Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Cyber R
isk Services
Presentation for S
TEP, O
ctober 29th, 2015
Changing the gam
e
© 2015 D
CB
Holding Ltd. and its affiliates
Agenda
2
Global Trends
Wayne G
reen
Cyber R
isksAlexandra Sim
onova
Incident Response
Nick Kedney
Q&A
Moderator: Alexandra Sim
onova
© 2015 D
CB H
olding Ltd. and its affiliates
Global Trends &
Challenges
Wayne G
reen, CIS
SP
Director, E
nterprise Risk S
ervices & Inform
ation System
s
4©
2015 DC
B H
olding Ltd. and its affiliates
Cyber trends
IncreasedN
umber of H
igh Profile Attacks: Since 2010 there has been an increase of cyber attacks across the globe. Despite
company efforts, these attacks continue. C
ompanies agree that they need to change the w
ay they defend against and recover from
cyber attacks.
IncreasedSophistication of Attacks:Attacks are going beyond the easy “sm
ash & grab” of credit cards and are increasing in persistence and sophistication such as trade front running, IP theft, M
&A and other data.
Rising C
osts:It used to be that a cyber breach would cost only the com
pany remediation but now
the costs are increasing with the
average cost $6.75 million*.
IncreasedSystem
and Device C
onnectivity: Com
panies IT infrastructure continues to extend beyond the walls of their data
center. With Bring Your O
wn D
evice, business partnerships, mobile and cloud proliferation, data is increasingly exposed to higher
risks.
Changing
Regulations and G
uidelines: Governm
ents around the world are not satisfied w
ith companies abilities to im
plement
controls. As such, governments are im
plementing m
ore stringent regulations. Likewise the investm
ent comm
unity has pushed for m
ore company transparency w
ith customers and investors w
hen there is a data loss. The belief is that if the company incurs a
breach, perhaps the controls are not effective thereby issuing a risk value to the investment.
There are a number of trends that are changing the cybersecurity landscape.
* Sources: “P
onemon Institute: S
econd Annual C
ost of Cyber C
rime S
tudy Benchm
ark Study of U
.S. C
ompanies," P
onemon Institute,A
ugust 2011; “HP R
esearch: Cybercrim
e C
osts Rise N
early 40 Percent, A
ttack Frequency Doubles," H
P, October 2012; “Threats Im
pacting the Nation,” U
.S. G
overnment A
ccountability Office, A
pril 2012; Fortune 500, 2012; “C
osts to Reach Im
proved and Ideal Cybersecurity Levels B
y Industry”, Bloom
berg, 2013; "Forecast: Information S
ecurity Worldw
ide, 2010-2016, 3Q12 U
pdate”, Gartner,
2012; “Federal Information Technology M
arket, 2012 –2017," D
eltek, August 2012;
5©
2015 DC
B H
olding Ltd. and its affiliates
Cyber com
plexity challenge
•Strategies and m
etrics are not in place to help point dollars to the right direction, or to define a new
line item
6©
2015 DC
B H
olding Ltd. and its affiliates
Cyber com
plexity challenge
•W
hile budgets are seeing som
e increases, lack of funding is the top challenge
© 2015 D
CB H
olding Ltd. and its affiliates
Case S
tudy
8©
2015 DC
B H
olding Ltd. and its affiliates
Ecaytrade.com
challenge T
he
mis
use
of c
om
pa
ny
em
ail a
dd
re
sse
s c
ou
ld r
esu
lt in
a lo
ss o
f co
nfid
en
tia
l info
rm
atio
n.
9©
2015 DC
B H
olding Ltd. and its affiliates
Ecaytrade.com
challenge
•E
ma
il: xx
xx
@h
otm
ail.c
om
•M
D5
: a5
79
03
79
fb0
xx
x5
53
c5
ba
b9
07
4a
22
33
c
•M
D5
De
co
de
d: is
lan
dlife
© 2015 D
CB H
olding Ltd. and its affiliates
Aw
areness is key .
11©
2015 DC
B H
olding Ltd. and its affiliates
Awareness plays a key role
© 2015 D
CB H
olding Ltd. and its affiliates
Dem
o
© 2015 D
CB H
olding Ltd. and its affiliates
Questions?
© 2015 D
CB H
olding Ltd. and its affiliates14
© 2015 D
CB H
olding Ltd. and its affiliates
Cyber R
isksA
lexandra Sim
onova, CIS
SP
Manager, E
nterprise Risk S
ervices & C
onsulting
16©
2015 DC
B H
olding Ltd. and its affiliates
Organizations are spending m
ore money
and paying more attention than they ever
have
but for m
any the problem seem
s to be getting w
orse.
$71 billionO
rganizations spent
on information security in 2014
according to Gartner
17©
2015 DC
B H
olding Ltd. and its affiliates
In this new era of cyber threat, governm
ents and organizations are realizing that a paradigm
shift is necessary.
The program to address cyber risk m
ust be viewed not sim
ply as a cost to the business –
but as an integral aspect of achieving business success.
Deloitte C
yber Risk Services: O
verview
18©
2015 DC
B H
olding Ltd. and its affiliates
3,4
60
Num
ber of dedicated cyber professionals
2,4
98
Num
ber of global cyber projects perform
ed last year
22
3N
umber of F500 clients
16
3N
umber of governm
ents we serve
25
0N
umber of cyber articles w
ritten
5,6
78
+Cyber Podcast and W
ebinar attendees
46
Num
ber of countries we operate
By
Th
e N
um
be
rs:
Our People
Co
ntin
uo
us C
yb
er T
ho
ug
ht-le
ad
ersh
ip a
nd
Cy
be
r R
ese
arch
:
Fo
rre
ste
r W
av
eT
M: In
form
atio
n S
ecu
rit
y
Co
nsu
ltin
g
Ga
rtn
er: G
lob
al R
isk
Ma
na
ge
me
nt
Co
nsu
ltin
g
© 2015 D
CB
Holding Ltd. and its affiliates
19
Deloitte is helping our clients solve this problem
–from
the boardroom to the
computer room
.
To counter the emerging m
egatrends that are rendering the old defenses ineffective, a new
model is w
arranted.
This has led us to the development of the D
eloitte Cyber Security m
odel
© 2015 D
CB
Holding Ltd. and its affiliates
20
Because you can’t prevent all cyber incidents, organizations need
to be...
Secure. Vigilant. Resilient. TM
Being VIG
ILA
NT:
Means having threat intelligence
and situational awareness to
anticipate and identify harmful
behavior.
Being RE
SIL
IEN
T:
Means being prepared and having the
ability to recover from, and m
inimize
the impact of, cyber incidents.
Being SE
CU
RE
:
Means having risk-prioritized
controls to defend critical assets against know
n and emerging threats.
A typical cyber risk heat map for the Asset M
anagement sector
Threat actors and their motives vary by industry and organization
© 2015 D
CB
Holding Ltd. and its affiliates
21
IMP
AC
TS
AC
TO
RS
Financial theft / fraud
Theft of IP or strategic
plansBusiness
disruption
Destruction of critical
infrastructure
Reputationdam
ageThreats to life / safety
Regulatory
Organized
criminals
Hacktivists
Nation
states
Insiders / Partners
Competitors
Skilled individualhackers
No
ta
ble
insig
hts:
•W
hile financial risks are im
portant, senior leaders are also concerned about the loss of intellectual property, security of client data, and ultim
ately reputational risk.
•Concern has shifted to nation-states, global organized crim
inal gangs, and highly skilled hacktivists or hackers.
•Asset m
anagers’ business model
magnifies cyber dependencies
across the ecosystem of service
providers, industry partners, and others, introducing high levels of risk associated w
ith third parties, insiders and social m
edia.
•There is grow
ing concern about harm
not only to individual organizations but also about system
ic risks to the economy via
a concerted cyber attack. Cyber attacks inevitable during tim
es of conventional w
ar or international crisis.
Very high
High
Moderate
Low
KEY
© 2015 D
CB H
olding Ltd. and its affiliates
Questions?
© 2015 D
CB H
olding Ltd. and its affiliates23
© 2015 D
CB H
olding Ltd. and its affiliates
Cyber Incident R
esponseN
ick Kedney
Director, D
eloitte Forensic
LifecycleC
yber Incident Response
© 2015 D
CB
Holding Ltd. and its affiliates
25
Incident Response D
evelopment Steps
Cyber Incident R
esponse
© 2015 D
CB
Holding Ltd. and its affiliates
26
© 2015 D
CB H
olding Ltd. and its affiliates
Questions?
Q&
A Discussion
Wayne G
reenD
irector, Enterprise R
isk Services &
Information S
ystems
Alexandra S
imonova
Manager, E
nterprise Risk S
ervices & C
onsulting
Nicholas K
edneyD
irector, Deloitte Forensic
29©
2015 DC
B H
olding Ltd. and its affiliates
Thank you for joining us!
Deloitte refers to one or m
ore of Deloitte Touche
Tohmatsu Lim
ited, a UK
private company lim
ited by guarantee (“DTTL”), its netw
ork of mem
ber firms, and
their related entities. DTTL and each of its m
ember firm
s are legally separate and independent entities. DTTL (also referred to as “D
eloitte Global”) does not
provide services to clients. Please see w
ww
.deloitte.com/aboutfor a m
ore detailed description of DTTL and its m
ember firm
s.
Deloitte &
Toucheis an affiliate of D
CB
Holding Ltd., a m
ember firm
of Deloitte Touche
Tohmatsu Lim
ited.
Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning m
ultiple industries. With a globally connected
network of m
ember firm
s in more than 150 countries and territories, D
eloitte brings world-class capabilities and high-quality service to clients, delivering the
insights they need to address their most com
plex business challenges. Deloitte’s m
ore than 200,000 professionals are comm
itted to becoming the standard
of excellence.
This comm
unication contains general information only, and none of D
eloitte ToucheTohm
atsu Limited, its m
ember firm
s, or their related entities (collectively, the “D
eloitte Netw
ork”) is, by means of this com
munication, rendering professional advice or services. N
o entity in the Deloitte
network shall be responsible
for any loss whatsoever sustained by any person w
ho relies on this comm
unication.
© 2015 D
CB
Holding Ltd. and its affiliates
30