Matthew Rosenquist Cybersecurity StrategistFebruary 2017

“We manage security through Leadership and Preparation, otherwise we face Crisis and Desperation”

2

Data breach – administration, student, and vendor records

Malware/ransomware of devices

Financial theft and fraud

Student bullying, stalking, & safety

Regulatory non-compliance, audit

Denial of Service - Operational unavailability of systems

Reputation, smear, & social attacks

Asset misuse, theft, unauthorized content hosting, file sharing

Information integrity “Ferris Buellerattack”– grades & communications

Cyber Impacting the education sector

3

Threats & Technology Landscape

4

Evolving Landscape, Adversaries, and impacts

i

93% of Phishing is Ransomware

Upwards of $75 billion in global impact

i

97% of Fortune 1000 companies

Lost data or credentials 2014-2016

i

$16 Billion in Losses

Identity theft & fraud in 2016, up 16% from

2015

IMPACTS GO FAR BEYOND EXPECTATIONS

Cybersecurity costs

typically measured as

part of an incident

Actual costs of long

term impacts including

lost contract revenue,

operational disruption,

devaluation of trade

name, loss of IP, rises in

insurance premiums,

increased cost to raise

debt, customer

relationship impacts

%COST

~1%*

Source: US Tech Manufacturing Company Case Study , Deloitte

~99%

5

More Users

New Devices

Innovative Usages

Generating Vast Data

Sensitive Functions

Increased Target Value

i

40% IncreaseData Breach

disclosures from 2015 to 2016

i

400k New Malware/Day575 million unique

samples of malware exist

i200% increase

In cyber-crime in the last 5 years

It is a Data Breach Worlda

Top 10 Healthcare

breaches of 2015 affected

almost 35% of the US

population

Just for California…

171 breaches involving

24m million records

(3 out of 5 Californians)

In 2015, overt 700 million

records were lost or

stolen

(that is 80k per hour)

6

25+ Million Applications

Connected and creating 50x the volume of data

50-200 Billion DevicesConnected to the Internet

$6 trillion Cyber-crime impact

globally by 2021

$3 – $90 trillion Aggregate innovation impact of

cyber-risks

400k New Malware/Day630 million unique

samples of malware exist today

$75 billionRise of ransomware

becomes a multi-billion dollar problem

4 Billion Users OnlineUp from 2+ billion today

50 Trillion Gigabytes

Amount of data being created

A World of Targets with Increased Value7

Dante's Inferno of Cybersecurity Impacts

Denial of Service (Availability)• Access of customers• Availability of data,

systems, & services• DDOS network attacks,

ransom-ware data locking attacks

Data Theft& Exposure (Confidentiality)• ID Theft• Privacy• Data Breach• Transaction data• Database hacks,

skimming, lost storage, keylogging

Monitor & Manipulate (Integrity)• Internal-access

surveillance for advantage

• Tamper/Manipulation• Long-term data

gathering campaign Security Competency

Attacker Innovation

Attacks expand over time, increasing in severity based upon different

technology and usages

Own & Obliterate (C/I/A)• Administrative ownership and control• Capability of unrecoverable obliteration• Strategic attack, undermining of org capability

8

PR

OC

ES

S

People and Technology

Attackers target people, processes, and technology

9

OPERATIONAL, INDUSTRIAL, AND VIRTUAL SYSTEMS

GOVERNANCE, TRUST,AND OVERSIGHT SYSTEMS

DATA, INFORMATIONAND CONTROL MECHANISMS

ENDPOINTS, NETWORKS,SERVICES, AND MACHINES

ACCES CONTROL AND IDENTITY

SECURITY, SAFETY, ANDPRIVACY CONTROLS

The 5 most cyber-attacked industries in 2015:1. Healthcare2. Manufacturing3. Financial Services4. Government5. Transportation

10

Tech Innovation & Adoption Drives Risks

New technology bridges the virtual and physical worlds, to connect and enrich peoples lives

11

Government’s roles expand, more regulations and standards

Advances in nation-state cyber-offense affects everyone

Life safety and cybersecurity intersect in products

Rise in digital theft, extortion, and fraud

Real-world impacts of cybersecurity emerge

Security expectations increase by consumers, businesses, and regulators

Attackers evolve, adapt, & accelerate faster than security

Trust and Integrity are targeted and undermined

Security technologies improve but remain outpaced and outmaneuvered

Lack of security talent hinders the industry

Evolving Landscape, Adversaries, & Battlefield

13

Security Futures :

13

1. Make no mistake, everyone is a target

2. Threats remain equitable to the growth and use of technology

3. Society expectations increase for cyber security, privacy, and safety

4. Evolving landscape will bring new threats, attacks, and impacts

5. Pendulum swings towards more security, ultimately settles for an optimal balance (regulatory, tech innovators/manufacturers, and best practices)

6. Threats target technology, processes, and people. Cybersecurity must cover all aspects to be effective over time

Industry Best Practices & Perspectives

14

“Two types of victims exist: Those who are easy targets and those with something of value”

- Don’t be an easy target, and protect your valuables.

15

The Best Organizationsa

Seeks Optimal Risk

Risk management planning

Anticipates impacts

Balance Cost, Risk, & Usability

Adapts to shifting demands

Comprehensive Processes

Security as a continuous cycle

Continuous improvement process

Technology and Behaviors

Obstacles and Opposition

Leads into the Future

Clearly defines success

Plans for a sustainable future

Roles and accountability

Continuously adapting

16

How Can You Be Prepared?

Cyber-Security Capability Process

17

Sustainably effective security requires a

continual process to properly allocate

resources, enabling operational flexibility

while driving cost efficiency and risk

manageability

Balance: Security Value Aspects

Optimal security is the right balance of

cost,user experience,

and risk tradeoffs

Optimal security is the right balance of

cost,user experience,

and risk tradeoffs

19

Layered: Security Technology Integration

NETWORK

• Firewalls, demilitarized zones, data loss prevention, ID management, traffic & content filters

PLATFORM

• Antivirus software, patching, minimum security specifications for systems

APPLICATION

• Secure coding, testing,security specifications

FILE AND DATA

• File and data encryption,enterprise rights

management

CLOUD

USER

Security must persist at multiple

layers to insure consistency and

comprehensiveness

20

Important Considerations…

20

Smarter vs More

Collaboration across security functions improving effectiveness

Better IT choices & enablement

Properly balancing the risk, cost, and usability constraints

Expectations Drive Change

Society’s expectations shift with pain, impact, and inconvenience

Trust will be valued, demanded

Security, privacy, and controls will align with greater impacts

Controls Must Adapt

Innovation intersecting emerging attacks to keep pace with attackers

Static defenses are easy to defeat

Intelligence, analysis, and actions must feedback to improve systems

Opportunities and Risks

21

1. Understand the exposure and risks of connected technology

2. Communicate and develop capabilities aligned to risk goals

3. Seek out trusted partners, tech providers, and security solutions

4. Follow cyber best practices, which must adapt to new challenges

5. Lead. Before the threats gain a significant advantage

ConclusionsCyber threats pose significant risks to security, safety, and privacy

Cyber will continue to have an ever greater impact on educational environments

New threat vectors will emerge as advanced technology is integrated

The rise of cyber represents risks and opportunities

Leaders with insights to the future have the best opportunity to align resources and be prepared

22

“We manage security through Leadership and Preparation, otherwise we face Crisis and Desperation”

…Are you prepared?