Cyber Security. It s not just about technology. May 2017

Similar documents
Testers vs Writers: Pen tests Quality in Assurance Projects. 10 November Defcamp7

CYBER CAMPUS KPMG BUSINESS SCHOOL THE CYBER SCHOOL FOR THE REAL WORLD. The Business School for the Real World

How to avoid storms in the cloud. The Australian experience and global trends

Security Hygiene. Be in a defensible position. Be cyber resilient. November 8 th, 2017

HOW SAFE IS YOUR DATA? Micho Schumann, KPMG, Cayman Islands

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Never a dull moment. Media Conference «Clarity on Cyber Security» 24 May 2016

Survey - Governance, Risk and Compliance

Emerging Technologies The risks they pose to your organisations

Physical security advisory services Securing your organisation s future

The GDPR Are you ready?

A Global Look at IT Audit Best Practices

Better together. KPMG LLP s GRC Advisory Services for IBM OpenPages implementations. kpmg.com

Cybersecurity Session IIA Conference 2018

Cyber security and awareness for non-financial services. 24/25 May 2017

Clarity on Cyber Security. Media conference 29 May 2018

Auditing IT General Controls

Cyber Espionage A proactive approach to cyber security

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

Cyber Risk for Maritime

IT Audit Auditing IT General Controls

Cyber Threat Landscape April 2013

Trough a cyber security lens

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

Vulnerability Management. June Risk Advisory

TRAINING WEEK COURSE OUTLINE May RADISSON HOTEL TRINIDAD Port of Spain, Trinidad, W.I.

How to Prepare a Response to Cyber Attack for a Multinational Company.

A new approach to Cyber Security

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

SFC strengthens internet trading regulatory controls

CYBER SECURITY TAILORED FOR BUSINESS SUCCESS

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

Turning Risk into Advantage

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

locuz.com SOC Services

IIoT cyber security simulation

How to be cyber secure A practical guide for Australia s mid-size business

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

Cybersecurity Protecting your crown jewels

FOR FINANCIAL SERVICES ORGANIZATIONS

Cybersecurity The Evolving Landscape

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

HEALTH CARE AND CYBER SECURITY:

EMERGING TRENDS IN WHITE COLLAR CRIMES

Leveraging ediscovery Technology for Internal Audit 2016 Houston IIA 7th Annual Conference

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

January 25, Digital Governments. From KPMG s Harvey Nash survey to a future of opportunities

CyberArk Privileged Threat Analytics

Ahead of the next curve

Cybersecurity Auditing in an Unsecure World

What Directors and C-Suite professionals need to know kpmg.ca/insuranceconference2017

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Big data privacy in Australia

BHConsulting. Your trusted cybersecurity partner

CipherCloud CASB+ Connector for ServiceNow

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

Defense in Depth. Constructing Your Walls for Your Enterprise. Mike D Arezzo Director of Security April 21, 2016

E-Guide CLOUDS ARE MORE SECURE THAN TRADITIONAL IT SYSTEMS -- AND HERE S WHY

Cyber Risks in the Boardroom Conference

Best Practices in Securing a Multicloud World

Cyber Security. Building and assuring defence in depth

Governance Ideas Exchange

Express Monitoring 2019

Background FAST FACTS

Combating Cyber Risk in the Supply Chain

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

HIPAA Privacy, Security and Breach Notification

Are we breached? Deloitte's Cyber Threat Hunting

CYBER SOLUTIONS & THREAT INTELLIGENCE

ForeScout ControlFabric TM Architecture

Data Sheet The PCI DSS

CA Security Management

GDPR: A QUICK OVERVIEW

Gujarat Forensic Sciences University

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

Mastering The Endpoint

A sharper focus on internal controls

The NextGen cyber crime battlefield. Why organizations will always lose this battle

OVERVIEW OF SUBJECT REQUIREMENTS

Keys to a more secure data environment

Protect Your Institution with Effective Cybersecurity Governance. Baker Tilly Virchow Krause, LLP

Modern Database Architectures Demand Modern Data Security Measures

EMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS

CYBER INSURANCE: MANAGING THE RISK

BHConsulting. Your trusted cybersecurity partner

Transforming Security Part 2: From the Device to the Data Center

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

Cyber Security Incident Response Fighting Fire with Fire

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Integrated, Intelligence driven Cyber Threat Hunting

Moving from Prevention to Detection March 2017

Cyber Resilience. Think18. Felicity March IBM Corporation

Strengthening your fraud and cyber-crime protection controls. March 2017

Reading the Tea Leaves of the 2015 RSA Conference Submissions

MITIGATE CYBER ATTACK RISK

Transcription:

Cyber Security It s not just about technology May 2017

Introduction

The Internet has opened a new frontier in warfare: everything is networked and anything networked can be hacked. - World Economic Forum Global Risk Report 3

Cyber risk: Why is it topical now? This is not a new threat, hackers have been infiltrating sensitive government and institutional systems since the early 1990 s, however, the Cyber Security market is erupting due to many high profile and highly disruptive/damaging security breaches threatening financial and physical damage across critical national and corporate infrastructures. Source: 2017 the WEF Global Risks Landscape 2017 4

How perverse are Cyber Risks? This has caught the attention of governments and policy makers, intelligence services, the media and increasingly also board-level executives across the globe. Cyber security has become an Executive driven issue. 5 Source: 2017 the WEF Global Risks Landscape 2017

Cyberattacks prevalence, rank Source: 2016 the WEF Global Risks Landscape 2016 6

The Fourth Industrial Revolution is here Klaus Schwab, founder and executive chairman of the World Economic Forum (WEF) believes that we are at the beginning of the fourth industrial revolution Source: 2016 the WEF Global Risks Landscape 2016 7

Global CEO Outlook East Africa Source: KPMG 2016 CEO Outlook Survey 8

Cyber Incidents are the new normal Source: Cyber Crime Survey, 2015, KPMG India 9

Cyber Security Data Analytics Organisations are able to 46% Remediate only if legitimate alerts received 44% Of operations managers See more than 5000 security alerts per day 22% Of breached organisations lost customers 29% Of breached organisations lost revenue 23% Of breached organisations lost business opportunities Source: Cisco 2017 Annual Cyber Security Report 10

Is the traditional approach effective? No of incidents identified by internal IT teams < 6% Time taken from infection to detection > 150 days Post detection to reaction & Reaction to remediation? 11

Cyber Security Traditional Approach 12

Limitation with Traditional Approach 13

Trends and Lessons Learnt

Trends Accelerating The Cyber Threat 1 2 3 4 5 External threats Change in the way business is conducted Rapid technology change Regulatory compliance Changing market and client needs Organized crime, nation-states, cyber espionage, hacktivism, insider threats. Cloud computing, big data, social media, consumerization, BYOD, mobile banking. Critical national infrastructure, smart/metering, internet of all things. Data loss, privacy, records management. Strategic shift, situational awareness, intelligence sharing, cyber response. 15 15

Some considerations Considerations Configuration management Factors to consider Is there a database of configuration items (CMDB)? Has a security standard been implemented (list of secure settings applied on the platform)? User access Access creation, modification, deletion and review Is access integrated across platforms (e.g., Windows, MS SQL and AD)? Privileged access management Is privileged access appropriate granted, revoked, reviewed and monitored? Is there a segregation between users with privileged access at each level of the access path? Is access integrated across platforms - jump servers? 16 16

Examples of lessons learnt and top risks Key risks Security vulnerabilities Inappropriate / unauthorised activities 3 rd party risks Factors to consider Are security patches applied (not only OS and DB, also other applications like Adobe, Java etc)? Have network controls been implemented (Firewalls, IPS, APT etc.)? Have appropriate malware controls been implemented? Logging and monitoring of access (can be native logging or done by a third party tool). Is there a process to detect and follow-up on activities identified? Are logs stored on a different server and access to the logs restricted (to a different set of people that who can access the server)? Have 3rd party risks been assessed? Are security requirements clearly articulated to 3rd parties? Do we have a right to audit 3rd parties? Have are the other key risks addressed with respect to 3rd parties 17 17

Where do we start?

Board Governance Key areas from board governance perspective. Roles and responsibilities Proactive Approach identify new threats and risks 5 Protect what Matters Identify Crown Jewels Determine key risk indicators Socialize to Increase Awareness on Cyber Security across the enterprise 19

Cyber Security: Board Room Questions? 20

Cyber Security -A Comprehensive Program 21 21

Proactively identify changing threat environment 22 22

Thank you Jared Nyarumba Associate Director, KPMG Risk consulting kpmg.com/socialmedia kpmg.com/app The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. 2017 KPMG Advisory Services Limited, a Kenyan Limited Liability Company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. The KPMG name, logo are registered trademarks or trademarks of KPMG International.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback