Reducing Data Breach Risk: Protecting Information Assets from Internal & External Threats David Wiseman Head Enterprise Marketing BlackBerry

Size: px

Start display at page:

Download "Reducing Data Breach Risk: Protecting Information Assets from Internal & External Threats David Wiseman Head Enterprise Marketing BlackBerry"

Christal Johns
6 years ago
Views:

The Loss of Intellectual Property On Porcelain Meet François Xavier d'entrecolles French Jesuit Priest based in Jingdezhen, China In 1712, exposed the

3 The Loss of Intellectual Property On Porcelain Meet François Xavier d'entrecolles French Jesuit Priest based in Jingdezhen, China In 1712, exposed the manufacturing methods of Chinese porcelain to Europe Chinese exports of porcelain shrank considerably as a result 2016 BlackBerry. All Rights Reserved. 3

4 The Industrial Espionage of Coffee Meet Gabriel de Clieu French Naval Officer based in Martinique 1723, steals clippings of a coffee plant gifted by the Dutch to Louis XIV Results in 19,000,000 coffee trees over the next 50 years 2016 BlackBerry. All Rights Reserved. 4

6 But What s Different in Today s World? It s not clipping of coffee plants, it s about company data MP3 TXT PPT ZIP PDF DOC PPT XLS 80% 50% 2X Company data are in files (Gartner) Business processes involve files (IDC) File-sharing exposures compared to other 6 types of data leakage (Enterprise Management Associates) 2016 BlackBerry. All Rights Reserved. 6

7 Real Risks - Financial and Reputation 1.7 GB Cablegate/Wikileaks (2010) 2.6 TB Panama Papers/ICIJ (2016) v = 1 GB 260 GB Offshore Leaks/ICIJ (2013) 4 GB Luxemburg Leaks/ICIJ (2014) 3.3 GB Swiss Leaks/ICIJ (2015) 2016 BlackBerry. All Rights Reserved. 7

Enterprise Impact CYBER ATTACKS ARE COSTLY CEO S DO NOT FEEL PREPARED INCREASED FOCUS FOR COMPANY BOARDS $400B 50% 82% Estimated global cost of cyberattacks annually Of CEO s at companies with $500M+

9 Enterprise Impact CYBER ATTACKS ARE COSTLY CEO S DO NOT FEEL PREPARED INCREASED FOCUS FOR COMPANY BOARDS $400B 50% 82% Estimated global cost of cyberattacks annually Of CEO s at companies with $500M+ revenue feel unprepared for a cyber-attack 9 Of boards are concerned or very concerned about cybersecurity Source : Center for Strategic and International Studies, June 2014, sponsored by McAfee - Source: ISACA State of Cybersecurity: Implications for 2016 Source : The major survey targeted 1,278 CEOs in 10 key markets (Australia, China, France, Germany, India, Italy, Japan, Spain, UK and US) and nine key industry sectors (automotive, banking, insurance, investment management, healthcare, manufacturing, technology, retail/consumer markets and energy/utilities). A quarter of the respondents have over US$10 billion in annual revenue, with no responses from companies under US$500 million 2016 BlackBerry. All Rights Reserved. 9

10 Regulatory Focus ITAR International Traffic in Arms Regulations increased enforcement, higher penalties, strict liability flows to purchaser GDPR General Data Protection Regulation Data Protection Impact Assessment Right to be Forgotten Even applies when 3 rd parties process data Accountability Principle All possible ways of transmitting, access or processing data Breach Notifications 72 hours BlackBerry. All Rights Reserved. 10

Source and Cause of Breaches Source: Verizon 2017 Data Breach

Public Sector Source: Verizon 2017 Data Breach

Miscellaneous Errors Source: Verizon 2017 Data Breach

File Sharing Today: Major Risk Factors 13 The

applications in use most not approved or

services used in FS firms are cloud storage

support encryption of data at 19 rest Source:

19 File Sharing Today: Major Risk Factors 13 The average organization has 13 file sync applications in use most not approved or managed by IT 76% 76% of organizations send traffic to Dropbox (2GB/mo. on average) 40% 89% Of non-sanctioned cloud services used in FS firms are cloud storage and webmail apps Of cloud services do not support encryption of data at 19 rest Source: Netskope, Palo Alto Networks, Gartner 2016 BlackBerry. All Rights Reserved. 19

20 Business Risks with Files Decisions based on outdated information Decreased Productivity collaboration, version control E-Discovery costs Insufficient Auditing capabilities Uncontrolled copies on BYO devices and cloud shares Loss of the actual files and associated IP Just happens no longer need to know Malicious Loss of Access, theft, modification BlackBerry. All Rights Reserved. 20

Access Expectations Changing Workers want access to business content no

a wide range of devices, including personal devices (BYOD) w/o difficult

to intranets and apps, but concerned with data leakage Security and

21 Access Expectations Changing Workers want access to business content no matter where they are Browse company intranet sites and collaborate from a wide range of devices, including personal devices (BYOD) w/o difficult sign-on and connection procedures Businesses want to provide easy access to intranets and apps, but concerned with data leakage Security and usability is a constant balancing act BlackBerry. All Rights Reserved. 21

23 Key Risk Mitigation Approaches Tie security to the data versus the storage Reduce leakage from cloud based business Apps Ongoing cybersecurity posture assessments BlackBerry. All Rights Reserved. 23

24 Agenda History Lesson & Recent Examples Looking at the Numbers What does this mean in your business? What can I do to mitigate the risks? BlackBerry Workspaces BlackBerry Access BlackBerry Cybersecurity Services BlackBerry. All Rights Reserved. 24

BlackBerry Workspaces Delivers the Core Functionality Users Demand from Enterprise File Sync and Share With Workspaces you can: Sync and Share large files to anyone, across any device or

25 BlackBerry Workspaces Delivers the Core Functionality Users Demand from Enterprise File Sync and Share With Workspaces you can: Sync and Share large files to anyone, across any device or platform Collaborate in digital workspaces in real time with multiple users Access, edit, annotate and share files on desktop, mobile and the web BlackBerry. All Rights Reserved. 25

27 BlackBerry Workspaces: Core Use Cases SECURE FILE SHARING SECURE FILE SYNCHRONIZATION MOBILIZE EXISTING RESPOSITORIES Securely Share Files Internally and Externally Enable Confidential Negotiations and Litigation Securely Share HR and Personal Information Protect Sensitive Intellectual Property Synchronize and Protect Files Across All Devices Ensure the Latest Version is Always Available Push Changes To All Collaborators Securely Externalize and Mobilize repositories Provide Secure Access to Existing File Stores From Any Device Use SDK to Integrate Into Existing Apps and Work Flows SECURE MOBILE PRODUCTIVITY Enable mobile workforce Access / edit / annotate documents on mobile BYOD: secure access on personal devices SECURE LARGE FILE TRANSFER FTP replacement Simple, easy sharing of large files 27 (10 GB) Replace cumbersome, complex FTP 2016 BlackBerry. All Rights Reserved. 27

28 Agenda History Lesson & Recent Examples Looking at the Numbers What does this mean in your business? What can I do to mitigate the risks? BlackBerry Workspaces BlackBerry Access BlackBerry Cybersecurity Services BlackBerry. All Rights Reserved. 28

29 The Landscape is Changing More Endpoints Desktop Apps New App Types Corporate Owned New Ownership Models BYOD COPE BYOL Employees New User Populations 29 Employees Partners Contractors/ Short-term 2016 BlackBerry. All Rights Reserved. 29

30 The Landscape is changing. Accessing cloud based systems from non-company computers and devices presents security risks Companies need to provide user friendly access through the corporate network to ensure right levels of security New regulations like ITAR and GDPR increase demands and requirements on IT departments Companies are ready for a modern alternative to VDI on laptops opportunity to replace expensive VPN/VDI licenses Desire for BYO PC model to extend BYOD programs BlackBerry. All Rights Reserved. 30

Introducing BlackBerry Access Easy access to

laptops Integrated collaboration experience

links from emails Download business content

31 Introducing BlackBerry Access Easy access to business content and intranets without VPN Secure, high-performance and intuitive browser with support for HTML5 web apps Easy to manage and flexible to deploy Modern replacement for VDI on macos/windows 10 laptops Integrated collaboration experience and support for business workflows Open links from s Download business content Edit documents online 2016 BlackBerry. All Rights Reserved. 31

A Secure VPN Alternative Across Devices BlackBerry Dynamics Containers BlackBerry NOC BlackBerry

A Modern Alternative to VDI on Laptops Quickly onboard and offboard Deploy HTML5 apps in BlackBerry Access and distribute to employees Enable offline access to the apps Containerize all data so your

33 A Modern Alternative to VDI on Laptops Quickly onboard and offboard Deploy HTML5 apps in BlackBerry Access and distribute to employees Enable offline access to the apps Containerize all data so your data never leaves your control Safely remove all data when contract ends, partner leaves, etc. Does not affect personal data on laptop Seamless, intuitive user experience Single sign on Extensible to all key business processes 33 Employees Partners Contractors/ Short-term 2016 BlackBerry. All Rights Reserved. 33

34 Agenda History Lesson & Recent Examples Looking at the Numbers What does this mean in your business? What can I do to mitigate the risks? BlackBerry Workspaces BlackBerry Access BlackBerry Cybersecurity Services BlackBerry. All Rights Reserved. 34

BlackBerry Cybersecurity Services In the face of an increasingly complex

to analyze, size and mitigate the risks to your organization Penetration

Governance, Risk Recommendation and Compliance Achieving and maintaining

Digital Forensic Services Investigation and Analysis for both internal

Training & Certification Structured or bespoke knowledge transfer and

Response as a Service (RaaS) One Call force multiplier and End-to-End

Custom Security Tools QNX / Binary analysis, Advanced open source

36 BlackBerry Cybersecurity Services In the face of an increasingly complex cybersecurity threat landscape, BlackBerry Cybersecurity Consulting works to analyze, size and mitigate the risks to your organization Penetration Testing Industry leading assessments and analysis standards. Governance, Risk Recommendation and Compliance Achieving and maintaining regulatory compliance with various options to address residual risk. Digital Forensic Services Investigation and Analysis for both internal and legal proceedings. Training & Certification Structured or bespoke knowledge transfer and enhancement of SDLC, IISP, ELCAS capabilities. Response as a Service (RaaS) One Call force multiplier and End-to-End security breach management. Custom Security Tools QNX / Binary analysis, Advanced open source software, Security analytics Health Check Services Business security posture Understand your attack surface Early engagements Gap analysis, Threat modelling, Secure architecture and design 2017 BlackBerry. All Rights Reserved.

Perform a Security Audit and Review BlackBerry Offers a FREE Security Audit BlackBerry Shield Security Audit and Review Program Option One: Online Self-Assessment Option Two: 90-Minute Detailed

37 Perform a Security Audit and Review BlackBerry Offers a FREE Security Audit BlackBerry Shield Security Audit and Review Program Option One: Online Self-Assessment Option Two: 90-Minute Detailed Personal Review Technical Controls Device security policy management Security administrator controls OS integrity and malware controls Encryption (at rest, in transit) Authentication Data leak prevention Secure communications and content protection Application security Availability Administrative Controls Mobile Device Lifecycle Management Application security Organizational security structure Security configuration change management Risk assessment Security incident and response Governance/HR and Legal Security awareness training For more information: BlackBerry. All Rights Reserved. 37

38 Top Takeaways Mitigate Data Breach Risks 1. Loss of Corporate IP due to intentional espionage is a growing fact across multiple industries. 2. Growing use of cloud based file sharing increases risks of unintentional exposure of sensitive files by employees 3. Increased regulatory penalties around data loss (GDPR, ITAR) 4. Security policies that travel with the files wherever they go. 5. Containerized access to business systems from non corporate laptops/desktops. 6. Regular ongoing cyber security monitoring, penetration testing & remediation BlackBerry. All Rights Reserved. 38

How to Enable and Secure in the Next Stage of BYOD: Reap the Benefits of Bring Your Own Laptop

How to Enable and Secure in the Next Stage of BYOD: Reap the Benefits of Bring Your Own Laptop Executive Brief Summary There is a new development in the Bring Your Own Device (BYOD) movement in today s