Robert Hayes Senior Director Microsoft Global Cyber Security & Data Protection Group

Similar documents
Cyber Resilience. Think18. Felicity March IBM Corporation

How will cyber risk management affect tomorrow's business?

Information Security Controls Policy

2017 RIMS CYBER SURVEY

THE POWER OF TECH-SAVVY BOARDS:

Cyber Threat Landscape April 2013

Keys to a more secure data environment

Cybersecurity, Trade, and Economic Development

External Supplier Control Obligations. Cyber Security

Combating Cyber Risk in the Supply Chain

Business continuity management and cyber resiliency

Building a Resilient Security Posture for Effective Breach Prevention

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Forensics and Active Protection

Department of Management Services REQUEST FOR INFORMATION

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Uncovering the Risk of SAP Cyber Breaches

Security by Default: Enabling Transformation Through Cyber Resilience

CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity

Optimisation drives digital transformation

CCISO Blueprint v1. EC-Council

IT risks and controls

Nine Steps to Smart Security for Small Businesses

NEN The Education Network

CLEARING THE PATH: PREVENTING THE BLOCKS TO CYBERSECURITY IN BUSINESS

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

CYBER RESILIENCE & INCIDENT RESPONSE

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

Cybersecurity Today Avoid Becoming a News Headline

10 FOCUS AREAS FOR BREACH PREVENTION

Cybersecurity Session IIA Conference 2018

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

What every IT professional needs to know about penetration tests

SELLING YOUR ORGANIZATION ON APPLICATION SECURITY. Navigating a new era of cyberthreats

Cyber Security Technologies

The Evolving Threat to Corporate Cyber & Data Security

Putting It All Together:

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS

CYBER INSURANCE: MANAGING THE RISK

CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW

Cyber Security: Threat and Prevention

Table of Contents. Sample

Canada Life Cyber Security Statement 2018

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

FOR FINANCIAL SERVICES ORGANIZATIONS

POSITION DESCRIPTION

Jeff Wilbur VP Marketing Iconix

NCSF Foundation Certification

Cyber Security Incident Response Fighting Fire with Fire

Cyber Security Program

The Center for Internet Security

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Position Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED

Governance Ideas Exchange

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

Cyber Security Stress Test SUMMARY REPORT

Designated Cyber Security Protection Solution for Medical Devices

Understanding the Changing Cybersecurity Problem

Cloud for Government: A Transformative Digital Tool to Better Serve Communities

TAN Jenny Partner PwC Singapore

Managing Cybersecurity Risk

Securing Digital Transformation

Cyber Resilience - Protecting your Business 1

Cybersecurity The Evolving Landscape

Certified Information Security Manager (CISM) Course Overview

GDPR: The Day After. Pierre-Luc REFALO

Cyber Risk A Corporate Directors' Briefing Webcast Q&A Summary

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

Implementation Strategy for Cybersecurity Workshop ITU 2016

An Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)

Mastering Data Privacy, Social Media, & Cyber Law

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

Government IT Modernization and the Adoption of Hybrid Cloud

Critical Information Infrastructure Protection Law

Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide

Critical Hygiene for Preventing Major Breaches

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

Detecting breach. There are only two types of organisations in the world... Terry Greer-King Director, Cyber security, UK & Africa May 2017

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

Digital Health Cyber Security Centre

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

Data Security Standards

Data Privacy in Your Own Backyard

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

THE CYBERSECURITY LITERACY CONFIDENCE GAP

How to Underpin Security Transformation With Complete Visibility of Your Attack Surface

Position Title: IT Security Specialist

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

Driving Global Resilience

Transcription:

Robert Hayes Senior Director Microsoft Global Cyber Security & Data Protection Group

Presentation Objectives Introductions Cyber security context Cyber security in the maritime sector Developing cybersecurity maturity What does success look like? Characteristics of Successful Organisations Quick wins

Introductions

Context Organisations cannot ignore the potential benefits of emerging technologies Efficiency savings & effectiveness gains Dynamic data driven decision making Context specific data to myriad of devices Optimise business processes Understand & predict behaviour Innovate or go out of business

Context However, using these technologies changes your security environment A new security model is needed Concept of perimeter changes Detection & Response becomes as importance as Defence Security exists within and enables an agreed organizational risk model

Context Cyber-attacks are growing in scale, scope, and sophistication Hardware & software are targeted, often in the supply chain Attackers range from disaffected employees, single-issue activists, hobbyhackers, criminals, terrorists, and nation states It is safe to assume that you are a target

Context Getting it wrong is expensive & can kill your business 5 % of business-related privacy and security breaches result in more $20 million in direct costs and damages Those costs include legal expenses and legal settlements, business interruption costs, investigating and remediating problems, as well as possibly paying for crisis communications and other specialized services Aon Corp

Context Just having insurance isn t enough The average cost for a breach is $7 million. Yet, the average portion of that cost borne by cyber-risk insurance is just $3 million If you consider all revenue classes, only 8 percent (of U.S. businesses) buy cyber coverage Aon Corp

Context This isn t just a data protection & privacy issue What harm could an attacker do if they chose to disrupt your infrastructure? Manipulate your connected equipment? Disrupt GPS & navigation systems Remotely change the mixing formula in your supplier s factory?

Cyber Security in the Maritime Sector The maritime sector is particularly vulnerable to a successful cyber attack Reliance on complex embedded systems Complex hardware & software supply chain with dependence on remote management Challenges of achieving skilled 1 st, 2 nd & 3 rd line support Lack of proximate third party or emergency support

Impact Assessment Regulators, Markets & Media will judge your organization based on: How long it took to detect a breach How long the attacker had been in the system & level of access obtained The quality of control, monitoring & cyber hygiene measures in place & supported by policy The effectiveness of the response plan The time taken to resume key services The effectiveness & speed of the post breach communication

Impact Assessment An increasing number of governments, insurance companies & enterprises are establishing minimum standards of cyber security if your organization is to be part of their supply chain or to seek insurance Only 1 in 3 supply chain vendor contracts contain security provisions Only 1 in 3 supply chain vendors have any security certification or accreditation

Developing Cybersecurity Maturity The key here is to strike the right balance enabling your organization to exploit the potential of emerging technologies effectively & securely? Most organizations lack the skills at board level to do this effectively & in-house IT alone is not enough Who is advising you?

Developing Cybersecurity Maturity Organizations which regularly review cyber threat & response planning at Board level are subject to fewer successful attacks, and respond more effectively when attacked This is not a technology issue, it is a business change issue driven by strategic risk & organizational imperatives It has to be enshrined in policy & process to succeed

Cyber Economics Goal: increase attacker costs Attacker s ROI = (G x T) (CV + CW)

Characteristics of Successful Organisations Assume Breach is the operating principle & systems are tested against this Situational awareness & assessment inform strategy & operational decision making Supply chain & dependencies are understood & mapped Coherent & rehearsed dynamic response plan Enshrined in policy, training, and process Owned & reviewed at Board level

Quick Wins Reduce the number of privileged admin accounts to the absolute minimum, reduce the scope of the ones left, and use multifactor authentication Patch & Update promptly Cyberkeel Maritime Sector survey April 2015 37% failure rate Control physical access to your network & devices and establish gateway identity & health checks for network connections

Quick Wins Application whitelist Baseline normal activity on your network & look for outlier behaviour Have an alternative communication system ready for when you are attacked Understand who will help you on tactical & strategic recovery & have the relationship in place. Have 24/7 contact numbers for key personnel & vendors

Quick Wins Most attacks require some user interaction. Writing clear policy, training & educating staff, combined with visible sanctions for breaching policy works!

Conclusion The maritime sector is particularly vulnerable to cyber attack, and the consequences of a successful attack could be more severe than other domains Organisations in the maritime sector should be treating this as a high priority The processes of Protect, Detect, Respond are mature in other sectors & will work equally effectively in the maritime sector.

Robert Hayes Microsoft Global Cyber Security Group robert.hayes@microsoft.com The difficulty lies not in the new ideas, but in escaping from the old ones John Maynard Keynes 1883-1946

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback