Cyber Security: Threat and Prevention

Transcription

1 Expand Your Horizons Webinar Series Cyber Security: Threat and Prevention February 24, :00 1:45pm The Webinar will begin shortly. You can ask a question in the box on the right hand side. We will answer them during our Q&A at the end of the webinar.

2 Panel Ewan Willars - Director of Policy, ACCA Canada Director General of Cyber Defence, Communications Security Establishment of Canada

3 Cyber Threats and the Government of Canada 3

4 CSE Mandate: National Defence Act PART B PART A Provide foreign intelligence in accordance with government priorities Provide advice, guidance and services to help ensure the protection of information and information systems of importance to the GC PART C Provide technical assistance to law enforcement and national security 4

5 What is the GC Protecting? GC Cyber Activity in 2014 by Sector Security, Intelligence & Defence Social & Cultural Development Transportation Banking & Finance Border Services & Immigration What are Threat Actors after? Trade Secrets New Technologies Negotiating Strategies Government Administration Canadian Personal Information Natural resources information Natural Resources, Energy & Environment Health Industry & Business Development Access to everything Legal International Affairs, Trade & Development 5

6 What are the Threats? State-sponsored threat actors Foreign intelligence services tasked to collect intelligence and/or disrupt Canadian services. Cybercriminals Criminals that use malware and other programs to either steal information or coerce others to pay them for illegitimate reasons (ransomware). Hacktivists Political and/or social activists that use computers or computer networks to channel their message or prove a point. Script kiddies Individuals or groups that target GC and other organizations for the fun of it, or compete to see who can cause the most damage. 6

7 What are the risks Reputational/Trust Business Continuity Financial Impact Information Loss/Damage 7

8 Preventing a Compromise - Patching No quick fix for cyber security. There are a number of mitigation measures you can undertake to significantly hinder threat actors. Patching: Operating system; Applications; Till you can patch no more! Current malicious activity that could be prevented with patching: 2010 & 2012 Common Vulnerabilities and Exposures (CVEs) Every compromise in 2013! Patching Challenges: Timeliness/Costs Various versions : operating systems & Internet browsers. 8

9 Anticipating a Compromise Cyber security does not stop with patching. Proactively prepare. Cyber threat actors will gain access. Harden your networks: design your network and system efficiently; know where certain applications are in use; apply network segmentation in security zones to protect sensitive information; consolidate Internet access points; and, other best practices. 9

10 A Team Sport Working together is key! IT vendors Canadian private sector Public Safety Shared Services Canada Canadian industry IT security teams across the Government of Canada 10

11 Where from Here? Understand your network and information is constantly targeted; Be aware of cyber threat actors and their methods; Top 10 Mitigation Measures IN CONCLUSION: Cyber threat activity is here to stay; Compromises and vulnerabilities will increasingly be publicized Don t make the headlines for the wrong reasons; and, Anticipating compromises is just as important as preventing them. 11

12 Cybersecurity: The challenge for finance Ewan Willars Tuesday 24 February

13 Cybersecurity: a frontline issue for finance All organizations need to: 1. understand the nature and likelihood of cyber-threats 2. identify, assess and mitigate existing and emerging risks 3. implement and maintain strong controls and policies to govern data privacy and security 4. educate users on emerging risks, such as those associated with mobile technology 5. plan for increasing complexity, and 6. make technological risk an executive-level concern. ACCA

14 Mean score Global drivers of change for the profession: short term (2013) Fuel and Energy Prices Cybersecurity Challenges Corporate Governance Regulation 4.2 Public sector Corporates (large) Corporates (small/medium) ACCA

15 Percentage of accountants concerned with risks associated with cybercrime ACCA

16 The changing role of finance: increasing cyber-risks? Traditional control & stewardship responsibilities Supporting strategic direction and creating value Data management, security and assurance Emergence of big data and the data-driven organization Extracting insights and value from data ACCA

17 The future: data-driven finance function A data-driven finance department has the following objectives: provide data leadership across the organization improve decision making across finance and other functional areas manage the ever-increasing regulatory reporting requirements enhance control and risk management capabilities improving cost efficiency and lowering the cost-to-serve. ACCA

18 The current state of play Data challenges Reporting funnels Customer data Internal data Supply chain data Poor data integration ACCA

19 The data-driven organization New risks or greater resilience? Unified Data Ecosystem ERP General ledger Create a unified approach to data across the organization Develop data strategy and architecture in tandem Create a consistent view of data across departments Improve transparency between reported financial results, big data analytics and supporting transaction detail ACCA

20 What does this mean for public sector organisations? Organised attacks vs low level threats? Get the fundamentals right! Big data is increasing risks and presenting new challenges but the opportunities for public organisations are enormous Centralised solutions should offer efficiency and greater protection but the impact of risks become more severe Not just an IT and technology issue. It is a board-level issue and finance should be at the forefront Understand the implications of social tech, mobile and cloud Awareness of the issues needs to be turned into action and leadership ACCA

21 Future challenges The internet of things and the growing volume and complexity of data Regulation and public concerns blurring between public and private data More sophisticated attacks are innevitable Need for international collaboration ACCA

22 Find out more? ACCA

23 DIGITAL DARWINISM: Thriving in the face of technology change

24 100 DRIVERS OF CHANGE for the global accountancy profession

25 BIG DATA: Its power and perils

26 Enhancing competitive advantage through analytical insights Are you unlocking the value of your data?

27 Questions and Answers Be sure to tune in to our next webinar! A Conversation with the New Auditor General of Nova Scotia Presenter: Michael Pickup Auditor General of Nova Scotia Thursday, March 12 from 12:00 1:00pm EDT Register at 27