Embed Size (px)
Citation preview
Cyber Risk:Exposures, prevention,
and solutions Presented by
Paula Garrecht
“There are only two types of companies, those that have been hacked and those that will be”
-FBI Director Robert Muller (2012)
1. The changing face of communication 2. Impact of breaches 3. By the numbers 4. Modes of attack 5. Common exposures 6. Examples of breaches7. Prevention8. Solutions 9. Questions
Agenda
Communication is now married totechnology.
This makes us all extremely vulnerable to cyber risk
Changing Mediums of Communication
The impact of data breaches are significant and multi-faceted:• Reputational harm• Employer/Employee relationships• Lost productivity when staff need to put aside
normal activities to respond to an incident• Notification Costs• Credit monitoring costs• Regulatory proceedings and fines
Impact of Data Breaches
By the Numbers
• Of attacks were not highly difficult to undertake
• Of breaches happen in companies with fewer than 100 employees
• Stemmed from external agents (partners, suppliers, customers and criminals)
• Of data breaches were discovered by a third party and not by the company itself 92% 98%
96%72%
97% of incidents were avoidable
70% of Canadian businesses experienced a cyber attack in a 12 month period.
$100 billion annual loss to the U.S. economy (US$445 billion to the world economy)
The average cost of a data breach to an organization in
2014 $5.85 million
By the Numbers
Modes of Attack
In Canada, the top cyber-attacker sources are:• Malicious code• Spam• Phishing Hosts• Bots• Network Attacking countries• Web Attacking countries
Modes of Attack
Public Administration is the top targeted industry in Canada for malware and phishing, second highest behind the mining industry for
spam.
Targets
• Bring Your Own Device (BYOD)
• Hard Drive Disposal
• Camera Phones
Exposures
Uber (2014)
City of Los Angeles (2012)
University of Victoria
(2012)
Examples of Breaches
Recent Guidance from the Privacy Commissioner • Getting accountability right with a Privacy
Management Program• Organizational commitment• Program controls• Effectiveness, compliance and accountability
Prevention Strategies
Put Security Systems in place ie.
Alarms, surveillance
Use caution with mobile apps
Properly dispose of technology hardware.
When sending mass emails, hide the recipient list
Keep sensitive data out of
unauthorized reach
Require sign-in for non-employee
visitors
Screen all prospective employees
Don’t retain unnecessary data
Install anti-virus, anti-spyware and
firewalls.
Utilize password protection and
encryption
Ongoing education and training
Conduct a third party test to assess your vulnerabilities
Prevention Strategies
Despite implementing best-practices for prevention, data and cyber security breaches can occur. Cyber Risk Insurance should form
part of your Risk Management plan.
Solutions
• Privacy Liability & breach notification• Network security liability• Multimedia liability• System damage• System business interruption• Brand & reputation protection / crisis
management• Cyber crime
Solutions
Privacy Liability & breach notification
• Violation of data protection and privacy legislation.
• Costs to assist you in dealing with a data breach including costs of notification and costs of credit monitoring.
• Regulatory fines and claims expenses that you become legally obligated to pay
Network security liability
• Your failure to protect against unauthorized access to or unauthorized use of or denial of services attack by a hacker.
Multimedia liability
• Covers media exposures such as defamation and breaches of intellectual property rights arising from your online publishing. Also described as content injury.
Solutions
System damage
• Cover to assist you in dealing with the costs of handling/responding to a threat from a hacker to attack your information and electronic assets.
System business interruption
• Cover to assist you in dealing with the costs of replacing lost profit due to hacking attack on your computer system. Impaired access injury.
Brand & reputation protection / crisis
management
• Costs to assist you after a network compromise such as public relations costs. Reputational injury.
Cyber crime
• Electronic wire transfer fraud
• ID Theft• Cyber extortion• Telephone hacking• Phishing
Solutions
Thank You,Questions?
“There are only two types of companies, those that have been hacked and those that will be.
Even that is merging into one category: those that have been hacked and will be again. ”
-FBI Director Robert Muller (2012)
