staying at the forefront of cybersecurity threats
play

Staying at the Forefront of Cybersecurity Threats Presented by: - PowerPoint PPT Presentation

Jul 06, 2023 •240 likes •782 views

2019 Annual Leadership Conference September 25 -27, 2019 Staying at the Forefront of Cybersecurity Threats Presented by: John Hock, CPA, CITP, CISA, SOC IT Audit Manager Objectives How scary is it? Pervasiveness Cost Identify

  1. 2019 Annual Leadership Conference September 25 -27, 2019 Staying at the Forefront of Cybersecurity Threats Presented by: John Hock, CPA, CITP, CISA, SOC IT Audit Manager

  2. Objectives • How scary is it? § Pervasiveness § Cost • Identify cybersecurity threats and risks § Assess risk • What can we do about it? § Budget and strategy § Board’s role in cybersecurity 2

  3. How Scary Is It?

  4. How Scary Is It? – Pervasiveness 143 million identities 5 million debit and credit cards 4

  5. How Scary Is It – Pervasiveness • Yahoo had 2 breaches – over 3 billion users affected • 383 million records breached at Marriot in 2018 • 184 million records stolen in connected Facebook incident in 2018 • 2 million customers had PII hacked in T-Mobile breach in 2018 • 147.9 million consumers affected by Equifax breach • 100k groups and more than 400k machines affected by WannaCry in 2017 ($4 billion in costs) 5

  6. How Scary Is It – Pervasiveness • Wendy’s paid $50m in data breach case to CUs from 2016 hack • BSA officers targeted by malware-filled phishing attacks in 2019 • 150 million My Fitness Pal (Under Armor) accounts hacked in 2018 • Sheffield Credit Union (UK) attack leaked info on 15k members through brute force password attack • Hackers breached Virginia Bank twice in 8 months ($2.4m stolen by malware) • Video games, novelties, messaging apps, and more 6

  7. How Scary Is It? – Pervasiveness • Wondering if you have been compromised? 7

  8. How Scary Is It? – Pervasiveness There is no such thing as a 100% secure system 8

  9. How Scary Is It? – Pervasiveness • Summary of Ponemon’s 2018 State of Cybersecurity in SMBs § Phishing attacks increasing to 52% of SMBs § Negligent employees or contractors rose to 60% of breaches § Exploits and malware are evading intrusion detection (72%) and anti-virus solutions (82%) § Ransomware increased to 61% of respondents, 70% of which paid § Businesses are losing more records (11k from 9k) § More mobile devices are being used to access business critical apps and IT infrastructure (45%) 9

  10. How Scary Is It? – Pervasiveness Victims Perpetrators 10

  11. How Scary Is It? – Pervasiveness • 71% of breaches were financially motivated (76% in 2018) • 69% of cyberattacks were perpetrated by outsiders (73% in 2018) • 34% of attacks involved insiders (28% in 2018) 11

  12. How Scary Is It? – Pervasiveness Tactics and common elements 12

  13. Threat Actors • Hackers § There is a hacker attack every 39 seconds. Source: University of Maryland A. James Clark School of Engineering Study - Kaspersky Labs - FireEye Cyber Threat Map 13

  14. Threat Actors • Nation-states § China § Russia • Terrorists • Criminal enterprises 14

  15. How Scary Is It? – Pervasiveness • What is causing the increased rate of attacks? § Access to larger systems § Cyber extortion or ransomware § Data is easier to sell (private, personal, financial) § Tools are cheap and readily available § It is fun and easy (exploit-db.com and shodan.io) 15

  16. How Scary Is It? – Pervasiveness • What was the root cause of data breach? § Our people are still the largest risk § Due diligence on third-parties still front and center § One third could not determine 16

  17. Employees 17

  18. Employees • Errors were at the heart of almost one in five (17%) breaches • That included: § Employees failing to shred confidential information § Sending an email to the wrong person § Misconfiguring web servers Source: Verizon 2018 DBIR 18

  19. How Scary Is It? – Pervasiveness How was ransomware unleashed? Where was ransomware unleashed? 19

  20. How Scary Is It? – Cost • Per the 2019 Cost of Data Breach Study, the average cost of a data breach is currently $3.9 million. • On average in the financial services industry the cost is $210 per record compromised. • Companies with an incident response team saved an average of $360,000 Source: 2019 Cost of a Data Breach Report 20

  21. How Scary Is It? – Cost • What affects the cost? § Incident response team and extensive encryption save the most § Compliance failures and extensive mobile/IoT can add considerably 21

  22. How Scary Is It? – Cost • What are some of the surprise costs? § Organizational changes and process fixes § Additional training § Remediation to recover data § Good will incentives to keep customers § Increased cyber insurance premiums § Member loyalty lowered 22

  23. Identify Cybersecurity Risk

  24. Cybersecurity The ability to protect or defend the use of cyberspace from cyber attacks. Source: CNSSI-4009 - NIST.IR.7298r2 24

  25. Risk Assessment Quality • Consider the issues identified in the assessments. • Discuss the contents of the risk assessment. • Consider: § Reliance on technology § Presence of member data § Regulations § Risk mitigation 25

  26. Cybersecurity Assessment Tools

  27. Cybersecurity Assessment • NCUA’s Automated Cybersecurity Examination Tool (ACET) § Repeatable, measurable, transparent § Mirrors CAT (Inherent Risk and Cyber Maturity) with additional features § Statements in five domains § Mapped to FFIEC IT Exam Handbook, regs, and NIST Cybersecurity Framework § Does not replace GLBA risk assessment requirement § Voluntary , but recommended 27

  28. Benefits to the Institution • Enhanced oversight and management of the institution’s cybersecurity: § Identifying factors contributing to and determining the institution’s overall cyber risk. § Assessing the institution’s cybersecurity preparedness. § Evaluating whether the institution’s cybersecurity preparedness is aligned with its risks. § Determining risk management practices and controls that are needed or need enhancement and actions to be taken to achieve the desired state. § Informing risk management strategies. 28

  29. Assessment Components • The assessment consists of two parts: § Inherent risk profile § Cybersecurity maturity • Benefit § Upon completion of both parts, management can evaluate whether the institution’s inherent risk and preparedness are aligned. 29

  30. Inherent Risk Profile • Cybersecurity inherent risk is the level of risk posed to the institution by the following: § Technologies and Connection Types § Delivery Channels § Online/Mobile Products and Technology Services § Organizational Characteristics § External Threats • Inherent risk does not include mitigating controls. 30

  31. Cybersecurity Maturity • Management then evaluates the institution’s cybersecurity maturity level for each of five domains: 31

  32. Five Key “Domains” for Cybersecurity Preparedness 1. Cyber risk management and oversight § Strong governance is essential 2. Threat intelligence and collaboration § Strength in numbers 3. Cybersecurity controls § More than one kind of control 4. External dependency management § Your security starts with their security 5. Incident management and resilience § Mitigation and recovery are a must 32

  33. Maturity Levels 33

  34. Risk / Maturity Relationship 34

  35. The Role of the Board Or an appropriate board committee : § Engage management in establishing the institution’s vision, risk appetite and overall strategic direction. § Approve plans to use the assessment. § Review management’s analysis of the assessment results, inclusive of any reviews or opinions on the results issued by independent risk management or internal audit functions regarding those results. § Review management’s determination of whether the institution’s cybersecurity preparedness is aligned with its risks. § Review and approve plans to address any risk management or control weaknesses. § Review the results of management’s ongoing monitoring of the institution’s exposure to and preparedness for cyber threats. 35

  36. Maturity Levels: Defined Baseline maturity is characterized by minimum expectations required by law and regulations Baseline or recommended in supervisory guidance. This level includes compliance-driven objectives. Management has reviewed and evaluated guidance. Evolving maturity is characterized by additional formality of documented procedures and policies not already required. Risk-driven objectives are in place. Accountability for Evolving cybersecurity is formally assigned and broadened beyond protection of customer information to incorporate information assets and systems. Intermediate maturity is characterized by detailed, formal processes. Controls are validated Intermediate and consistent. Risk-management practices and analysis are integrated into business strategies. Advanced maturity is characterized by cybersecurity practices and analytics integrated across lines of business. Majority of risk-management processes are automated and include Advanced continuous process improvement. Accountability for risk decisions by frontline businesses is formally assigned. Innovative maturity is characterized by driving innovation in people, processes, and technology for the institution and the industry to manage cyber risks. This may entail Innovative developing new controls, new tools or creating new information-sharing groups. Real-time, predictive analytics are tied to automated responses. 36

  37. The Board of Directors Role in Cybersecurity

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cybersecurity Awareness Stay ahead of cybersecurity threats Jacob Lapacek Treasury Management

Cybersecurity Awareness Stay ahead of cybersecurity threats Jacob Lapacek Treasury Management

Cybersecurity Awareness Stay ahead of cybersecurity threats Jacob Lapacek Treasury Management & Payments Consultant This information has been obtained from sources believed to be reliable, but we cannot guarantee its accuracy or

663 views • 16 slides
KACo Cybersecurity Training KACo Cybersecurity Training Cybersecurity Threats Phishing

KACo Cybersecurity Training KACo Cybersecurity Training Cybersecurity Threats Phishing

7/17/2020 KACo Cybersecurity Training KACo Cybersecurity Training Cybersecurity Threats Phishing Attacks Malware/Ransomware Hacking Imposter Scams 1 7/17/2020 KACo Cybersecurity Training BEWARE OF Phishing Phishing attacks

248 views • 6 slides
53-74% Average anti-virus effectiveness against new threats* * RAP Proactive 400 New threats

53-74% Average anti-virus effectiveness against new threats* * RAP Proactive 400 New threats

53-74% Average anti-virus effectiveness against new threats* * RAP Proactive 400 New threats every minute* * Merrill Lynch ...Causing $3T USD in costs, and expected to double by 2021* * CyberSecurity Ventures (2015) Todays threat

508 views • 35 slides
Cybersecurity: Threats, Prevention and Preparation Phil Bertolini Co-Director, Center for Digital

Cybersecurity: Threats, Prevention and Preparation Phil Bertolini Co-Director, Center for Digital

Cybersecurity: Threats, Prevention and Preparation Phil Bertolini Co-Director, Center for Digital Government Phil l Bertoli lini Co-Director, Center for Digital Government Agenda Cybersecurity Issues & Trends Cybersecurity

720 views • 57 slides
Cybersecurity Threats in the Public Sector - How Prepared are you? Rory Ebanks Symptai

Cybersecurity Threats in the Public Sector - How Prepared are you? Rory Ebanks Symptai

Cybersecurity Threats in the Public Sector - How Prepared are you? Rory Ebanks Symptai Consulting Ltd. Director, Information Security Advisory Certifications CCISO, CEH, CHFI, CND, CISSP, CCSP, CISM, CISA, CSX Presenter: Rory Ebanks The

398 views • 35 slides
CYBERSECURITY: EMERGING THREATS AND MITIGATION STRATEGIES Gogwim , Joel Godwin, B. Tech (Hons),

CYBERSECURITY: EMERGING THREATS AND MITIGATION STRATEGIES Gogwim , Joel Godwin, B. Tech (Hons),

CYBERSECURITY: EMERGING THREATS AND MITIGATION STRATEGIES Gogwim , Joel Godwin, B. Tech (Hons), MPhil. (SA), CCNA, CCDA, CCAI, CCNP, CCDP, CEH, MNCS, MCPN, MNiRA, MCFIN ICT Directorate University of Jos, Nigeria email : gogwim[at]unijos.edu.ng

236 views • 10 slides
Presentation Forefront #ILCountMeIn2020 Forefront We are a statewide membership organization

Presentation Forefront #ILCountMeIn2020 Forefront We are a statewide membership organization

IL Count Me In 2020 Presentation Forefront #ILCountMeIn2020 Forefront We are a statewide membership organization Democracy that serves 1,100 members Initiative who are Illinois grantmakers and non-profit organizations in supporting a

494 views • 22 slides
Advising the C-Suite and Boards of Directors on Cybersecurity February 11, 2015 Agenda

Advising the C-Suite and Boards of Directors on Cybersecurity February 11, 2015 Agenda

Advising the C-Suite and Boards of Directors on Cybersecurity February 11, 2015 Agenda Introductions / Administrative Cybersecurity risk legal landscape Cyber threats Legal risks in the aftermath of a breach The role of the

207 views • 19 slides
U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity cybersecurity? William J. Perry Martin Casado Keith Coleman Dan Wendlandt MS&E 91SI Spring 2004 Stanford University U.S. National Cybersecurity

79 views • 7 slides
Cybersecurity Update Dale Marroquin, CISSP Information Security Officer San Antonio Federal

Cybersecurity Update Dale Marroquin, CISSP Information Security Officer San Antonio Federal

Cybersecurity Update Dale Marroquin, CISSP Information Security Officer San Antonio Federal Credit Union Topics Cybersecurity news and headlines What are the threats and targets? Hackers and malware Email - Phishing

854 views • 50 slides
Cybersecurity & Education Law 2-d Oyster Bay-East Norwich Schools December 17, 2019 Janna

Cybersecurity & Education Law 2-d Oyster Bay-East Norwich Schools December 17, 2019 Janna

Cybersecurity & Education Law 2-d Oyster Bay-East Norwich Schools December 17, 2019 Janna Ostroff Top 4 Cybersecurity Threats to Schools Schools are soft targets, increasingly vulnerable to the following 4 types of attacks: RANSOM

404 views • 14 slides
Cybersecurity Update Its More Than Technology People: Your First Line of Defense Incident

Cybersecurity Update Its More Than Technology People: Your First Line of Defense Incident

Cybersecurity Update Its More Than Technology People: Your First Line of Defense Incident Response Overview Types of data in your environment and why it is important. Trending threats. Minimizing risks through layers of defense:

486 views • 30 slides
2019 Cybersecurity Report Beyond Obfuscation: The Defense Industrys Position within Federal

2019 Cybersecurity Report Beyond Obfuscation: The Defense Industrys Position within Federal

2019 Cybersecurity Report Beyond Obfuscation: The Defense Industrys Position within Federal Cybersecurity Policy About the Report Section I: Illustrations of Cyber Threats and Vulnerabilities Section II: Policy Response to Cyber Risk

249 views • 20 slides
Engaging Customers Staying in touch and staying relevant during the Covid-19 pandemic The

Engaging Customers Staying in touch and staying relevant during the Covid-19 pandemic The

Engaging Customers Staying in touch and staying relevant during the Covid-19 pandemic The actions of brands during a crisis can make or break long-term relationships with consumers 2020 Edelman Trust Barometer Special Report: Trust

561 views • 30 slides
Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives:

Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives:

Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives: Define Cybersecurity & why its important Provide information about Dept. Homeland Security Cybersecurity Campaigns: National

328 views • 22 slides
Forefront COVID-19 Funder update call March 26, 2020 On Monday, March 16, Forefront administered

Forefront COVID-19 Funder update call March 26, 2020 On Monday, March 16, Forefront administered

Forefront COVID-19 Funder update call March 26, 2020 On Monday, March 16, Forefront administered a survey open to all Illinois nonprofits inquiring about their needs in light of the COVID-19 outbreak. More than 1,300 nonprofits from 102

595 views • 13 slides
An Appro a c h to F o rma liza tio n o f the I nfo rma l E c o no my in Ja ma ic a F or

An Appro a c h to F o rma liza tio n o f the I nfo rma l E c o no my in Ja ma ic a F or

An Appro a c h to F o rma liza tio n o f the I nfo rma l E c o no my in Ja ma ic a F or malization Me e ting on E xpe r ie nc e s in L atin Ame r ic a and the Car ibbe an unde r the F OR L AC Pr ogr amme 20-21 Apr il, 2015,

397 views • 28 slides
Digital Learning with Middle Ages for Educators Co-Founders Merle Eisenberg (Late Antiquity)

Digital Learning with Middle Ages for Educators Co-Founders Merle Eisenberg (Late Antiquity)

Digital Learning with Middle Ages for Educators Co-Founders Merle Eisenberg (Late Antiquity) Sara McDougall (Medieval France, Law & Gender) Laura Morreale ( Mediterranean ) Content Managers Skyler Anderson (Early Islam) Walter Beers

512 views • 27 slides
BETonMACE Strengthening Opportunities Through Positive Findings & Synergy July, 2020

BETonMACE Strengthening Opportunities Through Positive Findings & Synergy July, 2020

T S X : R V X Detailed Preliminary Results of BETonMACE Strengthening Opportunities Through Positive Findings & Synergy July, 2020 Forward Looking Statement This presentation may contain certain forward-looking information as defined

864 views • 57 slides
Country Presentation: Nepal Nepal in South Asia Nepal Nepal at a Glance Situated between

Country Presentation: Nepal Nepal in South Asia Nepal Nepal at a Glance Situated between

Transport Connectivity including Transit Facilitation in Southern Asia Country Presentation: Nepal Nepal in South Asia Nepal Nepal at a Glance Situated between China and India ( Landlocked country) 147,181 sq km of area

798 views • 25 slides
Recommendations by the Expert Group on European Corporate Bond Markets Le Quang tran Van, French

Recommendations by the Expert Group on European Corporate Bond Markets Le Quang tran Van, French

Recommendations by the Expert Group on European Corporate Bond Markets Le Quang tran Van, French Association of Large Companies (Afep) Christoph Hock, Union Investment Public Hearing on Corporate Bond markets, Brussels, 24 November 2017 Making

258 views • 15 slides
L e a rning L ite ra c y, L e a rning to T e a c h L ite ra c y: Suppo rting AL L

L e a rning L ite ra c y, L e a rning to T e a c h L ite ra c y: Suppo rting AL L

L e a rning L ite ra c y, L e a rning to T e a c h L ite ra c y: Suppo rting AL L Childre n, E spe c ia lly T ho se Who Strug g le to Re a d/ Write Sa ra Ann (Sa lly) Be a c h, Ph.D. L ite ra c y Pro fic ie nc y in the 21 st

193 views • 18 slides
ST STOCK OCK CO CONFE NFERENCE RENCE JUNE JUNE 20 2019 19 SAF SAFE E HAR HARBOR BOR

ST STOCK OCK CO CONFE NFERENCE RENCE JUNE JUNE 20 2019 19 SAF SAFE E HAR HARBOR BOR

TH AN WILL WILLIAM IAM BL BLAIR AIR 39 39 TH ANNU NUAL AL GR GROWTH WTH ST STOCK OCK CO CONFE NFERENCE RENCE JUNE JUNE 20 2019 19 SAF SAFE E HAR HARBOR BOR ST STATE TEMENT MENT This presentation does not constitute an

491 views • 32 slides
Rowsley Ltd. To become a leading healthcare player in Southeast Asia Presentation March 2018

Rowsley Ltd. To become a leading healthcare player in Southeast Asia Presentation March 2018

Rowsley Ltd. To become a leading healthcare player in Southeast Asia Presentation March 2018 Disclaimer NOT FOR RELEASE, PUBLICATION OR DISTRIBUTION, IN WHOLE OR IN PART, IN, INTO OR FROM ANY JURISDICTION WHERE TO DO SO WOULD CONSTITUTE A

742 views • 40 slides

More recommend