everything you wanted to know about cyber risk
play

EVERYTHING YOU WANTED TO KNOW ABOUT CYBER RISK But were afraid to - PowerPoint PPT Presentation

Oct 03, 2022 •157 likes •448 views

EVERYTHING YOU WANTED TO KNOW ABOUT CYBER RISK But were afraid to ask! Rachel Burley, Lead Security Analyst, Diligent Josh Fruecht, Governance Advisor and Former Clerk, Diligent Tuesday, October 22 Agenda Recent research & common

  1. EVERYTHING YOU WANTED TO KNOW ABOUT CYBER RISK But were afraid to ask! Rachel Burley, Lead Security Analyst, Diligent Josh Fruecht, Governance Advisor and Former Clerk, Diligent Tuesday, October 22

  2. Agenda • Recent research & common security misconceptions • Local government examples • Strategic actions you can implement now • Asking the right questions • Next steps

  3. Introductions Rachel Burley Lead Security Analyst, Diligent • Security and compliance professional whose career focus includes enhancing companies ’ security posture through governance, risk, and compliance. • Successfully implemented security-related frameworks for multiple SaaS companies. These frameworks include ISO 27001, NIST Cybersecurity Framework, Service Organization Controls (SOC) and NIST SP 800-53. • She is a graduate of Wilmington University with a B.S Computer and Network Security and MS Homeland Security – Information Assurance. • She has earned various security and audit certifications, the most recent being the BSI ISO/IEC 27001:2013 Internal Auditor certification.

  4. Introductions Josh Fruecht, MPA, CMC Governance Advisor, Diligent • Working with and for local governments for over 10 years • Master of Public Administration from Florida State University • IIMC Certified Municipal Clerk • Experienced in guiding people through the ins and outs of making technology projects successful

  5. RECENT RESEARCH & COMMON SECURITY MISCONCEPTIONS

  6. 50% of directors around the globe discuss sensitive material via personal channels

  7. 71% of boards use unsecure private emails and pdfs to manage their documents

  8. COMMON SECURITY MISCONCEPTIONS 1 2 3 4 IT is responsible Cybersecurity is Management, left Public information, for risk something that to its own devices, therefore, no need can be fixed management will give cyber risks to protect the attention they deserve

  9. Early focus on large corporation with a shift towards smaller targets Securities and Exchange Commissions issued Early Banks and large strong suggestions corporations focus for boards Smaller targets Corporate directors are Shift are seeing an responsible for preventing increase in towards attacks cyberattacks

  10. Data Breach Investigations Report The Verizon Data Breach Investigations Report (DBIR) provides crucial perspectives on threats that organizations face. The DBIR is built on real-world data from over 41,000 security incidents and over 2,000 data breaches provided by 73 data sources, both public and private entities, spanning across 86 countries worldwide. https://enterprise.verizon.com/resources/reports/dbir/2019/public-administration

  11. Cyber Risk by the Numbers  2 million  $6 trillion Number of cyberattacks reported in Annual cost of cyber crime damages – – 2018 by 2021  $45 billion  1 in every 131 Total cost of losses from cyber Emails is malicious – – incidents in 2018  12% rise  95% Business targeted ransomware Cyber attacks could be prevented by – – updating software & training Check out “Have I Been Pwned ?” haveibeenpwned.com Online Trust Alliance Annual Cyber Security Report, 2018

  12. How much is your personal data worth to hackers The NY Post discloses how much your stolen information is worth Netflix password Credit card details details • $2.29 • $20 • $1,000 • $3.05 • $22.39 Email password Drivers License Medical record details details

  13. LOCAL GOVERNMENT EXAMPLES

  14. Recent local government examples Atlanta , Baltimore, Brookhaven, Colorado GA MD NY • SamSam • Government data ransomware • 911 Dispatch • 76 government and systems infection hacked sites • $51,000 bitcoin • 2,000+systems • IT staff restored • Content • $2.7M(June 2018) offline system changed to ISIS • $2M Cost propaganda

  15. SamSam Ransom Payments

  16. STRATEGIC ACTIONS YOU CAN IMPLEMENT NOW

  17. Building a Cyber Security Program 1. Identify Systems 1. People 2. Assets 3. Data 4. Capabilities 5. 2. Protect 3. Detect 4. Respond 5. Recover

  18. STEP #1: Identify The first step in creating a cyber security response program is to identify the key areas that need to be protected. It ’ s important to look at the following areas: Systems • People • Assets • Data • Capabilities • The identification step allows local governments to prioritize their efforts while aligning them with their risk management strategies.

  19. Lorem ipsum STEP #2: Protect dolor sit amer, consec uentum Ensure the local government will be able to defend critical infrastructure services by protecting physical and remote access elit. to information that local governments retain. Protecting information entails creating training and awareness of local government staff on their roles in cybersecurity. Implement information protection processes and procedures to manage and maintain information systems and assets. Processes that are designed to protect the government ’ s information should include remote maintenance. Local governments need to ensure that activities in the protection step are consistent with the government ’ s organizational policies, procedures and agreements.

  20. Lorem ipsum STEP #3: Detect dolor sit amer, consec uentum Identify the occurrence of a security breach event at the earliest opportunity. elit. This step requires having systems in place to identify anomalies and unusual events and to understand their potential impact. Local governments need to have a process in place to continuously monitor cybersecurity events and verify the effectiveness of their protective measures.

  21. Lorem ipsum STEP #4: Respond dolor sit amer, consec uentum Establish a plan to respond appropriately to a cybersecurity incident in a timely manner. elit. Responding quickly and completely will minimizing damage and keeping employees and the community informed. One of the most important activities involved in this step is managing communications with law enforcement and the public, which requires a detailed plan. Local governments can continually improve this step by staying current with emerging breaches that affect other governments and learning from any lessons gained from the detection step.

  22. Lorem ipsum STEP #5: Recover dolor sit amer, consec uentum Identify and implement activities to restore damage or other issues caused by a security breach. Activities should be designed to restore elit. the government ’ s operations to normalcy at the earliest opportunity, which will reduce the overall impact of the breach. The recovery step is also the time to implement the communications plans that the government identified in Step #4, the Response step. Once the security breach response plan has been formed, it ’ s important for local governments to remain current with new developments and to review their plans at least annually to ensure effectiveness. The five-step plan is the most viable way to ensure that local governments are doing their due diligence in protecting their communities from a security breach.

  23. Amazing City is a small city with a population of 200,000 people. The city has become victim to a ransomware attack. Reported issues resulting from the ransomware attack include: Corporate email is down, Traffic tickets cannot be paid, and real-estate transitions cannot be processed. Group Action: In your group think of 3-5 steps that should be completed based on the cyber security response program step assigned to your group. (Steps 1 through 5) 1. Identify 2. Protect 3. Detect 4. Respond 5. Recover

  24. Practices You Can Implement Now ➤ Understanding the legal implications of data comprise ➤ Internal audit ➤ Investing in a highly secure transparency portal that support good governance principles ➤ Applying tools discussed today ➤ Getting cyber insurance ➤ Continuously training staff

  25. ASKING THE RIGHT QUESTIONS

  26. Asking the right questions • How are we protecting citizen/operational data? • What are the biggest vulnerabilities & how are we preparing (e.g., planning, training, cyber risk insurance, other)? • Does your current insurance policy cover cyber incidents? What exclusions do you have? • How are incidents handled? Cooperative vs. Hands off? • How do we know our security/privacy program works? • How is compliance applied – every three years, quarterly, other?

  27. NEXT STEPS

  28. Next steps • Have a conversation at the board/council table • Clear picture of what it would take to ensure security practices are followed in your organization • Contact us to learn more about how our software can fit into your cyber risk program

  29. THANK YOU Questions?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT ITY How cyber is becoming a key aspect of the ubiquity generation. CYBER SUMMIT More to come 3 2018 Deloitte Cyber Risk Services 4 2018

514 views • 19 slides
Introduction to Cyber Risk & Insurance Prepared for the Construction Financial Management

Introduction to Cyber Risk & Insurance Prepared for the Construction Financial Management

Introduction to Cyber Risk & Insurance Prepared for the Construction Financial Management Association Date: August 18, 2016 Agenda An Overview of Cyber Risk Exposures 1. Legal & Regulatory Trends 2. Marshs Cyber Risk Management

649 views • 31 slides
Data Driven Assessment of Cyber Risk: Challenges in Assessing and Mitigating Cyber Risk

Data Driven Assessment of Cyber Risk: Challenges in Assessing and Mitigating Cyber Risk

Data Driven Assessment of Cyber Risk: Challenges in Assessing and Mitigating Cyber Risk Challenges in Assessing and Mitigating Cyber Risk Mustaque Ahamad, Saby Mitra and Paul Royal Georgia Tech Information Security Center Georgia Tech

763 views • 16 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
Technology and Cyber Wrap up Navigating the changing and challenging risk landscape How to

Technology and Cyber Wrap up Navigating the changing and challenging risk landscape How to

Technology and Cyber Wrap up Navigating the changing and challenging risk landscape How to prepare for Cyber Risk: 3 2 1 Understand the tech & Cyber insurance Focus on company interconnected risks culture 2 Policy: Protection &

774 views • 18 slides
Cyber Risk as Systemic Risk Jon Danielsson Systemic Risk Centre London School of Economics

Cyber Risk as Systemic Risk Jon Danielsson Systemic Risk Centre London School of Economics

Introduction Systemic Risk Cyber as systemic Conclusion Cyber Risk as Systemic Risk Jon Danielsson Systemic Risk Centre London School of Economics www.systemicrisk.ac.uk June 10 th 2016 Introduction Systemic Risk Cyber as systemic

351 views • 24 slides
Assessing your Cyber Risk A Real Life Case Study Presented by: Liz Limjuco, Marsh Mike Paulino,

Assessing your Cyber Risk A Real Life Case Study Presented by: Liz Limjuco, Marsh Mike Paulino,

Assessing your Cyber Risk A Real Life Case Study Presented by: Liz Limjuco, Marsh Mike Paulino, CSG International Cindy Stevens, Colorado Springs Utilities Agenda What is Cyber Insurance Overview of Cyber Risk Quantifying Cyber

508 views • 23 slides
PREDICTIVE MODELING CONFERENCE Data Workshop Cyber Risk Models Loss Aggregation Models

PREDICTIVE MODELING CONFERENCE Data Workshop Cyber Risk Models Loss Aggregation Models

PREDICTIVE MODELING CONFERENCE Data Workshop Cyber Risk Models Loss Aggregation Models Advisens Data Assets CYBER RISK MODELS Cyber Case Count over Time Cyber Cases Entered per Day Case Type Composition Total : 21,817 Distribution

967 views • 51 slides
CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview

CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview

CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview 1. What is at risk? 2. Global industry trends 3. BDO/AusCERT survey 4. Recent cyber case studies 5. Cyber risk mitigation strategies Page

481 views • 35 slides
Cyber Risk Trends: Q1 2017 Sponsored By: Cyber Risk Trends: Q1 2017 Visit www.advisenltd.com at

Cyber Risk Trends: Q1 2017 Sponsored By: Cyber Risk Trends: Q1 2017 Visit www.advisenltd.com at

Cyber Risk Trends: Q1 2017 Sponsored By: Cyber Risk Trends: Q1 2017 Visit www.advisenltd.com at the end of this webinar to download: Copy of these slides Recording of todays webinar Many Thanks to our Sponsor! About Advisen Advisen

530 views • 39 slides
Demystifying Cyber Insurance European Legal Security Forum 2016 12 th July 2016 Agenda The

Demystifying Cyber Insurance European Legal Security Forum 2016 12 th July 2016 Agenda The

Demystifying Cyber Insurance European Legal Security Forum 2016 12 th July 2016 Agenda The Evolution of Cyber Insurance Is Cyber Risk Already Insured? Cyber And Data Protection Is Not Just An IT Issue Case Study Cyber Risk Stakeholders The

1.03k views • 8 slides
Cyber Risk Research at CCRS Jennifer Copic Research Assistant Cambridge Centre for Risk Studies

Cyber Risk Research at CCRS Jennifer Copic Research Assistant Cambridge Centre for Risk Studies

Cambridge Centre for Risk Studies Advisory Board Research Showcase 24 January 2017 Cyber Risk Research at CCRS Jennifer Copic Research Assistant Cambridge Centre for Risk Studies Largest Cyber Data Exfiltration Event: Yahoo August 2013

296 views • 18 slides
Applying SE to Securing the Energy Future Level 4 - Public 2017 Our Energy Future is at Risk

Applying SE to Securing the Energy Future Level 4 - Public 2017 Our Energy Future is at Risk

2017 Applying SE to Securing the Energy Future Level 4 - Public 2017 Our Energy Future is at Risk Our Critical Infrastructure is at high risk from High-Impact threats EMP Space Weather Cyber (Industrial Controls) Wanted:

212 views • 18 slides
What do we know? What can we measure? Martin Eling OECD Expert Workshop, May 13, 2017

What do we know? What can we measure? Martin Eling OECD Expert Workshop, May 13, 2017

Cyber Risk and Cyber Risk Insurance: What do we know? What can we measure? Martin Eling OECD Expert Workshop, May 13, 2017 Management Summary Research Approach: Overview of the main research topics in the fields of cyber risk and

579 views • 12 slides
Risk Mitigation Services in Cyber Insurance Underwriting Sponsored By: 1 Risk Mitigation

Risk Mitigation Services in Cyber Insurance Underwriting Sponsored By: 1 Risk Mitigation

Risk Mitigation Services in Cyber Insurance Underwriting Sponsored By: 1 Risk Mitigation Services in Cyber Insurance Underwriting www.advisenltd.com Paper Beware the Botnets: Botnets Correlated to a Higher Likelihood of a Significant

671 views • 22 slides
Managing Cyber Risk for State Governments IU Cybersecurity Risk Management Program

Managing Cyber Risk for State Governments IU Cybersecurity Risk Management Program

Managing Cyber Risk for State Governments IU Cybersecurity Risk Management Program Multidisciplinary (Law, Secure Computing, & Business) Built on IUs Cybersecurity Certificates Applied Cybersecurity Risk Management Capstone

1.22k views • 75 slides
why? because a large percentage of posters created by users will not print correctly or at all

why? because a large percentage of posters created by users will not print correctly or at all

Poster Making for Large Format Printers The Harvard Medical School is accredited by the Accreditation Council for Continuing Medical Education to provide continuing medical education for physicians. The Harvard Medical School designates this

491 views • 30 slides
Newsletter optimization to harness hidden potential in data Philipp Seifert | 25.02.16

Newsletter optimization to harness hidden potential in data Philipp Seifert | 25.02.16

Newsletter optimization to harness hidden potential in data Philipp Seifert | 25.02.16 Agenda Walbusch The Company Newsletter Optimization Use Case, IT Architecture, Test Design Next Best Offer The Analytics Approach

549 views • 25 slides
Building Data Engineering Teams Wouter de Bie Engineering Director - Data Engineering Hi! So

Building Data Engineering Teams Wouter de Bie Engineering Director - Data Engineering Hi! So

Building Data Engineering Teams Wouter de Bie Engineering Director - Data Engineering Hi! So Wouter ... what are you going to talk about in the next 40 minutes? I just got coffee and breakfast and Im dying to listen to your talk! Tell

1.66k views • 136 slides
CS 528 Mobile and Ubicomp Lecture 3a: Data-Driven Layouts & Android Components Emmanuel Agu

CS 528 Mobile and Ubicomp Lecture 3a: Data-Driven Layouts & Android Components Emmanuel Agu

CS 528 Mobile and Ubicomp Lecture 3a: Data-Driven Layouts & Android Components Emmanuel Agu Data-Driven Layouts Data-Driven Layouts LinearLayout, RelativeLayout, TableLayout, GridLayout useful for positioning UI elements UI data is

409 views • 24 slides
L2L L2L Live Live to e to e-Lea Learning rning Bridging physical and virtual classrooms

L2L L2L Live Live to e to e-Lea Learning rning Bridging physical and virtual classrooms

L2L L2L Live Live to e to e-Lea Learning rning Bridging physical and virtual classrooms using an integrated lecture capture and delivery service Matteo Bertazzo - CINECA InterUniversity Consortium 3 rd TF-Media Task Force meeting,

521 views • 21 slides
CSS Grid Layout Joan Boone jpboone@email.unc.edu Slide 1 Topics Part 1: Grid Layout Overview

CSS Grid Layout Joan Boone jpboone@email.unc.edu Slide 1 Topics Part 1: Grid Layout Overview

INLS 572 Web Development CSS Grid Layout Joan Boone jpboone@email.unc.edu Slide 1 Topics Part 1: Grid Layout Overview Part 2: Grid Examples using Template Areas Part 3: Null Cells and Broken Grids Part 4: Sizing Grid Columns and Rows Slide

398 views • 24 slides
Are we there Yet?? (The long journey of Migrating from close source to opensource solution)

Are we there Yet?? (The long journey of Migrating from close source to opensource solution)

Are we there Yet?? (The long journey of Migrating from close source to opensource solution) Marco (the Grinch) Tusa Percona About me Open source enthusiast Consulting team manager Principal Architect Working in DB world from 25

819 views • 55 slides
Clumpy galaxies at high redshift: Insights from the NIHAO simulations Buck et al. 2017 (MNRAS) -

Clumpy galaxies at high redshift: Insights from the NIHAO simulations Buck et al. 2017 (MNRAS) -

Clumpy galaxies at high redshift: Insights from the NIHAO simulations Buck et al. 2017 (MNRAS) - arXiv:1612.05277 Gas in Galaxies Valetta 6th of October Tobias Buck Andrea V. Macci, Aura Obreja, Aaron A. Dutton, Hans-Walter Rix PhD student

552 views • 39 slides

More recommend