Copyright © 2015 Raytheon Company. All rights reserved.

Customer Success Is Our Mission is a registered trademark of Raytheon Company.

Global Megatrends In

Cybersecurity:

A Survey of 1000 CxOs

Michael K. Daly

Chief Technology Officer

Cybersecurity & Special Missions

March 2015

Megatrends in Cybersecurity

Survey

Who we asked

1,006 CIOs, CISOs

Cross section of industries

North America, Europe, ME/NA

What we asked about

Evolving sources of cybersecurity risks

Intelligence enabled cybersecurity

Importance of cybersecurity to the business

Emerging technologies

Next-generation of organizational practices

Winning cybersecurity strategies

Links:– Report:

http://www.raytheon.com/news/rtnwcm/groups/gallery/documents/content/rtn_233811.pdf

– Infographic: http://www.raytheon.com/news/rtnwcm/groups/gallery/documents/content/rtn_233812.pdf

Several Interesting Trends and Factors Emerged4/20/2015 2

Global Megatrend #1

Cybersecurity will become a C-level priority

and a competitive advantage.

Some organizations are leading the way…

But there is a lot of room for improvement.

4/20/2015 3

Don’t overwhelm business leaders – focus on key metrics that get to the heart of

how cybersecurity impacts the business. “Dwell time” is the metric that works for us.

Global Megatrend #2

Cyber crime and Compliance costs will keep CISOs up at night

There will be significant increases in nation state attacks, cyber

warfare/terrorism, and breaches involving high value information.

But, risks from human factors will improve greatly.

4/20/2015 4

For these sophisticated threats, participate in threat information sharing and conduct

your own cyber analytics and intelligence, specific to your business.

Worsened State

Global Megatrend #3

Insider negligence risks are decreasing

With investments in technologies, training programs and visibility into what

employees are doing in the workplace.

4/20/2015 5

The decline in insider negligence should improve the signal-to-noise ratio to better

identify external threats that have gained access to internal resources.

Risk Impact to Organization in 3 Years

Lack of awareness of cybersecurity practices by 26%

Inability to control employees’ devices and apps by 28%

Employee complacency about cybersecurity by 33%

Inability to know what employees are doing in the workplace by 41%

Big shifts in technology towards big data analytics, forensics

and intelligence-based cyber solutions.

Global Megatrend #4

4/20/2015 6

Shifting technology priorities

Anti-virus and anti-malware by 15%

Encryption for data at rest by 27%

Big data analytics and behavioral profiling by 38%

SIEM and cybersecurity intelligence by 19%

Automated forensics tools by 21%

Top Cyber Threats by 2018

1. Zero-day attacks

2. Mobile malware/targeted attacks

3. Cloud data leakage

4. SQL injection

5. Phishing attacks

Big data analytics efforts are underway in government and in research … it is

unclear (to me) that we’ll see effective commercial products in the next three years.

Global Megatrend #5

The “Internet of Things” is here but organizations are slow to

address its security risks.

With consumers embracing more connected devices, information security

leaders predict that the “Internet of Things” will inspire some of the highest

impacting disruptive technologies in the near future.

4/20/2015 7

Organizations prepared for

the “Internet of Things” world

69% not prepared

Know what devices are being brought into your enterprise, what data is being

collected, and where that data is going.

http://www.dhs.gov/sites/default/files/publications/IoT%20Final%20Draft%20Report%2011-2014.pdf

Global Megatrend #6

The cyber talent gap will persist.

4/20/2015 8

Mentor, coach and encourage youth to consider a career in cybersecurity by

encouraging your staff to connect with their communities.

Organizations that need more

knowledgeable and

experienced information

security employees

66%Need More

Source: Raytheon’s 2014 Millennial Survey

Global Megatrend #7

Despite alarming media headlines over the last year,

cybersecurity postures are expected to improve.Governments are working to strengthen cyber regulations and information sharing,

coupled with investments in advanced and automated technologies. CISOs are

optimistic about their future cyber posture.

4/20/2015 9

Future state of your organization’s

security posture in 3 years

Will improve

64%

Stay the same 26%

Will decline 10%

Engage with government to access cyber threat information and assessment services.(http://www.dhs.gov/sites/default/files/publications/DHS%20Industry%20Resources_0.pdf)

A Bit More on Attack Types

Attacks expected to be less

prevalent in the next 3 years:

Botnet attacks

Clickjacking

MacOS malware/targeted attacks

Compromised trusted partners

Attacks on industrial control

systems

4/20/2015 10

Attacks expected to be most

prevalent in the next 3 years:

Zero day attacks

Cloud data leakage

Mobile malware/targeted attacks

SQL injections

Critical infrastructure attacks

A Bit More on Tool Importance

4/20/2015 11

Tool Today Future Change

Anti-virus/anti-malware 3.62 3.06 -0.56

Database scanning and monitoring 3.46 3.45 -0.01

Forensics (automated tools) 3.42 4.16 0.74

Identity & access management 3.42 3.49 0.07

ID & credentialing system 3.42 3.26 -0.16

Virtual private network (VPN) 3.39 3.24 -0.15

Threat intelligence feeds 3.38 4.01 0.63

Big data analytics 3.38 4.14 0.76

Data loss prevention (DLP) 3.37 2.99 -0.38

Endpoint and mobile device management 3.37 3.17 -0.2

Intrusion detection & prevention 3.36 3.38 0.02

URL or content filtering 3.36 3.31 -0.05

Access governance systems 3.36 3.55 0.19

Sandboxing or isolation tools 3.31 3.92 0.61

Encryption for data in motion 3.31 4.03 0.72

SIEM and cybersecurity intelligence 3.31 4.05 0.74

Perimeter or location surveillance 3.28 3.36 0.08

Next generation firewalls (NGFW) 3.28 3.93 0.65

Incident response tools 3.27 3.27 0

Configuration & log management 3.25 3.11 -0.14

Encryption for data at rest 3.25 4.13 0.88

Web application firewalls (WAF) 3.23 3.86 0.63

Device anti-theft solutions 3.22 3.14 -0.08

Automated policy generation 3.2 3.29 0.09

Tokenization tools 3.2 3.33 0.13

Tools that maybe aren’t

working as well as we

need:

AV

DLP

MDM

Tools to save our futures:

Encryption

Big data analytics

Intelligence (SIEM & feeds)

Forensics

Recommendations to CISOs

Engage your Leadership Team and Board of Directors in a cyber dialog focused on

risk to the business

Communicate key cyber metrics in ways management can understand. Consider

“dwell time” as the primary metric.

Participate in cyber threat information sharing communities.

Leverage analytics and automation technologies by focusing on the indicators of

risk in your business.

Know what devices (IoT and other BYOD) are being brought into your enterprise,

what data is being collected, and where that data is going.

Mentor, coach and encourage youth to consider a career in cybersecurity by

encouraging your staff to connect with their communities.

Engage with your government to access cyber threat information, training, and

assessment services.(http://www.dhs.gov/sites/default/files/publications/DHS%20Industry%20Resources_0.pdf)

4/20/2015 12

Know that cyber security can be your competitive advantage or your failure.