Defensible and Beyond

Similar documents
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

Emerging Issues: Cybersecurity. Directors College 2015

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

Defensible Security DefSec 101

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

Cybersecurity Today Avoid Becoming a News Headline

Forging a Stronger Approach for the Cybersecurity Challenge. Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax Health

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

CYBER SECURITY TAILORED FOR BUSINESS SUCCESS

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Building a Resilient Security Posture for Effective Breach Prevention

Endpoint Protection : Last line of defense?

Choosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist

falanx Cyber Falanx Phishing: Measure your resilience

Cybersecurity Auditing in an Unsecure World

Securing Digital Transformation

STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Defense in Depth Security in the Enterprise

Jeff Wilbur VP Marketing Iconix

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

How to Optimize Cyber Defenses through Risk-Based Governance. Steven Minsky CEO of LogicManager & Author of the RIMS Risk Maturity Model

Innovation policy for Industry 4.0

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Protect Your Organization from Cyber Attacks

Securing Your Digital Transformation

RiskSense Attack Surface Validation for IoT Systems

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Sage Data Security Services Directory

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

PCI DSS Addressing Cyber-Security Threats. ETCAA June Gabriel Leperlier

WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS

Cybersecurity The Evolving Landscape

NCUA IT Exam Focus. By Tom Schauer, Principal CliftonLarsonAllen

CYBER SECURITY EFFECTIVENESS FOR THE RESOURCE-CONSTRAINED ORGANIZATION

FOR FINANCIAL SERVICES ORGANIZATIONS

Cyber security tips and self-assessment for business

Cyber Defense Operations Center

2017 Annual Meeting of Members and Board of Directors Meeting

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

CYBERSECURITY MATURITY ASSESSMENT

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

Cyber Resilience - Protecting your Business 1

Rethinking Information Security Risk Management CRM002

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Angela McKay Director, Government Security Policy and Strategy Microsoft

People risk. Capital risk. Technology risk

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Background FAST FACTS

Department of Management Services REQUEST FOR INFORMATION

Cybersecurity Roadmap: Global Healthcare Security Architecture

Methods for Reducing Cybersecurity Vulnerabilities of Power Substations Using Multi-Vendor Smart Devices in a Smart Grid Environment

Keep the Door Open for Users and Closed to Hackers

with Advanced Protection

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

IT Security: Managing a New Reality

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches

RSA NetWitness Suite Respond in Minutes, Not Months

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

How To Build or Buy An Integrated Security Stack

Moving Beyond the Heat Map: Making Better Decisions with Cyber Risk Quantification

Compliance Audit Readiness. Bob Kral Tenable Network Security

Governance Ideas Exchange

June 2 nd, 2016 Security Awareness

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

Cybersecurity. Securely enabling transformation and change

Technology Roadmap for Managed IT and Security. Michael Kirby II, Scott Yoshimura 04/12/2017

Cybersecurity. You have been breached; What Happens Next THE CHALLENGE FOR THE FINANCIAL SERVICES INDUSTRY

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

EU General Data Protection Regulation (GDPR) Achieving compliance

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

Service Provider View of Cyber Security. July 2017

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Technology Roadmap for Managed IT and Security. Michael Kirby II, Scott Yoshimura 05/24/2017

Healthcare HIPAA and Cybersecurity Update

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

ACTIONABLE SECURITY AWARENESS: CONVERT THE WEAKEST LINK INTO THE SAFETY FORCE

Take Risks in Life, Not with Your Security

Security Awareness Training Courses

Top Ten IT Security Risks CHRISTOPHER S. ELLINGWOOD SENIOR MANAGER, IT ASSURANCE SERVICES

Must Have Items for Your Cybersecurity or IT Budget in 2018

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

Decoding security frameworks for effective cyber defense. David Allott McAfee

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

Certified Cyber Security Specialist

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

SECURITY SERVICES SECURITY

Transcription:

TELUS Defensible and Beyond Mike Vamvakaris Director and Head of Cyber Security Consulting November 2017

Digital transformation brings many benefits Communication and Collaboration Autonomous and Artificial Intelligence (AI) Internet of Things (IoT) 2

it also brings new risks 160% YoY growth in cybersecurity incidents in Canada 85% Organizations reported being victim of a phishing attack 49% Businesses fell victims to cyber ransom attacks in 2016 38% Organizations have systems/controls for advanced threats 54K IT skills gap in Canada in 2016: key areas include IT operations, security and programming Source: IDC, Cisco, Hootsuite, Gartner, Statista 3

What s at stake? 35% of organizations were hit with ransomware in 2017 Attackers can typically get admin access within 3 days $86k to $5.78M 1 out of 5 couldn t conduct business for an hour to a day or more 100 days before an organization detects a breach The costs of single cyber attacks are increasing Source Malwarebytes Second Annual State of Ransomware, Ponemon Institute, Mandiant M-Trends 2017 4

How are they getting in? Emerging threats Ransomware Phishing attacks DDoS attacks IoT / weak passwords Hardware / Firmware targets Mobile device attacks Social media fake ads Hacking personal devices smartphones, tablets 5 Source: 2017 Verizon DBIR

Why Defensible? No organization is immune to attack 6

Defensible What are they after? 7

Defensible Good hygiene Hygiene Identify your most sensitive data to protect where does it reside, why do they want it? Take a defensive in depth approach Keep antivirus definitions up-to-date and scanning regularly Patch your operating system and software Use strong authentication practices Be wary of social engineering and don t open emails / attachments from unknown sources 8

Defensible Strong compliance Compliance Utilize a cyber framework to manage your overall security program Network with Industry peers to explore best practices Document policies and procedures Assign responsibilities to hold everyone accountable Measure program results and communicate results continuous improvement 9

TELUS Journey Defensible and Beyond

Target breach Inflection point for TELUS 2013 2014 July 5 Dec 18 Dec 19 Jan 10 BlackPOS advertised for sale in Russian underground site for $1000 Target breach story breaks, American Express and U.S. Secret Service publically confirm Target breach Target publically confirms breach of credit and debit card information, 40 million customers data breached Target publically revises number of customers affected to worst case number of 110 million Mar 5 Mar 26 Apr 23 CIO resigns Banks file lawsuit against Trustwave and Target Cyber Risk insurance providers take action to increase premiums and reduce coverage limits 11 May 5 CEO resigns

TELUS Security Core beliefs Security is about quantifying and reducing risk It s also about enabling innovation Technology alone will not make you secure Your frontline employees can be your weakest link or one of your most advanced detection systems 12

TELUS ecosystem Beyond defensible Internet Cloud Providers Customers IPS/IDS AV Vendors SIEM SOC Data Cluster Risk Based Security Measurable Outcomes 13

Security ecosystem 14

TELUS Crown jewels Protect the Anchor Client Cyber security analytics Expand the use of predictive data, analytics and threat intelligence to detect and respond to cyber threats. Secure-by-Design Ensure that security is included in the fundamental design of all TELUS services throughout the full lifecycle. Governance, Risk & Compliance Improve the protection of TELUS assets leveraging people, process & technology informed by sound risk management. Utilize the experience and expertise to improve solutions for our customers. 15

Protecting the Anchor Client How we do Secure by Design Sherpa TELUS GRC tool to track projects, risks & mitigation timelines Security Library NIST Checklist Threat Model Library Supporting documents for our corporate policy and risk tolerance List of approved systems to meet NIST functions (e.g. use Corp. LDAP) Mappings to other control and certification standards Security Expert Once basic security has been approved Standard requirements for standard scenarios (e.g. web server in a DMZ) 16

A consistent approach to communication and training Measure & Evolve Educate Assess & Reinforce Test Communicate Enhancing our security community and building a strong first line of defense 17

Phishing Simulations Practice makes perfect(ish) Why? The phishing threat landscape is continuously evolving as threat actors change who they are targeting and how To convert a potential weakness into our first line of defence Help secure your organization by educating Team Members on how to be secure at both at work and at home How? TEST - send out frequent simulations of increasing difficulty to continuously engage and challenge Team Members ASSESS - Track and assess Team Member click through and report rates TRAIN - Provide additional information and training to teams or individuals with low scores EVOLVE Use real world data and simulation results to evolve, focusing on areas of weakness 18

Continuously developing our Culture of Security Reference Materials Real-world Events Engaging Topics At Work = At Home Reporting Ensure security policy and guidelines are readily available to all Team Members Produce articles reporting on global security incidents as they happen Use personally engaging security topics to engage and educate Team Members Encourage Team Members to use security best practices both at work and at home See Something? Say Something 19

What we do for our Clients 20

First Step TELUS Defensible Security Gap Assessment Embrace expert advice from a third party to baseline your cyber security posture (hygiene & compliance) and identify gaps Third party assessments are a quick way to understand and communicate organizational deficiencies and to recommend actions for achieving compliance 21

Thank You

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback