insights conference welcoming remarks
play

Insights Conference! Welcoming Remarks David Bradford Co-Founder - PowerPoint PPT Presentation

Mar 13, 2024 •277 likes •1.09k views

Welcome to Advisens Cyber Risk Insights Conference! Welcoming Remarks David Bradford Co-Founder & Chief Strategy Officer Advisen Thank you to our Advisory Board Elisabeth Case, Marsh Nick Economidis, Beazley James J. Giszczak, McDonald

  1. Welcome to Advisen’s Cyber Risk Insights Conference!

  2. Welcoming Remarks David Bradford Co-Founder & Chief Strategy Officer Advisen

  3. Thank you to our Advisory Board Elisabeth Case, Marsh Nick Economidis, Beazley James J. Giszczak, McDonald Hopkins LLC Brad Gow, Endurance Paul Pendolino, FM Global Meredith Schnur, Wells Fargo Insurance Melissa Ventrone, Thompson Coburn LLP [2016 Conference Chair] Julian Waits, Sr., PivotPoint Risk Analytics

  4. Thank you to our Sponsors!

  5. Opening Remarks Melissa Ventrone Chair, Data Privacy & Security Group Thompson Coburn LLP [2016 Conference Chair]

  6. Keynote Address William Cook Partner Reed Smith

  7. Intellec ellectual tual Pr Proper perty ty, , Information ormation and d Innov novat ation ion Lessons From the Darknet Bill Cook May 11, 2016

  8. “ No o Ba Battl ttle Pla e Plan Sur n Survi vives ves Co Cont ntact act With With the En the Enem emy ” Field Marshal Helmuth von Moltke the Elder, Prussian General Staff, 1864 War of German Unification Ree eed d Smith ith LLP LLP

  9. De Design sign an an In Inciden cident R t Res espon ponse se Pl Plan Tha an That R t Rea eally lly Wor orks ks • Stick to the plan • Determine your particular risk • Don’t “Cry wolf” – a measured reaction • Who are your regulators • What’s your bench strength • Outside counsel • Insurance • Forensic support (on retainer) • FBI / US Secret Service / Local Law Enforcement • Remediate • Scrub for the next time – make a record Reed Smith LLP

  10. You our par r parti ticular risk cular risk • Personal Information • Inside job • Fund transfer intercept schemes • Trade secrets and proprietary information • Access to vendors and other relationships: Target • Compromised SCADA systems • Ransomware Reed Smith LLP

  11. Wh Wher ere e di did th d they come ey come fr from om? Phishing Social engineering – Linked In, Facebook, Twitter, etc. Exploit server operations (root access control) Vendors/business partners Reed Smith LLP

  12. Ph Phish ishing ing Fewer than 20 attempts to achieve near 100% probability of success FBI: 20 minutes from training class to successful phishing attack To Do: Training, Training, Training Reed Smith LLP

  13. Loss of pe Los s of personal sonal in infor ormati mation on PHI more popular than PII Can’t change as much PII is more recoverable from Darknet Average cost per lost record (201%): $297 per record ( + or -) Waiting for chip impact Reed Smith LLP

  14. Th The Insid e Inside e Job Job Trusted/long time employees Change of life events Weak controls on email transfers and “work from home” status Reed Smith LLP

  15. Frau audulent dulent Wir Wire T e Trans ansfer ers • Started with Phishing • Hijacked victim email account led to CFO email account • Hacker saw discussion of “big transfer” – here $12 million payment to vendor • Fake email addresses that are very similar to the victim’s are used to fool the recipient • joe@victimcompany.com vs. joe@viotimcompany.com • (Also CFO@bank.com v. CFO@bank.com.uk) • False email from victim company CFO sent $12 million to a changed payee and new bank account in Hong Kong • Saved by the fund transfer banker • To Do: Work with your transfer agents – Red Flags Reed Smith LLP

  16. APT APT February – March 2012 twenty three (23) pipeline companies attacked by Chinese Looking for SCADA access (admin.net vs. operations.net DOJ sudden interest in April 2016 Mind the “air gap” Air gap beat by thumb drive & vendor Supervisory control and data acquisition – remote maintenance and control Reed Smith LLP

  17. Ran Ranso somware: mware: DD DDOS v OS v. Cr . Crypt yptoloc olock k (2 (2,45 ,453) 3) • Source: Phishing and website vulnerabilities • DDOS attack • Crytolock encrypts entire system • Locky, Cryptoware, Crowti. A, Tescrypt.A, Reveton.V • Directs victim to pay at website • Or – resort to backup files or cloud storage • Pre-attack prep • Training • Anti-virus, email defense, network defense, application defense, anti- malware Breach notification? Reed Smith LLP

  18. Pos Post t – In Inciden cident Scru t Scrub • “OK, what did we learn from this?” • Put conclusions in writing – save it – keep it where you can find it. • What did you do? • What didn’t you do? • How did your insurance respond? • Did your lack of budget have an impact? • Remediation plan? And follow-up schedule? • Set training. Reed Smith LLP

  19. Vi Victi ctim m Ba Banks nks v. T . Tar arge get (Ma t (May 20 y 2015) 5) • Plaintiffs demanded prior incident response activity • Court orders Target to turn over internal Target documents about POS data breaches since 2005 • Two major events to be disclosed • Due diligence? Negligence? Red Flags from Forensic Vendor ignored. Reed Smith LLP

  20. Ris Risk: k: Lega Legal / l / Regul egulat ator ory y exp exposu osure re • Class action lawsuits claiming loss of data privacy • Actions for violations of PCI guidelines that protect credit cards • Regulatory actions • GLB – CFPB – In re Dwalla Inc. (March 2, 2016) $100,000 fine for failure to put security systems in place – failure to meet stated security standards – misrepresentation only, no intrusion or actual loss • PCI potential breach results – $500,000 fine from each of 5 credit card issuers – Loss of credit card processing ability – Mandatory on-site audits – Class action exposure • FTC and SEC • AG Task Forces Reed Smith LLP

  21. What the Data Says: Cyber Trends

  22. What the Data Says: Cyber Trends Jim Blinn EVP & Global Product Manager Advisen

  23. What the Data Says: Cyber Trends Jim Blinn EVP & Global Product Manager Advisen

  24. Cyber Case Count Distribution Response Economic Litigated Fines & Case Type \ Case Status Event Costs Loss Cases Penalties Total Digital Data Breach, Loss, or Theft 12,097 91 227 545 138 13,098 Privacy Violations 1,959 3 1,742 136 3,840 Improper Disposal/Distribution, Loss or Theft (Printed Records) 2,837 7 24 139 61 3,068 System/Network Security Violation or Disruption 1,420 22 61 32 9 1,544 Phishing, Skimming 777 2 85 42 5 911 Identity Theft/Fraudulent Use or Access 140 1 378 172 18 709 Improper Collection of Digital Data 283 284 42 609 Digital Asset Loss or Theft 115 1 17 26 2 161 Cyber Extortion 86 1 36 1 1 125 Undetermined/Other 28 28 Industrial Controls & Operations 10 1 11 Total 19,752 126 831 2,983 412 24,104 24

  25. Cyber Event Count

  26. Cyber Event Geographic Distribution Country Case Count Cyber Event Count by Country USA 15,665 GBR 1,345 CAN 488 0% 7% 0% AUS 285 1% 1% 1% 1% 1% IRL 141 USA GBR CAN AUS 2% JPN 137 IND 111 7% NZL 106 DEU 89 CHN 87 Others 1,298 IRL JPN IND NZL Total 19,752 DEU CHN Others 79%

  27. Cyber Risk Heat Map

  28. Industry Composition

  29. Cyber Event Count (>1M records exposed)

  30. Relationship Between Affected Count and Response Cost

  31. Types of Data Lost by Industry Industry Group Personal Financial Identity (PFI) Personal Identity Information (PII) Corporate Loss of Business Income/Services Corporate Loss of Digital Assets Health Care and Social Assistance 42.33% 56.13% 1.09% 0.45% Information 26.99% 55.06% 12.56% 5.38% Administrative and Support and Waste Management and 45.10% 50.72% 3.31% 0.86% Professional, Scientific, and Technical Services 40.02% 48.80% 8.38% 2.79% Public Administration 42.88% 45.39% 7.58% 4.16% Other Services (except Public Administration) 46.80% 43.30% 7.22% 2.68% Utilities 50.00% 43.24% 6.76% 0.00% Arts, Entertainment, and Recreation 46.59% 43.18% 2.84% 7.39% Wholesale Trade 46.67% 41.85% 6.67% 4.81% Retail Trade 55.92% 40.93% 2.27% 0.89% Construction 53.00% 39.00% 8.00% 0.00% Educational Services 58.64% 37.23% 2.79% 1.33% Manufacturing 51.19% 37.20% 6.15% 5.45% Transportation and Warehousing 56.52% 32.37% 8.70% 2.42% Management of Companies and Enterprises 50.81% 32.26% 11.29% 5.65% Real Estate and Rental and Leasing 64.14% 28.97% 4.83% 2.07% Mining, Quarrying, and Oil and Gas Extraction 34.78% 26.09% 21.74% 17.39% Finance and Insurance 69.38% 24.93% 4.39% 1.30% Accommodation and Food Services 75.00% 22.18% 2.02% 0.81% Agriculture, Forestry, Fishing and Hunting 85.71% 14.29% 0.00% 0.00%

  32. Year-Over-Year Frequency Increase

  33. TCPA Violations

  34. Control System Hacks Affected Company Year Type Location Count Prykarpattyaoblenergo 2015 Power Grid Ukraine 80,000 US Power Company 2012 Turbine Control System USA - Siemens 2010 Industrial Control System USA - Pentagon 2011 Data Theft USA 24,000 Mitsubishi 2011 Manufacturing Plant Japan -

  35. Business E-mail Compromise Scams Company Year Industry Total Loss Ubiquiti Networks Inc. 2015 Tech Firm $46.7M XOOM Corp 2014 Tech Firm $30.8M The Scoular Company 2015 Commodities Trader $17.2M Medidata 2014 Tech Firm $4.8M Wright Hotels 2015 Property Developer $1M AFGlobal Corporation 2014 Steel Piping $480K Owens, Schine & Nicola 2008 Law Firm $197K Taylor & Lieberman 2012 Accounting Firm $99K

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Welcome to the Cyber Risk Insights Conference! Welcoming Remarks Rebecca Bole EVP &

Welcome to the Cyber Risk Insights Conference! Welcoming Remarks Rebecca Bole EVP &

Welcome to the Cyber Risk Insights Conference! Welcoming Remarks Rebecca Bole EVP & Editor-in-Chief Advisen Opening Remarks Jeremy Barnett Senior Vice President NAS Insurance Services Keynote Address Suzanne Spaulding Senior

1.14k views • 64 slides
Welcome to the Cyber Risk Insights Conference! Welcoming Remarks Rebecca Bole EVP &

Welcome to the Cyber Risk Insights Conference! Welcoming Remarks Rebecca Bole EVP &

Welcome to the Cyber Risk Insights Conference! Welcoming Remarks Rebecca Bole EVP & Editor-in-Chief Advisen Leading the way to smarter and more efficient risk and insurance communities, Advisen delivers: The right information into The

861 views • 60 slides
Welcome to Advisens Transaction Insurance Insights Conference Welcoming Remarks Rebecca Bole

Welcome to Advisens Transaction Insurance Insights Conference Welcoming Remarks Rebecca Bole

Welcome to Advisens Transaction Insurance Insights Conference Welcoming Remarks Rebecca Bole EVP & Editor-in-Chief Advisen Leading the way to smarter and more efficient risk and insurance communities, Advisen delivers: The right

778 views • 48 slides
Welcome to the 2015 Cyber Risk Insights Conference! @Advisen #CyberRisk Welcoming Remarks Bill

Welcome to the 2015 Cyber Risk Insights Conference! @Advisen #CyberRisk Welcoming Remarks Bill

Welcome to the 2015 Cyber Risk Insights Conference! @Advisen #CyberRisk Welcoming Remarks Bill Keogh CEO Advisen @Advisen #CyberRisk Thank you to our Sponsors 22 countries are represented by our audience today! This is the largest Cyber Risk

935 views • 77 slides
Welcome to Advisens Transaction Insurance Insights Forum! Welcoming Remarks David Bradford

Welcome to Advisens Transaction Insurance Insights Forum! Welcoming Remarks David Bradford

Welcome to Advisens Transaction Insurance Insights Forum! Welcoming Remarks David Bradford Co-Founder & Chief Strategy Officer Advisen Thank you to our Advisory Board Jeffrey Anderson, Allied World Jeffrey Cowhey, Ambridge Partners LLC

900 views • 55 slides
ERP RFP Pre-Proposal Conference July 26, 2019 Welcoming Opening Remarks S2 Lakota Team

ERP RFP Pre-Proposal Conference July 26, 2019 Welcoming Opening Remarks S2 Lakota Team

ERP RFP Pre-Proposal Conference July 26, 2019 Welcoming Opening Remarks S2 Lakota Team Introductions Attendees in person Lakota Local School District Attendee on the phone Project Sponsor Jenni Logan Treasurer/CFO

243 views • 9 slides
Welcoming Remarks Ed Weiler, Associate Administrator for Science Space Biology Conference - 1972

Welcoming Remarks Ed Weiler, Associate Administrator for Science Space Biology Conference - 1972

Welcoming Remarks Ed Weiler, Associate Administrator for Science Space Biology Conference - 1972 LPSC Poster Session - 2003 A NASA Family Tree Early 1990s: Before Mid-1990s: A Grow ing Place at the Table OSS Leadership Team ~2003

374 views • 14 slides
Consumer-Directed Programs: Challenges, Insights, and Successes of Training AoA Consumer

Consumer-Directed Programs: Challenges, Insights, and Successes of Training AoA Consumer

Consumer-Directed Programs: Challenges, Insights, and Successes of Training AoA Consumer Direction Webinar Series National Resource Center for Participant- Directed Services (NRCPDS) June 30, 2010 1 AoA Welcoming Remarks Linda Velgouse

926 views • 34 slides
Regent Reed and Dean Davis, thank you for your welcoming remarks and once again I would like to

Regent Reed and Dean Davis, thank you for your welcoming remarks and once again I would like to

1 Regent Reed and Dean Davis, thank you for your welcoming remarks and once again I would like to welcome everyone to our celebration of the 100 anniversary of the Department of Chemistry. I doubt that any of us have the patience to review the

542 views • 18 slides
1 Agenda AGENDA: 09:30 Registration and coffee 10:00 welcoming remarks by our host

1 Agenda AGENDA: 09:30 Registration and coffee 10:00 welcoming remarks by our host

1 Agenda AGENDA: 09:30 Registration and coffee 10:00 welcoming remarks by our host (Eunice Chan, CEO , MayBank Trustee Berhad) 10:10 Update on global and regional activities (Alexandre Kech, Head of Standards APAC, SWIFT) Global

531 views • 38 slides
1 Agenda AGENDA: 09:00 Registration and coffee 09:30 Welcoming remarks by our host

1 Agenda AGENDA: 09:00 Registration and coffee 09:30 Welcoming remarks by our host

1 Agenda AGENDA: 09:00 Registration and coffee 09:30 Welcoming remarks by our host (Vinith Rao, Head of HSBC Securities Services, Vietnam) 09:35 Update on global and regional activities (Alexandre Kech, Head of Standards APAC,

576 views • 39 slides
Presidents Welcoming Remarks Dr. . Ja Jamil illah lah Moore ore Oc October ober 15,

Presidents Welcoming Remarks Dr. . Ja Jamil illah lah Moore ore Oc October ober 15,

R E D W O O D C I T Y , C A Presidents Welcoming Remarks Dr. . Ja Jamil illah lah Moore ore Oc October ober 15, 2020 20 FL FLEX X DAY Hon onor oring ng Dr. Gen ena Rh Rhod odes es HONOR Dr. Rhodes practice of passion for

1.46k views • 82 slides
Welcome to the 2015 Cyber Risk Insights Conference! @Advisen #CyberRisk Opening Remarks Bill

Welcome to the 2015 Cyber Risk Insights Conference! @Advisen #CyberRisk Opening Remarks Bill

Welcome to the 2015 Cyber Risk Insights Conference! @Advisen #CyberRisk Opening Remarks Bill Keogh CEO Advisen @Advisen #CyberRisk Leading the way to smarter and more efficient risk and insurance communities, Advisen delivers: the right

1.42k views • 97 slides
Meeting Agenda Networking - Light Breakfast Provided 7:30 8:00 am Welcoming remarks and

Meeting Agenda Networking - Light Breakfast Provided 7:30 8:00 am Welcoming remarks and

Meeting Agenda Networking - Light Breakfast Provided 7:30 8:00 am Welcoming remarks and meeting agenda overview 8:00 8:05 am EPA's Clean Power Plan: Julie Rosenberg, Branch Chief of State and Local 8:05 8:45 am Climate and Energy

935 views • 20 slides
WELCOME 9.00 am - 9.25 am Welcoming Remarks Markus Hoehner, CEO, Joint Forces for Solar Gurmeet

WELCOME 9.00 am - 9.25 am Welcoming Remarks Markus Hoehner, CEO, Joint Forces for Solar Gurmeet

WELCOME 9.00 am - 9.25 am Welcoming Remarks Markus Hoehner, CEO, Joint Forces for Solar Gurmeet Kaur, Communication and Marketing Director, Middle East Solar Industry Association (MESIA) Dr. Kim J. Zietlow, Deputy Delegate of German Industry

320 views • 16 slides
Welcoming the Delegates to the Inaugural Workshop on IISC Reception Table Welcoming the

Welcoming the Delegates to the Inaugural Workshop on IISC Reception Table Welcoming the

Welcoming the Delegates to the Inaugural Workshop on IISC Reception Table Welcoming the Delegates to the Inaugural Workshop on IISC Day 1 Opening Remarks by Dean of Schulich School of Engineering Welcoming the Delegates to the Inaugural

308 views • 15 slides
CS 204: Multipath TCP Jiasi Chen Lectures: MWF 12:10-1pm in WCH 139

CS 204: Multipath TCP Jiasi Chen Lectures: MWF 12:10-1pm in WCH 139

CS 204: Multipath TCP Jiasi Chen Lectures: MWF 12:10-1pm in WCH 139 http://www.cs.ucr.edu/~jiasi/teaching/cs204_spring16/ 1 Goals Use the available network paths at least as well as regular TCP, but without starving TCP. Usable as

761 views • 26 slides
Hash Function Based MAC Message Authentication Codes (MAC) provide the integrity and

Hash Function Based MAC Message Authentication Codes (MAC) provide the integrity and

Improved Single-Key Distinguisher on HMAC-MD5 and Key Recovery Attacks on Sandwich-MAC-MD5 Yu Sasaki 1 and Lei Wang 2 1 NTT Secure Platform Laboratories 2 Nanyang Technological University, Singapore SAC 2013 (16/August/2013) 1 Hash Function Based

822 views • 25 slides
Cryptography [Finish Hash Functions; Start Asymmetric Cryptography] Spring 2020 Franziska

Cryptography [Finish Hash Functions; Start Asymmetric Cryptography] Spring 2020 Franziska

CSE 484 / CSE M 584: Computer Security and Privacy Cryptography [Finish Hash Functions; Start Asymmetric Cryptography] Spring 2020 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi

406 views • 19 slides
SSH - Secure SHell Lecture 25 COMP4631 Slides prepared by Joseph Zhaojun Wu Revised by

SSH - Secure SHell Lecture 25 COMP4631 Slides prepared by Joseph Zhaojun Wu Revised by

SSH - Secure SHell Lecture 25 COMP4631 Slides prepared by Joseph Zhaojun Wu Revised by Professor Cunsheng Ding Outline l Introduction l Protocol details l Applications l References Introduction What is SSH? A set of standards

805 views • 44 slides
Phishing O que ? Ttica de engenharia social Pescaria de credenciais Ttica 1 - site

Phishing O que ? Ttica de engenharia social Pescaria de credenciais Ttica 1 - site

Phishing O que ? Ttica de engenharia social Pescaria de credenciais Ttica 1 - site convincente + Ctrl-S www.ltau.com.br www.ltau.com.br www.LTAU.com.br Ttica 2 - Email customizado exemplo: promoes exclusivas para

476 views • 31 slides
Advanced Topics in Information Retrieval Vinay Setty Jannik Strtgen (vsetty@mpi-inf.mpg.de)

Advanced Topics in Information Retrieval Vinay Setty Jannik Strtgen (vsetty@mpi-inf.mpg.de)

Advanced Topics in Information Retrieval Vinay Setty Jannik Strtgen (vsetty@mpi-inf.mpg.de) (jtroetge@mpi-inf.mpg.de) 1 Agenda Organization Course overview What is IR? Retrieval Models Link Analysis Indexing and

1.56k views • 111 slides
VAT Refunds: Balancing fraud against cash flow Jacqui Wierzbowski, Deloitte South Africa Agenda

VAT Refunds: Balancing fraud against cash flow Jacqui Wierzbowski, Deloitte South Africa Agenda

VAT Refunds: Balancing fraud against cash flow Jacqui Wierzbowski, Deloitte South Africa Agenda VAT fraud and refunds in South Africa Main VAT risk areas SARS risk detection Tax Ombuds report on the investigation into alleged

641 views • 20 slides
Exploring Polarization in Climate Change Debate on Twitter Aman Tyagi Center for Computational

Exploring Polarization in Climate Change Debate on Twitter Aman Tyagi Center for Computational

<Your Name> Exploring Polarization in Climate Change Debate on Twitter Aman Tyagi Center for Computational Analysis of Social and Organizational Systems Engineering & Public Policy http://www.casos.cs.cmu.edu/ Engineering &

287 views • 15 slides

More recommend