Cyber Security Nevada Businesses Overview June, 2014.

Slides:



Advertisements
Similar presentations
ETHICAL HACKING A LICENCE TO HACK
Advertisements

Cyber Crime and Technology
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.
UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Jinhyun CHO Senior Researcher Korea Internet and Security Agency.
David A. Brown Chief Information Security Officer State of Ohio
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
Ray Greenlaw, School of Computing Armstrong Atlantic State University 1 Regional Center for Cyber Security Education and Training January 2003.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.
Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.
Cyber-Warfare: The Future is Now!
CJ © 2011 Cengage Learning Chapter 17 Cyber Crime and The Future of Criminal Justice.
Cyber Security Finance Forum 2012 Michael DuBose Managing Director & Practice Leader Cyber Investigations.
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB
POWERED BY: #NPPROTGC KEYNOTE Two Perspectives for Cybersecurity Best Practices Jane LeClair, Phd Chief Operating Officer National Cybersecurity Institute.
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.
Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:
Did You Hear That Alarm? The impacts of hitting the information security snooze button.
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Cybersecurity and the Department of Justice Vincent A. Citro, Assistant United States Attorney July 9-10, 2014 Unclassified – For Public Use.
CYBER CRIME: EFFECTS ON IMPORTING & EXPORTING SUFFOLK COUNTY POLICE DEPARTMENT PRESENTED BY: DEPUTY INSPECTOR, GERARD X. MCCARTHY COMMANDING OFFICER SPECIAL.
Anti-counterfeiting Activities by the Korean Intellectual Property Office June 2006 KIPO The Korean Intellectual Property Office.
Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security.
Strategies for Innovation Sourcing 30 August 2007 Paul McGowan Center for Innovative Technology Herndon, VA / Strategies.
Information Warfare Playgrounds to Battlegrounds.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
Mission Statement The mission of NW3C is to provide training, investigative support and research to agencies and entities involved in the prevention,
International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2013 CCH Incorporated. All Rights Reserved W. Peterson Ave. Chicago,
CYBER CRIMES PREVENTIONS AND PROTECTIONS Presenters: Masroor Manzoor Chandio Hira Farooq Qureshi Submitted to SIR ABDUL MALIK ABBASI SINDH MADRESA TUL.
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
DRAFT 1 Belfast th World Cyber Security Technology Research Summit Suren Gupta Allstate Corporation Executive Vice President Allstate Technology.
Friday, October 23, Jacqueline Harris, CPM®, CCIM® Director of Training & Administration Digital Realty Jacqueline Harris, CPM®, CCIM® Director.
Information Warfare Playgrounds to Battlegrounds.
Territory Insurance Conference, resilient future Mr Ralph Bönig, Special Counsel, Finlaysons Cyber Times and the Insurance Industry Territory Insurance.
Security Mindset Lesson Introduction Why is cyber security important?
Protecting Yourself from Fraud including Identity Theft Advanced Level.
FFIEC Cybersecurity Assessment Tool Maine Credit Union League September 23, 2015 Patrick Truett, Information Systems Officer National Credit Union Administration.
1 AFCOM Data Center World March 15, 2016 Moderator: Donna Jacobs, MBA Panel: Greg Hartley Bill Kiss Adam Ringle, MBA ITM 9.2 The New Security Challenge:
BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.
Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015.
Copyright © 2013, SAS Institute Inc. All rights reserved. INTRODUCTION A review of the key industry threats and responses ahead Survey of 250 respondents.
Cyber Security Foundations Part 1. Cyber Security defined:  Protects computer base information and equipment  Deals with confidentiality of data  Protects.
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.
Cybersecurity as a Business Differentiator
CYBERSECURITY INCIDENCE IN THE FINANCIAL SERVICES SECTOR March 28, 2017 Presented by Osato Omogiafo Head IT Audit.
Cyber Security – An Existential Threat? (IIC, Singapore)
Information Security Program
Financial Institutions – Cyber Risk
Educause/Internet 2 Computer and Network Security Task Force
Managing a Cyber Event Steven P. Gibson President
Andy Hall – Cyber & Tech INSURANCE Specialist
Cyber Trends and Market Update
Information Systems for Health:
Keeping your data, money & reputation safe
Protecting Your Company’s Most Valuable Asset
Forensic and Investigative Accounting
Business Compromise and Cyber Threat
SECURITY IN THE DIGITAL AGE
Presentation transcript:

Cyber Security Nevada Businesses Overview June, 2014

Carolyn Schrader CEO, Cyber Security Group, Inc. Fellow, National Cybersecurity Institute Excelsior College, Washington DC Carolyn Schrader CEO, Cyber Security Group, Inc. Fellow, National Cybersecurity Institute Excelsior College, Washington DC 6/1/2014 2

Agenda  Threats to Small and Midsize Businesses  Impact to Nevadans  Hacking - What and Why  Cost of Recovery  UNR Cyber Security Center  Other States’ Actions  Action Steps  Threats to Small and Midsize Businesses  Impact to Nevadans  Hacking - What and Why  Cost of Recovery  UNR Cyber Security Center  Other States’ Actions  Action Steps 6/1/2014 3

Threats to Small and Midsize Businesses  All Fortune 500 companies were hacked  Over 50% of small businesses were hacked  Cyber criminals do not discriminate – any company, government agency, entity is a target  All Fortune 500 companies were hacked  Over 50% of small businesses were hacked  Cyber criminals do not discriminate – any company, government agency, entity is a target 2013 Cyber Crime: 6/1/2014 4

Threats Continued  Cyber crime is a borderless crime  Leading countries for cyber criminals Russia China Romania France  Cyber crime is a borderless crime  Leading countries for cyber criminals Russia China Romania France 6/1/2014 5

Threats Continued  Target data breach: 40 million customers midsized business major corporation  Target data breach: 40 million customers midsized business major corporation 6/1/2014 6

Threats Continued 2014 Cyber Threats: 1.Sophisticated malware 2.Impact of Internet of Things 3.Expansion of Bring Your Own Device 4.Expansion of black market for stolen data 5.Increased website hijacking 2014 Cyber Threats: 1.Sophisticated malware 2.Impact of Internet of Things 3.Expansion of Bring Your Own Device 4.Expansion of black market for stolen data 5.Increased website hijacking 6/1/2014 7

Threats Continued 1.Sophisticated Malware  Targeted audiences  Secretive attacks  Use of a business’ network to distribute malware 1.Sophisticated Malware  Targeted audiences  Secretive attacks  Use of a business’ network to distribute malware 6/1/2014 8

Threats Continued  2013 Over 220,00 new malware programs identified daily New malware = 80 mil Total malware = 180 mil  2014 New malware Q1 = 15 mil  2013 Over 220,00 new malware programs identified daily New malware = 80 mil Total malware = 180 mil  2014 New malware Q1 = 15 mil 6/1/2014 9

Threats Continued 2.Impact of Internet of Things  Things can be full building system controls or baby monitors  Increased number of entry points creates more RISK  Things have little security but connect to smart devices 2.Impact of Internet of Things  Things can be full building system controls or baby monitors  Increased number of entry points creates more RISK  Things have little security but connect to smart devices 6/1/

Threats Continued 3.Bring Your Own Device  Less control of data  Personal data comingled with company data  Security measures seldom used  Easily lost or stolen Stolen smartphones largest street crime in many cities 3.Bring Your Own Device  Less control of data  Personal data comingled with company data  Security measures seldom used  Easily lost or stolen Stolen smartphones largest street crime in many cities 6/1/

Threats Continued 4.Expanded black market  BIG money from illegal hacking  Sophisticated organizations  Creative marketing 4.Expanded black market  BIG money from illegal hacking  Sophisticated organizations  Creative marketing 6/1/

Threats Continued 5.Increased Website Malware  Reputable website taken over by malware to distribute to visitors  Business interruption  Rapid spread of malware to unsuspecting visitors 5.Increased Website Malware  Reputable website taken over by malware to distribute to visitors  Business interruption  Rapid spread of malware to unsuspecting visitors 6/1/

Hacking What and Why Identifying the hacker’s motivations and potential targets provides intelligence as to what will be attacked, and the potential impact. This knowledge is critical in the understanding of hacker intentions, and in establishing a preparedness and security strategy. Identifying the hacker’s motivations and potential targets provides intelligence as to what will be attacked, and the potential impact. This knowledge is critical in the understanding of hacker intentions, and in establishing a preparedness and security strategy. 6/1/

What & Why Continued  Data  Passwords  Trade secrets  Intellectual property  Client lists  Financial projections  Blueprints  Sales territories and goals  Bank account information  Patient information  Research  Data  Passwords  Trade secrets  Intellectual property  Client lists  Financial projections  Blueprints  Sales territories and goals  Bank account information  Patient information  Research 6/1/

What & Why Continued  To sell the information to a competitor  To pirate a product  To get a company’s clients  Access route into larger company or organization  To sell the information to a competitor  To pirate a product  To get a company’s clients  Access route into larger company or organization 6/1/

Impact to Nevadans  Stolen personal information  Economic impact  60% of small businesses go out of business after a major attack  Detraction for new businesses moving in if cyber crime is not addressed  Savvy businesses want cyber security expertise, prosecution success, cyber secure suppliers  Cost of criminal prosecution  Stolen personal information  Economic impact  60% of small businesses go out of business after a major attack  Detraction for new businesses moving in if cyber crime is not addressed  Savvy businesses want cyber security expertise, prosecution success, cyber secure suppliers  Cost of criminal prosecution 6/1/

Cost of Recovery $200 - $246 per stolen record 10,000 records = $2,000,000 - $2,460,000 $200 - $246 per stolen record 10,000 records = $2,000,000 - $2,460,000 6/1/

Recovery Cost Continued What a Business Must Pay:  Legal representation Incident recovery counsel Customer lawsuits Government lawsuits  Customer notifications Most states have notification laws  Ongoing credit monitoring service for customers  Fix the initial problem  Assessment of other security flaws What a Business Must Pay:  Legal representation Incident recovery counsel Customer lawsuits Government lawsuits  Customer notifications Most states have notification laws  Ongoing credit monitoring service for customers  Fix the initial problem  Assessment of other security flaws 6/1/

UNR Cyber Security Center A collaborative initiative with the purpose of bringing together experts from different fields to jointly address the cyber security challenge.  Computer Science and Engineering  Information Systems  Political Science  Sociology/Psychology  Journalism  Criminal Justice  Military Science A collaborative initiative with the purpose of bringing together experts from different fields to jointly address the cyber security challenge.  Computer Science and Engineering  Information Systems  Political Science  Sociology/Psychology  Journalism  Criminal Justice  Military Science - Information courtesy of UNR Cyber Security Center 6/1/

UNR – CSC Continued Mission of CSC Perform cutting-edge interdisciplinary research. Foster cyber security education in interdisciplinary settings. Support workforce development in order to produce high- value employees for both government and industry. Mission of CSC Perform cutting-edge interdisciplinary research. Foster cyber security education in interdisciplinary settings. Support workforce development in order to produce high- value employees for both government and industry. - Information courtesy of UNR Cyber Security Center 6/1/

Other States’ Actions  California  Small business website resource:  A few AG offices offer tips and links on website  Limited visible effort in addressing the severity and frequency of the crimes  California  Small business website resource:  A few AG offices offer tips and links on website  Limited visible effort in addressing the severity and frequency of the crimes 6/1/

Action Steps 1.Aggressively support local district attorneys in their prosecution of illegal hacking 2.Initiate a statewide program to assist local law enforcement in conducting cybercrime investigations 1.Aggressively support local district attorneys in their prosecution of illegal hacking 2.Initiate a statewide program to assist local law enforcement in conducting cybercrime investigations 6/1/

Action Steps Continued 3.Initiate an annual cybersecurity conference to facilitate networking among law enforcement and cybersecurity professionals 4.Sponsor an awareness program for businesses to help them understand the impacts of cyber attacks and how to reduce the risk of attacks 3.Initiate an annual cybersecurity conference to facilitate networking among law enforcement and cybersecurity professionals 4.Sponsor an awareness program for businesses to help them understand the impacts of cyber attacks and how to reduce the risk of attacks 6/1/

Action Steps Continued 5.Advocate for cyber security requirements in businesses and support incentives for businesses to adopt cyber security measures 6/1/

Cyber Security Group, Inc. Carolyn Schrader cyber-securitygroup.com Carolyn Schrader cyber-securitygroup.com 6/1/