Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dr. Matthew Canham Dr. Clay Posey Institute for Simulation & UCF

Published byゆゆこ いなおか Modified over 5 years ago

Similar presentations

Presentation on theme: "Dr. Matthew Canham Dr. Clay Posey Institute for Simulation & UCF"— Presentation transcript:

1 Elevating Our Understanding of Non-malicious Employees in Cybersecurity
Dr. Matthew Canham Dr. Clay Posey Institute for Simulation & UCF College of Business Cybersecurity & Privacy UCF President & CEO Chief Research Scientist

2 Early Experiences (or Why We Are the Way We Are)

3 Causes of Data Breach ALL DATA BREACHES Human Error (Non-Malicious)
88% (Kroll Associates – UK Information Commissioner (ICO) Report, 2018) Confidential data being ed to the incorrect recipient (18.5%) Loss of paperwork (18.1%) Data left in an insecure location (6.7%) 95% (IBM Cyber Security Intelligence Index, 2014) ~10% of data breaches result from malicious attacks ALL DATA BREACHES

4 Human as an Attack Vector
Data Breaches caused by BAD PEOPLE Human Attack Vectors (~50%) Technical Attack Vectors (50%) 91% (KnowBe4, 2019) 43% (Verizon DBIR, 2017) ~50% of data breaches leveraging social engineering

5 Data Breaches resulting from Technical Attack Vectors
~90% Human Error + ~5% Human Vector Attacks ~ 5% Data Breaches originate from Malicious Actors relying on technical attack vectors

6 Amount spent on security awareness training in the U.S. 2017
Show me the ! Amount spent on security awareness training in the U.S. 2017 $370 Million (Gartner, 2017)

7 Show me the ! 0.62% ($370 Million) spent on security awareness training Total amount spent on cyber defense in the U.S. in 2017 $60.4 Billion

8 Proportion of Data Breaches resulting from Malicious Technical Attack Vectors
Proportion of funding spent on security awareness training in the U.S. 2017 Proportion of Data Breaches resulting from Human Error or Human Vector Attack Amount spent to defend against Malicious Technical Attack Vectors in 2017

9 Deviations from Policy
Intentional Deliberate Violations (Shadow IT and workarounds) Unintentional Slips Correct goal, flawed execution. Mistakes Wrong goal, good execution.

10 Business Email Compromise smshing (text messaging)
Species of Phish QRshing Business Compromise smshing (text messaging) vishing (voice) Spear Phish Whaling

11 Business Email Compromise

12 Just last month…

13 Taking a Longitudinal View
47% 13% 32% 8%

14 Complex Adaptive Systems and “What If” Analyses

15 Ending on a Positive Note
• Most employees don’t enter their organization everyday and think: “How can I screw up things for my company?” • Need to stop treating them like all have cruel intentions • Realize and readily accept that errors will happen and form meaningful strategies that build resilient organizational cultures - “A million accidents that should have occurred today but didn’t” • Employees are the most significant component of organizational cybersecurity vs.

16 Contact Information Dr. Matthew Canham Dr. Clay Posey Institute for Simulation & Training College of Business University of Central Florida Cybersecurity & Privacy Cluster President & CEO Chief Research Scientist

Download ppt "Dr. Matthew Canham Dr. Clay Posey Institute for Simulation & UCF"

Similar presentations

1 Michael Siegel James Houghton Advancing Cybersecurity Using System Dynamics Simulation Modeling For System Resilience, Patching, and Software Development.

1 Michael Siegel James Houghton Advancing Cybersecurity Using System Dynamics Simulation Modeling For System Resilience, Patching, and Software Development.
THE MEMBERS GROUP Safeguard Iowa Partnership – Cybersecurity Webinar Series.

THE MEMBERS GROUP Safeguard Iowa Partnership – Cybersecurity Webinar Series.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
FCC Broadband Workshop on Cyber Security Don Welch President and CEO Merit Network, Inc.

FCC Broadband Workshop on Cyber Security Don Welch President and CEO Merit Network, Inc.
1 Explorations in Cyber International Relations (ECIR) Dr. Michael Siegel Daniel Goldsmith Explorations in Cyber International Relations OSD Minerva Research.

1 Explorations in Cyber International Relations (ECIR) Dr. Michael Siegel Daniel Goldsmith Explorations in Cyber International Relations OSD Minerva Research.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.

Did You Hear That Alarm? The impacts of hitting the information security snooze button.
National Cyber Security Awareness Month October 20, 2011 Cyber Security – Our Shared Responsibility.

National Cyber Security Awareness Month October 20, 2011 Cyber Security – Our Shared Responsibility.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
Strong Security for Your Weak Link: Implementing People-Centric Security Jennifer Cheng, Director of Product Marketing.

Strong Security for Your Weak Link: Implementing People-Centric Security Jennifer Cheng, Director of Product Marketing.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Regional Cyber Crime Unit

Regional Cyber Crime Unit
Creating a Culture of Privacy Michael Kaiser Executive Director National Cyber Security

Creating a Culture of Privacy Michael Kaiser Executive Director National Cyber Security
Cyber-Security among American Local Governments Donald F. Norris, Anupam Joshi and Timothy Finin University of Maryland, Baltimore County Baltimore, Maryland.

Cyber-Security among American Local Governments Donald F. Norris, Anupam Joshi and Timothy Finin University of Maryland, Baltimore County Baltimore, Maryland.
TruSTAR Sensitive & Proprietary Cloud CISC: Cyber incident exchange and collaboration February, 2016 “We cannot solve problems with the same thinking we.

TruSTAR Sensitive & Proprietary Cloud CISC: Cyber incident exchange and collaboration February, 2016 “We cannot solve problems with the same thinking we.
CURRENT STATUS OF CYBERCRIME  Security is the fastest growing service in IT  Cyber Crime Costs $750 Billion annually  70% of threats arrive via email.

CURRENT STATUS OF CYBERCRIME  Security is the fastest growing service in IT  Cyber Crime Costs $750 Billion annually  70% of threats arrive via .
Just Culture George Monteiro Principal Airworthiness Surveyor

Just Culture George Monteiro Principal Airworthiness Surveyor
TOP 5 CYBERSECURITY ISSUES CFOS NEED TO KNOW IN A CONNECTED, MOBILE WORLD BRAD FRAZER | PRESENTED ON 06/08/16.

TOP 5 CYBERSECURITY ISSUES CFOS NEED TO KNOW IN A CONNECTED, MOBILE WORLD BRAD FRAZER | PRESENTED ON 06/08/16.
Explaining Bitcoins will be the easy part: Email Borne Attacks and How You Can Defend Against Them Karsten Chearis Sales Engineer.

Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Karsten Chearis Sales Engineer.

Similar presentations

Ads by Google