Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Security Nevada Businesses Overview June, 2014.

Published byRosalyn Anthony Modified over 9 years ago

Similar presentations

Presentation on theme: "Cyber Security Nevada Businesses Overview June, 2014."— Presentation transcript:

1 Cyber Security Nevada Businesses Overview June, 2014

2 Carolyn Schrader CEO, Cyber Security Group, Inc. Fellow, National Cybersecurity Institute Excelsior College, Washington DC Carolyn Schrader CEO, Cyber Security Group, Inc. Fellow, National Cybersecurity Institute Excelsior College, Washington DC 6/1/2014 2

3 Agenda  Threats to Small and Midsize Businesses  Impact to Nevadans  Hacking - What and Why  Cost of Recovery  UNR Cyber Security Center  Other States’ Actions  Action Steps  Threats to Small and Midsize Businesses  Impact to Nevadans  Hacking - What and Why  Cost of Recovery  UNR Cyber Security Center  Other States’ Actions  Action Steps 6/1/2014 3

4 Threats to Small and Midsize Businesses  All Fortune 500 companies were hacked  Over 50% of small businesses were hacked  Cyber criminals do not discriminate – any company, government agency, entity is a target  All Fortune 500 companies were hacked  Over 50% of small businesses were hacked  Cyber criminals do not discriminate – any company, government agency, entity is a target 2013 Cyber Crime: 6/1/2014 4

5 Threats Continued  Cyber crime is a borderless crime  Leading countries for cyber criminals Russia China Romania France  Cyber crime is a borderless crime  Leading countries for cyber criminals Russia China Romania France 6/1/2014 5

6 Threats Continued  Target data breach: 40 million customers midsized business major corporation  Target data breach: 40 million customers midsized business major corporation 6/1/2014 6

7 Threats Continued 2014 Cyber Threats: 1.Sophisticated malware 2.Impact of Internet of Things 3.Expansion of Bring Your Own Device 4.Expansion of black market for stolen data 5.Increased website hijacking 2014 Cyber Threats: 1.Sophisticated malware 2.Impact of Internet of Things 3.Expansion of Bring Your Own Device 4.Expansion of black market for stolen data 5.Increased website hijacking 6/1/2014 7

8 Threats Continued 1.Sophisticated Malware  Targeted audiences  Secretive attacks  Use of a business’ network to distribute malware 1.Sophisticated Malware  Targeted audiences  Secretive attacks  Use of a business’ network to distribute malware 6/1/2014 8

9 Threats Continued  2013 Over 220,00 new malware programs identified daily New malware = 80 mil Total malware = 180 mil  2014 New malware Q1 = 15 mil  2013 Over 220,00 new malware programs identified daily New malware = 80 mil Total malware = 180 mil  2014 New malware Q1 = 15 mil 6/1/2014 9

10 Threats Continued 2.Impact of Internet of Things  Things can be full building system controls or baby monitors  Increased number of entry points creates more RISK  Things have little security but connect to smart devices 2.Impact of Internet of Things  Things can be full building system controls or baby monitors  Increased number of entry points creates more RISK  Things have little security but connect to smart devices 6/1/2014 10

11 Threats Continued 3.Bring Your Own Device  Less control of data  Personal data comingled with company data  Security measures seldom used  Easily lost or stolen Stolen smartphones largest street crime in many cities 3.Bring Your Own Device  Less control of data  Personal data comingled with company data  Security measures seldom used  Easily lost or stolen Stolen smartphones largest street crime in many cities 6/1/2014 11

12 Threats Continued 4.Expanded black market  BIG money from illegal hacking  Sophisticated organizations  Creative marketing 4.Expanded black market  BIG money from illegal hacking  Sophisticated organizations  Creative marketing 6/1/2014 12

13 Threats Continued 5.Increased Website Malware  Reputable website taken over by malware to distribute to visitors  Business interruption  Rapid spread of malware to unsuspecting visitors 5.Increased Website Malware  Reputable website taken over by malware to distribute to visitors  Business interruption  Rapid spread of malware to unsuspecting visitors 6/1/2014 13

14 Hacking What and Why Identifying the hacker’s motivations and potential targets provides intelligence as to what will be attacked, and the potential impact. This knowledge is critical in the understanding of hacker intentions, and in establishing a preparedness and security strategy. Identifying the hacker’s motivations and potential targets provides intelligence as to what will be attacked, and the potential impact. This knowledge is critical in the understanding of hacker intentions, and in establishing a preparedness and security strategy. 6/1/2014 14

15 What & Why Continued  Data  Passwords  Trade secrets  Intellectual property  Client lists  Financial projections  Blueprints  Sales territories and goals  Bank account information  Patient information  Research  Data  Passwords  Trade secrets  Intellectual property  Client lists  Financial projections  Blueprints  Sales territories and goals  Bank account information  Patient information  Research 6/1/2014 15

16 What & Why Continued  To sell the information to a competitor  To pirate a product  To get a company’s clients  Access route into larger company or organization  To sell the information to a competitor  To pirate a product  To get a company’s clients  Access route into larger company or organization 6/1/2014 16

17 Impact to Nevadans  Stolen personal information  Economic impact  60% of small businesses go out of business after a major attack  Detraction for new businesses moving in if cyber crime is not addressed  Savvy businesses want cyber security expertise, prosecution success, cyber secure suppliers  Cost of criminal prosecution  Stolen personal information  Economic impact  60% of small businesses go out of business after a major attack  Detraction for new businesses moving in if cyber crime is not addressed  Savvy businesses want cyber security expertise, prosecution success, cyber secure suppliers  Cost of criminal prosecution 6/1/2014 17

18 Cost of Recovery $200 - $246 per stolen record 10,000 records = $2,000,000 - $2,460,000 $200 - $246 per stolen record 10,000 records = $2,000,000 - $2,460,000 6/1/2014 18

19 Recovery Cost Continued What a Business Must Pay:  Legal representation Incident recovery counsel Customer lawsuits Government lawsuits  Customer notifications Most states have notification laws  Ongoing credit monitoring service for customers  Fix the initial problem  Assessment of other security flaws What a Business Must Pay:  Legal representation Incident recovery counsel Customer lawsuits Government lawsuits  Customer notifications Most states have notification laws  Ongoing credit monitoring service for customers  Fix the initial problem  Assessment of other security flaws 6/1/2014 19

20 UNR Cyber Security Center A collaborative initiative with the purpose of bringing together experts from different fields to jointly address the cyber security challenge.  Computer Science and Engineering  Information Systems  Political Science  Sociology/Psychology  Journalism  Criminal Justice  Military Science A collaborative initiative with the purpose of bringing together experts from different fields to jointly address the cyber security challenge.  Computer Science and Engineering  Information Systems  Political Science  Sociology/Psychology  Journalism  Criminal Justice  Military Science - Information courtesy of UNR Cyber Security Center 6/1/2014 20

21 UNR – CSC Continued Mission of CSC Perform cutting-edge interdisciplinary research. Foster cyber security education in interdisciplinary settings. Support workforce development in order to produce high- value employees for both government and industry. Mission of CSC Perform cutting-edge interdisciplinary research. Foster cyber security education in interdisciplinary settings. Support workforce development in order to produce high- value employees for both government and industry. - Information courtesy of UNR Cyber Security Center 6/1/2014 21

22 Other States’ Actions  California  Small business website resource: https://oag.ca.gov/cybersecurity  A few AG offices offer tips and links on website  Limited visible effort in addressing the severity and frequency of the crimes  California  Small business website resource: https://oag.ca.gov/cybersecurity  A few AG offices offer tips and links on website  Limited visible effort in addressing the severity and frequency of the crimes 6/1/2014 22

23 Action Steps 1.Aggressively support local district attorneys in their prosecution of illegal hacking 2.Initiate a statewide program to assist local law enforcement in conducting cybercrime investigations 1.Aggressively support local district attorneys in their prosecution of illegal hacking 2.Initiate a statewide program to assist local law enforcement in conducting cybercrime investigations 6/1/2014 23

24 Action Steps Continued 3.Initiate an annual cybersecurity conference to facilitate networking among law enforcement and cybersecurity professionals 4.Sponsor an awareness program for businesses to help them understand the impacts of cyber attacks and how to reduce the risk of attacks 3.Initiate an annual cybersecurity conference to facilitate networking among law enforcement and cybersecurity professionals 4.Sponsor an awareness program for businesses to help them understand the impacts of cyber attacks and how to reduce the risk of attacks 6/1/2014 24

25 Action Steps Continued 5.Advocate for cyber security requirements in businesses and support incentives for businesses to adopt cyber security measures 6/1/2014 25

26 Cyber Security Group, Inc. Carolyn Schrader cschrader@cyber-securitygroup.com 775.881.8980 cyber-securitygroup.com Carolyn Schrader cschrader@cyber-securitygroup.com 775.881.8980 cyber-securitygroup.com 6/1/2014 26

Download ppt "Cyber Security Nevada Businesses Overview June, 2014."

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Cyber Crime and Technology

Cyber Crime and Technology
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.

© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.
UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.

UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Jinhyun CHO Senior Researcher Korea Internet and Security Agency.

Jinhyun CHO Senior Researcher Korea Internet and Security Agency.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.

STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
Ray Greenlaw, School of Computing Armstrong Atlantic State University 1 Regional Center for Cyber Security Education and Training January 2003.

Ray Greenlaw, School of Computing Armstrong Atlantic State University 1 Regional Center for Cyber Security Education and Training January 2003.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.

Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.
Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.

Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.
Cyber-Warfare: The Future is Now!

Cyber-Warfare: The Future is Now!
CJ © 2011 Cengage Learning Chapter 17 Cyber Crime and The Future of Criminal Justice.

CJ © 2011 Cengage Learning Chapter 17 Cyber Crime and The Future of Criminal Justice.
Cyber Security Finance Forum 2012 Michael DuBose Managing Director & Practice Leader Cyber Investigations.

Cyber Security Finance Forum 2012 Michael DuBose Managing Director & Practice Leader Cyber Investigations.
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.

COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Similar presentations

Ads by Google