect t o grow t o $2.5 billion billion by 2020 S ource: Forbes Page 10

  11. INDUSTRY TRENDS Cyber security skills are in high demand Solid growth in cyber security job market 1 million 1 million unfilled cyber security j obs globally in 2015 which is a 75% increase in the last five years Cyber security jobs in demand as investments increase 6 million There will be shortage in cyber security skills as the market is expected to grow to 6 million j obs by 2019 with a shortage of 2 million j obs Cyber job market in ANZ region is growing 21% The demand for cyber security skills in ANZ market will grow 21% over the next five years with expected shortage of 10,000 people by 2019 S ource: Forbes Page 11

  12. BDO / AusCERT CYBER SECURITY SURVEY Page 12

  13. BDO / AUSCERT CYBER SURVEY Australian Respondents • Over 400 respondents • 43% of Australian respondents from Queensland NZ Respondents by region Australian Respondents by state Page 13

  14. BDO / AUSCERT CYBER SURVEY Primary industry of all respondents coloured by type Wholesale trade Transport, post al and warehousing Retail t rade Rental, hiring and real est at e services Public administ ration and safet y Professional, scientific and t echnical services Other Mining Manufact uring Information media and telecommunicat ions Health care and social assist ance Financial and insurance services Elect ricit y, gas, wat er and waste services Educat ion and t raining Const ruct ion Art s and recreation services Agriculture, forest ry and fishing Administ rative and support services Accommodation and food services 0% 2% 4% 6% 8% 10% 12% 14% 16% 18% 20% S t at e Government Federal Government Local/ regional Government Not -for-profit Private limit ed company Public listed company S ole t rader / Part nership Page 14

  15. BDO / AUSCERT CYBER SURVEY Cyber security incidents experienced in 2016 • Ransomware Websit e defacement Unaut horised modificat ion of informat ion • Phishing Unaut horised access t o informat ion by int ernal user • Malware Unaut horised access t o informat ion by external user • DDoS Theft of lapt ops or mobile devices Ransomware Phishing / t arget ed malicious e-mails Malware / troj an infect ions Email addresses or websit e(s) blacklist ed Brute force at t ack Denial of service att ack Dat a loss / t heft of confident ial informat ion Dat a breach and t hird part y provider / supplier 0% 5% 10% 15% 20% 25% 30% 35% Healthcare All Respondents Page 15

  16. BDO / AUSCERT CYBER SURVEY Cyber security incidents expected in 2017 Websit e defacement Unaut horised modificat ion of informat ion Unaut horised access t o informat ion by int ernal user Unaut horised access t o informat ion by external user Theft of lapt ops or mobile devices Ransomware Phishing / t arget ed malicious e-mails Malware / troj an infect ions Email addresses or websit e(s) blacklist ed Brute force at t ack Denial of service att ack Dat a loss / t heft of confident ial informat ion Dat a breach and t hird part y provider / supplier 0.00% 5.00% 10.00% 15.00% 20.00% 25.00% Healthcare All Respondents Page 16

  17. BDO / AUSCERT CYBER SURVEY Likely source of Cyber security Incidents • Cyber criminals • Insiders / current employees • Activists Suppliers / business Customers partners 4% 4% • Third party hosting providers Competitors 6% Former employees Cyber criminals / 8% organised crime 33% Foreign Governments / Nation States 10% Third party hosting Insiders / current provider employees 10% 13% Activists 12% Page 17

  18. BDO / AUSCERT CYBER SURVEY Likely source of cyber security incidents Third part y hosting provider S uppliers / business part ners Insiders / current employees Former employees Foreign Government s / Nat ion S t at es Cyber criminals / organised crime Cust omers Compet it ors Act ivist s 0% 5% 10% 15% 20% 25% 30% 35% All Respondents Healthcare Page 18

  19. BDO / AUSCERT CYBER SURVEY Cyber security awareness programs reduce incidents overall All Respondents 50% 40% 30% 20% 10% 0% Ransomware Phishing Malware/ Troj an All Other Page 19

  20. BDO / AUSCERT CYBER SURVEY Security Operations Centres reduce incidents by 79% All Respondents 40% 30% 20% 10% 0% Ransomware Phishing Malware/ Troj an All Other Page 20

  21. BDO CYBER SURVEY Does your organisation utilise intelligence sharing networks No - we feel we don't Yes - we gain a great need to deal of value from 11% doing so 23% No - we don't know if such a Yes - but the network exists process is overly 39% expensive/ time consuming 5% Yes - but its usefulness is limited 18% No - it doesn’ t provide us value 4% Page 21

  22. BDO / AUSCERT CYBER SURVEY Only 28% of respondents have cyber insurance cover Yes - we have this cover as an extension to another insurance policy 8% 14% Yes - we have a standalone cyber policy 12% Yes - but do not know how the 9% policy was arranged Not yet - we are considering it 9% 5% No - we were not aware of this type of insurance No - we self-insure 18% 25% No - we don't feel we need it Page 22

  23. ASX 100 CYBER HEALTH CHECK REPORT Page 23

  24. ASX 100 CYBER HEALTH CHECK REPORT What is it? • The AS X 100 Cyber Health Check is the first attempt to gauge how the boards of Australia’s largest publicly listed companies view and manage their exposure to the rapidly evolving cyber world • 76% of the AS X 100 responded to the survey • Currently, only 11% of companies proactively reassure customers and investors about their approach to cyber security • S urvey is available at: www.asx.com.au/ AS X100-Cyber Page 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

ABB MINING USER CONFERENCE, MAY 02-05, 2017 Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial Automation Division Agenda Why worry about cyber security? ABBs approach to cyber security Cyber security

1.07k views • 39 slides
Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web application weaknesses XSS AJAX weaknesses SQL Injection Attacks (Slides from Lars Olson)

588 views • 41 slides
Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three points of failure in any secure network: Technology (hardware and software) Technology Support (ITS) End Users (USD students and employees)

359 views • 23 slides
CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019 INTRODUCTION Cyber Security The activity or process, ability or capability, or state whereby information and

735 views • 24 slides
ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* * Preliminary programme, subject to revision/update status 16 December 2014 4 February 2015 Day 1: Cyber Security Readiness Registration KU

306 views • 4 slides
Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford

Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford

16 Oct 2012 Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford Willke Cyber Security Advisor, MidAtlantic Region National Cyber Security Division (NCSD) Office of Cybersecurity and Communications

443 views • 20 slides
Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs !

Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs !

Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs ! 3 properties ... Confidentiality (including personal data) Integrity Availability 2 -Sminaire LIRIMA: Cyber security: current

876 views • 64 slides
2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor,

2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor,

2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor, Region VII Office of Cybersecurity and Communications (CS&C) National Protection and Programs Directorate (NPPD) FOUO / UNCLASS Cyber Security

333 views • 12 slides
CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

Eric Weston Wally Magda, CISSP, PSP, CISA Compliance Auditor, Cyber Compliance Auditor, Cyber Security Security CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September 24-25, 2013 Salt Lake City, UT No

2.02k views • 198 slides
Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

1 Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to innovation Sallie Sweeney KPMG The healthcare industrys evolution toward a true value based system, assuming responsibility for complex

797 views • 10 slides
Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence

Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence

Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence Service 05-10-2015 05-10-2015 Who are we? Centre for Cyber Security In respect of the Rule of Law and Privacy Cyber is a priority (Gov.

455 views • 18 slides
Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security

Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security

Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security Group The Cyber Security lecture series 1 Agenda for today Part I Latest security news Security vulnerabilities in Java

2.02k views • 185 slides
Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line

Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line

Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line DeepSec 2014, Vienna, 21 November 2014 NATO UNCLASSIFIED Cyber Security In NATO NATO in a nutshell: Collective defence Interoperable

666 views • 42 slides
Cyber security Tiered approach to cyber security preparedness in water National Sector

Cyber security Tiered approach to cyber security preparedness in water National Sector

Cyber security Tiered approach to cyber security preparedness in water National Sector What I am Company utilities in the UK going to Water UK good practice cover NIS Directive Dr Jim Marshall, Senior Policy Advisor,

231 views • 4 slides
Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK businesses and how to remain safe What help is available Further reading Setting the scene 21.2bn The cost of fraud to the

