Information Security Data Security Risks in the 21st Century

2016 ROCKY MOUNTAIN SUMMIT

2016 ROCKY MOUNTAIN SUMMIT

21st Century Threats

Today most organizations primary business

is “Information”.

In 2015 nearly 27% of all “cyber” attacks with

confirmed data loss focused on Small and

Medium Enterprises (SME).

Travelers Insurance Cyber insurance division found that in 2015 of the small to

mid-size businesses attacked; 62% of those that lose consumer data go out

of business within six months.

IBM and the Ponemon Institute report that the cost of recovery is $154 for

every compromised customer record in 2015.

2016 ROCKY MOUNTAIN SUMMIT

2016 ROCKY MOUNTAIN SUMMIT 4

Target Facts

• Over 70 Million affected customers

• $162 Million direct cost to Target

• 10% price decline of stock

• 6% revenue loss

• CEO Fired

• CIO Fired

2016 ROCKY MOUNTAIN SUMMIT 5

Target was hacked because of poor Password Security

2016 ROCKY MOUNTAIN SUMMIT

2016 ROCKY MOUNTAIN SUMMIT 7 7

SONY Hack Facts

• $35 Million in direct cost to SONY

• Loss of proprietary information

including contracts, salary lists, film

budgets, entire films were leaked and

some films releases cancelled

• Personal information of 7000+

employees

2016 ROCKY MOUNTAIN SUMMIT 8

Sony was compromised from “within”

2016 ROCKY MOUNTAIN SUMMIT

Where are the attacks coming from?

2016 ROCKY MOUNTAIN SUMMIT 10 10

Email Threats

54% of all Email

2016 ROCKY MOUNTAIN SUMMIT 11 11 11

Mobile Devices

95% OF MALWARE TYPES SHOWED UP FOR

LESS THAN A MONTH, AND FOUR OUT OF FIVE DIDN’T LAST BEYOND A WEEK.

External attacks

12

7 MILLION SME BUSINESSES REPORTED SOME

FORM OF ATTACK

ATTACKS FOCUS ON MONETARY GAINS

JPMC – 76 MILLION HOUSEHOLDS AND 7 MILLION

BUSINESSES ACCOUNT INFORMATION STOLEN

SONY – EMPLOYEE AND CORPORATE INFORMATION STOLEN

TARGET – CREDIT CARD FRAUD

JIMMY JOHNS - CREDIT CARD FRAUD

PF CHANGS – CREDIT CARD

FRAUD

FIDELITY - UNKNOWN NUMBER OF BROKERAGE

ACCOUNTS COMPROMISED

47% OF US ADULTS HAD PERSONAL

INFORMATION STOLEN

2016 ROCKY MOUNTAIN SUMMIT

What can you do?

2016 ROCKY MOUNTAIN SUMMIT

Information Security: Posture

14

Think of an Information Security program like building a house.

The house was engineered and designed with specific needs in mind.

There are specific building specifications on how the house is built.

Like any house it is only as strong as the foundation and the materials it was constructed of.

2016 ROCKY MOUNTAIN SUMMIT

Information Security: Design

15

Think of an Information Security program like building a house.

Multi-faceted program • Enterprise policies, standards and

procedures • Best in class technological security

controls • Pragmatic physical security controls

at all locations • Vendor Risk Management Program • Risk based approach to security

control designs • Bank tested security control

framework

2016 ROCKY MOUNTAIN SUMMIT

Information Security: Design

16

Think of an Information Security program like building a house.

Multi-faceted program • Enterprise policies, standards and

procedures • Best in class technological security

controls • Pragmatic physical security controls

at all locations • Vendor Risk Management Program • Risk based approach to security

control designs • Bank tested security control

framework

2016 ROCKY MOUNTAIN SUMMIT

Information Security: Talent

17

Information Security Team: • CISSP Certified • CISA Certified • Look for experience

Best in Class Technology: • Defense in depth technology sourced

from Gartner Leader ranked companies

• Consider 24x7 Monitoring of security alerts

Third Party Verified: • Annual 3rd party risk assessments • Annual 3rd party penetration testing • Quarterly vulnerability scans

2016 ROCKY MOUNTAIN SUMMIT

Thank You