Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.pwc.ie Cyber Security June 2016.

Similar presentations


Presentation on theme: "Www.pwc.ie Cyber Security June 2016."— Presentation transcript:

1 Cyber Security June 2016

2 Agenda Why is Cyber Security such a hot topic ?
Who is behind it and how do they do it? Identifying a cyber attack, what next? Prevention is better than cure. Cyber Security Awareness. June 2016

3 Cyber Security – Why such a hot topic?
1

4 Cyber Security – why such a hot topic ?
Cyber Attacks - 5th Most Likely Global Risk World Economic Forum 2014 Cyber Crime has Surpassed Illegal Drug Trafficking as a Criminal Moneymaker; 1 in 5 will become a Victim Symantec Corporation “Worldwide Cost of Cybercrime Estimated at $400 Billion” Center for Strategic International Studies (CSIS), “Cybercrime is perceived as the highest risk to Irish businesses in the next 2 years” PwC Irish Economic Crime Survey “ Cyber threats are of extraordinary and long-term seriousness. They are first on the Division of Intelligence’s list of global threats, even surpassing terrorism.” SEC’s roundtable on cybersecurity, SEC Chair Mary Jo White The world economic forum are saying it’s the 5th most likely global risk to occur in 2014. It has surpassed illegal drug trafficking and the cost of cybercrime is now estimated at 400 Billion Increase in Ireland – Already mentioned working with a client who database was being sold on the Internet underground Ransomware – found during a cyber due diligence exercise Customer data (personal information) has a monetary value and it is being bought and sold on the Internet underground every day with values per record rising with the more data you have on an individual – now aggregating data with social media e.g. to get mother’s maiden name etc. Asset Management organisations and service providers may have AML documentation – copy of drivers license, passport etc. Fraud team – profiling customers “The Central Bank will use its supervisory powers to ensure that remedial action is taken in those organisations where significant weaknesses were uncovered in the recent inspections." Central Bank Director of Markets Supervision, Gareth Murphy. Cyber Security • The Institute of Banking - Practical Workshop Cyber Security • The Institute of Banking - Practical Workshop November 2014 5 PwC 4 4

5 Cyber Security Incidents
Cyber Security Incidents June 2016 5

6 New EU General Data Protection Regulation
Security Breach reporting within 72 hours (Only limited exemptions to this for SME’s). Creates an Added emphasis on breach management and Incident response procedure. Penalties. €10m or 2% turnover •Security measures •Data protection by design/default •Processor rules •Breach reporting •DPIAs •Records of processing activities €20m or 4% turnover •Breach of principles •Lawfulness of processing •Conditions for consent •Rights of data subjects •Data transfers •Supervisory Authority(SA) non-compliance DPIAs – Data Privacy Impact Assessments June 2016

7 Who is behind it and how do they do it?
2

8 Businesses today face four main types of cyber adversaries
Adversary Motives Targets Impact Economic, political, and/or military advantage Trade secrets Sensitive business information M&A information Critical financial systems Loss of competitive advantage Regulatory inquiry/penalty Disruption to critical infrastructure Nation State Immediate financial gain Collect information for future financial gains Financial / payment systems Personally identifiable information Payment card information Protected health information Regulatory inquiry/penalty Consumer and shareholder lawsuits Brand and reputation Loss of consumer confidence Organized Crime Influence political and /or social change Pressure business to change their practices Corporate secrets Sensitive business information Critical financial systems Disruption of business activities Brand and reputation Loss of consumer confidence Hacktivists Personal advantage, monetary gain Professional revenge Patriotism Bribery or coercsion Sales, deals, market strategies Corporate secrets Business operations Personnel information Administrative credentials Trade secret disclosure Operational disruption Brand and reputation Loss of consumer confidence Insiders June 2016

9 Cyber threats and attacks
How ? Hacking attacks Malware / APT’s DDOS Phishing Social Engineering Where ? Cyber Attacks are Borderless Hacker Havens Many attack avenues into your organisation Full Compromise Privilege Escalation Identify Targets Internal Network Enumeration Who ? Insider Ex-employee Script Kiddy Lone Hacker/Hobbyist Business Partner Competitor Hacktivists / Hacker Group Organised Crime Cyber terrorists State sponsored Cyber Warfare Exploit Vulnerability When ? Attacks are happening constantly Check your IDS or FW logs today to see Vulnerability Assessment Network Reconn Internal External Info Gathering Cyber Security • The Institute of Banking - Practical Workshop June 2016 12 PwC 9

10 Direct vs. Indirect cyber threat scenarios
Direct vs. Indirect cyber threat scenarios Direct cyber threat scenarios Indirect cyber threat scenarios Direct cyber threats involve attacks against systems, processes and people under organizations management or control. Indirect cyber threats involve attacks against systems, processes, and people outside of organizations direct control, but with consequences affecting the organization, both intended and unintended. Cyber Security • The Institute of Banking - Practical Workshop June 2016 13 PwC 10

11 Information and Technology
Cyber security could have broad direct and indirect impact Illustrative model* Financial Legal Information and Technology Operations Human Capital Reputation Global PwC’s Hazard Catalogue: The Seven Categories of Hazards that Apply to Any Financial Institution Unfavourable Audit Findings Lawsuits Disruptive Change Supply Discontinuity Ineffective Recruiting Brand Degradation Terrorism Insider Trading New Legislation Technology Incompatibility Infrastructure Failure Inadequate Capabilities Loss of Market Position War Unfavourable Market Conditions New Treaty Intellectual Property Leakage Supply Chain Issues High Turnover Low Customer Confidence Natural Disaster New Taxation Sanctions Espionage Execution Failures Training Inadequacy Loss of Partner Relationships Pandemic Balance Sheet Infidelity Whistle Blower Fraud Supply Fulfilment Gaps/Delays Succession Gaps Unfavourable Price Elasticity Geopolitical Instability Balance Sheet Write-Offs Regulatory Non- Compliance Data Breach Low Supplier Quality Low Employee Confidence Communication Mismanagement Money Laundering Asset Deflation Apps. & Network Vulnerability Physical Security Breach Performance Gaps Poor Market Access Counterfeit Embezzlement Discrimination Kidnap & Ransom Key: Areas where cyber incidents are either the source, cause or a contributor of hazards for clients. Cyber Security • The Institute of Banking - Practical Workshop November 2016 14 PwC 11

12 Identifying a cyber attack, what next?
3

13 What is industry telling us?
It takes an average of 100 days before an attack can be detected Only 41% of organisations have a fully tested incident response plan The composition of response teams is often flawed with an over reliance on IT function. 61% of Irish companies believe that cyber will become their biggest risk June 2016

14 Identifying a cyber attack, what next?
It’s difficult, it’s complex and may take a while It is not an IT problem Don’t try and do it on your own Quantification is essential Some do it better than others Have a well tested cyber response plan Communications June 2016

15 Prevention is better than cure?
4

16 Prevention is better than cure
Board involvement is critical Treat cyber like any other risk Awareness & Education Continuous improvement Identify the crown jewels Maximise technology, cloud and big data June 2016

17 Cyber Security Awareness
5

18 Game of Threats (Cyber Security Awareness)
PwC custom developed attack and defence simulation based on ‘Game Theory’ and real life threat vectors with the goal to educate c-level execs on how to respond to a major cyber attack. Raises Awareness Changes Tone at the top June 2016

19 Game of Threats (Cyber Security Awareness)
Covers Typical Data Breach and Hack scenarios; SQL Injection, DDOS, Ransomware etc. Involves an interactive roleplay on how a company may react and implement measures as risk mitigation to such threats. June 2016

20 This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors. PwC firms help organisations and individuals create the value they’re looking for. We’re a network of firms in 158 countries with close to 169,000 people who are committed to delivering quality in assurance, tax and advisory services. Tell us what matters to you and find out more by visiting us at © PricewaterhouseCoopers. All rights reserved. PwC refers to the Irish member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see for further details.


Download ppt "Www.pwc.ie Cyber Security June 2016."

Similar presentations


Ads by Google