Dr. Matthew Canham Dr. Clay Posey Institute for Simulation & UCF

Slides:



Advertisements
Similar presentations
1 Michael Siegel James Houghton Advancing Cybersecurity Using System Dynamics Simulation Modeling For System Resilience, Patching, and Software Development.
Advertisements

THE MEMBERS GROUP Safeguard Iowa Partnership – Cybersecurity Webinar Series.
David A. Brown Chief Information Security Officer State of Ohio
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
FCC Broadband Workshop on Cyber Security Don Welch President and CEO Merit Network, Inc.
1 Explorations in Cyber International Relations (ECIR) Dr. Michael Siegel Daniel Goldsmith Explorations in Cyber International Relations OSD Minerva Research.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.
National Cyber Security Awareness Month October 20, 2011 Cyber Security – Our Shared Responsibility.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
Strong Security for Your Weak Link: Implementing People-Centric Security Jennifer Cheng, Director of Product Marketing.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Regional Cyber Crime Unit
Creating a Culture of Privacy Michael Kaiser Executive Director National Cyber Security
Cyber-Security among American Local Governments Donald F. Norris, Anupam Joshi and Timothy Finin University of Maryland, Baltimore County Baltimore, Maryland.
TruSTAR Sensitive & Proprietary Cloud CISC: Cyber incident exchange and collaboration February, 2016 “We cannot solve problems with the same thinking we.
CURRENT STATUS OF CYBERCRIME  Security is the fastest growing service in IT  Cyber Crime Costs $750 Billion annually  70% of threats arrive via .
Just Culture George Monteiro Principal Airworthiness Surveyor
TOP 5 CYBERSECURITY ISSUES CFOS NEED TO KNOW IN A CONNECTED, MOBILE WORLD BRAD FRAZER | PRESENTED ON 06/08/16.
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Karsten Chearis Sales Engineer.
Michael Wright • Chief Security Officer • Tech Lock
CYBERSECURITY SOLUTIONS
Earth’s Mightiest Heroes: Combating the Evils Lurking in Cyberspace
Policy Development Milan Adams.
how to prevent them from being successful
Michael Menne IT Solutions Chief Information Security Officer
Comprehensive Security and Compliance at an Affordable Price.
2016 Data Breach Investigations Report
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Michael Burke.
Social Engineering Brock’s Cyber Security Awareness Committee
Network Security Fundamentals
Compliance with hardening standards
Introduction to the Federal Defense Acquisition Regulation
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them David Hood Director of Technology Marketing.
Cyber Attacks on Businesses 43% of cyber attacks target small business Only 14% of small business rate their ability to mitigate cyber risk highly.
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Michael Bird Team Lead, Account Executive.
Cybersecurity EXERCISE (CE) ATD Scenario intro
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Michael Vanderhoff.
Jason Belford September 28, 2017.
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Matthew Gardiner Product Marketing.
Today’s Risk. Today’s Solutions. Cyber security and
Social Engineering Brock’s Cyber Security Awareness Committee
Cybersecurity Awareness
Threat Landscape for Data Security
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Andrew Cotton.
Strong Security for Your Weak Link:
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Matthew Gardiner Product Marketing.
Curating an Effective Security Culture
KnowBe4 is the world's most popular integrated platform for awareness training combined with simulated phishing attacks.
Information Security – Aug 18
Usable Security (unusable security ain’t secure)
Cybersecurity compliance for attorneys
CRITICAL INFRASTRUCTURE CYBERSECURITY
Keeping your data, money & reputation safe
Usable Security (unusable security ain’t secure)
Ransomware and Data breaches in public libraries
Cyber Security Culture
Anatomy of a Large Scale Attack
Cybersecurity EXERCISE (CE) ATD Scenario questions
Completing a task relevant to cybersecurity Case 2
Move this to online module slides 11-56
Employee Cybersecurity Program
DATA BREACHES 6 4 , 9 3 There were…
Usable Security (unusable security ain’t secure)
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
Introduction to Symantec Security Service
CyberSecurity Strategy For Defendable ROI
“Workplace Behaviour: Activating your greatest security asset”
Presentation transcript:

Elevating Our Understanding of Non-malicious Employees in Cybersecurity Dr. Matthew Canham Dr. Clay Posey Institute for Simulation & Training @ UCF College of Business Cybersecurity & Privacy Cluster @ UCF President & CEO Chief Research Scientist

Early Experiences (or Why We Are the Way We Are)

Causes of Data Breach ALL DATA BREACHES Human Error (Non-Malicious) 88% (Kroll Associates – UK Information Commissioner (ICO) Report, 2018) Confidential data being emailed to the incorrect recipient (18.5%) Loss of paperwork (18.1%) Data left in an insecure location (6.7%) 95% (IBM - 2014 Cyber Security Intelligence Index, 2014) ~10% of data breaches result from malicious attacks ALL DATA BREACHES

Human as an Attack Vector Data Breaches caused by BAD PEOPLE Human Attack Vectors (~50%) Technical Attack Vectors (50%) 91% (KnowBe4, 2019) 43% (Verizon DBIR, 2017) ~50% of data breaches leveraging social engineering

Data Breaches resulting from Technical Attack Vectors ~90% Human Error + ~5% Human Vector Attacks ~ 5% Data Breaches originate from Malicious Actors relying on technical attack vectors

Amount spent on security awareness training in the U.S. 2017 Show me the ! Amount spent on security awareness training in the U.S. 2017 $370 Million (Gartner, 2017)

Show me the ! 0.62% ($370 Million) spent on security awareness training Total amount spent on cyber defense in the U.S. in 2017 $60.4 Billion

Proportion of Data Breaches resulting from Malicious Technical Attack Vectors Proportion of funding spent on security awareness training in the U.S. 2017 Proportion of Data Breaches resulting from Human Error or Human Vector Attack Amount spent to defend against Malicious Technical Attack Vectors in 2017

Deviations from Policy Intentional Deliberate Violations (Shadow IT and workarounds) Unintentional Slips Correct goal, flawed execution. Mistakes Wrong goal, good execution.

Business Email Compromise smshing (text messaging) Species of Phish QRshing Business Email Compromise smshing (text messaging) vishing (voice) Spear Phish Whaling

Business Email Compromise

Just last month…

Taking a Longitudinal View 47% 13% 32% 8%

Complex Adaptive Systems and “What If” Analyses

Ending on a Positive Note • Most employees don’t enter their organization everyday and think: “How can I screw up things for my company?” • Need to stop treating them like all have cruel intentions • Realize and readily accept that errors will happen and form meaningful strategies that build resilient organizational cultures - “A million accidents that should have occurred today but didn’t” • Employees are the most significant component of organizational cybersecurity vs.

Contact Information Dr. Matthew Canham Dr. Clay Posey Institute for Simulation & Training College of Business University of Central Florida Cybersecurity & Privacy Cluster mcanham@ist.ucf.edu clay.posey@ucf.edu President & CEO Chief Research Scientist matthew@belay7.com clay@belay7.com