Cyber Crime Threat Landscape - A Focus on the Financial Industry

The Cyber Crime Threat Landscape

A Focus on The Financial IndustryPresented by Morris Cody and William McBorrough, Principals, MCGlobalTech

Presenters Profile

• Morris Cody, Managing Principal, MCGlobalTech• 25+ yrs - IT Infrastructure Management• 6+ yrs – Cyber Security Management• Industries: Financial, Manufacturing, Consulting, Private, Public

• William J. McBorrough, Managing Principal, MCGlobalTech• 15+ yrs – Cyber Security Management, Architecture, Engineering,

Operations, Awareness Training• 6+ yrs – Adjunct Professor, Cyber Security – Undergraduate, Graduate • Industries: Financial, Manufacturing, Healthcare, Higher Ed., Government

MCGlobalTech

• Provides strategic IT / Security advisory services;

• Align technology and security solutions to drive and support business goals;

• Assess IT security posture;

• Experienced in the private and public sector;

• Promotes IS education and awareness;

• Focused on four primary consulting services;

• Enterprise Information Security Management

• IT Infrastructure Management

• IT Governance & Compliance

• Cloud Computing Migration

Protect Your Assets, Protect Your Brand Know Your Threat Landscape

Hacking - Primary Cause of Data Breach

Symantec Corporation: Internet Security Threat Report 2014 :: Volume 19

MEDIA FRENZY - HEADLINES

• ATM thieves conduct massive cyber attacks;– $45 million from automated teller machines (Washington Post);

• More banks hit by cyberattacks than Initially thought;– JPMorgan Chase, Bank of America, Citibank, PNC Financial,

Union Bank, BB&T and Capital One (American Banker);

• Major banks hit with biggest cyberattacks in history– These denial of service attacks were the largest recorded by a

wide margin (CNN Money).

Reports - Symantec / Telegraph

• There was a 42 percent increase in cyberattacks against U.S. businesses in 2012;

• These attacks are becoming more powerful and more sophisticated with each passing year;

• Major financial institutions are continually under assault and the total number of attacks are increasing;

• This has caused a negative impact on company brand, public trust, customer retention, bottom line profits

Threat Landscape Actors

PwC, CIO, CSO Magazine - Key findings from The Global State of Information Security Survey 2014

How was your organization impacted by the security incidents?

PwC Magazine - Key findings from The Global State of Information Security Survey 2014

Frequency of Incidents Per Industry

Verizon 2014 Data Breach Investigations Report

Web App Attacks Motivation Factors

Verizon 2014 Data Breach Investigations Report

Payment Card Skimmers

Verizon 2014 Data Breach Investigations Report

DoS Attacks Increase in Effectiveness

Verizon 2014 Data Breach Investigations Report

Poll Questions

• Do you have a good understanding about the threat landscape facing your organization?– Yes – No– Unsure

• What best describes the level of knowledge among non-IT executive about your company’s cyber security defenses?– Good – Some– Poor– None

Are you the next Target?

2013 has been dubbed the year of the “mega-breach”!

Don’t become a 2014 statistic.

Target CFO to Congress

“The unfortunate reality is that we suffered a breach, and all businesses — and their customers — are facing increasingly sophisticated threats from cybercriminals,”

-John Mulligan, Target CFO

Case Study – The Target Breach

• Initially reported 40, then 70, then 110 million customers’ data compromised.

• 40 million = population of NY + LA + other 25 largest US cities.

Anatomy of the Target Breach

Typical Data Breach Example

Now do you all come in?

What Finance managers must know about their role in thwarting cyber attacks?

There are four general steps to become more ready to face and deal with the threats we’ve discussed thus far:

Step 1 – Know the threat

1. Know the threat

Step 2 – Know the business

1. Know the threat

2. Understand your Business

.

Step 3 – Know your weaknesses

1. Know the threat

2. Understand your business

3. Identify your weaknesses

.

Step 4 – Be proactive

•

1. Know the threat• 2. Understand your

business• 3. Identify your

weaknesses• 4. Be Proactive

.

Poll Questions

• In the past 12 months, have you participated in role-based security awareness training that focuses on your specific duties ?– Yes – No

• How confident are you that your organization’s security staff understands your business and finance operations?– Very Confident– Somewhat Confident– Not Confident at all

Summary Points

Considerations• Financial services companies

are funding information security initiatives

• Can’t fight todays cyber crimes with yesterday’s technology

• Threat landscape is become more sophisticated

• Cyber attacks are growing exponentially

Call To Action• Create threat awareness

• Know your threat landscape

• Understand your business security needs

• Identify your security weaknesses

• Proactive Actions

• Create / Implement a good cyber security program

Questions?

MCGlobalTech Contact Information

Mission Critical Global Technology Group1776 I Street, NW

9th FloorWashington, District of Columbia 20006

Phone: 571-249-3932Website: www.mcglobaltech.comEmail: Info@mcglobaltech.com

William McBorrough Morris CodyManaging Principal Managing Principalwjm4@mcglobaltech.com mcody@mcglobaltech.com