CYBERSECURITY - IBC...Booklet Redone Retail Payments Booklet revised InTREx released Information...

12017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

CYBERSECURITY SAVE YOUR BOTTOM… LINE

I t ’ s n o t a l l a b o u t m o n e y - r e a l l y


24 years in IT.10 years in IS.7 years in banking.Small business.Large business.Government.Entertainment industry.Retail.Liberal artsy college.And a partridge in a pear tree.

WHO AM I?


UNDERSTANDING

COMMUNICATINGPEOPLE


WE GET IT !

Cybersecurity is a top 3 concern among CEO's

PWC 2017 CEO Survey


OR DO WE ?

MONEY ISN’T EVERYTHING

The human factor is for controls and vulnerabilities is


UNDERSTANDING IT SECURITY THREAT TO ORGANIZATION

Do non-security professionals in your organization understand the IT security threats that your organization faces today ?

33%

9%42%

13%3%

2017

Yes, and they are supportive of IT security initiatives

Yes, but they have to be dragged into the security discussion

It's a mixed bag, some of them are, some of them aren't

There are a few who get it, but most of them are clueless

What threats?

25%

10%

45%

17%3%

2016

DataUBM survey of security

professionals, June 2017


COMMUNICATINGPEOPLE

UNDERSTANDING


DEFINING:

CYBERSECURITY


FFIEC

NIST

ISACA


IS THISWHAT WE THINK OF?


FFIEC makes Cybersecurity a separate part of its

website

Cybersecurity assessment information

released

Business Continuity

Booklet updated

Cybersecurity Assessment Tool

Management Booklet Redone

Retail Payments Booklet revised

InTREx released Information Security Booklet Redone

CAT FAQ released

JUNE2014

NOV2014

FEB2015

APRIL2016

NOV2015

JUNE2015

JULY2016

SEPT2016

OCT2016

CAT 1.1 released

MAY2017


Senior Management Responsibility

Board Reports

Risk Management

Where are we?

Cybersecurity is part of:


WE MOVED TOO FAST

NEED TO WALK BEFORE WE RUN

$3.5Billion

$120Billion

012004 Cybersecurity market was

$3.5 Billion

022017 Cybersecurity market is projected

$120 Billion

Cybersecurity Ventures


8 to 10

Financial industry is likely more

Peak Resources 2016


AVOID ONE-USE TOOLSCONTROLS CAN HAVE MULTIPLE USES


WE NEED GREATER UNDERSTANDING:USE ANALOGIES


COMMON

UNDERSTANDING


UNDERSTANDING

COMMUNICATINGPEOPLE


COMMUNICATION

BUSINESS OR CYBERSECURITY?

2007 Cybersecurity did not rank in top 10

in C-suite concerns

2017 Cybersecurity was #1 (or top 3)

in C-suite concerns


SECURITY PROFESSIONALS’

GREATEST CONCERNS

01

02

03

04

05

06

Social engineeringPhishing, vishing, social network exploits

Targeted threatsAttacks that are targeted directly at the organization

Accidental data leaksPeople who fail to follow policy and leak data

MalwareMalware that evades signature-based defenses like anti-virus

RansomwareExtortion like ransomware that is perpetuated by outsiders

Data theft / sabotage

Data leaks that were done by insiders maliciously

UBM survey of security professionals, June 2017


SECURITY

GREATEST

AMOUNT OF

MONEY SPENT

01

02

03

04

05

06

Compliance

with regulation

Social Engineering

Accurately measure

organization’s

security posture or

risk

Vulnerabilities of

Applications

Internal mistakes

that cause loss of

compliance to

industry/regulators

Malware that

evades signature-

based defenses



MONEY SPENT

RANKED BY

I.S. STAFF

15Compliance

with

regulation

1Social Engineering

8Accurately measure

organization’s security

posture or risk

7Vulnerabilities of

Applications

10Internal mistakes that cause

loss of compliance to

industry/regulators

4Malware that evades

signature-based

defenses


BRIDGING THAT GAPTHE NEED FOR EDUCATION

Blackhat 2 / 70

FS-ISAC 9 / 90+


OUR DIFFERENCES

WHY DON’T THE IS/IT FOLK UNDERSTAND OUR INDUSTRY?

Most colleges only require 2 classes

concerning business or communication for a BS

in technology


DO THEY KNOW AS MUCH ABOUT BANKING AS YOU DO ABOUT TECH?


INVESTING IN YOUR TEAM

IS/IT ARE BANKERS, TOO!(BUT THEY MAY NEED A LITTLE HELP)


INVESTING IN YOUR TEAM

Understanding business = understanding budget

42%

37%

17%

4%

2017

Yes

No, we are little under budget

No, we are severely hampered by a lack of funding

Can you do spare some change?

36%

42%

14%

8%

2016

Sufficient Security Budget

Does your organization have enough security budget to defend itself

against current threats ?



TRAINING

How comfortable are your staff?

33%

61%

5% 1%

2017

Yes, I have all the skills I need to do my job

No, I can manage most tasks but I could still use some training

No, I feel ill-prepared for many of the threats or tasks I face each day

What training ?

Sufficient Training

Do you personally have enough training and skills to handle current

threats and perform all of the security job functions that are required of you

?

33%

57%

8% 2%

2016



Watching the watchmen

Keeping them up to date on

regulation and security

Measurables

UNDERSTANDING YOUR MSSP =

BETTER FOR BUSINESS


TIME, NOT MONEY

The business of community banking.Common understanding.

On the page with priorities.Strategic planning.


KNOWING WHEN

To say stop


CONCERNS

Let’s try it.


CONTACT ME

303-313-8143 303-291-3700

[email protected]

ANNE BENIGSENF V P – I S & I T, B A N K E R S ’ B A N K O F T H E W E S T

CYBERSECURITY - IBC...Booklet Redone Retail Payments Booklet revised InTREx released Information...

Documents

Transcript of CYBERSECURITY - IBC...Booklet Redone Retail Payments Booklet revised InTREx released Information...