STEP - Cyber Risk - Deloitte Presentation - 29 October 2015-2 · 2015-11-05 · Title: STEP - Cyber Risk - Deloitte Presentation - 29 October 2015-2 Author: Michelle McLaughlin Created

Cyber R

isk Services

Presentation for S

TEP, O

ctober 29th, 2015

Changing the gam

e

© 2015 D

CB

Holding Ltd. and its affiliates

Agenda

2

Global Trends

Wayne G

reen

Cyber R

isksAlexandra Sim

onova

Incident Response

Nick Kedney

Q&A

Moderator: Alexandra Sim

onova

© 2015 D

CB H

olding Ltd. and its affiliates

Global Trends &

Challenges

Wayne G

reen, CIS

SP

Director, E

nterprise Risk S

ervices & Inform

ation System

s

4©

2015 DC

B H


Cyber trends

IncreasedN

umber of H

igh Profile Attacks: Since 2010 there has been an increase of cyber attacks across the globe. Despite

company efforts, these attacks continue. C

ompanies agree that they need to change the w

ay they defend against and recover from

cyber attacks.

IncreasedSophistication of Attacks:Attacks are going beyond the easy “sm

ash & grab” of credit cards and are increasing in persistence and sophistication such as trade front running, IP theft, M

&A and other data.

Rising C

osts:It used to be that a cyber breach would cost only the com

pany remediation but now

the costs are increasing with the

average cost $6.75 million*.

IncreasedSystem

and Device C

onnectivity: Com

panies IT infrastructure continues to extend beyond the walls of their data

center. With Bring Your O

wn D

evice, business partnerships, mobile and cloud proliferation, data is increasingly exposed to higher

risks.

Changing

Regulations and G

uidelines: Governm

ents around the world are not satisfied w

ith companies abilities to im

plement

controls. As such, governments are im

plementing m

ore stringent regulations. Likewise the investm

ent comm

unity has pushed for m

ore company transparency w

ith customers and investors w

hen there is a data loss. The belief is that if the company incurs a

breach, perhaps the controls are not effective thereby issuing a risk value to the investment.

There are a number of trends that are changing the cybersecurity landscape.

* Sources: “P

onemon Institute: S

econd Annual C

ost of Cyber C

rime S

tudy Benchm

ark Study of U

.S. C

ompanies," P

onemon Institute,A

ugust 2011; “HP R

esearch: Cybercrim

e C

osts Rise N

early 40 Percent, A

ttack Frequency Doubles," H

P, October 2012; “Threats Im

pacting the Nation,” U

.S. G

overnment A

ccountability Office, A

pril 2012; Fortune 500, 2012; “C

osts to Reach Im

proved and Ideal Cybersecurity Levels B

y Industry”, Bloom

berg, 2013; "Forecast: Information S

ecurity Worldw

ide, 2010-2016, 3Q12 U

pdate”, Gartner,

2012; “Federal Information Technology M

arket, 2012 –2017," D

eltek, August 2012;

5©

2015 DC

B H


Cyber com

plexity challenge

•Strategies and m

etrics are not in place to help point dollars to the right direction, or to define a new

line item

6©

2015 DC

B H


Cyber com

plexity challenge

•W

hile budgets are seeing som

e increases, lack of funding is the top challenge

© 2015 D

CB H


Case S

tudy

8©

2015 DC

B H


Ecaytrade.com

challenge T

he

mis

use

of c

om

pa

ny

em

ail a

dd

re

sse

s c

ou

ld r

esu

lt in

a lo

ss o

f co

nfid

en

tia

l info

rm

atio

n.

9©

2015 DC

B H


Ecaytrade.com

challenge

•E

ma

il: xx

xx

@h

otm

ail.c

om

•M

D5

: a5

79

03

79

fb0

xx

x5

53

c5

ba

b9

07

4a

22

33

c

•M

D5

De

co

de

d: is

lan

dlife

© 2015 D

CB H


Aw

areness is key .

11©

2015 DC

B H


Awareness plays a key role

© 2015 D

CB H


Dem

o

© 2015 D

CB H


Questions?

© 2015 D

CB H

olding Ltd. and its affiliates14

© 2015 D

CB H


Cyber R

isksA

lexandra Sim

onova, CIS

SP

Manager, E

nterprise Risk S

ervices & C

onsulting

16©

2015 DC

B H


Organizations are spending m

ore money

and paying more attention than they ever

have

but for m

any the problem seem

s to be getting w

orse.

$71 billionO

rganizations spent

on information security in 2014

according to Gartner

17©

2015 DC

B H


In this new era of cyber threat, governm

ents and organizations are realizing that a paradigm

shift is necessary.

The program to address cyber risk m

ust be viewed not sim

ply as a cost to the business –

but as an integral aspect of achieving business success.

Deloitte C

yber Risk Services: O

verview

18©

2015 DC

B H


3,4

60

Num

ber of dedicated cyber professionals

2,4

98

Num

ber of global cyber projects perform

ed last year

22

3N

umber of F500 clients

16

3N

umber of governm

ents we serve

25

0N

umber of cyber articles w

ritten

5,6

78

+Cyber Podcast and W

ebinar attendees

46

Num

ber of countries we operate

By

Th

e N

um

be

rs:

Our People

Co

ntin

uo

us C

yb

er T

ho

ug

ht-le

ad

ersh

ip a

nd

Cy

be

r R

ese

arch

:

Fo

rre

ste

r W

av

eT

M: In

form

atio

n S

ecu

rit

y

Co

nsu

ltin

g

Ga

rtn

er: G

lob

al R

isk

Ma

na

ge

me

nt

Co

nsu

ltin

g

© 2015 D

CB


19

Deloitte is helping our clients solve this problem

–from

the boardroom to the

computer room

.

To counter the emerging m

egatrends that are rendering the old defenses ineffective, a new

model is w

arranted.

This has led us to the development of the D

eloitte Cyber Security m

odel

© 2015 D

CB


20

Because you can’t prevent all cyber incidents, organizations need

to be...

Secure. Vigilant. Resilient. TM

Being VIG

ILA

NT:

Means having threat intelligence

and situational awareness to

anticipate and identify harmful

behavior.

Being RE

SIL

IEN

T:

Means being prepared and having the

ability to recover from, and m

inimize

the impact of, cyber incidents.

Being SE

CU

RE

:

Means having risk-prioritized

controls to defend critical assets against know

n and emerging threats.

A typical cyber risk heat map for the Asset M

anagement sector

Threat actors and their motives vary by industry and organization

© 2015 D

CB


21

IMP

AC

TS

AC

TO

RS

Financial theft / fraud

Theft of IP or strategic

plansBusiness

disruption

Destruction of critical

infrastructure

Reputationdam

ageThreats to life / safety

Regulatory

Organized

criminals

Hacktivists

Nation

states

Insiders / Partners

Competitors

Skilled individualhackers

No

ta

ble

insig

hts:

•W

hile financial risks are im

portant, senior leaders are also concerned about the loss of intellectual property, security of client data, and ultim

ately reputational risk.

•Concern has shifted to nation-states, global organized crim

inal gangs, and highly skilled hacktivists or hackers.

•Asset m

anagers’ business model

magnifies cyber dependencies

across the ecosystem of service

providers, industry partners, and others, introducing high levels of risk associated w

ith third parties, insiders and social m

edia.

•There is grow

ing concern about harm

not only to individual organizations but also about system

ic risks to the economy via

a concerted cyber attack. Cyber attacks inevitable during tim

es of conventional w

ar or international crisis.

Very high

High

Moderate

Low

KEY

© 2015 D

CB H


Questions?

© 2015 D

CB H

olding Ltd. and its affiliates23

© 2015 D

CB H


Cyber Incident R

esponseN

ick Kedney

Director, D

eloitte Forensic

LifecycleC

yber Incident Response

© 2015 D

CB


25

Incident Response D

evelopment Steps

Cyber Incident R

esponse

© 2015 D

CB


26

© 2015 D

CB H


Questions?

Q&

A Discussion

Wayne G

reenD

irector, Enterprise R

isk Services &

Information S

ystems

Alexandra S

imonova

Manager, E

nterprise Risk S

ervices & C

onsulting

Nicholas K

edneyD

irector, Deloitte Forensic

29©

2015 DC

B H


Thank you for joining us!

Deloitte refers to one or m

ore of Deloitte Touche

Tohmatsu Lim

ited, a UK

private company lim

ited by guarantee (“DTTL”), its netw

ork of mem

ber firms, and

their related entities. DTTL and each of its m

ember firm

s are legally separate and independent entities. DTTL (also referred to as “D

eloitte Global”) does not

provide services to clients. Please see w

ww

.deloitte.com/aboutfor a m

ore detailed description of DTTL and its m

ember firm

s.

Deloitte &

Toucheis an affiliate of D

CB

Holding Ltd., a m

ember firm

of Deloitte Touche

Tohmatsu Lim

ited.

Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning m

ultiple industries. With a globally connected

network of m

ember firm

s in more than 150 countries and territories, D

eloitte brings world-class capabilities and high-quality service to clients, delivering the

insights they need to address their most com

plex business challenges. Deloitte’s m

ore than 200,000 professionals are comm

itted to becoming the standard

of excellence.

This comm

unication contains general information only, and none of D

eloitte ToucheTohm

atsu Limited, its m

ember firm

s, or their related entities (collectively, the “D

eloitte Netw

ork”) is, by means of this com

munication, rendering professional advice or services. N

o entity in the Deloitte

network shall be responsible

for any loss whatsoever sustained by any person w

ho relies on this comm

unication.

© 2015 D

CB


30

Documents

STEP - Cyber Risk - Deloitte Presentation - 29 October 2015-2 · 2015-11-05 · Title: STEP - Cyber Risk - Deloitte Presentation - 29 October 2015-2 Author: Michelle McLaughlin Created