Information Security - cdn.ymaws.com · Information Security: Design 15 Think of an Information...
Transcript of Information Security - cdn.ymaws.com · Information Security: Design 15 Think of an Information...
Information Security Data Security Risks in the 21st Century
2016 ROCKY MOUNTAIN SUMMIT
2016 ROCKY MOUNTAIN SUMMIT
21st Century Threats
Today most organizations primary business
is “Information”.
In 2015 nearly 27% of all “cyber” attacks with
confirmed data loss focused on Small and
Medium Enterprises (SME).
Travelers Insurance Cyber insurance division found that in 2015 of the small to
mid-size businesses attacked; 62% of those that lose consumer data go out
of business within six months.
IBM and the Ponemon Institute report that the cost of recovery is $154 for
every compromised customer record in 2015.
2016 ROCKY MOUNTAIN SUMMIT
2016 ROCKY MOUNTAIN SUMMIT 4
Target Facts
• Over 70 Million affected customers
• $162 Million direct cost to Target
• 10% price decline of stock
• 6% revenue loss
• CEO Fired
• CIO Fired
2016 ROCKY MOUNTAIN SUMMIT 5
Target was hacked because of poor Password Security
2016 ROCKY MOUNTAIN SUMMIT
2016 ROCKY MOUNTAIN SUMMIT 7 7
SONY Hack Facts
• $35 Million in direct cost to SONY
• Loss of proprietary information
including contracts, salary lists, film
budgets, entire films were leaked and
some films releases cancelled
• Personal information of 7000+
employees
2016 ROCKY MOUNTAIN SUMMIT 8
Sony was compromised from “within”
2016 ROCKY MOUNTAIN SUMMIT
Where are the attacks coming from?
2016 ROCKY MOUNTAIN SUMMIT 10 10
Email Threats
54% of all Email
2016 ROCKY MOUNTAIN SUMMIT 11 11 11
Mobile Devices
95% OF MALWARE TYPES SHOWED UP FOR
LESS THAN A MONTH, AND FOUR OUT OF FIVE DIDN’T LAST BEYOND A WEEK.
External attacks
12
7 MILLION SME BUSINESSES REPORTED SOME
FORM OF ATTACK
ATTACKS FOCUS ON MONETARY GAINS
JPMC – 76 MILLION HOUSEHOLDS AND 7 MILLION
BUSINESSES ACCOUNT INFORMATION STOLEN
SONY – EMPLOYEE AND CORPORATE INFORMATION STOLEN
TARGET – CREDIT CARD FRAUD
JIMMY JOHNS - CREDIT CARD FRAUD
PF CHANGS – CREDIT CARD
FRAUD
FIDELITY - UNKNOWN NUMBER OF BROKERAGE
ACCOUNTS COMPROMISED
47% OF US ADULTS HAD PERSONAL
INFORMATION STOLEN
2016 ROCKY MOUNTAIN SUMMIT
What can you do?
2016 ROCKY MOUNTAIN SUMMIT
Information Security: Posture
14
Think of an Information Security program like building a house.
The house was engineered and designed with specific needs in mind.
There are specific building specifications on how the house is built.
Like any house it is only as strong as the foundation and the materials it was constructed of.
2016 ROCKY MOUNTAIN SUMMIT
Information Security: Design
15
Think of an Information Security program like building a house.
Multi-faceted program • Enterprise policies, standards and
procedures • Best in class technological security
controls • Pragmatic physical security controls
at all locations • Vendor Risk Management Program • Risk based approach to security
control designs • Bank tested security control
framework
2016 ROCKY MOUNTAIN SUMMIT
Information Security: Design
16
Think of an Information Security program like building a house.
Multi-faceted program • Enterprise policies, standards and
procedures • Best in class technological security
controls • Pragmatic physical security controls
at all locations • Vendor Risk Management Program • Risk based approach to security
control designs • Bank tested security control
framework
2016 ROCKY MOUNTAIN SUMMIT
Information Security: Talent
17
Information Security Team: • CISSP Certified • CISA Certified • Look for experience
Best in Class Technology: • Defense in depth technology sourced
from Gartner Leader ranked companies
• Consider 24x7 Monitoring of security alerts
Third Party Verified: • Annual 3rd party risk assessments • Annual 3rd party penetration testing • Quarterly vulnerability scans
2016 ROCKY MOUNTAIN SUMMIT
Thank You