The Potential Economic Damage of Cyber Crime is Frightening Over the past several months, the U.S. government’s Office of Personnel Management has been the victim of two major data breaches, which led to the theft of more than 22 million people (over 7% of Americans). 22.1M Social Security numbers stolen 1.1M fingerprints stolen Cyber attacks aren’t new to the government. Cyber attacks on federal government hit a record high every year 5.5K 2006 2007 2008 2009 2010 2011 2012 2013 2014 0 20,000 40,000 60,000 80,000 11.9K 16.8K 29.9K 41.7K 42.8K 48.5K 61.2K 67.1K Among industries, government has the weakest cybersecurity. 27% 43% 50% 52% 60% 65% 81% 0% 20% 40% 60% 80% 100% Government Healthcare Technology Other Retail and Hospitality Financial Services Manufacturing Percent of Cybersecurity Flaws Fixed by Industry Compliance with OWASP Top 10 Policy 30% 30% 31% 32% 35% 42% 0% 20% 40% 60% 80% 100% Government Other Retail and Hospitality Healthcare Technology Manufacturing Financial Services 24% 58% 65% 68% 69% 70% 70% 76% Compliant Out of Compliance The U.S.’s most potentially devastating target is the power grid. The importance of the US powergrid to the American economy and society can’t be overstated. Every major infrastructure, from communications to water, is built on it. What a catastrophic cyber attack on the U.S. Power grid looks like. XXX-XXXX • Major attacks on the U.S. power grid system are increasing according to a Congressional Research Service report • In 2014, the Industrial Control System Cyber Emergency Response Team, reported that a third of its responses to cyber threats came in the energy sector • In October 2014, ICS-CERT revealed that several industrial control systems have been infected by a virus capable of gathering information about how the grid system functions Immediately after the attack The aftermath of the attack Cost of the attack • Water supplies are impacted and become limited • Stock market crashes • A full year of investigation is required to understand the attack • 93 million people are without power • Phone systems, internet television, street lights and traffic signals are down. • Citizens are stuck underground, stranded on subway cars, workplaces are shut down • Outbreaks of looting and stealing occur as the outage drags on $ 1 T Total impact to US economy $71B Insurance industry losses Solutions for government entities to mitigate risk. 1 Share cyber attack data and collaborate across agencies. 2 Adopt cyber insurance to manage cyber risk. 3 Mandate stronger IT compliance and define clear policies for access. 4 Identify threats and risks with security software and regular audits. 5 Train employees to understand policies, requirements and common cyber attacks. keepersecurity.com | jltus.com http://www.fas.org/sgp/crs/misc/R43989.pdf http://diplopundit.net/2015/06/18/snapshot-incidents-reported-to-us-cert-by-federal-agencies-fy2006-2014/ http://www.cnet.com/news/over-22-million-social-security-numbers-stolen-in-opm-hacks-agency-says/ https://www.lloyds.com/~/media/files/news%20and%20insight/risk%20insight/2015/business%20blackout/business%20blackout20150708.pdf http://recode.net/2015/07/08/cost-of-a-potential-blackout-from-cyber-crime-1-trillion/ Sources © 2015 6 Use an enterprise password manager to enforce strong passwords and 2FA.