CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW

Similar documents
Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

The Cyber War on Small Business

Cybersecurity and Nonprofit

Top Ten IT Security Risks CHRISTOPHER S. ELLINGWOOD SENIOR MANAGER, IT ASSURANCE SERVICES

Cyber Security Updates and Trends Affecting the Real Estate Industry

Cyber Insurance: What is your bank doing to manage risk? presented by

Understanding the Changing Cybersecurity Problem

Personal Cybersecurity

DIGITAL ACCOUNTANCY FORUM CYBER SESSION. Sheila Pancholi Partner, Technology Risk Assurance

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

Cybersecurity and Hospitals: A Board Perspective

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

June 2 nd, 2016 Security Awareness

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

CYBER SECURITY AND MITIGATING RISKS

Legal Aspects of Cybersecurity

Business continuity management and cyber resiliency

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Data Breach Preparedness & Response

Data Breach Preparedness & Response. April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE

You ve Been Hacked Now What? Incident Response Tabletop Exercise

CYBER SECURITY AND THE PENSIONS INDUSTRY Karen Tasker 1 February 2018

Why you MUST protect your customer data

Cybersecurity Survey Results

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

PCI Compliance. What is it? Who uses it? Why is it important?

THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY:

Brian S. Dennis Director Cyber Security Center for Small Business Kansas Small Business Development Center

ANATOMY OF A DATA BREACH: DEVELOPMENTS IN DATA SECURITY AND CLOUD COMPUTING LAW

HIPAA 2017 Compliancy Group, LLC

Employee Security Awareness Training

Cyber-Threats and Countermeasures in Financial Sector

Preparing for a Breach October 14, 2016

Who We Are! Natalie Timpone

Cybersecurity The Evolving Landscape

Security Breaches: How to Prepare and Respond

Robert Hayes Senior Director Microsoft Global Cyber Security & Data Protection Group

External Supplier Control Obligations. Cyber Security

HIPAA & Privacy Compliance Update

CYBERSECURITY PREPAREDNESS AND RESPONSE

Recognizing Fraud Staying Safe 2018 Information/Cyber Security Training

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Combating Cyber Risk in the Supply Chain

HOSTED SECURITY SERVICES

PTLGateway Data Breach Policy

OA Cyber Security Plan FY 2018 (Abridged)

Preventing Corporate Espionage: Investigations, Data Analyses and Business Intelligence

Kaspersky Small Office Security 5. Product presentation

Cyber Security. June 2015

Location-Specific Cyber Risk

Caribbean Cyber Security: Not Only Government s Responsibility

Cybersecurity Today Avoid Becoming a News Headline

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

DeMystifying Data Breaches and Information Security Compliance

10 FOCUS AREAS FOR BREACH PREVENTION

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

Getting Started with Cybersecurity

2017 Annual Meeting of Members and Board of Directors Meeting

Welcome! Copyright 2017 MAC. All Rights Reserved.

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

PULSE TAKING THE PHYSICIAN S

112 th Annual Conference May 6-9, 2018 St. Louis, Missouri

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services.

Moving from Prevention to Detection March 2017

How NOT To Get Hacked

First aid toolkit for the management of data breaches. Mary Deligianni Senior Associate 15 February 2018

Background FAST FACTS

Healthcare HIPAA and Cybersecurity Update

UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA

Thanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at

Perspectives on Threat

EMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS

Must Have Items for Your Cybersecurity or IT Budget in 2018

ABB Ability Cyber Security Services Protection against cyber threats takes ability

The Cost of Denial-of-Services Attacks

KnowBe4 is the world s largest integrated platform for awareness training combined with simulated phishing attacks.

Governance Ideas Exchange

Restech. User Security AVOIDING LOSS GAINING CONFIDENCE IN THE FACE OF TODAY S THREATS

No IT Audit Staff? How to Hack an IT Audit. Presenters. Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP

mhealth SECURITY: STATS AND SOLUTIONS

Defending Our Digital Density.

Reviewing the 2017 Verizon DBIR

falanx Cyber Falanx Phishing: Measure your resilience

Ransomware A case study of the impact, recovery and remediation events

Data Breach Trends: What Local Government Lawyers Need to Know

ANATOMY OF AN ATTACK!

The Data Breach: How to Stay Defensible Before, During & After the Incident

Information Governance, the Next Evolution of Privacy and Security

Turning Risk into Advantage

Cyber Threat Landscape April 2013

Agenda. Security essentials. Year in review. College/university challenges. Recommendations. Agenda RSM US LLP. All Rights Reserved.

Transcription:

CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW May 2018 Ed Plawecki General Counsel & Director of Government Relations UHY LLP Jamie See Manager UHY LLP

Iowa Public Employees' Retirement System accounts breached, FBI investigating hack An independent member of UHY International UHY LLP 2017 All Rights Reserved

WHY DO PEOPLE HACK Why do people and organizations hack? Criminal Ransom Selling Information Anarchists Activists Fun Thrills Challenge Sabotage Internal 3

WHY ARE GOVERNMENT ENTITIES A MAJOR TARGET? Sensitive data ID/License, Marriage forms, Birth Certificates, Medical data, SSN, Etc. Potentially easier targets Lack of available funding for security equipment and monitoring Political and social reasons State sponsored and hacktivists 4

WHAT CAN YOU DO IN REGARDS TO CYBER SECURITY A. Ignore the risk B. Run and try to escape C. Blame the IT guy D. Stay Calm 5

WHAT CAN YOU DO IN REGARDS TO CYBER SECURITY Option 1: Throw the computers out of the window. Option 2: Be prepared to prevent, identify, and respond to cyber attacks. 6

CYBER SECURITY PROGRAM? Do you have a cyber security program in place? 7

WHAT IS CYBER SECURITY? 8

2017 BREACH LEVEL INDEX REPORT 9

WHERE ARE THESE BREACHES COMING FROM? Cyber Security breaches originate from multiple sources and can be categorized into five main categories: Malicious Outsider Accidental Loss Malicious Insider Hacktivist State Sponsored 10

WHY ARE GOVERNMENT ENTITIES A MAJOR TARGET? Sensitive data ID/License, Marriage forms, Birth Certificates, Medical data, SSN, Etc. Potentially easier targets Lack of available funding for security equipment and monitoring Political and social reasons State sponsored and hacktivists 11

COST OF CYBER SECURITY BREACHES Financial Costs Stolen Assets Iowa Public Employees' Retirement System lost hundreds of thousands of dollars Breach Response and Remediation Atlanta has $2.7 million in expenses already Operational Impact Public Opinion Press Unauthorized Release of Convicts Emergency Communications Systems Disabled 12

THE REAL HACKERS 13

INITIAL VECTORS OF ATTACK

IDENTIFY TARGETS It s easy to identify and target personnel who are in charge of releasing funds. 15

ANYONE CAN HACK No hacking required. Most malware can be purchased online! 16

PHISHING ATTACK SUMMARY 17

RANSOMWARE ATTACK SUMMARY 18

WHAT CAN WE DO TO REDUCE OUR RISK? Step 1: Cyber Security Insurance Step 2: Perform a cyber security risk assessment Step 3: Implement or update your cyber security program Step 4: Monitoring and continuous improvement 19

COMPONENTS OF A CYBER SECURITY RISK ASSESSMENT Step 1 Identify risks Step 2 Determine the impact and likelihood of the risk Step 3 Evaluate the risk and determine the action plan Step 4 Record the results and implement the action plan Step 5 Review the assessment and update as necessary Cyber Security includes three main areas: Process Technology People 20

PROCESSES Information Security Program Periodic Risk Assessment Incident Response Conduct Standards Procedures for Handling Data Access Provisioning and Decommissioning Monitoring Continuous Improvement 21

TECHNOLOGY Types of Technology Typically in Use: Infrastructure and Hardware Applications and Tools Malware Protection Authentication Tools Encryption Tools Backup Tools Continuous Improvement 22

HUMAN FIREWALL FAILURE 23

PEOPLE People, our greatest resource and biggest risk when it comes to cyber security: Accidental / Lack of Training Trying to be Helpful Malicious Insider 24

PEOPLE Culture and Training is the key: A culture that promotes security is going to be a more secure environment Security starts at the top Practice what we preach Security should not be perceived as punitive or failure Users don t know what they don t know Cyber security training Social media training Phishing campaigns 25

SUMMARY Cyber security is a real threat to organizations of all sizes and backgrounds It s not IF any more, it s WHEN Information Security Program The framework for a secure organization Training Information is the key Monitoring and Continuous Improvement Cyber security threats are always changing, we should too 26

QUESTIONS?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback