Protecting your next investment: The importance of cybersecurity due diligence

Similar documents
Business continuity management and cyber resiliency

Healthcare HIPAA and Cybersecurity Update

Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Cyber Risks in the Boardroom Conference

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Best Practices in Securing a Multicloud World

Introduction Privacy, Security and Risk Management. What Healthcare Organizations Need to Know

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

CYBER RESILIENCE & INCIDENT RESPONSE

Gujarat Forensic Sciences University

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

Cybersecurity The Evolving Landscape

Addressing the elephant in the operating room: a look at medical device security programs

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

Cyber Resilience. Think18. Felicity March IBM Corporation

HEALTH CARE AND CYBER SECURITY:

Are we breached? Deloitte's Cyber Threat Hunting

Background FAST FACTS

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

Incident Response Services

Cyber Insurance: What is your bank doing to manage risk? presented by

The hidden cost of smart buildings

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

ISACA West Florida Chapter - Cybersecurity Event

Think Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Must Have Items for Your Cybersecurity or IT Budget in 2018

Department of Management Services REQUEST FOR INFORMATION

Cyber Security Incident Response Fighting Fire with Fire

CYBER SOLUTIONS & THREAT INTELLIGENCE

Secure the value chain. Risk management in the omnichannel consumer and retail environment

CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

What is Penetration Testing?

Cyber Resiliency: A Recipe for Digital Trust?

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Reviewing the 2017 Verizon DBIR

Information Governance, the Next Evolution of Privacy and Security

2015 HFMA What Healthcare Can Learn from the Banking Industry

CISO as Change Agent: Getting to Yes

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

Assessing Your Incident Response Capabilities Do You Have What it Takes?

A Checklist for Cybersecurity and Data Privacy Diligence in TMT Transactions

Tackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud

CCISO Blueprint v1. EC-Council

HOSTED SECURITY SERVICES

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Changing the Game: An HPR Approach to Cyber CRM007

How will cyber risk management affect tomorrow's business?

ABB Ability Cyber Security Services Protection against cyber threats takes ability

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

Cybersecurity Vulnerabilities and Process Frameworks for Oil and Gas

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Cybersecurity for Health Care Providers

Keys to a more secure data environment

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Protect Your Organization from Cyber Attacks

2018 MANAGED SECURITY SERVICE PROVIDER (MSSP): BENCHMARK SURVEY Insights That Inform Decision-Making for Retail Industry Outsourcing

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Brussels. Cyber Resiliency Minimizing the impact of breaches on business continuity. Jean-Michel Lamby Associate Partner - IBM Security

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA

ANATOMY OF AN ATTACK!

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

align security instill confidence

112 th Annual Conference May 6-9, 2018 St. Louis, Missouri

Defending Our Digital Density.

Cyber-Threats and Countermeasures in Financial Sector

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

Threat Intelligence to enhance Cyber Resiliency KEVIN ALBANO GLOBAL THREAT INTELLIGENCE LEAD IBM X-FORCE INCIDENT RESPONSE AND INTELLIGENCE SERVICES

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Cyber Incident Response. Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response

M&A Cyber Security Due Diligence

2017 Annual Meeting of Members and Board of Directors Meeting

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

INTELLIGENCE DRIVEN GRC FOR SECURITY

Incident Response Table Tops

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

HIPAA Security and Privacy Policies & Procedures

RSA INCIDENT RESPONSE SERVICES

Ten Ways to Prepare for Incident Response

HIPAA Privacy, Security and Breach Notification

Transcription:

Protecting your next investment: The importance of cybersecurity due diligence Oct. 11, 2018 Baker Tilly Virchow Krause, LLP. All rights reserved. Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.

Agenda 01 Risks associated with weak cybersecurity 02 Cybersecurity assessment for an acquisition target 03 Managing cybersecurity post acquisitions 2 Baker Tilly Virchow Krause, LLP. All rights reserved.

Introduction Organizations continue to struggle preventing and defending against cybersecurity incidents > Average cost to recover from a data breach: $3.6M 1 > Malware and mobile devices continue to be among the leading culprits... Opportunities to increase safeguards and train employees on safer practices > Fines for HIPAA violations have real impact: up to $5.5M 1. AT&T Cybersecurity Report 3 Baker Tilly Virchow Krause, LLP. All rights reserved.

Risks associated with weak cybersecurity

Motivation for cyber crime The cyber crime triangle: An attacker must have opportunity/access: - Flaws in the security plan/network - Holes in software program - Physical proximity to network components If there is no opportunity to intrude, the would-be hacker will go elsewhere. An attacker must have a reason: - Financial = 76% - Espionage < 15% - Fun < 5% - Ideology < 3% Source Verizon 2019 Data Breach Investigation report MOTIVE To exploit the vulnerability an attacker must have: - Tools - Talent: 50% of attackers are members of organized crime 12% are nation-state affiliated actors 5 Baker Tilly Virchow Krause, LLP. All rights reserved.

Opportunity = attack surface Vulnerabilities Traditional weaknesses: Misconfigurations Insufficient input validation Incorrect permissions and etc. New generation attacks: Malware attacks on internet connected infrastructure Phishing attacks Ransomware Botnet attacks OPPORTUNITY Malware attack on Target Corporation s point of sale (POS) system estimated to be over $100 million USD. It showed that segmentation of internet connected devices from the important business applications is absolutely necessary. Phishing scams cost American businesses $500 million USD per year Wannacry infected over 200,000 computers across 150 countries and cost over $4 billion USD combined Example of costs Recent Botnet attack using Internet of Things devices cost $68 million USD in less than seven hours 6 Baker Tilly Virchow Krause, LLP. All rights reserved.

Occurrence Cyber risk landscape MAX Cyber Business Risks (In Priority Order) Healthcare Retail R1 Data Breach using POS R4 Human error R6 Web Application attacks R2 Social Engineering Scams R2 Social Engineering Scams R1 Data Breach using POS R3 Payment Card Skimmers R5 Phishing R8 Denial of Service R4 R5 Human error Phishing R7 Manufacturing Cyber espionage R3 Financial Payment Card Skimmers Min R6 R7 R8 Web Application attacks Cyber espionage Denial of Service R2 R5 Social Engineering Scams Phishing R2 R5 Social Engineering Scams Phishing Source Verizon 2019 Data Breach Investigation report 7 Baker Tilly Virchow Krause, LLP. All rights reserved.

Bad cybersecurity negatively impacts deal According to a 2016 NYSE and Veracode survey of public company directors: 85% 52% 22% said the discovery of major security vulnerabilities was either very likely or somewhat likely to affect an acquisition said a breach would significantly lower a target s valuation wouldn t consider acquiring a company that recently experienced a significant data breach Source: Cybersecurity in the Boardroom survey NYSE and Veracode: https://www.veracode.com/nyse-and-veracode-reveal-surprising-results-from-board-cybersecurity-survey 8 Baker Tilly Virchow Krause, LLP. All rights reserved.

Case study Yahoo! Case: On July 23, 2016, Yahoo! and Verizon entered into a stock purchase agreement. Later it was revealed that since 2014, Yahoo! has been a victim of two data breaches. Original deal: Verizon was to pay $4.83 billion USD in cash Result: After cybersecurity incident, Yahoo!: a) reduced the price by $350 million USD b) Yahoo! is responsible for all liabilities arising from shareholder lawsuits and SEC investigations related to the two cyber incidents c) Yahoo! and Verizon are each responsible for 50 percent of any non-sec liabilities 9 Baker Tilly Virchow Krause, LLP. All rights reserved.

Case study Women s Health Care Group of PA Case: On July 18, 2017, WHCGPA announced they had been attacked and there was a possible breach of ephi. Breach occurred during merger process with another regional health provider. Original deal: Private deal, no terms disclosed Result: Incident is under investigation by the Office of Civil Rights a) Potential for up to 300,000 compromised patient records b) Fine could be up to $1.5M Incident also required external specialists to complete forensic analysis 10 Baker Tilly Virchow Krause, LLP. All rights reserved.

Assessment of cybersecurity for an acquisition target

Assessment approach Cybersecurity due diligence may reveal deal-breakers. Issues identified may change a target s value or identify a need to establish security practices to prevent potential losses in the future. Assessment of cybersecurity risk management practices Reconnaissance Looking at information available outside the target Vulnerability assessment 12 Baker Tilly Virchow Krause, LLP. All rights reserved.

Assessment of cybersecurity risk management Risk-based approach to evaluate the four key components of cybersecurity: Utilizing one of the widely recognized industry frameworks for cybersecurity helps to: Process 01 02 Understand the current cybersecurity risk profile in the organization Assess the design and effectiveness of the organization s cybersecurity program People Technology 13 Baker Tilly Virchow Krause, LLP. All rights reserved.

Looking at information available outside the target Reconnaissance objectives > Build an organizational profile and identify targets > Define the network footprint > Identify potential motivation > Identify generic vulnerabilities Passive reconnaissance Personnel reconnaissance Dark web Can tech debt and out-of-date systems be identified from the public internet? Is private or potentially targetable information about key personnel available? Is already-breached data from the company available 14 Baker Tilly Virchow Krause, LLP. All rights reserved.

