Upload
matthew-rosenquist
View
250
Download
2
Embed Size (px)
Citation preview
Matthew Rosenquist Cybersecurity StrategistFebruary 2017
“We manage security through Leadership and Preparation, otherwise we face Crisis and Desperation”
2
Data breach – administration, student, and vendor records
Malware/ransomware of devices
Financial theft and fraud
Student bullying, stalking, & safety
Regulatory non-compliance, audit
Denial of Service - Operational unavailability of systems
Reputation, smear, & social attacks
Asset misuse, theft, unauthorized content hosting, file sharing
Information integrity “Ferris Buellerattack”– grades & communications
Cyber Impacting the education sector
3
Threats & Technology Landscape
4
Evolving Landscape, Adversaries, and impacts
i
93% of Phishing is Ransomware
Upwards of $75 billion in global impact
i
97% of Fortune 1000 companies
Lost data or credentials 2014-2016
i
$16 Billion in Losses
Identity theft & fraud in 2016, up 16% from
2015
IMPACTS GO FAR BEYOND EXPECTATIONS
Cybersecurity costs
typically measured as
part of an incident
Actual costs of long
term impacts including
lost contract revenue,
operational disruption,
devaluation of trade
name, loss of IP, rises in
insurance premiums,
increased cost to raise
debt, customer
relationship impacts
%COST
~1%*
Source: US Tech Manufacturing Company Case Study , Deloitte
~99%
5
More Users
New Devices
Innovative Usages
Generating Vast Data
Sensitive Functions
Increased Target Value
i
40% IncreaseData Breach
disclosures from 2015 to 2016
i
400k New Malware/Day575 million unique
samples of malware exist
i200% increase
In cyber-crime in the last 5 years
It is a Data Breach Worlda
Top 10 Healthcare
breaches of 2015 affected
almost 35% of the US
population
Just for California…
171 breaches involving
24m million records
(3 out of 5 Californians)
In 2015, overt 700 million
records were lost or
stolen
(that is 80k per hour)
6
25+ Million Applications
Connected and creating 50x the volume of data
50-200 Billion DevicesConnected to the Internet
$6 trillion Cyber-crime impact
globally by 2021
$3 – $90 trillion Aggregate innovation impact of
cyber-risks
400k New Malware/Day630 million unique
samples of malware exist today
$75 billionRise of ransomware
becomes a multi-billion dollar problem
4 Billion Users OnlineUp from 2+ billion today
50 Trillion Gigabytes
Amount of data being created
A World of Targets with Increased Value7
Dante's Inferno of Cybersecurity Impacts
Denial of Service (Availability)• Access of customers• Availability of data,
systems, & services• DDOS network attacks,
ransom-ware data locking attacks
Data Theft& Exposure (Confidentiality)• ID Theft• Privacy• Data Breach• Transaction data• Database hacks,
skimming, lost storage, keylogging
Monitor & Manipulate (Integrity)• Internal-access
surveillance for advantage
• Tamper/Manipulation• Long-term data
gathering campaign Security Competency
Attacker Innovation
Attacks expand over time, increasing in severity based upon different
technology and usages
Own & Obliterate (C/I/A)• Administrative ownership and control• Capability of unrecoverable obliteration• Strategic attack, undermining of org capability
8
PR
OC
ES
S
People and Technology
Attackers target people, processes, and technology
9
OPERATIONAL, INDUSTRIAL, AND VIRTUAL SYSTEMS
GOVERNANCE, TRUST,AND OVERSIGHT SYSTEMS
DATA, INFORMATIONAND CONTROL MECHANISMS
ENDPOINTS, NETWORKS,SERVICES, AND MACHINES
ACCES CONTROL AND IDENTITY
SECURITY, SAFETY, ANDPRIVACY CONTROLS
The 5 most cyber-attacked industries in 2015:1. Healthcare2. Manufacturing3. Financial Services4. Government5. Transportation
10
Tech Innovation & Adoption Drives Risks
New technology bridges the virtual and physical worlds, to connect and enrich peoples lives
11
Government’s roles expand, more regulations and standards
Advances in nation-state cyber-offense affects everyone
Life safety and cybersecurity intersect in products
Rise in digital theft, extortion, and fraud
Real-world impacts of cybersecurity emerge
Security expectations increase by consumers, businesses, and regulators
Attackers evolve, adapt, & accelerate faster than security
Trust and Integrity are targeted and undermined
Security technologies improve but remain outpaced and outmaneuvered
Lack of security talent hinders the industry
Evolving Landscape, Adversaries, & Battlefield
13
Security Futures :
13
1. Make no mistake, everyone is a target
2. Threats remain equitable to the growth and use of technology
3. Society expectations increase for cyber security, privacy, and safety
4. Evolving landscape will bring new threats, attacks, and impacts
5. Pendulum swings towards more security, ultimately settles for an optimal balance (regulatory, tech innovators/manufacturers, and best practices)
6. Threats target technology, processes, and people. Cybersecurity must cover all aspects to be effective over time
Industry Best Practices & Perspectives
14
“Two types of victims exist: Those who are easy targets and those with something of value”
- Don’t be an easy target, and protect your valuables.
15
The Best Organizationsa
Seeks Optimal Risk
Risk management planning
Anticipates impacts
Balance Cost, Risk, & Usability
Adapts to shifting demands
Comprehensive Processes
Security as a continuous cycle
Continuous improvement process
Technology and Behaviors
Obstacles and Opposition
Leads into the Future
Clearly defines success
Plans for a sustainable future
Roles and accountability
Continuously adapting
16
How Can You Be Prepared?
Cyber-Security Capability Process
17
Sustainably effective security requires a
continual process to properly allocate
resources, enabling operational flexibility
while driving cost efficiency and risk
manageability
Balance: Security Value Aspects
Optimal security is the right balance of
cost,user experience,
and risk tradeoffs
Optimal security is the right balance of
cost,user experience,
and risk tradeoffs
19
Layered: Security Technology Integration
NETWORK
• Firewalls, demilitarized zones, data loss prevention, ID management, traffic & content filters
PLATFORM
• Antivirus software, patching, minimum security specifications for systems
APPLICATION
• Secure coding, testing,security specifications
FILE AND DATA
• File and data encryption,enterprise rights
management
CLOUD
USER
Security must persist at multiple
layers to insure consistency and
comprehensiveness
20
Important Considerations…
20
Smarter vs More
Collaboration across security functions improving effectiveness
Better IT choices & enablement
Properly balancing the risk, cost, and usability constraints
Expectations Drive Change
Society’s expectations shift with pain, impact, and inconvenience
Trust will be valued, demanded
Security, privacy, and controls will align with greater impacts
Controls Must Adapt
Innovation intersecting emerging attacks to keep pace with attackers
Static defenses are easy to defeat
Intelligence, analysis, and actions must feedback to improve systems
Opportunities and Risks
21
1. Understand the exposure and risks of connected technology
2. Communicate and develop capabilities aligned to risk goals
3. Seek out trusted partners, tech providers, and security solutions
4. Follow cyber best practices, which must adapt to new challenges
5. Lead. Before the threats gain a significant advantage
ConclusionsCyber threats pose significant risks to security, safety, and privacy
Cyber will continue to have an ever greater impact on educational environments
New threat vectors will emerge as advanced technology is integrated
The rise of cyber represents risks and opportunities
Leaders with insights to the future have the best opportunity to align resources and be prepared
22
“We manage security through Leadership and Preparation, otherwise we face Crisis and Desperation”
…Are you prepared?