304 views • 19 slides
Cyber Security Xperience Group & Sophos https://player.vimeo.com/video

Cyber Security Xperience Group & Sophos https://player.vimeo.com/video

Cyber Security Xperience Group & Sophos https://player.vimeo.com/video /135044595?width=800&heigh t=450&iframe=true&portrait=0 Cybercrime Prevention Seminar Law Society - Belfast Dermot Hayden 12 th Oct 2018 Sophos Snapshot

469 views • 35 slides
Larry Clinton Operations Officer Internet Security Alliance lclinton@eia.org 703-907-7028

Larry Clinton Operations Officer Internet Security Alliance lclinton@eia.org 703-907-7028

Larry Clinton Operations Officer Internet Security Alliance lclinton@eia.org 703-907-7028 202-236-0001 Presentation Outline The Growing Problem of Cyber Security Traditional Solutions and Why They Wont Work A New Paradigm (tools

591 views • 34 slides
SCORE Website Cybersecurity Presentation DASHBOARD INTERACTIVE Digital Marketing Firm that

SCORE Website Cybersecurity Presentation DASHBOARD INTERACTIVE Digital Marketing Firm that

SCORE Website Cybersecurity Presentation DASHBOARD INTERACTIVE Digital Marketing Firm that emphasizes Website Security Founded in January of 2006 13 Team Members Work with Small and Medium Sized Businesses and Agencies

522 views • 41 slides
CYBERSECURITY CYBERSECURITY SEMINAR SEMINAR STEVE RUTKOVITZ STEVE RUTKOVITZ ABOUT STEVE

CYBERSECURITY CYBERSECURITY SEMINAR SEMINAR STEVE RUTKOVITZ STEVE RUTKOVITZ ABOUT STEVE

PROTECTING YOU AND YOUR BUSINESS CYBERSECURITY CYBERSECURITY SEMINAR SEMINAR STEVE RUTKOVITZ STEVE RUTKOVITZ ABOUT STEVE RUTKOVITZ ABOUT STEVE RUTKOVITZ For over 20 years, Steve owned and operated a very successful MSP business. W ith a

516 views • 25 slides
Steroids [root@tools ~]# whoami Martin (purehate) Bos Core Developer for Backtrack Linux

Steroids [root@tools ~]# whoami Martin (purehate) Bos Core Developer for Backtrack Linux

Password Cracking on Steroids [root@tools ~]# whoami Martin (purehate) Bos Core Developer for Backtrack Linux Owner of Computer Rehab Co-Founder Question-Defense Security Enthusiast [root@tools ~]# whoami Alex (dakykilla) Kah

392 views • 37 slides
A P P L I C AT I O N S T H R O U G H A N AT TA C K E R S L E N S M I C H A E L C O AT E S

A P P L I C AT I O N S T H R O U G H A N AT TA C K E R S L E N S M I C H A E L C O AT E S

A P P L I C AT I O N S T H R O U G H A N AT TA C K E R S L E N S M I C H A E L C O AT E S , T R U S T & I N F O R M AT I O N S E C U R I T Y O F F I C E R @ _ M W C W H AT S G O I N G W R O N G Deconstructing Breaches

844 views • 55 slides
Cybersecurity, Insurers, and the Department: What You Need to Know John J. Lacek IV, Esq.

Cybersecurity, Insurers, and the Department: What You Need to Know John J. Lacek IV, Esq.

Cybersecurity, Insurers, and the Department: What You Need to Know John J. Lacek IV, Esq. Department Counsel Chair Cybersecurity Incident Response Task Force Office of Chief Counsel | www.insurance.pa.gov A Growing Threat and Growing

531 views • 25 slides
Data and Financial Transactions Security - What You Need to Know, Now! Rick Diamond, VP, Agency

Data and Financial Transactions Security - What You Need to Know, Now! Rick Diamond, VP, Agency

Data and Financial Transactions Security - What You Need to Know, Now! Rick Diamond, VP, Agency I.T. Director, FNTG rick.diamond@fnf.com @rdiamondFNF Why are you doing this and why should you care? Not because the cfpb wants you to

730 views • 41 slides

More recommend