Chaplygin roman pw c - 4 june 12h00

EDAYS INTERNATIONAL E-COMMERCE CONFERENCE MOSCOW, JUNE 4-5, 2015

Cybersecurity challenges in an interconnected world

PwC Global State of information security survey results for Retail industry

Cyber risks: A severe and present danger

EDAYS INTERNATIONAL E-COMMERCE CONFERENCE – MOSCOW, JUNE 4-5, 2015 2

In 2014 Verizon counted 524 security incidents in retailers industries around the world in its annual Data Breach Investigations Report, noting that points of sale were the primary targets in 70% of incidents within the retail industry.

Over the past year, the phrase “data breach” has become closely associated with the word “retailer” as attacks reached epic levels.

PwC GSISS 2015: Retail incidents statistic


The Global State of Information Security®Survey (GSISS) shows that, among 836worldwide retail and consumer goodsrespondents, the number of detectedincidents in 2014 increased 19% over 2013.

Current and former employees, third-party service providers, contractors, suppliers, and business partners are most frequently mentioned as the cause of incidents

PwC GSISS 2015: Retail incidents statistic


Personal data including payment and purchase information as well as Intellectual property are the main targets for thefts.

Another purpose of cyberattack is fraud.

PwC GSISS 2015: Retail security issues


Data governance is lacking

Have secure-access control measures

Have centralized user data store

Have an accurate inventory of personal data

Limit access to the minimum necessary

Have privileged user access tools

Have a written security policy

Retailers, in particular, often take a compliance-checklist approach to information security, focusing on Payment Card Industry Data Security Standard (PCI DSS) requirements while disregarding implementation of adequate data governance to protect valuable information assets.

Good data governance will require that businesses develop a framework and policies for the creation, use, storage, and deletion of information. It will also demand that retail and consumer companies know where their data is stored, manage access to sensitive information, and govern the use and security of valuable data by third-party partners.

PwC GSISS 2015: Increasing third-party threats


Data breaches often start with the compromise of suppliers, contractors, and vendors.

Only 29% say they have this type of monitoring program in place, and 37% say they plan to add one.

But one in five say they have no plans to implement a program to monitor third parties.

PwC GSISS 2015: New technologies and risks


Retail and consumer goods companies are embracing new technologies to connect with customers, build operational efficiencies, and enable collaboration.

The trouble is, many businesses adopt these technologies before they effectively secure them.

Yet only 45% of respondents have a security strategy for cloud computing—an astonishing finding—and just 33% say they are “very prepared” to protect sensitive data in the cloud. Given that 29% of respondents say they use cloud services for e-commerce, that’s certainly disquieting.

More than half of respondents say they use some form of cloud computing for file storage and sharing, and hosting of databases, applications, e-mail, and websites.

PwC GSISS 2015: New technologies and risks


Attrition in safeguards for new technologies 69% of respondents either plan to allow or already do allow use of employee-owned devices to access the corporate network

One quarter (25%) of retail and consumer respondents say they have implemented systems for digital wallets, and an additional 36% say they plan to implement them in the future.

PwC GSISS 2015: Retail need strategic approach


More than ever, senior executives should proactively ensure that the Board understands how the organization will detect, defend against, and respond to cyber threats.

Before resources can be allocated, however, it will be necessary to first identify the organization’s most valuable assets and determine who owns responsibility for them.

A senior executive communicates importance of security to entire enterprise

Information security strategy is aligned with specific business needs

Program to identify sensitive assets

Collaborate with others to improve security

Have cyber insurance Have employee security training and awareness program

PwC GSISS 2015: Linking security and risk


As incidents continue to proliferate, it’s becoming clear that cyber risks can never be completely eliminated.

Today’s interconnected business ecosystem requires a shift from security that focuses on prevention and controls to a risk-based approach that prioritizes an organization’s most valuable assets and its most relevant threats.It also will be critical to focus on rapid detection of security intrusions and an effective, timely response.

PwC GSISS 2016


We invite you to participate in our survey

www.pwc.ru/gsiss2016

End of the survey June 12, 2015

PwC helps clients manage modern cyberrisks


PwC applies its local and global experience and resources equally to create value for clients when carrying out diverse projects, ranging from strategy development to implementation.

180,000PwC

staff worldwide

38,000PwC

consultants worldwide

9,600PwC

IT consultants worldwide

Our global network of firms includes

776 offices in 158 countries worldwide

Leader in IT-enabled business transformation

Forrester, 3Q 2012

PwC has broad experience in providing consulting services to universities and higher educational institutions

Leader in business consulting

IDC Marketscape, 2012

PwC CEE has a highly talented pool of certified Cyber security consulting staff with a full range of skills:CISA – 39 peopleCISM– 7 peopleCRISC – 5 peopleCISSP – 4 peoplISO 27001– 12 peopleand others

2,000PwC

Cyber security consultants worldwide

Let’s keep in touch!


Thank you for your attention!

Roman Chaplygin

Director,Cybersecurity leader, PwC RussiaTel: +7 (495) 967 6056Mob: +7 (903) 272 1620E-mail: [email protected]

PwC CyberSecurity Clubon Facebook

Documents

Chaplygin roman pw c - 4 june 12h00