Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
1Copyright © 2015, FireEye, Inc. All rights reserved. Copyright © 2015, FireEye, Inc. All rights reserved.
Adapting Your Board to an Adaptive DefenseCraig Rosen – Vice President & Chief Security Officer
2Copyright © 2015, FireEye, Inc. All rights reserved.
“Cybersecurity is now a persistent business risk…
The impact has extended to the C-suite and boardroom.”
Source: PwC 2015 Global State of Information Security Survey
3Copyright © 2015, FireEye, Inc. All rights reserved.
The Tide Has Changed
Home Depot Data Breach Could Be The Largest Yet
- New York Times, September 2014
JP Morgan And Other Banks Struck By Hackers
- New York Times, August 2014
Russian Hackers Amass Over A Billion Internet Passwords
- New York Times, August 2014
UK Prime Cyber Attack Target of Europe and Middle East
Financial Times, October 2014
FBI Probes Possible Computer Hacking At JP Morgan
- The Wall St. Journal, August 2014
Russia Attacks U.S. Oil And Gas Companies In Massive Hack
- CNN Money, July 2014
Report: Cybercrime And Espionage Costs $445 Billion Annually
- The Washington Post, June 2014
The €30k Data Takeaway:Domino’s Pizza Faces RansomDemand After Hack
- CNN Money, Aug 2014
Hackers Target Belgian Press Group, days after French Cyber Attack - Deutsche-Welle, April 2015
Hackers Target Information OnMH370 Probe: Report
- The Straits Times, August 2014
Community Health Says Data Stolen In Cyber Attack From China
- BusinessWeek, August 2014
Monsanto Confirms Security Breach- The Wall St. Journal, May 2014
For years, we have argued that there is no such thing as perfect security. The events of 2014 should put any lingering doubts to rest.”- Mandiant 2015 M-Trends Report
- CNN Money, June 16 2014
4Copyright © 2015, FireEye, Inc. All rights reserved.
EU Cyber Risk On The Rise
Source: PwC 2015 Global State of Information Security Survey
Cybercrime is rising significantly in Europe.
5Copyright © 2015, FireEye, Inc. All rights reserved.
This Is A Board Level IssueThe cost of cyber incidents have increased and demonstrated the substantial impact that cyber attacks can have on shareholder value. After the Target breach:
• Profits fell 46 percent in Q4 2013.• Spent ~$61 million addressing the breach.• Facing more than 100 lawsuits and some analysts
forecast breach-related losses could top $1 billion.Shareholders have responded sighting fiduciary irresponsibility with derivative suits:
• TJX Companies (2007)• Heartland Payment Systems, Inc. (2009)• Wyndham Worldwide Corporation (2014)• Target Corporation (2014)
“Some estimates predict that between $9 and $21 trillion of global economic value creation could be at risk if companies and governments are unable to successfully combat cyber threats.”
Source: Cyber-Risk Oversight NACD Director’s Handbook Series 2014
6Copyright © 2015, FireEye, Inc. All rights reserved.
Your Board Will Care
SEC Commissioner
Luis Aguilar
June 10, 2014: Cyber Risks and the Boardroom Conference Speech
Corporate boards need to ensure that management is fully engaged in developing defense and response plans as
sophisticated as the attack methods, or otherwise put their company’s core assets at considerable risk.
“Good boards also recognize the need to adapt to new circumstances such as the increasing risks of cyber-attacks.”
Also June 2014: New Directors “Handbook”
7Copyright © 2015, FireEye, Inc. All rights reserved.
But You Will Need To Help Them Care
“It is incumbent upon the executive team to take ownership of cyber risk
and ensure that the Board understands how the organization will defend against and respond to
cyber risks.”
Source: PwC 2015 Global State of Information Security Survey
8Copyright © 2015, FireEye, Inc. All rights reserved.
LACK OF HYGIENE
What Keeps Me Up At Night?And Translate Your Concerns To Make The Case
THREAT UNDETECTED
205 Days
Initial Breach
REMEDIATION
Median number of days threat groups were present on a victim’s network before detection.
Mandiant 2015 M-Trends
Report
24 Days
2982 DaysLess than 2013
Longest PresencePERS
ISTE
NCE
• Credential Protection• Privilege Escalation• Lateral Movement• Remote Access• Poor Process / Slow Response• Flat Networks• Basic Vulnerability Management
TOO MUCH NOISE
OTHER VECTORS
• Cloud• Mobile
• People• Supply Chain
400KUNIQUEMALWARE SAMPLES REVIEWED AND PROCESSED DAILY
“Security breaches are inevitable.”- Mandiant 2015 M-Trends
Report
9Copyright © 2015, FireEye, Inc. All rights reserved.
Decide How Good You Need To BeSo
phis
ticat
ion
of th
e Th
reat
Security Capability/Agility to Respond
Conventional Threats
Cybercrime
Cyber Espionage (APT)
Nation State Attacks
D
C
B
A
Minimalist
Reactive
Concerned
Advanced
10Copyright © 2015, FireEye, Inc. All rights reserved.
Understand GAPS You Must Close To Get There
11Copyright © 2015, FireEye, Inc. All rights reserved.
TECHNOLOGYIDENTIFIES KNOWN, UNKNOWN, AND NON MALWARE BASED THREATS
INTEGRATED TO PROTECT ACROSS ALL MAJOR ATTACK VECTORS
PATENTED VIRTUAL MACHINE TECHNOLOGY
EXPERTISE“GO-TO” RESPONDERS FOR SECURITY INCIDENTS
HUNDREDS OF CONSULTANTS AND ANALYSTS
UNMATCHED EXPERIENCE WITH ADVANCED ATTACKERS
INTELLIGENCE50 BILLION+ OBJECTS ANALYZED PER DAY
FRONT LINE INTEL FROM HUNDREDS OF INCIDENTS
MILLIONS OF NETWORK & ENDPOINT SENSORS
HUNDREDS OF INTEL AND MALWARE EXPERTS
HUNDREDS OF THREAT ACTOR PROFILES
DISCOVERED 16 OF THE LAST 22 ZERO-DAYS
FireEye Adaptive Defense: Close The Gaps
12Copyright © 2015, FireEye, Inc. All rights reserved.
FireEye Adaptive Defense Components
SECURITY CONSULTING
SERVICES
13Copyright © 2015, FireEye, Inc. All rights reserved.
Don’t Just Listen To Me
“Accelerating investments is not enough … You have to mature your organization, your people, and your technologies, and that can be a more restraining factor than the availability of capital.”
(Gary Hayes, CIO of CenterPoint Energy - PWC Global State of Information Security)
Survey 2015)
15Copyright © 2015, FireEye, Inc. All rights reserved. Copyright © 2014, FireEye, Inc. All rights reserved. CONFIDENTIAL
THANK YOU!