Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presented by: Mike Gerdes Director, Information Security Center of Expertise Cybersecurity State of the Union.

Published byMaximilian Walsh Modified over 7 years ago

Similar presentations

Presentation on theme: "Presented by: Mike Gerdes Director, Information Security Center of Expertise Cybersecurity State of the Union."— Presentation transcript:

1 Presented by: Mike Gerdes Director, Information Security Center of Expertise Cybersecurity State of the Union

2 What are Media Saying? 80 Million Potentially Impacted By Anthem Security Breach February 5, 2015

3 http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ 200+ Million records (so far) in 2015 Targets include all industries and geographies Healthcare shows a recent spike in breach activity Social engineering has replaced brute force hacking Victims include industry leaders with huge budgets What are Tracking Sites Saying?

4 What are Others Saying? ISACA/RSA Study Non-malicious insiders are #2 threat actors behind hackers Phishing, malware, hacking and social engineering are top attack types Loss of mobile devices is next most common “attack type” (44%) Over 82% provide mobile devices and 91% report loss of mobile devices Almost 80% report Board is concerned with security, but only 40% practice good security Source: http://www.isaca.org/cyber/Documents/State- of-Cybersecurity_Res_Eng_0415.pdf

5 What are Others Saying? (continued) PwC Global State Survey 91% or organizations have adopted risk-based security frameworks 91% use some form of advanced authentication Top issues are malware, provisioning, PII protection and end-user vulnerabilities Only half have a CISO and less than half have Board participation in security strategy Sources of compromise are current/former employees, followed by service providers Source: http://www.pwc.com/gx/en/issues/cyber- security/information-security-survey/download.html

6 What are Others Saying? (continued) Ponemon Global Megatrends Only 60% reported their cyber security would improve in the next 3 years 66% report senior leaders do not view cyber security as a strategic priority today 78% report their security leader does not brief the Board on cyber security strategy Only 14% of security leaders report to CEO 45% say a key issue is they will be unable to hire/retain experts Source: www.raytheoncyber.com/rtnwcm/groups/gallery/.../rtn_233816.pdf

7 What are Others Saying? (continued) Raytheon BoD Briefing Paper Key Tenets of Cyber Security Oversight Security is a risk management issue, not a technological one. Provide meaning behind the metrics – make cybersecurity real to the board. Board members must understand the legal aspects of cybersecurity regulations. Board members must identify acceptable cyber risk levels in business operations. Board of Directors must adopt a well- defined cyber risk management framework Source: http://www.pwc.com/gx/en/issues/cyber-security/information-security-survey/download.html

8 What are Others Saying? (continued) Target “Kill Chain” Analysis Target did not appear to follow broadly accepted information security practices. Target appears to have failed to respond to multiple automated warnings Target failed to properly isolate its most sensitive network assets. Attackers were able to update their malware multiple times prior to the actual event Report did not clearly identify inadequate management involvement as root cause Source: https://www.commerce.senate.gov/public/_cache/files/24d3c229-4f2f-405d-b8db- a3a67f183883/23E30AA955B5C00FE57CFD709621592C.2014-0325-target-kill-chain-analysis.pdf

Download ppt "Presented by: Mike Gerdes Director, Information Security Center of Expertise Cybersecurity State of the Union."

Similar presentations

David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Today’s Strategic Imperative: E-Business Jeremy Malley BSAD – 145 Ch. 3 20 February 2002.

Today’s Strategic Imperative: E-Business Jeremy Malley BSAD – 145 Ch February 2002.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
SWAMI Threats, vulnerabilities & safeguards in a World of Ambient Intelligence David Wright Trilateral Research & Consulting 21 March 2006.

SWAMI Threats, vulnerabilities & safeguards in a World of Ambient Intelligence David Wright Trilateral Research & Consulting 21 March 2006.
Marine Industry Day 2015 Sector Command Center (24 hours): (504) 365-2200 National Response Center: 1-800-424-8802 Website:

Marine Industry Day 2015 Sector Command Center (24 hours): (504) National Response Center: Website:
90% of EU exports consist of product and services of IPR-intensive industries. Among 269 senior risk managers, 53% said IP loss or theft had inflicted.

90% of EU exports consist of product and services of IPR-intensive industries. Among 269 senior risk managers, 53% said IP loss or theft had inflicted.
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.

GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
The State of Computer & Data Security in Corporations Independent Survey.

The State of Computer & Data Security in Corporations Independent Survey.
Information Security: It’s Everyone’s Business September 16, 2003 Greg Garcia, Vice President, Information Security ITAA.

Information Security: It’s Everyone’s Business September 16, 2003 Greg Garcia, Vice President, Information Security ITAA.
TOP 10 TECHNOLOGY INITIATIVES © 2013 - Robert G. Parker S-1 Issues Loss or theft of mobile devices Lack of MDM (mobile device management) software Cloud.

TOP 10 TECHNOLOGY INITIATIVES © Robert G. Parker S-1 Issues Loss or theft of mobile devices Lack of MDM (mobile device management) software Cloud.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Strong Security for Your Weak Link: Implementing People-Centric Security Jennifer Cheng, Director of Product Marketing.

Strong Security for Your Weak Link: Implementing People-Centric Security Jennifer Cheng, Director of Product Marketing.
Legal Jeopardy: Whose Risk Is It?. SPEAKERS Jason Straight Chief Privacy Officer and Senior Vice President Cyber Risk Solutions at UnitedLex Patrick Manzo.

Legal Jeopardy: Whose Risk Is It?. SPEAKERS Jason Straight Chief Privacy Officer and Senior Vice President Cyber Risk Solutions at UnitedLex Patrick Manzo.
CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215) 864-6435

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)
Protection of Transportation Infrastructure from Cyber Attacks EXECUTIVE BRIEFING.

Protection of Transportation Infrastructure from Cyber Attacks EXECUTIVE BRIEFING.
WHEN, NOT IF THE CYBER SECURITY CHALLENGES AMONG LOCAL GOVERNMENT UMBC Public Policy Forum Baltimore Maryland April 15, 2016 Gayle B. Guilford CISO Baltimore.

WHEN, NOT IF THE CYBER SECURITY CHALLENGES AMONG LOCAL GOVERNMENT UMBC Public Policy Forum Baltimore Maryland April 15, 2016 Gayle B. Guilford CISO Baltimore.
Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015.

Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015.
Tuesday March 15, 2016 Session 19-D Technology Forum David Finkelstein, CIO RiverSpring Health.

Tuesday March 15, 2016 Session 19-D Technology Forum David Finkelstein, CIO RiverSpring Health.
Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.

Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.
Threats & Challenges in the Digital World EY 2015 Global Information Security Survey.

Threats & Challenges in the Digital World EY 2015 Global Information Security Survey.

Similar presentations

Ads by Google