Vulnerability assessment Objective Conduct network review and analysis to determine internal and external network vulnerabilities and risks Resilience Disaster recovery capability, security of back-ups and ability to restore key functions Services Security patch effectiveness and known vulnerabilities Access controls Multifactor authentication and segregation of duties Network Assessment Points of access VPNs, wireless access and modem connections 15 Baker Tilly Virchow Krause, LLP. All rights reserved.

Managing cybersecurity across the portfolio post acquisition

Barriers to security success In today s constantly changing cybersecurity landscape, it is difficult to find a single leader to meet a company s needs today and into the future. Attracting and retaining the right talent in a ultra-competitive cyber labor market. Keeping cyber leaders engaged is a challenge. Leadership Skill Set To be effective, a cyber program must have access to a wide range of specific skills. As the threat evolves, this skills portfolio must constantly adapt to meet the threat. Designing a long-term sustainable program within a company s budgetary constraints can be challenging. Cost Strategic vs. Tactical A world-class cyber program needs to dynamically address both strategic and tactical cybersecurity issues 17 Baker Tilly Virchow Krause, LLP. All rights reserved.

Sustainable cybersecurity services model Strategy and program management Virtual Chief Information Security Officer (vciso) > Flexible > Scalable > Sustainable > Resilient Detect Cybersecurity monitoring Incident response On-demand or retained Validate Integrated Security Testing 18 Baker Tilly Virchow Krause, LLP. All rights reserved.

Operations C-Suite BOD Strategy and program management Strategic cyber advisory Strategic VCISO The model is flexible enough to address both strategic and operational components of cybersecurity From the BOD to operations, Virtual CISO provides holistic security management Operational VCISO 19 Baker Tilly Virchow Krause, LLP. All rights reserved.

VCISO benefits Fractional resources Flexible Skill set, expertise, technology Scalable Meet spikes in demand 20 Baker Tilly Virchow Krause, LLP. All rights reserved.

Cybersecurity monitoring service CYBERSECURITY MONITORING Threat intelligence Updated rules System logs EXTERNAL (internet) Firewall INTERNAL (network) 21 Baker Tilly Virchow Krause, LLP. All rights reserved.

Cybersecurity monitoring benefits Visibility into your network Know what is happing Detect Quickly detect and drill down to root cause Block Stop malicious traffic and reduce exposure quickly Sustainable in the long run 22 Baker Tilly Virchow Krause, LLP. All rights reserved.

Incident response Retained > Guaranteed response time > Reduced rates > Compliance requirements > 24/7 Support 5 PREVENT 1 DISCOVER INCIDENT 2 RESPOND AND CONTAIN On Demand > Flexibility > Rapid response > Negotiable support > Pay for what you use 4 REMEDIATE 3 INVESTIGATE 23 Baker Tilly Virchow Krause, LLP. All rights reserved.

Incident response benefits Holistic approach Response, investigation, mitigation Flexible Retained and on demand models Threat intel / best practices sharing 24 Baker Tilly Virchow Krause, LLP. All rights reserved.

Integrated security testing After an acquisition, regular testing, awareness exercises, and reconnaissance offered by the Integrated Security offering would provide information on cyber risks of current portfolio and open discussion about future risk appetite Initial reconnaissance Network illumination Threat modeling Testing Build a profile of the organization. Identify worthy targets. Understand the network footprint, potential motivations and generic vulnerabilities. Identify network components leveraging covert and overt scanning techniques. Identify vulnerabilities existing in the current infrastructure configuration. Identify potential vectors of attack. Prioritize threat models based on ease of exploit and value of targets. Conduct a cyberattack simulation for high-risk threat models. Identify weaknesses and recommend security enhancements. 25 Baker Tilly Virchow Krause, LLP. All rights reserved.

Integrated security testing benefits Holistic approach Threat modeling Flexible Adjusts to current threats Identify weaknesses that need attention 26 Baker Tilly Virchow Krause, LLP. All rights reserved.

Key takeaways Cybersecurity risk can impact a deal Unexpected costs and fines could impact valuation Four top cybersecurity aspects to assess as part of due diligence 1. Existence and effectiveness of the cybersecurity management program 2. Richness of the target environment 3. Vulnerabilities in current architecture 4. Extent and significance of any known incidents Effective management of cybersecurity across the portfolio 1. Executive level oversight for strategy and operations 2. Detection capability 3. Incident response 4. Ongoing validation of safeguards 27 Baker Tilly Virchow Krause, LLP. All rights reserved.

Disclosure The information provided here is of a general nature and is not intended to address the specific circumstances of any individual or entity. In specific circumstances, the services of a professional should be sought. Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. 2018 Baker Tilly Virchow Krause, LLP. 28 Baker Tilly Virchow Krause, LLP. All rights reserved.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback