Cyber Security Nevada Businesses Overview June, 2014.
-
Upload
rosalyn-anthony -
Category
Documents
-
view
217 -
download
0
Transcript of Cyber Security Nevada Businesses Overview June, 2014.
Cyber Security Nevada BusinessesOverview
June, 2014
2
Carolyn SchraderCEO, Cyber Security Group, Inc.
Fellow, National Cybersecurity Institute Excelsior College, Washington
DC
6/1/2014
3
Agenda
Threats to Small and Midsize Businesses
Impact to Nevadans
Hacking - What and Why
Cost of Recovery
UNR Cyber Security Center
Other States’ Actions
Action Steps
6/1/2014
4
Threats to Small and Midsize Businesses
All Fortune 500 companies were hacked
Over 50% of small businesses were hacked
Cyber criminals do not discriminate – any company, government agency, entity is a target
2013 Cyber Crime:
6/1/2014
5
Threats Continued
Cyber crime is a borderless crime
Leading countries for cyber criminals
• Russia
• China
• Romania
• France
6/1/2014
6
Threats Continued
Target data breach: 40 million customers
midsized business major corporation
6/1/2014
7
Threats Continued
2014 Cyber Threats: 1. Sophisticated malware
2. Impact of Internet of Things
3. Expansion of Bring Your Own Device
4. Expansion of black market for stolen data
5. Increased website hijacking
6/1/2014
8
Threats Continued
1. Sophisticated Malware Targeted audiences
Secretive attacks
Use of a business’ network to distribute malware
6/1/2014
9
Threats Continued
2013
• Over 220,00 new malware programs identified daily
New malware = 80 mil
Total malware = 180 mil
2014
• New malware Q1 = 15 mil
6/1/2014
10
Threats Continued
2. Impact of Internet of Things Things can be full building system controls or baby
monitors
Increased number of entry points creates more RISK
Things have little security but connect to smart devices
6/1/2014
11
Threats Continued
3. Bring Your Own Device Less control of data
Personal data comingled with company data
Security measures seldom used
Easily lost or stolen
• Stolen smartphones largest street crime in many cities
6/1/2014
12
Threats Continued
4. Expanded black market BIG money from illegal hacking
Sophisticated organizations
Creative marketing
6/1/2014
13
Threats Continued
5. Increased Website Malware Reputable website taken over by malware to distribute to
visitors
Business interruption
Rapid spread of malware to unsuspecting visitors
6/1/2014
14
Hacking What and Why
Identifying the hacker’s motivations and potential targets provides intelligence as to what will be attacked, and the potential impact.
This knowledge is critical in the understanding of hacker intentions, and in establishing a preparedness and security strategy.
6/1/2014
15
What & Why Continued
Data Passwords
Trade secrets
Intellectual property
Client lists
Financial projections
Blueprints
Sales territories and goals
Bank account information
Patient information
Research
6/1/2014
16
What & Why Continued
To sell the information to a competitor
To pirate a product
To get a company’s clients
Access route into larger company or organization
6/1/2014
17
Impact to Nevadans
Stolen personal information
Economic impact 60% of small businesses go out of business after a major attack
Detraction for new businesses moving in if cyber crime is not addressed Savvy businesses want cyber security expertise, prosecution
success, cyber secure suppliers
Cost of criminal prosecution
6/1/2014
18
Cost of Recovery
$200 - $246 per stolen record
10,000 records
= $2,000,000 - $2,460,000
6/1/2014
19
Recovery Cost Continued
What a Business Must Pay: Legal representation
• Incident recovery counsel
• Customer lawsuits
• Government lawsuits
Customer notifications
• Most states have notification laws
Ongoing credit monitoring service for customers
Fix the initial problem
Assessment of other security flaws
6/1/2014
20
UNR Cyber Security Center
A collaborative initiative with the purpose of bringing together experts from different fields to jointly address the cyber security challenge.
Computer Science and Engineering
Information Systems
Political Science
Sociology/Psychology
Journalism
Criminal Justice
Military Science
- Information courtesy of UNR Cyber Security Center
6/1/2014
21
UNR – CSC Continued
Mission of CSC• Perform cutting-edge interdisciplinary research.
• Foster cyber security education in interdisciplinary settings.
• Support workforce development in order to produce high-value employees for both government and industry.
- Information courtesy of UNR Cyber Security Center
6/1/2014
22
Other States’ Actions
California Small business website resource:
https://oag.ca.gov/cybersecurity
A few AG offices offer tips and links on website
Limited visible effort in addressing the severity and frequency of the crimes
6/1/2014
23
Action Steps
1. Aggressively support local district attorneys in their prosecution of illegal hacking
2. Initiate a statewide program to assist local law enforcement in conducting cybercrime investigations
6/1/2014
24
Action Steps Continued
3. Initiate an annual cybersecurity conference to facilitate networking among law enforcement and cybersecurity professionals
4. Sponsor an awareness program for businesses to help them understand the impacts of cyber attacks and how to reduce the risk of attacks
6/1/2014
25
Action Steps Continued
5. Advocate for cyber security requirements in businesses and support incentives for businesses to adopt cyber security measures
6/1/2014
26
Cyber Security Group, Inc.
Carolyn [email protected]
775.881.8980
cyber-securitygroup.com
6/1/2014