DIGITAL ACCOUNTANCY FORUM CYBER SESSION. Sheila Pancholi Partner, Technology Risk Assurance

Similar documents
CYBER SECURITY AND THE PENSIONS INDUSTRY Karen Tasker 1 February 2018

Cyber fraud and its impact on the NHS: How organisations can manage the risk

Understanding the Changing Cybersecurity Problem

A new approach to Cyber Security

Incident Response. Tony Drewitt Head of Consultancy IT Governance Ltd

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm

Unit 3 Cyber security

CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW

Building a Resilient Security Posture for Effective Breach Prevention

Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

Brussels. Cyber Resiliency Minimizing the impact of breaches on business continuity. Jean-Michel Lamby Associate Partner - IBM Security

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Cybersecurity and Nonprofit

Cyber-Threats and Countermeasures in Financial Sector

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Data Breach Preparedness & Response

Data Breach Preparedness & Response. April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

Cyber Insurance: What is your bank doing to manage risk? presented by

A practical guide to IT security

falanx Cyber Falanx Phishing: Measure your resilience

Security Awareness Training Courses

Cybersecurity and Hospitals: A Board Perspective

Defending Our Digital Density.

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

New Zealand National Cyber Security Centre Incident Summary

Cyber Crime Update. Mark Brett Programme Director February 2016

Unit 2 Essentials of cyber security

Cybersecurity Session IIA Conference 2018

CYBER RESILIENCE & INCIDENT RESPONSE

Think Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe

Moving from Prevention to Detection March 2017

10 FOCUS AREAS FOR BREACH PREVENTION

CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

EMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS

Cyber Security. Building and assuring defence in depth

June 2 nd, 2016 Security Awareness

Security Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment

Ian Speller CISM PCIP MBCS. Head of Corporate Security at Sopra Steria

PERSON SPECIFICATION. Cyber PROTECT Officer. Job Title: Status: Established

The Cyber War on Small Business

Who We Are! Natalie Timpone

Cyber Security: An Internal Audit Perspective Eoin Hayes

Cyber Threat Landscape April 2013

CHIME and AEHIS Cybersecurity Survey. October 2016

Cyber Security Strategy

falanx Cyber Falanx Cyber Awareness Training: Educating your staff

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

CAGFO Conference September 2018

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

Cybersecurity The Evolving Landscape

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

Cyber Resilience. Think18. Felicity March IBM Corporation

The University of Queensland

Business continuity management and cyber resiliency

Cyber security tips and self-assessment for business

Information Security Controls Policy

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Cybersecurity and the Board of Directors

Personal Cybersecurity

CYBER INSURANCE: MANAGING THE RISK

Cyber Security. It s not just about technology. May 2017

Cyber Security for audit committees

Data Centers & Technology:

Cybersecurity for the SMB. CrowdStrike s Murphy on Steps to Improve Defenses on a Smaller Scale

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

HIPAA 2017 Compliancy Group, LLC

Qualification Specification. Level 2 Award in Cyber Security Awareness For Business

Governance Ideas Exchange

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,

Cybercrime and Information Security for Financial Institutions. AUSA Jared M. Strauss U.S. Attorney s Office So. District of Florida

with Advanced Protection

Cybersecurity for Health Care Providers

DIGITAL TRUST Making digital work by making digital secure

ISACA West Florida Chapter - Cybersecurity Event

CYBER SECURITY AWARENESS IN THE MARITIME INDUSTRY

Emerging Technologies The risks they pose to your organisations

Cyber risk Getting the boardroom focus right

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Are you safe? Your business growth strategies are at the heart of the cyber risks your organization faces

CYBER SECURITY TAILORED FOR BUSINESS SUCCESS

Protecting your next investment: The importance of cybersecurity due diligence

Cyber Fraud What can you do about it?

Cyber Security in the Maritime Sector Threats, Trends and Reality

Cyber Risk Having better conversations on cyber

Position Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED

Cyber Security Incident Response Fighting Fire with Fire

SECURING THE UK S DIGITAL PROSPERITY. Enabling the joint delivery of the National Cyber Security Strategy's objectives

Safeguarding company from cyber-crimes and other technology scams ASSOCHAM

How to be cyber secure A practical guide for Australia s mid-size business

CISO as Change Agent: Getting to Yes

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

DELIVERING SIMPLIFIED CYBER SECURITY JOURNEYS

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

Caribbean Cyber Security: Not Only Government s Responsibility

Nine Steps to Smart Security for Small Businesses

Transcription:

DIGITAL ACCOUNTANCY FORUM CYBER SESSION Sheila Pancholi Partner, Technology Risk Assurance

Section 1: The background

World s biggest data breaches 10 years ago 2007 2006 accidentally published hacked inside job lost/stolen device or media Poor security 2005 2004 Source: Information is Beautiful

World s biggest data breaches now 2017 2016 accidentally published hacked inside job lost/stolen device or media Poor security 2015 2014 Source: Information is Beautiful

Why the increase in risk? Big Data & Analytics Increase in... Wearable Technology Connectivity Access points Remote access Mobile Working Personal information Data sharing The Cloud Internet of Things Internet Transactions Social Media

Reported cyber breaches, 2017 The extent of the (reported) problem 53,000 incidents 2,216 confirmed breaches 73% Perpetrated by outsiders 49% non PoS installed via email

The challenges some recent comments Why would anyone want to attack our organisation? We do not know what our most critical information assets are in our organisation. We have our networks well protected by good technology We know we have already been attacked but do not know how best to respond and recover effectively. We do not know what good cyber resilience looks like for our organisation Our current information/cyber security training is ineffective in driving new behaviour's across the organisation.

The motives Financial incentive theft and extortion Nation-sponsored cyber espionage Competitive advantage Reputation Data incentive Hacking for a cause Leading to financial and data loss, loss to reputation etc.

The culprits STATE- SPONSORED ATTACKERS HACKTIVISTS CYBER TERRORIST / SYNDICATES INDIVIDUALS National basis Hacking for a cause Modern form of terrorism Personal gain

Types of attacks Insider attacks Phishing and whaling Vulnerability attacks Ransomware

How easy is it?

Internet forum Forged qualification Became a pilot

Your cyber footprint Services provided ITC Services consumed Entity Cyber boundary entity 4 Cyber boundary entity1 Real cyber boundary Services engaged Third Parties Cyber boundary entity 3 Cyber boundary - ITC Cyber boundary entity 2 External threats Services engaged Cloud

Question: Would you recognise a malicious email?

What is phishing and whaling? Phishing Targeting many individuals, mainly with blanket e- mails, and hoping that some will follow links, open attachments, reply with information, or transfer funds Whaling Targeting a small group of individuals with significant data access (often disguised as a manager/ceo) and requesting personal information, bank details changes, or a large funds transfer

Malicious content - ransomware

Example Gained entry into an employee's computer through 'spear phishing infected it with malware called Carbanak. Sent authentic-looking emails from his account that other staff clicked on, spreading the malware through the bank. Found the administrator account for the CCTV equipment They used the CCTV to record everything that happened on the screens of staff who serviced the cash transfer systems. They mimicked the activity of these staff activity in order to transfer money out.

What action can you take?

Preparedness for response to a data breach event. Calling on experts with years of experience across industry to advise and guide. Physical security and cyber security are on the same continuum. 07 06 08 01 Cyber Maturity Roadmap 05 04 IT & data assets are built in to a corporate risk register. 02 03 IT security has direct representation in to C-Suite. Industry leading frameworks used as a foundation, not be-all, end-all to manage risks. Metrics appropriate to the organisation defined and monitored. Risk based: How much risk can you reduce or offset? How much residual risk are you prepared to accept?

Questions to know the answer to Where is my data? Where does it go? Who has access to it? How is it used?

Why transform to cyber maturity Forward thinking, anticipating trends and threats Financial penalties of losing customer data Cyber maturity = competitive advantage in marketplace

What does good look like? Triple security lock CYBER SECURITY STRATEGY assess technology risk profile security on board agenda update cyber control framework EMPLOYEE EDUCATION make staff aware of cyber risks and how to respond test effectiveness of your cyber awareness programmes formal cyber incident management process THIRD PARTY ASSURANCE check security measures third parties have to protect data secure links between your organisation and third parties ensure third parties conform with your policies and procedures

Further information Some useful sites Action Fraud - www.actionfraud.police.uk UK Cyber Security Forum - www.ukcybersecurityforum.com Information Security Forum - www.securityforum.org National Crime Agency - www.nationalcrimeagency.gov.uk/crime-threats/cyber-crime Cyber UK - www.cyber.uk

Questions and answers? Whilst every care has been taken to ensure that the information provided in this presentation is as accurate, complete and timely as possible, no complete guarantee, assurance or warranty can be given with regard to the advice and information contained herein.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback