Cyber Security, IP Theft, and Data Breaches
-
Upload
ethisphere -
Category
Business
-
view
44 -
download
1
Transcript of Cyber Security, IP Theft, and Data Breaches
GOOD. SMART. BUSINESS. PROFIT.TM
Cyber-Security, IP Theft and Data Breaches: Practical Steps to Protect Corporate Assets
October 30, 2014
Chelsie Chmela
Events Manager
847.293.8806
We encourage you to engage during the Q&A portion of today’s webcast by using the chat function located within your viewing experience.
HOST
QUESTIONS
RECORDING The event recording and PowerPoint presentation will be provided post event.
3
4
SPEAKING TODAY
Pamela PassmanPresident & CEO, CREATe.org
Marissa O. MichelStrategic Threat Management, PwC Forensics
Cyber-Security, IP Theft and Data Breaches:
Practical Steps to Protect Corporate Assets
Marissa O. MichelStrategic Threat Management, PwC Forensics
Pamela PassmanPresident & CEO, CREATe.org
Introductions
6
Pamela Passman
President & CEO
Center for Responsible Enterprise and Trade CREATe.org
Marissa Michel
Director, Forensic Services Group, Strategic Threat Management Services
PriceWaterhouseCoopers (PwC)
In the News…Cyber-Security, IP Theft/Breaches
7
U.S. hacking victims fell prey to mundane ruses -May 20, 2014
U.S. announces first charges against foreign country in connection with cyberspying - May 19, 2014
U.S. announces first charges against foreign country in connection with cyberspying - May 19, 2014
Trade secrets bill clears a hurdle -September 17, 2014
8
Intellectual Property Risks
• Among 269 senior risk managers, 53% said that loss or theft of intellectual property had inflicted damage on their company’s financial performance —14% reported this as “major” damage.
PwC’s 2013 State of Compliance:
• Intellectual property risks ranked among the top three risks faced by manufacturing and tech companies
• IP risks were perceived to be increasing
On the rise: • Malicious code and sustained probes have
increased the most: average of 17 malicious codes/month, 12 probes/month, 10 unauthorized access incidents
Uncertainty about steps to take: • 50% low/no confidence they are making the
right investments in people, process and technologies to address threats
Data Breach Risks
9
Greatest threat:• The human factor (negligence) and system
glitches (IT and business process failures) still account for almost two-thirds of data breaches
Why? The Rise of IP Theft & Data Breaches
10
Globalized Marketplace
Information Digitalization
MobileWorkforce
Fragmented Value Chains
Where are the Greatest Threats?
Cyber Risk Threat Landscape
12
Threat Actor
Objectives Methods Vulnerabilities Risks / Outcomes
Nation States
Military technology, help national companies
Blunt force hacking
Social Engineering
Trojan Horse
Spear phishing
Watering Hole Exploits
Malware
Co-opted Credentials
Physical/Non-technical
Processes
People
Technology
IP Theft
Data Breaches
Disrupted Business
Reputational issues
Lost revenues
Lawsuits
Fines
Malicious Insiders
Competitive advantage, financial gain, national goals
Competitors Competitive advantage
Transnati’l Organized Crime
Financial gain
Hacktivists Political/social goals
Source: CREATe.org – PwC Report: Economic Impact of Trade Secret Theft: A framework for companies to safeguard trade secrets and mitigate potential thefts, February 2014
Cybercrime: a key driver of trade secret theft
13
Highlight: Malicious Insiders
14
Impact
Motivation
Access
Connections
Red Flags
Most common source of IP theft; Differs from unintentional or uninformed insiders
Typically disgruntlement or ego, ideology, competition, or personal financial gain
Insider authorization to systems, records, source code, and even facilities = opportunity to exploit access for malicious purposes
Can be leveraged or planted by Advanced Persistent Threats to exploit access to critical assets
Activity changes w/business change: mergers, divestitures and legal entity separations, and within 2 weeks before and after employment separation (voluntarily or involuntarily)
CREATe – PwC Trade Secrets Report
• The economic impact of trade secret misappropriation;
• An analysis of key threat actors;
• Three future scenarios that envision trade secret protection outcomes in 10-15 years; and
• A five-step framework to help companies assess and safeguard trade secrets.
Available on the web at:
www.create.org/protect-your-trade-secrets
16
Framework: Objectives and Outputs
Consensus across business units over definitions and criteria for determining IP that is a trade secret
Prioritized, ranked list of trade secrets with location maps around the world
A clear repeatable process for incorporating new innovations and trade secrets into the existing trade secrets list
Proven formula for assessing the cost of trade secret theft at the individual level
Means to determine how to maximize the value of protective measures to ensure the greatest return on security investment
17
Framework: Step 1
Category of Trade Secrets• Product Information• Research & Development• Critical & Unique Business Processes• Sensitive Business Information• IT Systems & Applications
18
Framework: Step 2
Threat Actors:• Nation States• Malicious Insiders• Competitors• Transnational Organized Crime• Hacktivists
19
Framework: Step 3
How would the trade secret loss impact…•Reputation?•Business operations?•Corporate culture?•Competitive advantage?•Current or future revenue?
20
Framework: Step 4
Impact of trade secret theft in dollar terms:• Financial performance• Customer trust/loyalty• Innovation• Stakeholder perception
21
Framework: Step 5
IP Compliance Team
Policies, Procedures & Records
Scope & Quality of Risk Assessment
Management of Supply Chain
Security & Confidentiality Management
Training & Capacity Building
Monitoring & Measurement
Corrective Actions & Improvements
Effective IP protection involves 8 categories:
22
Online Q&A:
Measures maturity of systems in all categories
Rates maturity on a scale from 1 to 5
1Self-Assessment
2Independent Evaluation
3Improvement Plan
CREATe expert evaluation:
Qualifies self-assessment
Reviews documentation
Generates verified score
Based on rating, company receives:
Improvement steps
Benchmarking report
Measure Improve
How Do You Know if Supply Chain Partners are Protecting Your Company’s IP?
Supply Chain Vulnerabilities
“Financial criminals will typically look for the weakest link – the most efficient, easiest way into a system. And, the majority of the time, suppliers are the easiest way in”
24
25
Ask Supply Chain Companies These Questions
1) Are IP protection policies in place?
2) Who manages IP protection?
3) What business processes are in place to protect IP?
4) How do you work with supplier and business partners to prevent IP theft?
5) Are physical workspaces and IT networks secure to protect IP?
6) What training programs are in place for IP protection ?
7) What ongoing monitoring programs are in place?
8) When things go wrong, what corrective actions do you take?
Questions?
26
Thank You!
WHY SHOULD YOU APPLY?
• Learn your scores – your Ethics QuotientTM
• Compare your practices to those of the Worl’s
Most Ethical Companies• Understand the gaps in your program, activities and
practices vs. leading companies• Use this knowledge to guide and shape investments in
program and resources • Engage the entire organization and ecosystem
This webcast and all future Ethisphere webcasts are available complimentary and on demand for BELA members. BELA members are also offered complimentary registration to Ethisphere’s Global Ethics Summit and other Summits around the world.
For more information on BELA contact:
Laara van Loben SelsSenior Director, Engagement [email protected]
Business Ethics Leadership Alliance (BELA)
THANK YOU