Presentation is loading. Please wait.

Presentation is loading. Please wait.

Business At the Speed of Cyber

Published byMorris Hutchinson Modified over 6 years ago

Similar presentations

Presentation on theme: "Business At the Speed of Cyber"— Presentation transcript:

1 Business At the Speed of Cyber
Understanding the CISO Dilemma ISACA Denver October Chapter Meeting Ian Bramson Siemens

2 RISK IS GOOD

3 The CISO dilemma: expanding accountability and shrinking control
Senior Leadership External Operations Cross-Organizational Security Operations

4 Most Senior Leadership are very concerned about cyber security, but have little understanding of what it is Senior Leadership Cyber fatigue Strategic alignment Business context Executive reporting Risk reduction High Exposure, Low Understanding 85% Cybercrime will cost the world in excess of $6 trillion annually by 2021 The average cost per breach worldwide was $4 million, that figure rose to $7 million in the U.S. (Ponemon Institute) Board of Directors Focus Due care – How do boards know if they’re doing a good enough job when it comes to cybersecurity oversight? Insider threats – What has the company done to deter, detect, and remediate insider threats? Third-party risk management – How is the company reducing risks with its vendors, partners, contractors, and suppliers? How is data and access managed with third parties? What are our exposures if they get hacked? Cyber insurance – What is covered with cyber insurance? Should the company get cyber insurance? What kind of coverage? How do we minimize premiums? Information sharing – How does the company share cyber information with competitors and the government? What are the privacy laws and regulations about cyber information sharing? Mergers and acquisitions (M&A) – How does cybersecurity factor into M&A? Incident response/breach notification – Who needs to be notified, and when, during a cyber breach? 39% of board executives feel security information is too technical -- Osterman organizations failed to report Ransomware attacks to CEO or Board -- SentinelOne 35X 70% cyber security budgets have increased 35 times over the last thirteen years -- Cybersecurity Ventures of the value of publicly traded companies are “intangible assets” -- Commission on the Theft of American Intellectual Property

5 Cyber security attackers exploit traditional organizational stovepipes and organizational divisions
Cross-Organizational The people problem Span of control and accountability Business enabler, not inhibitor Partnership with business Cyber security and IT Managing Other Executives 95% 53% of mobile professionals carry confidential company information (Ponemon) Up To 12,000 laptop computers are lost weekly and up to 600,000 are lost annually in U.S. airports (Ponemon) 69% percent of organizations have experienced attempted or successful data theft or corruption by corporate insiders during the last 12 months Ransomware increased 6,000% in IBM Ransomware was in almost 40% of all spam messages in IBM 70% of business victims paid the hackers to get their data back – IBM 26% of employees admitted to uploading sensitive information to cloud apps with the specific intent to share that data outside the company – Sailpoint 65% of all security incidents involve human error -- IBM of those who carry confidential information don’t protect it -- Ponemon 63% 60% of confirmed data breaches involve weak, default or stolen passwords -- Verizon of fired employees steal important corporate data -- Global HR

6 CISOs are struggling to address expanding cyber threats with severe talent shortages
Security Operations Talent shortage Operational reporting and metrics Business impacts of technical operations Career paths Doing More with Less 3.5 Million 47% of organizations say that the number of employees dedicated to network security is inadequate - ESG 44% of organizations say that the number of networking/security staff with strong knowledge in both security and networking technology is inadequate in some, most, or all cases – ESG The demand for information security analysts will grow 37% from —S. Bureau of Labor Statistics  The average senior security analyst in the US makes $103,226, more than double the national average—Glassdoor.com 35%  of organizations are unable to fill open security jobs, despite the fact that 82 percent expect to be attacked this year—ISACA and RSA, “State of Cybersecurity: Implications for 2015” 52% unfilled cybersecurity jobs by 2020 -- Cybersecurity Ventures of organizations that suffered successful cyber attacks aren't making changes to their security –- Barkly 37% 41% of organizations say that the ability of the security staff to keep up with the threat landscape is inadequate -- ESG of workers will be temps, contractors or consultants by 2018 -- CyberArk

7 CISOs inherit the risks posed by their external partners, suppliers, and customers
External Operations Elastic attack surface Supply chain cyber challenges Vendorpalooza and vendor leverage Compliance conundrum Cyber insurance Managing Risks from the Outside 90% The cyber insurance market rose to $2.5 Billion in 2016 Intel predicts there will be up to 200 Billion connected devices by 2020 Microsoft predicts that the number of connected devices will be about 50 Billion by 2020 There are 25 connected devices per 100 inhabitants in the US (Symantec Internet Security Threat Report) $120 Billion of organizations lack full confidence in their IoT security -- AT&T cyber security market in 2017 (it was $3.5 Billion in 2004) -- Wired 50X 88% increase in data volume by 2020 -- Microsoft of organizations lack full confidence in the security of their business partners’ connected devices -- AT&T

8 MANAGING RISK IS GOOD

Download ppt "Business At the Speed of Cyber"

Similar presentations

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Travelers CyberRisk for Insurance Companies

Travelers CyberRisk for Insurance Companies
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Sponsored by Lumension Ponemon Institute© Private & Confidential Document Page 1 2009 Security Mega Trends Survey Independently conducted by Ponemon Institute.

Sponsored by Lumension Ponemon Institute© Private & Confidential Document Page Security Mega Trends Survey Independently conducted by Ponemon Institute.
Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius 4444 50% Hiscox 33 50% to May 2010, replaced.

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Www.softwareassist.net Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
Enterprise Computing Community June 13 - 15, 2010February 27, 2010 1 Information Security Industry View Linda Betz IBM Director IT Policy and Information.

Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
© 2014 IBM Corporation Smarter Workforce Services Business Process Innovation.

© 2014 IBM Corporation Smarter Workforce Services Business Process Innovation.
AUGUST 25, 2015 Cyber Insurance:

AUGUST 25, 2015 Cyber Insurance:
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Cyber Security Nevada Businesses Overview June, 2014.

Cyber Security Nevada Businesses Overview June, 2014.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
INFORMATION TECHNOLOGY SERVICES Mike Russo, PMP, CISSP, CISA, CFE, CGEIT Director, Information Security and Privacy Office CYBERSECURITY AND PRIVACY Information.

INFORMATION TECHNOLOGY SERVICES Mike Russo, PMP, CISSP, CISA, CFE, CGEIT Director, Information Security and Privacy Office CYBERSECURITY AND PRIVACY Information.
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
DRAFT 1 Belfast 2015 5 th World Cyber Security Technology Research Summit Suren Gupta Allstate Corporation Executive Vice President Allstate Technology.

DRAFT 1 Belfast th World Cyber Security Technology Research Summit Suren Gupta Allstate Corporation Executive Vice President Allstate Technology.

Similar presentations

Ads by Google