Use by permission DAN LOHRMANN, CHIEF STRATEGIST & CSO SECURITY MENTOR, INC. SEPTEMBER 6, 2017

Similar documents
What It Takes to be a CISO in 2017

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

PA TechCon. Cyber Wargaming: You ve been breached: Now what? April 26, 2016

2018 MANAGED SECURITY SERVICE PROVIDER (MSSP): BENCHMARK SURVEY Insights That Inform Decision-Making for Retail Industry Outsourcing

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Cybersecurity is a Journey and Not a Destination: Developing a risk management culture in your business. Thursday, May 21, 2015

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

The Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1

CYBER SOLUTIONS & THREAT INTELLIGENCE

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Cybersecurity Overview

Implementing Executive Order and Presidential Policy Directive 21

RSA Advanced Cyber Defence Summit

THE POWER OF TECH-SAVVY BOARDS:

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

Cybersafety Culture Assessment

Bradford J. Willke. 19 September 2007

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs)

Standing Together for Financial Industry Resilience Quantum Dawn 3 After-Action Report. November 19, 2015

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

CYBERTECH 2019 FIGURES:

Defensible and Beyond

EVENT BROCHURE SECURITY WORLD APRIL 2017 MELIA HANOI HOTEL HOSTED BY ORGANIZED BY SUPPORTED BY.

Cybersecurity. Securely enabling transformation and change

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Safeguarding company from cyber-crimes and other technology scams ASSOCHAM

Why you should adopt the NIST Cybersecurity Framework

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

MALAYSIA S APPROACH IN CAPACITY BUILDING. Dr Amirudin Abdul Wahab Chief Executive Officer CyberSecurity Malaysia 24 March 2017

Disaster Management and Security Solutions to Usher in the IoT Era

Security & Phishing

Horizon 2020 Security

Sales Presentation Case 2018 Dell EMC

Information Technology Information Sharing and Analysis Center. First Symposium Barcelona, Spain Feb. 2, 2011

How NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity

Dom Nessi Burns Engineering March 29, 2017 CYBERSECURITY TRENDS 2017 REPORT

Building a Resilient Security Posture for Effective Breach Prevention

Cyber Security: Threat and Prevention

Cybersecurity in Higher Ed

Building digital competences in national and regional clusters

YOU VE GOT 99 PROBLEMS AND A BUDGET S ONE

Connected & Automated Vehicle Activities

Q Information Security Market Landscape Study Learn how your peers plan for and purchase Information Security Technologies

Our Comments. February 12, VIA

Securing the User: Winning Hearts & Minds to Drive Secure Behavior

Transforming the utilities industry. How our insight and infrastructure can help you thrive in a changing world

SELLING YOUR ORGANIZATION ON APPLICATION SECURITY. Navigating a new era of cyberthreats

Expand Your Cyber Expertise. Secure Your Future.

California Cybersecurity Integration Center (Cal-CSIC)

HOSTED SECURITY SERVICES

ISACA West Florida Chapter - Cybersecurity Event

Security-as-a-Service: The Future of Security Management

Creating Value from Technology. September 2015

METHODOLOGY AND CRITERIA FOR THE CYBERSECURITY REPORTS

Decoding security frameworks for effective cyber defense. David Allott McAfee

Itu regional workshop

Driving Global Resilience

Cybersecurity & Digital Privacy in the Energy sector

Cybersecurity Session IIA Conference 2018

UAE National Space Policy Agenda Item 11; LSC April By: Space Policy and Regulations Directory

Information Governance, the Next Evolution of Privacy and Security

Cybersecurity for the SMB. CrowdStrike s Murphy on Steps to Improve Defenses on a Smaller Scale

Track 1 // Collaboration & Partnerships

Security in India: Enabling a New Connected Era

ASSEMBLY, No STATE OF NEW JERSEY. 217th LEGISLATURE INTRODUCED FEBRUARY 4, 2016

Critical Infrastructure Analysis and Protection - A Case for Secure Information Exchange. August 16, 2016

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

IDC FutureScape: Worldwide Security Products and Services 2017 Predictions

The Office of Infrastructure Protection

Better skilled workforce

ISAO SO Product Outline

BOARD DIRECTOR CONCERNS ABOUT CYBER AND TECHNOLOGY RISK

Bad Idea: Creating a U.S. Department of Cybersecurity

ICS Security Rapid Digital Risk Assessment

Internet of Things Toolkit for Small and Medium Businesses

How Your Organization Can Drive Success in the Age of Digital Disruption

WHY MOBILE SECURITY SHOULD BE IN YOUR TOP PRIORITIES

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

Effective Partnerships: Security and Privacy in Smart Cities

Helping the C-Suite Define Cyber Risk Appetite. The executive Imperative

Asset Management conference 2016

About Issues in Building the National Strategy for Cybersecurity in Vietnam

Building a Strong Cybersecurity Program During IT Transformation

CHIEF INFORMATION OFFICER

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner

Securing the Internet of Things (IoT) at the U.S. Department of Veterans Affairs

Cisco s Security Dojo: Raising the Application Security Awareness of 20,000+ Chris Romeo, Security Journey; formerly of Cisco Systems

Lookout's cybersecurity predictions

Cybersecurity: Federalism as Defense-in-Depth

Preparing your network for the next wave of innovation

TAN Jenny Partner PwC Singapore

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

EMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS

OUR VISION To be a global leader of computing research in identified areas that will bring positive impact to the lives of citizens and society.

Transcription:

DAN LOHRMANN, CHIEF STRATEGIST & CSO SECURITY MENTOR, INC. SEPTEMBER 6, 2017

WHAT S ON THE AGENDA... INTRO ON CULTURE CYBER THREAT TRENDS GLOBAL CHALLENGE IOT + OTHER REGULATIONS COMING THREE STORIES HOW CAN WE PREPARE FOR FUTURE CYBER CHALLENGES? THE JOURNEY TO A CULTURE THAT ANTICIPATES CYBER RISK FINAL THOUGHTS 2

The Power of Culture Peter Drucker: Culture eats strategy for breakfast. Culture isn't the enemy of strategy and performance, but an equal player in the game, not to be underestimated or overlooked. David Novak, co-founder and former CEO of YUM Brands, on how he built YUM brands: Success is all about culture. and Build your team with a set of core values and staff recognition. Say thank you. 3

MIT Sloan: Achieving Digital Maturity Based on a 2017 global survey of more than 3,500 managers and executives and 15 interviews with executives and thought leaders, MIT Sloan Management Review third annual study of digital business reveals five key practices of companies that are developing into more mature digital organizations. 1) Implementing systemic changes in how they organize and develop workforces, spur workplace innovation, and cultivate digitally minded cultures and experiences. Reference: http://sloanreview.mit.edu/projects/achieving-digital-maturity/ 4

Future of Work: Alternative Workforce 5

Deloitte s Future of Work: Culture Still Key 6 http://www.prnewswire.com/news-releases/deloitte-the-future-of-work-is-here-and-organizations-should-stop-speculating-and-start-acting-300497223.html

Small group: Break into groups of 3-5 Where Were you on 9/11/01? 1) 2) 3) What was security like before the event (offline + online)? What was security like after the 9/11 event (offline + online)? Do you have a culture of security now? Yes or No and why? 7

CYBERTHREAT RECAP 2014 8

CYBER THREATS 2015-2016 9

CYBER THREATS 2017 - CHANGE & GROW Symantec: Ransomware will attack the cloud McAfee: IoT malware opens a backdoor into the home Kaspersky: Commodification of financial attacks LogRhythm: Entire Internet will go down for a day Everyone: More DDoS attacks via IoT Everyone: Lack of trust More Fake News White Hat Security: Nothing will change. Forcepoint: Rise of the Corporate Incentivized Insider Threat FireEye: Security integration and orchestration considered the benchmarks of new technology investment You Ain t Seen Nothing Yet IDC: 2017 will be worse in every aspect of information security 10

Global Cyber Emergency Ransomware Epidemic 11 11

INTERNET OF THINGS AT RSA17 & GARTNER RISK SUMMIT A NEW BUZZWORD FOR ALL TECH? HUNDREDS OF IOT HEADLINES - NEW PRODUCT ANNOUNCEMENTS - INTERNET OF THINGS (IOT) THEMES RELATED TO ATTACKING DEVICES - CONSUMER - CRITICAL INFRASTRUCTURE COMPONENTS - GOVERNMENT SMART (EVERYTHING) - PANELS - MENTIONED IN MOST PRESENTATIONS ACCEPTED - HANDS-ON IOT DISPLAYS IN BASEMENT OF MARRIOTT MARQUIS BOTTOM LINE: IOT WAS THE #1 TOPIC AT THE RSAC 2017 IN SAN FRANCISCO 12

Homework: Regulating the Internet of Things By: Bruce Schneier https://www.youtube.com/watch?v=b05ksqy9f7k 13

How Can We Build A Culture That Anticipates Cyber Risk Three Stories to Help 14

#1 LEARN FROM HISTORY SECURITY REPEATS ITSELF, WITH A TWIST MICHIGAN S WIRELESS ADVENTURE. FROM WIRELESS TO CLOUD TO MOBILE TO INTERNET OF THINGS - INITIAL DEPLOYMENTS LACK SECURITY. TWO OPPOSING CAMPS EMERGE: LEADING-EDGE ADOPTERS AND SECURITY NAYSAYERS. 15

SECURITY LEADER BALANCING ACT ONE EXTREME...... TO THE OTHER SECURITY IS A DISABLER. THE ANSWER IS: NO! (WHAT WAS THE QUESTION?) ALL NEW IDEAS ARE BAD, NOT SECURE. COOL FEATURES NOW GO FOR VIRAL. FIRST TO MARKET, WE LL ADD SECURITY LATER. WHAT SECURITY? Find the middle road. Make security an ENABLER! 16

SECOND STORY FROM CYBER STORM ONE Cyber Storm I 2006 Global, multi-national exercise Michigan one of three states participating in both How much would you pay for a new mainframe in a crisis? 17

SECURITY LESSON #2: FUTURE ENEMIES ARE NOT ALWAYS OBVIOUS CYBER THREATS (AND ACTORS) ARE EVOLVING QUESTIONS TO ASK: 1. WHAT NEFARIOUS PURPOSE COULD BE APPLIED TO WHATEVER I M INVENTING IN IOT? 2. WHAT PROTECTIONS ARE IN PLACE? 3. WE VE BRAINSTORMED TO SOLVE THE PROBLEMS, BUT WHAT NEW PROBLEMS ARE WE CREATING? 18

THIRD LESSON WE MUST CONSTANTLY LEARN & ADAPT TO NEW CULTURES 19

KEY QUESTIONS: WHAT NEW NORMAL IS BEING CREATED WITH TECHNOLOGY INFRASTRUCTURE PLATFORMS? WHAT ASSUMPTIONS ARE BEING BUILT INTO YOUR CULTURE? WE ALL HAVE BLIND SPOTS? ASK: WHAT IF? CULTURE CHANGE: WILL THERE BE A CYBER 911 CHALLENGING ASSUMPTIONS? ONE EXAMPLE: IDENTITY MANAGEMENT SMARTPHONE BECOMES A UNIVERSAL REMOTE 20

The Pragmatic Journey: 7 Keys to Strengthen Your Cybersecurity Culture 1)Genuine Executive Priority and Support 2)Honest Risk Assessment to Measure Security Culture Now 3)A Clear Vision of Where You Want Your Security Culture to Be 4)A Cyber Plan (Roadmap) to Arrive at Your Destination 5)Clear Cybersecurity communication to the Masses 6) End User Security Awareness Training for Everyone 7) Celebrate Success with Food and Fun. Say thank you! Reference: http://www.govtech.com/blogs/lohrmann-on-cybersecurity/seven-keys-to-create-a-positive-culture-for-cybersecurity.html 21

The Journey: In Other Terms 22

MISTAKES: MAKING TRAINING A PUNISHMENT 23

How about you? Is this another ipad-like craze? 24

MY (FITBIT) WATCH: 1) 2) 3) 4) RESULTING IN: 1) 2) 3) 4) 5) 25

Final Thought - Phone a Friend - We need partnerships to succeed 26

PARTNER: YOU CAN T DO IT ALONE OUR VALUED ECOSYSTEM INCLUDES (OPS AND PLANNING): DEPARTMENT OF HOMELAND SECURITY (DHS) MICHIGAN INFRAGARD MULTI-STATE INFORMATION SHARING & ANALYSIS CENTER (MS-ISAC) FBI, OTHER STATES, LOCAL GOVERNMENTS, PRIVATE SECTOR CONTRACTS MICHIGAN INTELLIGENCE OPERATIONS CENTER (MIOC) RESOURCES: Stay Safe Online: https://staysafeonline.org/re-cyber/ THE NO MORE RANSOM PROJECT: HTTPS The Department of Homeland Security (DHS) Critical Infrastructure Cyber Community or C³ (pronounced C Cubed ): https://www.uscert.gov/ccubedvp The Federal Trade Commission s Start with Security: https://www.ftc.gov/news-events/audio-video/video/start-security-freeresources-any-business 27

THANK YOU! Contact Information: Dan Lohrmann, Chief Strategist & CSO Security Mentor, Inc., email: dlohrmann@securitymentor.com Blog: Lohrmann on Cybersecurity & Infrastructure: Connect on LinkedIn or Twitter: @govcso 28

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback