1. External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external group  7.38 billion people  3.2 billion Internet users  6.8 billion mobile subscribers  4.9 billion connected devices (internet of Things)  47 billion e-commerce transactions  21 million new malware samples in Q3 of 2015 alone, or 230,000 per day 246 million records breached across 888 disclosed incidents in the first half of 2015 $217 average per capita cost of data breach in the US, costliest country (global average is $211) $6.5 million average total organizational cost of a breach in the US Connectivity and Threats

2. AdversaryMotivationObjectiveImpactTools Nation States Global Competition National Security Economic Advantage Political Posturing Pivoting Targeted long-term campaigns with strategic focus Insider implants Third Party Service Providers for onward attacks Loss of trust in Banks ability to protect privacy Utilization of connectivity and relationships of organisation to compromise strategic targets Targeted emails Focussed research on targets Watering Hole attacks Advanced malicious code Zero-day exploits Advanced DDoS capability Organized Criminals Networks Acquisitive Crime Identity Theft Data Aggregation Individual identity theft Fraud Data breaches Intellectual Property Theft Insider implants Third party service providers Loss of personally identifiable information Monetary loss Intellectual property loss Privacy Regulatory Loss of confidence by clients in channels Commodity malware Dedicated malware development for high value targets Continual development Large marketplace for attack tools available Targeted emails against clients Insider implants Cyber Terrorists Ideological Political Disenfranchisement Malicious/Anarchical Opportunistic vulnerabilities Third Party Service Providers Data Breaches Limited fraud to fund operations Destroy, disrupt cyber assets Regulatory Brand and Image Customer confidence Some reuse of commodity malware Basic DDoS capability May buy in services form other adversaries Hacktivists Political rather than personal gain Ideological Targeted organizations and associated parties that run counter to their cause Insider implants Third Party provider Disrupt operations Destabilisation Brand and Public Relations Regulatory Customer confidence Rudimentary toolsets Basic DDoS capability Utilise known vulnerabilities which can be effective Reuse of known compromised data Use of lower end commodity malware Insiders Coercement Acquisitive Crime Disgruntled Direct systems and network access Privileged access Systems knowledge Fraud loss Disruption of operations Regulatory Legal Existing access to systems Privilege escalation via systems knowledge or targeting colleagues Bypassing business processes Identifying the Threat

3. Regulations Hacking Team 400GB cache of files Coordination Resilience Average estimated price for stolen credit and debit cards: $5 to $30 in the United States; $20 to $35 in the United Kingdom; $20 to $40 in Canada; $21 to $40 in Australia; and $25 to $45 in the European Union. Bank login credentials for a $2,200 balance bank account selling for $190. Bank login credentials plus stealth funds transfers to U.S. banks priced from $500 for a $6,000 account balance, to $1,200 for a $20,000 account balance. Bank login credentials and stealth funds transfers to U.K. banks range from $700 for a $10,000 account balance, to $900 for a $16,000 account balance. Online payment service login credentials priced between $20 and $50 for account balances from $400 to $1,000; between $200 and $300 for balances from $5,000 to $8,000. Prices of Stolen Data on Dark Web Example Recent Breaches Ashley Madison dating website – 37 million records. Talk Talk – 157,000 customers iCloud – 500 private pictures of various celebrities Office of Personnel Management – 21 million US government employees data Securus Technologies – 70 million records of phone calls made by prisoners in US states