HBR APT framework

Aggressive and Persistent: Using Frameworks to Defend Against Cyber Attacks

Featuring cyber security experts Professor Scott J. Shackelford,

JD, PhD, of Indiana University's Kelley School of Business and

Andrew A. Proia of Indiana University's Center for Applied

Cybersecurity Research Sponsored by

APRIL 16, 2014

Today’s Speakers

Professor Scott J. Shackelford, JD, PhD

Kelley School of Business

Indiana University

Andrew A. Proia

Center for Applied Cybersecurity Research

Indiana University

Aggressive and Persistent: Using Frameworks to Defend Against Cyber Attacks

APRIL 16, 2014

Harvard Business Review

Apr. 16, 2014

Advanced and Persistent: Using

Frameworks to Defend Against Cyber

Attacks

Prof. Scott Shackelford & Andrew Proia

Outline 1. Conceptualizing the Cyber Threat to

the Private Sector

2. Managing Cyber Attacks

A. Identifying Threats

B. Regulatory Approaches and Examples

3. Negligence and the NIST Framework

A. Genesis

B. Application

C. Shaping Duty of Care

4. Global Implications

To Companies To Countries

• Theft of IP is Costly – impacts

up to 75% of businesses,

costing hundreds of billions

USD annually

• Widespread – at least 19

million people in more than

120 nations

• Easy –more than 30,000

websites with malware kits

available

• Fear of “Electronic Pearl

Harbor”

• Protecting critical national

infrastructure

1.1 Defining the Cyber Threat

*Source: KAL’s Cartoon, Economist, May 7, 2009

*Source: McAfee In the Dark (2010)

Number of Cyber Attacks Cataloged

by CERT from 1995 to 2011

1.2 Unpacking the “Cyber Threat” Cyber War

Cybercrime

Many Types

True Extent Unknown

Global Nature

Response

Cyber Espionage

Legal “black hole”

Cost

Cyber Terrorism

Ransomware

Why relatively rare?

New Cyberwarfare

0

20000

40000

60000

80000

100000

120000

19

95

19

96

19

97

19

98

19

99

20

00

20

01

20

02

20

03

20

04

20

05

20

06

20

07

20

08

20

09

20

10

20

11

*Source: The

War Room

Sponsored by

APRIL 16, 2014