Cyber Risks and Emerging Technology/Threats

Transcription

1 Cyber Risks and Emerging Technology/Threats Frank Leonetti, FBCI/CBCP CEO, NorthStar Advisory Services

2 Frank Leonetti, FBCI/CBCP, is the CEO for NorthStar Advisory Services, LLC. for the past 6 years. He was formerly the Manager for Business Continuity/Disaster Recovery of Oracle s Professional Services. He had been with Oracle/Sun/StorageTek for 15 years and has been in the overall IT business for the past 25 years. Frank is a certified Fellow through the Business Continuity Institute and Certified Professional through the Disaster Recovery Institute. He has worked on literally 100 s of engagements for both Public and Private Sector companies in the areas of BCM and DR planning, Testing, Merger and Acquisition Planning, Continuity of Operations and Compliance Validation. Frank has been a featured and keynote speaker at several national conferences including: DRJ, DRIE, CPM, CIO Forum, InfoWorld, The Disaster Conferences, Continuity Insights, BrightTalk Webinars, MIT Professional Education Instructor and several ACP and BCI events. Mr. Leonetti is an Editorial Advisory Board Member of the Disaster Resource Guide, Certification Assessor for the Business Continuity Institute, member of the National Speakers Association, Board member of the Safe America Foundation and board member of the Risk Management Association. Frank has published several articles for CIO Magazine, Continuity Insights, BC Management and written and published several industry white papers.

3 Definition Cyber" is a prefix used to describe a person, thing, or idea as part of the computer and information age. Taken from kybernetes, Greek for "steersman" or "governor," it was first used in cybernetics, a word coined by Norbert Wiener describing the science of communications and automatic control systems in both machines and living things. Relating to or characteristic of the culture of computers, information technology, and virtual reality The electronic medium in which online communication takes place Suffix s include: cyberculture, cyberspace, cybercrime, cyberbullying, CyberMonday!!

4 Top CyberSecurity Threats 2018 Crime-As-A-Service (CaaS) Expands Tools and Services Consumer Drones Get Weaponized (Dronejacking) Continued and greater DDoS (Distributed Disruption of Service) attacks IoT (Internet of Things) malware opens a backdoor into the home Supply Chain Remains the Weakest Link in Risk Management Cyber Espionage and Incentivized Insider Threats Electronic Medical records hacked and vulnerable to ransomware Unmet Board Expectations Exposed by Major Incidents Sources: GT (government Technology) magazine, Forbes, Wired Magazine, Forrester, Tech Republic

5 A Step Further...

6 The CYBORG Reality Robotic Manufacturing ROBOTIC MANUFACTURING UBER Car Death Robotic Surgery

7 And the HITS just keep coming >>>>> BUGS, BOTS, VIRUSES, INFECTIONS Increases in Ransomware Millions of users infected Malicious Software Google Chrome Extension PETYA Hits FedEx Subsidiary TNT Express

8 THE BIG ONE???? WANNACRY DECRYPTOR GLOBAL RANSOMWARE ATTACK WITH WORM PROPOGATION 100,000+ ORGANIZATIONS OVER 200,000 COMPUTERS 150 COUNTRIES AFFECTED

9 Scope and Breadth

10 Massive Data Breach... Another One!! ADDITIONAL 2.4M IN FEB 2018

11 What are the real risks? Threat to lives Threat to personal/business data and finances Business Operations Impacted or Halted 62% of SMBs Hit With Ransomware Were Forced to Cease Operations (Source: Tech Data) Global Expansion Security---Where is your Cloud? Changing data sovereignty laws make it impossible to ensure your data is held legally. What happens if a search warrant is issued for your data? Which government gains access? How do you know? Data localization is great for protecting citizens rights for owning data. But what about data efficiency or performance? Where do those qualities now stand?

12 Risk Mitigation Standards & Regulations IEEE (Institute of Electrical and Electronic Engineers) Standards ISO (International Organization for Standardization) NIST (National Institute of Standards and Technology) Guidelines FAA (Federal Aviation Administration) FCC (Federal Communications Commission) TSA (Transportation Safety Administration) FISMA (Federal Information Security Management Act) C-TPAT (Customs-Trade Partnership Against Terrorism) H.R 2868 (The Chemical Facility Anti-Terrorism Standards Regulation) GDPR (General Data Protection Regulation) for data storage in EU

13 ) Risk Mitigation Standards & Regulations Financial Industry (continued) FDIC (Federal Deposit Insurance Corporation) OCC (Office of the Comptroller of the Currency) SOX (Sarbanes-Oxley Act) PCI/DSS (Payment Card Industry Data Security Standard) GLB (Gramm-Leach- Bliley Act) EFTA (Electronic Fund Transfer Act, Regulation E)

14 ) Risk Mitigation Standards & Regulations (continued) Healthcare Industry HIPAA (Health Insurance Portability and Accountability Act ) HITRUST (Health Information Trust Alliance) Medical and Healthcare Standards and Regulations PSQIA (Patient Safety and Quality Improvement Act, Patient Safety Rule)

15 Where do we go next????? The central role of financial executives in preventing, detecting, and combating cyber security risks (Strategic Planning & Budgeting) Methods for identifying inherent cybersecurity risks related to your business's risk environment (Assessments and Cyber Incident Response Plans) Methods for evaluating your business's cybersecurity detection and prevention capabilities (Design and Implementation) How to integrate cybersecurity assessment process with your BC/IT/IS risk management process, even if your services are outsourced (Planning, Penetration Testing, Phishing Exercises) How to address the ongoing Inherent Risk and Cybersecurity Programs to prepare for hacker attacks (Employee Cybersecurity Training and Maintenance) Get Smart Personally- Don t Contribute to your own security risk

16

17 Let our advance worrying become advance thinking and planning Winston Churchill

18 Frank Leonetti, FBCI,CBCP CEO NorthStar Advisory Services, LLC