Cybersecurity - FPA NorCal · landscape is changing and what this means to Companies, ... PwC, Global Economic Crime Survey 2016, February 2016 PwC, CIO and CSO, The Global State
Post on 11-Aug-2020
1 Views
Preview:
Transcript
FPA NorCal ConferenceFPA NorCal Conference
Cybersecurity
Anevolvingthreatlandscape
FPA NorCal ConferenceFPA NorCal Conference
Cybersecurity- Anevolvingthreatlandscape
Inanincreasinglyinterconnectedanduncertainworld,it’sclearthatthecybersecuritythreatlandscapeischanging.Boththe
speedatwhichcyberattacksoccurandtheextenttowhichtheyspreadhaverisendramatically.Cyberrisksthatonceseemedimprobableandevenremotehavealsobecomethenorm.
Tonavigatethroughturbulenttimes,adistinctshiftisrequiredinhowgovernments,companiesandindividualsthink
about cybersecurity threats
FPA NorCal ConferenceFPA NorCal Conference
LearningObjectives
• HelpyouunderstandthenatureandimpactofrecentcyberattacksandhowthisischangingtheperspectivesofCompanyBoards,ConsumersandRegulators
• ProvideyouwithanoverviewofhowthecybersecuritythreatlandscapeischangingandwhatthismeanstoCompanies,IndividualsandGovernments
• Enableyoutoaskpertinentquestionstoassessacompanies'cybersecurityrisk&capabilityposture
FPA NorCal ConferenceFPA NorCal Conference
YourSpeakerPieterJoubertPwCCybersecurity&PrivacyDirectorpieter.j.joubert@pwc.com(415)203-6314
Pieter is a Director in the Cybersecurity and Privacy practice based in San Francisco, CA. He has 16 years experience in technology risk and resilience assurance and transformation programs . Pieter is primarily focused on delivering Cybersecurity and Privacy Strategy and Transformation services to global software companies in the Bay Area.
He is a South African Chartered Accountant and Certified Information Systems Auditor
FPA NorCal ConferenceFPA NorCal Conference
Recentcyberattacksandthechangingthreatlandscape
FPA NorCal ConferenceFPA NorCal Conference
Recentcyberattacksandthechangingthreatlandscape
• Massivecybersecuritybreacheshavebecomealmostcommonplace,regularlygrabbingheadlinesthatalarmconsumersandleaders
• Manyorganizationsworldwidestillstruggletocomprehendandmanageemergingcyberrisksinanincreasinglycomplexdigitalsociety
• Therehavebeennoreporteddeathsfromcyberattacksandrelativelylittledestruction.Butthedisruptivepowerofcyberattacksisincreasinglyclear,particularlyingeopoliticalthreats
FPA NorCal ConferenceFPA NorCal Conference
Case1- GlobalhealthcareGroup
FPA NorCal ConferenceFPA NorCal Conference
Case2– InfrastructureattacksMassivedatabreachrisksareraisingconcernsaboutthepowerofcyberattackstoripplethroughtheglobaleconomy
• December2015cyberattackinTurkeyimpactednetworksusedbythecountry’sbanks,media,andgovernment
• Laterthatmonth,thefirstknowncyberattacktotakedownapowergridtargetedUkraine’spowerdistributionsystems,cuttingelectricityto230,000residents
• InJune2017,thePetyacyberattack,aimedatUkrainiancomputers,disruptedbusinessoperationsacrosstheglobe
FPA NorCal ConferenceFPA NorCal Conference
TheimpactofcyberthreatsWhatisthebottomline?Thecostofimprovinganorganization'scybersecurityandprivacypracticesmayseemsmallincomparisontothemajorcostsassociatedwithadatabreach.
Report loss or damage of internal records as result of a cybersecurity incident
Average cost of a data breach
Average cost per record
29%
$3.79m $144Average security budget
$5.1m
Of businesses affected by cybercrime in the last 24 months report a “High” reputational impact
13%
Ponemon Institute, 2017 Cost of Data Breach Study: Global Overview, June 2017
Ponemon Institute, 2017 Cost of Data Breach Study: Global Overview, June 2017
PwC, Global Economic Crime Survey 2016, February 2016
PwC, CIO and CSO, The Global State of Information Security® Survey 2018, October 2017
Report loss or damage of customer records as result of a cybersecurity incident
35%
PwC, CIO and CSO, The Global State of Information Security® Survey 2018, October 2017
PwC, CIO and CSO, The Global State of Information Security® Survey 2018, October 2017
FPA NorCal ConferenceFPA NorCal Conference
Risksinthedigitalage
64%
87%
The total average downtime as a result of security incidents
Of CEOs say how they manage people’s data will differentiate them
Customer experience
Brand
13%Of businesses affected by cybercrime in the last 24 months report a “High” reputational impact
PwC, 20th Annual CEO Survey, January 2017
PwC, Global Economic Crime Survey 2016, February 2016
PwC, Consumer Intelligence Series: Protect.me, November 2017
19 hours
PwC, CIO and CSO, The Global State of Information Security® Survey 2018, October 2017
Of consumers will take their business elsewhere if they don’t trust a company is handling their data responsibly
71%
PwC, Consumer Intelligence Series: Protect.me, November 2017
Of consumers would stop doing business with a company for giving away their sensitive data without permission
Trust
The current number of unfilled cybersecurity job openings
1 million
Cybersecurity Ventures, Cybersecurity Jobs Report, June 2017
FPA NorCal ConferenceFPA NorCal Conference
Whatthismeanstocompaniesandindividuals
FPA NorCal ConferenceFPA NorCal Conference
Thecybersecurityandprivacylandscape
Leaders are seeking new ways to address talent
shortages
Corporate leaders face increasing
accountability from boards, regulators,
and the marketplace
Companies need help identifying the
appropriate level of security and
governance across business models
Digital business models are driving
the adoption of new safeguards
Managing threats and risks
increasingly means taking a
proactive approach
Increased regulation across the globe is
reshaping industries
New producers, consumers, and stewards of data
have emerged
New risks are being generated by
increased reliance on data
Trust has become a key factor in
executing commerce
New and disruptive
technologies are being explored
with security and privacy
ramifications
FPA NorCal ConferenceFPA NorCal Conference
IncreasingregulatoryscrutinyThefastevolvingcyberthreatlandscapeisdrivingthereleaseofnewlaws,regulationsandattestationframeworksbyGovernments,regulators,andprofessionalassociationssuchastheAICPA
2014 – USA
2014 – France 2015 – USA
2015 – USA
2015 – Germany
2015 – USA
2015 – USA
Cybersecurity Enhancement Act
French Data Protection Act
National Cybersecurity Protection
Advancement Act
Cybersecurity Information Sharing Act
IT Security Act (ITSG)
OCC (Comptroller of the Currency) Cybersecurity Assessment Tool (CAT)
Federal Exchange Data Breach Notification Act
2016 – Hong Kong
Hong Kong (SAR) Circular
2017 - China
China Cybersecurity Law
2018 – EU/Global
General Data Protection Regulation (GDPR)
FPA NorCal ConferenceFPA NorCal Conference
Managingcyberrisksasanopportunity
As data, and then information, take on a digital form, the ability to manage, govern, and secure it becomes increasingly more important. Those organizations that can manage their data in the best possible manner will separate themselves from peers within their respective industries
Companies aspiring to lead should be asking these questions:
Do we understand what the emerging risk landscape means for our organization?
Is our cybersecurity and privacy program being strategically managed from the C-suite and boardroom on down?
How can we best prepare for an incident?
Do we measure and demonstrate to stakeholders the effectiveness of our cybersecurity and privacy efforts?
Are we gaining connectivity without losing consumer trust?
Is our organization monetizing data while respecting privacy?
Does our program leverage strides in cyber and privacy risk management to boost our economic performance?
Does ourprogram view data in the same light as “cash”?
FPA NorCal ConferenceFPA NorCal Conference
Thekeyquestionsbusinessexecutivesshouldbeaskingaboutcybersecurity
Cybersecurityandprivacywasoncetheresponsibilityofasingledepartment.Today,ittoucheseverypartofthebusiness.
CEO
CRO Boardroom
CPO
Sales and Marketing
CIO/CISO
EnterpriseImpact
• Do we have the information we need to oversee cyber risks?
• Do we have a tested cyber incident response plan?
• Is our organization respecting privacy while monetizing data?
• Are we following applicable privacy regulations?
• Do we understand what the emerging risk landscape means for our organization?
• Can we articulate our cybersecurity strategy across the organization?
• Do we approach cybersecurity using a risk based approach?
• Can we articulate our current cybersecurity risks?
• Are we taking appropriate steps to protect our organization against cybersecurity risks?
• Do we measure and demonstrate to stakeholders the effectiveness of our cybersecurity and privacy efforts?
• Are we gaining connectivity without losing consumer trust?
• Does our program leverage strides in cyber and privacy risk management to boost our economic performance?
FPA NorCal ConferenceFPA NorCal Conference
Keytakeaways
• Governments are recognizing cyber is a threat to national security as many government agencies rely on commercial networks and vendors.
• “Cyber vulnerabilities in the private sector pose a serious threat to national security”, the chairman of the DoD Joint Chiefs of Staff said.
• Governments trying to grapple with these problems are releasing regulations to motivate increased prioritization of cybersecurity.
National security
• GDPR (General Data Protection Regulation) has introduced some of the steepest penalties so far (4% of global turnover).
• Cyber insurance typically doesn’t cover fines and penalties.
• China and Russia Cyber Laws require data localization and export capabilities.
Steep penalties for non-complianceFast paced change• Regulation can’t keep pace with technological
evolution and disruption.
• Tech companies are aligning their government affairs, legal, and security teams for policy advocacy.
• Companies such as Microsoft are becoming vocal – i.e. Digital Geneva Convention.
• Google commissioned study to show how Russia’s localization law would increase cost of cloud services.
High profile breaches• Increasing number of high profile breaches
(2017 - Equifax, HBO, Target & Home Depot).
• Many attacks were largely preventable through good governance, risk management and robust People, Process and Technology controls.
• Public is increasingly becoming aware of its security and privacy rights.
FPA NorCal ConferenceFPA NorCal Conference
www.pwc.com/cybersecurityandprivacy
This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.
© 2018 PwC. All rights reserved. PwC refers to the US member firm or one of its subsidiaries or affiliates, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.
top related