2 | © 2017, Palo Alto Networks. Confidential and Proprietary.

Security To Do List

Sean DucaVice President, Regional Chief Security Officer Asia Pacific

3 | © 2015, Palo Alto Networks. Confidential and Proprietary.

THE ECONOMICS OF CYBER ATTACKS

4 | © 2017, Palo Alto Networks. Confidential and Proprietary.

THE ECONOMICS OF CYBERATTACKS

Economics Favor Attackers Failure of Status Quo

PREDICTIONS FOR 2017

5 | © 2017, Palo Alto Networks. Confidential and Proprietary.

CHECKLIST FOR SUCCESS

10 | © 2017, Palo Alto Networks. Confidential and Proprietary.

YOUR CHECKLIST FOR SUCCESS: - WHO, WHAT, WHERE, WHEN & HOW

• Where is all our sensitive data?

• Many organisations struggle to answer this question and that leads to misappropriation of resources in the form of security controls being used broadly across the entire organisation, resulting in increased cost to acquire and utilize.

• Risk and cost reduction necessitates knowing where sensitive data resides and strategically applying the appreciate controls.

11 | © 2017, Palo Alto Networks. Confidential and Proprietary.

• Who amongst our employees has access to our sensitive data?

• Simply knowing who has access to a document or file server stops short of understanding what they have access to.

12 | © 2017, Palo Alto Networks. Confidential and Proprietary.

YOUR CHECKLIST FOR SUCCESS: - WHO, WHAT, WHERE, WHEN & HOW

• What is the nature of the information that makes it sensitive?

• Are we protecting the information that is of most value to us or are we only covering the basics of PII or other regulatory mandated data types?

• Successful CISOs will include company-confidential, proprietary trade secrets and intellectual property as part of their security strategy.

13 | © 2017, Palo Alto Networks. Confidential and Proprietary.

YOUR CHECKLIST FOR SUCCESS: - WHO, WHAT, WHERE, WHEN & HOW

• When has the sensitive data most recently been audited for obsolescence, necessity, access control, and governance (ownership)?

• Not all information needs to be kept indefinitely, and for information that does, are we auditing its use and access? Shrinking the sensitive data footprint of an organisation can reduce cost.

14 | © 2017, Palo Alto Networks. Confidential and Proprietary.

YOUR CHECKLIST FOR SUCCESS: - WHO, WHAT, WHERE, WHEN & HOW

• How likely is it to be leaked, if we were hacked?

• Measuring the risk associated with keeping sensitive data will propel successful CISOs by allowing them to implement technologies and processes that will both reduce the risk and reduce the cost associated with protecting sensitive data.

15 | © 2017 Palo Alto Networks. Confidential and Proprietary.

YOUR CHECKLIST FOR SUCCESS: - WHO, WHAT, WHERE, WHEN & HOW

UNDERSTANDING THE ATTACKER

16 | © 2017, Palo Alto Networks. Confidential and Proprietary.

THE ACTORS MOTIVATION

17 | © 2017 Palo Alto Networks. Confidential and Proprietary.

Espionage

Insider Threat

Cyber Crime

Cyber Warfare

Cyber Terrorism

Cyber Mischief

Cyber Hacktivism

WHAT IS TOLERATED BY THE BUSINESS ?

18 | © 2017, Palo Alto Networks. Confidential and Proprietary.

Remote Unlikely Possible Likely Almost Certarin

Likelihood

Very Low

Low

Significant

Serious

Material

Imp

act

HOW MANY PEOPLE WILL SOLVE THE PROBLEM ?

19 | © 2017, Palo Alto Networks. Confidential and Proprietary.

EXECUTING ON PREVENTION MATTERS

20 | © 2017, Palo Alto Networks. Confidential and Proprietary.

COMBINING PUROPOSE-BUILT METHODS TO PREVENT

21 | © 2017, Palo Alto Networks. Confidential and Proprietary.

Collision

Avoidance

System

Safety Glass

Traction Control

System

Side Impact Bars

Airbags

Crumple

Zone

PREVENTING ATTACKS

22

Automatically turn unknown threats to knownAutomation must be used in order to get leverage

FLIPPING THE ECONOMICS OF CYBER ATTACKS

23 | © 2017, Palo Alto Networks. Confidential and Proprietary.

Flip the Economics

NUMBER OF

SUCCESSFUL

ATTACKS

COST OF

LAUNCHING

A SUCCESSFUL

ATTACK

Secure Enterprise