Continuous Cyber Attacks: Achieving Operational Excellence for the New Normal External Risk Factors increase an organization's exposure to attack, from: Defined strategy of how security supports business performance Forward-thinking capabilities to help scale activities IT strategy that provides greater understanding of assets, data sets, technical and business functions High-powered analytics to predict and detect incidents, and identify behavior changes that indicate security risks 1. Assess effectiveness of current security processes 2. Invest in attracting and retaining skilled security talent 3. Automate intelligently to leverage scarce resources 4. Understand how threat data pertains to the business 5. Identify what isn’t known 6. Create a plan to address knowledge gaps 7. Find an effective sparring partner that will improve security capabilities Emphasis on visualization to identify anomalies quickly from large volumes of data Platforms that guide operators in hunting for threats Training that mimics attackers, to prepare for real-world adversaries • Volume of connected devices • Expansion of Internet of Things • Growth of cloud computing © 2016 Accenture. All rights reserved. Accenture, its logo, and High performance. Delivered. are trademarks of Accenture. Follow us on Twitter: @AccentureSecure For more information, visit: Accenture.com/CyberDefensePlan • Lack of rigor and consistency in security practices • High turnover within security team • Frequent IT changes not communicated • Insufficient visibility to critical assets • Length of time taken to detect breaches Internal Risk Factors increase due to: The best cyber defense strategy, supported with the latest technology, can still fail if not executed properly. Best practices that drive improved security operations: Create a highly efficient operating model that balances security operations, new technology implementation, testing of security posture and feedback to update defenses. Steps to improve security operations: R E S P O N D P R E P A R E P R O T E C T D E F E N D & D E T E C T Incident Response Remediation Strategy & Business Alignment Assessment & Architecture Governance, Risk & Compliance People & Culture Change Application & Data Security Platform & Infrastructure Security Digital Identity Vulnerability Management & Threat Intelligence Advanced Adversary Simulations Security Monitoring Cyber Threat Analytics T R A N S F O R M A T I O N S T R A T E G Y M A N A G E D S E C U R I T Y & C Y B E R D E F E N S E