The emerging battle between Cyber Defense and Cybercrime: How Technology is changing to keep Company and HR data safe

AGENDA BRIEF Update on Cyber Threat Landscape HR Involvement Solutions Q&A TM

Do we treat cybersecurity as: an IT duty? an Operations duty? or HR duty? TM

ecellar Systems, LLC

R.I.P. 201?

If you have integrity,.nothing else matters. If you do NOT have integrity,.nothing else matters. TM

BUSINESS IMPACT EVOLUTION OF THE CYBER THREAT Impact of attacks growing as technology becomes more inter-connected Hig h Low Unsophisticated Attacks Exploration and Experimentation (Damage normally caused by accident) Hacks conducted for Notoriety 1987 Christmas Tree Exec Worm 1980s Network attacks Hackers Insecure codes Attacks with a Purpose Hackers identifying how to exploit weaknesses. Damage and Disruption done on purpose Distinction between Script Kiddies and Hackers develops Emergence of commercial internet (Web 1.0) 1992 1260 Virus (1 st Polymorphic Virus 1996- Cryptoviralogy is born 1990s Data breach Cyber crime Malware Critical infrastructure attacks Identity theft Age of Email Hackers utilize email as the delivery system for worms and viruses Criminal organizations start building infrastructure to exploit cyber crime. Most activity is web defacement/network breakins with limited data theft. 2002 Web 2.0 Advent of BOT Attacks 2000s Cyber warfare RISE OF THE ELITE HACKER Cyber Crime becomes monetized. (Data sales and Ransomware) Widespread state sponsored attacks Hackers start utilizing tertiary networks to breach the target. Cyber Activism become commonplace 2010 Operation Aurora revealed June 2010 Stuxnet released 2010-2016 Foreign state sponsored cyber espionage Cyber terrorism Mobile Threat Data is now mobile and connected devices are the target Commercial/Military UAVs Artificial intelligence Mobile payment Networked telematics Internet of things DDoS Mirai Botnet FUTUR E

Cybersecurity 2017 Trends 'Malware as a precision tool to breach an organization s defenses Ransomware Phishing

250 Volume of Spam 2015-2017 In Excess of 205 Billion email per DAY 200 150 100 50 0 Q1 2015 Q2 2015 Q3 2015 Q4 2015 Q1 2016 Q2 2016 Q3 2016 Q4 2016 Q1 2017

Volume of Malware 2007-2016 1 Million New Incidents Per DAY 1,000,000 900,000 800,000 700,000 600,000 500,000 400,000 300,000 200,000 100,000 0 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016

Cyber Crime Is Big Business for Hackers Easy and Profitable to Sell Data

Hacker Activity Past to Current Monetized their activity More sophistication Smaller organizations targeted

Cost to any organization of a cyber-attack can literally destroy a business.

Per-Record Data Breach Costs by Industry $450 $400 $ Healthcare $350 $300 $250 $200 $150 $123 Transportation $137 Energy $149 Industrial $154 Retail $200 Education $245 Financial $100 $ 50 $71 Public $0-2016 Ponemon Institute Cost of Data Breach Study

Cost / Profit from Crime Norton / Symantec Corp: July 2016 Global black market in marijuana, cocaine and heroin COMBINED: $288 billion Cost of global cybercrime: $388 billion and growing

Information from: 2016: 1,093 data breaches in U.S. (TRACKED) - almost half of World breaches 900,000,000 Records Stolen

Information from: Average consolidated cost of a data breach in 2016 was $17.36 million. Average small size company breach cost was $454,000

Information from: Minimum Cost of Breach: Small Company was $300,000 Medium size company was $6.7 million Large size company was $73.75 million

Economic cost and Reputational Costs are Significant.

Only 6% of Companies will Survive Longer than 2 Years after a Data Breach. Gartner Research

A FIREWALL AND ANTI- MALWARE SOFTWARE ARE NOT ADEQUATE PROTECTION!

You MIGHT be THINKING......But we have our IT guys protecting us

CRITICAL TO UNDERSTAND DIFFERENCES IT Department Break / Fix Install Software Keep machines working Re-active Cyber Security Works to: Detect Analyze Defend Proactive Your HR and IT Department s Best Friend

CRITICAL TO UNDERSTAND DIFFERENCES IT Department Cyber Security Break / Fix Install Software Keep machines working Re-active Prevents Bad Guys from: Gaining access to Company records Holding Company Hostage Your HR and IT Department s Best Friend

Nationally, the time elapsed from the initial breach to when the breach is detected exceeds 200 days - Accenture

Time from the detection of a new vulnerability by to client notification is under 24 Hours

The SOLUTION Military Grade Cyber Security Prevention and Protection The Alliance Network January 2016

Best Defense is often Prevention 85% of All Cyber Security Attacks Can be Stopped by Implementing 5 Cyber Security Tools

OUR SUITE of PRODUCTS Titanium Castle Nimble Feather Stonewall Aegis Razor Wire Picket Fence We assess and rank a company s vulnerabilities to hacking. This gives the Company s IT department the ability to fix these weaknesses. Remember the IT department can't fix what it doesn t know about. Your HR and IT Department s Best Friend

Cyber Security Protection

Cyber Security Protection Effective Security Strategies to Fortify and Thwart Threats

True Cyber Security Protection Defense in Depth

True Cyber Security Protection Protocol 46 Bitdefender Razor Wire Picket Fence PROTOCOL TRUE CYBER SECURITY 46 PROTECTION PROTECTION Nimble Feather Stonewall Aegis

COMPETITION OUR COMPANY ADVANTAGE AFFORDABILITY Ease of Use Plug and Play Reports Pull All Information Together

COMPETITION OUR COMPANY ADVANTAGE Military and 3 Letter Agency Cyber Security Expertise and Experience Fighting an A-Typical War

COMPETITION OUR COMPANY ADVANTAGE Our Solutions are PRO-ACTIVE rather than REMEDIAL

COMPETITION OUR COMPANY ADVANTAGE We get AHEAD of the Breach Not Clean up the Mess After

COMPETITION OUR COMPANY ADVANTAGE PRO-ACTIVE Multi device/sensor concept make us different / better than the competition All Protocol 46 tools work in concert to provide continuous scanning and multiple layers of proactive protection.

COMPETITION OUR COMPANY ADVANTAGE PRO-ACTIVE Our solutions are monitored and updated in response to the cyber threat-scape. Competitors or other products do not update, do not upgrade or have the ability to change like we do.

Do we treat cybersecurity as: an IT duty? An Operations duty? or HR duty? TM

Q and A

THANK YOU! Scott Schue scott@protocol46.com (763) 276-3493 Chuck Standfuss Chuck.Standfuss@protocol46.com (612) 747-5860

Can you answer CYBER SECURITY CHECKLIST What is our plan to respond to a data breach? Are we adequately insured? How do we monitor our systems and prevent breaches? How often do we verify the effectiveness of our security? Is our security clear and consistent? Are third parties really securing our most valuable information? Cybersecurity checklist Can you answer these questions about your business? Do our security goals align with business priorities? How much is the issue of security integrated into your business? Do we have the basic rights for security measures? Have we identified and protected our most valuable processes and information? Do we treat cybersecurity as an IT, an Operations, or a HR duty?

Inventory of Authorized and Unauthorized Devices Inventory of Authorized and Unauthorized Software Secure Configurations for Hardware and Software Continuous Vulnerability Assessment and Remediation The one we don t do is: Controlled Use of Administrative Privileges

True Cyber Security Protection Effective Security Strategies to Fortify and Thwart Threats Bitdefender Razor Wire Nimble Feather Picket Fence Stonewall Aegis

Proud to be Veteran owned Over 150 years of Military Intelligence and Cyber Security Experience.