Post on 14-Jul-2015
Linking Enterprise and Small Business Security:
How to Shore up Cyber Risks in the Supply Chain
Today’s Speakers
Jason PolancichFounder & Chief Architect
SurfWatch Labs
2
Carrie KerskieData Privacy Expert
Kerskie Group
Agenda
• Insecurity in the supply chain
• Lessons learned from real-life data breaches
• Understanding the business impact and using cyber data to reduce risk
• Tips to work with your partners, vendors and customers
• Next Steps and Q&A
POLLING QUESTION
How do you collect and analyze data to monitor risks from insiders, suppliers, partners and customers?
A. Purchased Threat Intelligence Data Feed
B. In-House Solution
C. Open Source Data Analysis
D. Other Software Solution
E. We have no solution in place
Enterprise Cybersecurity is Linked to Small Business
• Big business is inter-connected with the outside world at many levels
– Customers
– Partners
– Suppliers
5
Small Business is a Weak Link in the Supply Chain
• 1 out of 4 small firms have “little to no understanding of cybersecurity issues”Source: 2013 survey by the National Small Business Association
• Almost half of all SMBs have been the victim of a cyber-attack!Source: SurfWatch Labs data
6
Real-Life Data Breaches (and Lessons Learned)
Know Your Suppliers•Target – Compromised through a HVAC vendor’s access
•Advanced Care Hospitalists – Breached through billing company
•AutoNation – Compromised by e-commerce and data services provider
•CNN, Wash Post, Time – Breached through syndication service
7
Cyber Events Trickle Up
8
• Small/individual cyber incidents can lead to much more damage
• C-Suite and BoDs are being held responsible
Rising Costs of Insecurity
• Cost/compromised record increased from $188 to $201
• Customer turnover rate increased by 15%
9
Source: 2014 Cost of Data Breach Study: Global Analysis, Ponemon Institute
$5.9M is the Average Cost of a Data Breach
What’s the Impact?
10
Using Cyber Data to Reduce Risk
11
How is cyber risk information shared with business decision-makers ways they can understand and use?
A. PowerPoint Presentations
B. In-House Status Reports
C. Business Intelligence Tools
D. Excel Spreadsheets
E. We don't have a good way to share this information
POLLING QUESTION
5 Tips to Close Backdoors in the Supply Chain
Tip 1: Cyber Business Intelligence
Gain high level understanding of your risks from the “outside-in”
14
• Who are your current suppliers?
• Who’s been hit and how?
• How do they interact with your business?
• Who are their suppliers’ customers?
• What software/systems do your partners/customers use?
• What software in use is/was vulnerable today or yesterday?
• Which partners and suppliers were affected by an attack?
Tip 2: Multi-Factor Authentication
• Remove Low-Hanging Fruit– Two-factor (or more) authentication and authorization is essential
15
Tip 3: Anti-Malware & Phishing
• Ensure Your Security by Investing in Your Partners’ Security
– Provide anti-malware solutions for your trusted (and untrusted) partners
– Anti-phishing solutions and education can help reduce the majority of exploits against enterprises
16
Tip 4: VPN & Private B2B Systems
• Secure Remote Access to the Network – Salespeople
– All employees
– All partners
17
Tip 5: Educate and Communicate
• Train Employees and Partners
– Ensure understanding of core cybersecurity concepts and cyber defense operations
– Use active software platforms and video game-like systems
• Share Information Safely with Vendors in Your Supply Chain
18
Next Steps and Q&A
19
SurfWatch Labs Resources
•Overview of SurfWatch Analyticswww.surfwatchlabs.com/surfwatch-analytics
•Free SurfWatch Analytics Trialswww.surfwatchlabs.com/trial
Kerskie Group Resources
•Sign up for free newsletter at www.Kerskie.com
•Email Carrie at Ck@Kerskie.com
Thank You!
www.surfwatchlabs.comFollow us at: