Presentation is loading. Please wait.

Presentation is loading. Please wait.

Threats & Challenges in the Digital World EY 2015 Global Information Security Survey.

Published byDerek Richardson Modified over 7 years ago

Similar presentations

Presentation on theme: "Threats & Challenges in the Digital World EY 2015 Global Information Security Survey."— Presentation transcript:

1 Threats & Challenges in the Digital World EY 2015 Global Information Security Survey

2 Page 2 Agenda EY 2015 Global Information Security Survey Agenda 1 Cybersecurity in Current Companies 2 New Challenges & Threats 3 Creating Trust in the Digital World 3 11 13

3 Page 3 1 Cybersecurity in Current Companies EY 2015 Global Information Security Survey Attacks in the News Car bank Operation Cost of Cybercrime (US)

4 Page 4 1 Cybersecurity in Current Companies EY 2015 Global Information Security Survey Attacks in the News Governmental Attack Ransonware

5 Page 5 1 Cybersecurity in Current Companies EY 2015 Global Information Security Survey Cybercrime in Latam (*) Source: Ciberseguridad ¿Estamos preparados en América Latina y el Caribe? – Observatorio de la Ciberseguridad (2016). https://publications.iadb.org/bitstream/handle/11319/7449/Ciberseguridad-Estamos-preparados-en-America-Latina-y-el-Caribe.pdf?sequence=2 BID & OEA Report 4th Largest Mobile Market in the World 1/2 Of the Population Uses Internet Protection Against Cybercrime USD 575M Average per Year USD 90M Average per Year

6 Page 6 1 Cybersecurity in Current Companies EY 2015 Global Information Security Survey Cybercrime in Latam (*) Source: Ciberseguridad ¿Estamos preparados en América Latina y el Caribe? – Observatorio de la Ciberseguridad (2016). https://publications.iadb.org/bitstream/handle/11319/7449/Ciberseguridad-Estamos-preparados-en-America-Latina-y-el-Caribe.pdf?sequence=2 The main attack targets in Latam by industry are: Attack Targets in Latam 1. Chemical/Manufacture/Mining 2. Financial Services 3. Power/Infrastructure 4. Government 5. Consumer Goods/Retailers 6. Hospitals/Pharmaceutical 7. Services/Consulting 8. Telecommunications 9. Aerospacial/Defense 10. Entertainment/Media/Hospitality Past Government Sector Future Consumer Goods Financial Services Power/ Infrastructure

7 Page 7 1 Cybersecurity in Current Companies EY 2015 Global Information Security Survey Cybercrime in Latam (*) Source: Ciberseguridad ¿Estamos preparados en América Latina y el Caribe? – Observatorio de la Ciberseguridad (2016). https://publications.iadb.org/bitstream/handle/11319/7449/Ciberseguridad-Estamos-preparados-en-America-Latina-y-el-Caribe.pdf?sequence=2 TOP Latam Cyberattacks In Latam, around 20 cyberattacks per second take place every day. The countries that receive the most attacks of the region are: The most common attacks are the following: Phishing, Social Engineering Malware DoS (Denial of Service) Web-Based Attacks Virus, Worms, Trojans Stolen Devices Malicious Code Botnets Ransomware 1.Brazil 2.Chile 3.Mexico 4.Peru 5.Argentina

8 Page 8 1 Cybersecurity in Current Companies EY 2015 Global Information Security Survey GISS 2015 (17 th Global Information Security Survey) Attack Sources … How to detect subtle signals Who’s going to attack us? (*) Source: Global Information Security Survey (GISS) EY – 2015. http://www.ey.com/GL/en/Services/Advisory/ey-global-information-security-survey-2015-1 High Priority Prevention or Information Leakage Internal Threat Is Source of Risk & Threat to the Organization 56% internal employee 36% external employee or provider Indicators / Considerations: ► Unexpected price movements in shares and participations ► Similar products released by competitors ► Fusion & Acquisition (M&A) activities interruption ► Unusual behavior of the client, company or employees ► Operational interruption, without a clear root cause ► Rare behavior in payment or purchase processes ► Clients or users in DBs showing inconsistent information

9 Page 9 1 Cybersecurity in Current Companies EY 2015 Global Information Security Survey GISS 2015 (17 th Global Information Security Survey) Main Findings (*) Source: Global Information Security Survey (GISS) EY – 2015. http://www.ey.com/GL/en/Services/Advisory/ey-global-information-security-survey-2015-1 says that it is necessary a 25% budget raise to protect the organization according to the risk tolerance defined by the board. of the surveyed people can’t estimate the financial damage related to cyber incidents within the last 12 months.

10 Page 10 1 Cybersecurity in Current Companies EY 2015 Global Information Security Survey GISS 2015 (17 th Global Information Security Survey) Banking and Capital Markets (*) Source: Global Information Security Survey (GISS) EY – 2015. http://www.ey.com/GL/en/Services/Advisory/ey-global-information-security-survey-2015-1 Attack Sources 21% Seek to steal financial information 20% Malware 19% Fraud 67% 56% Identity and access management Business continuity /disaster recovery Data leakage/data loss prevention Priorities for Information Security

11 Page 11 New Challenges & Threats EY 2015 Global Information Security Survey

12 Page 12 2 New Challenges & Threats EY 2015 Global Information Security Survey Anticipation to cyber attacks requires adequacy of current strategies The starting point is to understand how the organization sees itself when being attacked ► How can you protect your organization if you don’t know the objective of the attacker? ► How could they get access and how could they harm you and your critical assets? ► Do you completely understand the ability to respond to your organization, contain an attack and recover from it? …aplied to cyber risk Key values of risk management Focus in what’s most important Must be aligned to your business and risk culture Integration with business planning Regulators are increasing evidence seeking Measure & Report Include qualitative statements and quantitative measurements Thorough by nature It should cover all types of risks, current and future Allocation of risk tolerance Tolerance allocation of business units and risk types 1 2 3 4 5 Know your critical information assets Identify critical information assets vulnerable to cyber attacks Insert the risk tolerance in investment decisions Prioritize investments, empowering local business to make informed decisions Make cyber risk tangible Define clearly cyber risk and underlying metrics Align with existing risk framework Finance, Operations, Regulations, Clients, Reputation, etc. Make cyber risk relevant to the business Linking risks to BU operational level and their information assets

13 Page 13 Creating Trust in the Digital World EY 2015 Global Information Security Survey

14 Page 14 3 Creating Trust in the Digital World EY 2015 Global Information Security Survey Cybersecurity transformation occurs in multiple phases and can take years Build the foundations 1 Stabilize the environment 3 Implement change 2 Transition to the "new normal" 4 Continuous improvement 5 Cyber Security maturity in time Phase 2 Phase 1Phase 3Phase 4Phase 5 ► Establish the business case for transformation ► Communicate the vision of transformation and implementation plan ► Create an office transformation government ► Strengthen compliance with policies and standards ► Make adjustments to policies and standards ► Optimize existing capacities ► Preparation for strategic change and long-term ► Validate achievements ► Continuous monitoring and reporting on the "first wave" of the improvements to sustain results ► Transition to the new operating security model ► Implement strategic changes (eg. New technologies) ► Implement continuous improvements to the program

15 Page 15 3 Creating Trust in the Digital World EY 2015 Global Information Security Survey What does the organization require? ► To know what it is that can harm and disrupt the achievement of the strategy of the company ► To clearly identify your critical assets, or "Crown Jewels" ► To know the risk scenarios of cyber business describing an accurate picture of how an attack can develop ► That the board and senior executives can accurately determine the risk tolerance of the organization ► An assessment of the maturity of the current cybersecurity and compare the level of maturity that is required to meet predefined risk tolerance ► A Roadmap for long-term improvement ► A custom profile of threats and threat intelligence capabilities ► An advanced SOC: internal, shared or outsourced ► A proactive and multi-functional digital breach management strategy

Download ppt "Threats & Challenges in the Digital World EY 2015 Global Information Security Survey."

Similar presentations

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
“High Performing Financial Institutions and the Keys to Success in an Uncertain Environment”

“High Performing Financial Institutions and the Keys to Success in an Uncertain Environment”
Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.

Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.

Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
BITS Proprietary and Confidential © BITS 2003. Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
The U. S. National Strategy for Global Supply Chain Security Neema Khatri Office of International Affairs U.S. Department of Homeland Security.

The U. S. National Strategy for Global Supply Chain Security Neema Khatri Office of International Affairs U.S. Department of Homeland Security.
THE REGIONAL MUNICIPALITY OF YORK Information Technology Strategy & 5 Year Plan.

THE REGIONAL MUNICIPALITY OF YORK Information Technology Strategy & 5 Year Plan.
Business Continuity and Disaster Recovery Chapter 8 Part 1 Pages 897 to 914.

Business Continuity and Disaster Recovery Chapter 8 Part 1 Pages 897 to 914.
International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.

International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.
FFIEC Cyber Security Assessment Tool

FFIEC Cyber Security Assessment Tool
Reducing data loss by threats detection. InfoWatch Traffic Monitor & Workplace Security. Andrey Sokurenko Business Development Director.

Reducing data loss by threats detection. InfoWatch Traffic Monitor & Workplace Security. Andrey Sokurenko Business Development Director.
Foresight Planning & Strategy Dr. Sameh Aboul Enein.

Foresight Planning & Strategy Dr. Sameh Aboul Enein.
By, CA K RAGHU, PAST PRESIDENT – INSTITUTE OF CHARTERED ACCOUNTANTS OF INDIA.

By, CA K RAGHU, PAST PRESIDENT – INSTITUTE OF CHARTERED ACCOUNTANTS OF INDIA.
Security and Resilience Pat Looney Brookhaven National Laboratory April 2016.

Security and Resilience Pat Looney Brookhaven National Laboratory April 2016.
WHEN, NOT IF THE CYBER SECURITY CHALLENGES AMONG LOCAL GOVERNMENT UMBC Public Policy Forum Baltimore Maryland April 15, 2016 Gayle B. Guilford CISO Baltimore.

WHEN, NOT IF THE CYBER SECURITY CHALLENGES AMONG LOCAL GOVERNMENT UMBC Public Policy Forum Baltimore Maryland April 15, 2016 Gayle B. Guilford CISO Baltimore.

Similar presentations

Ads by Google