Security, Data Breach & The Bottome Line: A Forecast For Manufacturers & Distributors

Sponsored By: CBIZ & Mayer Hoffman McCann P.C. Husch Blackwell LLP UMB Bank

ARE YOU READY FOR LIFT OFF?

OR IS IT FAILURE TO LAUNCH?

KC Mathews, CFA Chief Investment Officer

umb.com | © 2015 UMB | p. 3

Insert real GDP growth slide

Economic Growth

umb.com | © 2015 UMB | p. 4 4

Drivers of Economic Growth

umb.com | © 2015 UMB | p. 5

Productivity

Manufacturing

Payrolls

umb.com | © 2015 UMB | p. 6

• Job Growth

• US Consumer

• Corporate Earnings

• Interest Rates/Yield Curve /

• Inflation • Geopolitical Risks

Scorecard of Broad Indicators

Current Read

2015 Broad Scorecard

Job Growth

umb.com | © 2015 UMB | p. 8

Unemployment Rate

Falling sharply

umb.com | © 2015 UMB | p. 9

Problematic

Marginally Employed

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCMSvn_nZisgCFUmRDQodoNQDcw&url=http://www.usnews.com/opinion/economic-intelligence/2014/05/29/hold-for-profit-colleges-accountable-with-gainful-employment-regulations&bvm=bv.103073922,d.cWw&psig=AFQjCNEwLbMdJ6nOYo79ZMEH-CC8N1qy3g&ust=1443013291476219

umb.com | © 2015 UMB | p. 10

Lending and Jobs

Lending leads job growth

U.S. Consumer

umb.com | © 2015 UMB | p. 12

Consumer Confidence

Approaching prior cycle highs

umb.com | © 2015 UMB | p. 13

Oil Price

Supports consumer spending

Corporate Earnings

umb.com | © 2015 UMB | p. 15

Business Optimism

Improving

umb.com | © 2015 UMB | p. 16

U.S. Dollar

Dollar strength

Interest Rates/ Yield Curve

umb.com | © 2015 UMB | p. 18

Lower for Longer

2014

2015

Inflation expectations low

umb.com | © 2015 UMB | p. 19

Contagion risk is “contained”

1. ECB accommodative policies 2. EU economy stronger

10 Year Yields

umb.com | © 2015 UMB | p. 20

US Yield Curve and Recessions

Usually inverts before recession

umb.com | © 2015 UMB | p. 21

FOMC Dot Plot

Lower for Longer

Inflation

umb.com | © 2015 UMB | p. 23

Core Inflation (PCE)

Currently below 2% Fed Target

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCOfUk9HaisgCFYITPgodkA8AJA&url=http://www.cagle.com/2011/04/relatively-modest-inflation/&bvm=bv.103073922,d.cWw&psig=AFQjCNF2qBcyhrvXOTCf9Y2xx-g_gC-0NA&ust=1443013545002878

umb.com | © 2015 UMB | p. 24

Wage Pressure

Inflation on the horizon?

Geopolitical Risks

umb.com | © 2015 UMB | p. 26 26

Geopolitical Risks

A B

D

C

G F

H E F

I

J

Equity Markets

umb.com | © 2015 UMB | p. 28

1986 1994

1999 2004

Rate Hike Cycles

umb.com | © 2015 UMB | p. 29

2015 -16 Forecast

2013 2014 2015 2016 GDP 1.5% 2.4% 2.5% 2.5 - 2.8% S&P 500 32% 14% 3-6% 6-10% 10-yr Treasury 3.00% 2.17% 2.50% 2.75% Fed Funds Rate 0.25% 0.25% 0.75% 1.50% Unemployment 6.7% 6.0% 5.1% 4.8%

2015 Cautiously Optimistic

umb.com | © 2015 UMB | p. 30

DISCLOSURE AND IMPORTANT CONSIDERATIONS UMB Investment Management is a division within UMB Bank, n.a. that manages active portfolios for employee benefit plans, endowments and foundations, fiduciary accounts and individuals. UMB Financial Services, Inc.* is a wholly owned subsidiary of UMB Financial Corporation and an affiliate of UMB Bank, n.a. UMB Bank, n.a., is an affiliate within the UMB Financial Corporation. This report is provided for informational purposes only and contains no investment advice or recommendations to buy or sell any specific securities. Statements in this report are based on the opinions of UMB Investment Management and the information available at the time this report was published. All opinions represent our judgments as of the date of this report and are subject to change at any time without notice. You should not use this report as a substitute for your own judgment, and you should consult professional advisors before making any tax, legal, financial planning or investment decisions. This report contains no investment recommendations and you should not interpret the statements in this report as investment, tax, legal, or financial planning advice. UMB Investment Management obtained information used in this report from third-party sources it believes to be reliable, but this information is not necessarily comprehensive and UMB Investment Management does not guarantee that it is accurate. All investments involve risk, including the possible loss of principal. Past performance is no guarantee of future results. Neither UMB Investment Management nor its affiliates, directors, officers, employees or agents accepts any liability for any loss or damage arising out of your use of all or any part of this report. “UMB” – Reg. U.S. Pat. & Tm. Off. Copyright © 2015. UMB Financial Corporation. All Rights Reserved. * Securities offered through UMB Financial Services, Inc. Member FINRA, SIPC or the Investment Banking Division of UMB Bank, n.a. Insurance products offered through UMB Insurance Inc. You may not have an account with all of these entities. Contact your UMB representative if you have any questions.

Securities and Insurance products are:

Not FDIC Insured * No Bank Guarantee * Not a Deposit * Not Insured by any Government Agency * May Lose Value

Thank You


WADE KERRIGAN, PARTNER KRIS KAPPEL, PARTNER

DEBORAH JUHNKE, DIRECTOR OF INFORMATION GOVERNANCE CONSULTING CHRISTOPHER BUDKE, SPECIAL INVESTIGATOR


The World We Live In


Cybersecurity is in large part an “Anthropology Issue”

The U.S. Navy will graduate its first class in 40 years in how to use the sextant

What will we do if our information is not trustworthy?

Mike Rogers, former Chair, House Intelligence Committee


You are an IT Organization by Default

“If you went to bed last night as an industrial company, you’re going to wake up this morning as a software and analytics company.”

Jeffery Immelt, Chairman & CEO, General Electric


What is the Reach of Your Network?

Unknown Depth and Scope


5 to 10 Times the Impact of the Internet*

*John Chambers, Executive Chairman, Cisco Systems

Forbes

Scope of the World Wide Web

The Internet

The “Deep Web”

“Darknet” The Tor Network


Massive Global Malicious Exploitation

“There are two types of big companies in the U.S., those that have been hacked….and those who don’t know they have been hacked.”

James Comey, FBI Director


Fairly Ugly Reality Malicious traffic is visible on 100% of corporate networks

Cisco, 2014 Annual Security Report

93% of employees knowingly violate cyber security policies Corporate Executive Board

23% of cyber security incidents are purposely caused by insiders Carnegie Mellon University 2013 State of U.S. Cybercrime Survey

Average time to discovery of a cyber breach is now 205 days Mandiant M-Trends Report 2015


General Counsel Meeting


Ready Corp.

• $500M annual revenue • Manufacturing company • Domestic & overseas import/export • 2500 employees


Exploration and Risk Assessment


Security

Legal

Forensic

Law Enforcement

Regulators

Insurance Coverage

Public Relations

Stakeholders

Notifications

Personnel Management

10 Activity Channels for Breach Response


Security Issues in Third-party Contracting

Next Steps

Understand what you have

Examine your risks

Plan for the inevitable breach

Ensure third-party contractors comply


1 in 3. That’s the odds of a manufacturing company being targeted for a cyber attack.

*Symantec 2014 Internet security threat report


Agenda • Introduction • Types of attacks • Recent Attacks • A false sense of security • Vulnerabilities • Prevention/Mitigation


Introduction

Cyber attacks cost companies $400 billion every year across the globe. * Fortune January 23, 2015


What is Cybersecurity?

Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access.


Types of Attacks

Types of Attacks (Motivations)

Types of Attacks

Types of Attacks

* Verizon 2015 data breach investigations report


Recent Attacks


Recent Attacks

• Target Breach – Cost to Target > $500 million – Gained access via vendor – Email Phishing attack used


Recent Attacks • German Steel Mill

– Blast furnace lockdown and takeover causing significant damage

– Targeted control systems within facility – Email Phishing attack used


Recent Attacks

– 80 million records compromised, included Social Security Numbers, address, name, date of birth and much more.

– Email Phishing attack used to obtain credentials for administrator accounts.

– Records not encrypted within the database. – Cost to Anthem so far well over $100 million just to notify

customers.


Recent Attacks • Office of Personnel Management (OPM)

– 21.5 million records compromised, included Social Security Numbers and other sensitive information.

– Stolen credentials allowed hackers to install malware.

– Evidence possibly points to a state sponsored attack.

Think Kansas City is safe?


A false sense of security • I am too small to be attacked. The smaller the business

is, the easier it is to hack. Smaller companies might not have the technological sophistication and have become prime targets.


A false sense of security • Why would someone attack our ERP, CRM, SCM or HR

systems? – Because of the Information they store - Manufacturing

recipes, HR data, credit cards, financial results, etc. • As holders of the world’s leading intellectual property,

including designs, patents, and trade secrets, manufacturers are consistently targeted by cyber thieves.


Risk of Falling for Social Engineering Attack

60%

44%

38%

33% 32%

23%

New employeesContractorsExecutive assistantsHuman resourcesBusiness leadersIT personnel


Vulnerabilities

Vulnerabilities • > 325 Industrial Control

System (ICS) cyber incidents in 2014.

• Ranged from significant discharges to significant equipment damage to even deaths.

• Very few ICS specific cyber security technologies, trainings and policies.

• > 1,000,000 ICS devices directly connected to the internet ( as of 2013)

Vulnerabilities


Prevention/Mitigation

• Don’t let an attack drive change • Vendor Security • Business Continuity and Disaster

Preparedness • Cyber Liability Insurance • Network Vulnerability Assessments



1. Maintain an accurate inventory of control system devices and eliminate any exposure of the equipment to external networks.

2. Implement network segmentation and apply firewalls.

3. Use secure remote access methods.

4. Establish role-based access controls and implement system logging.



5. Use only strong passwords, change default passwords, and consider other access controls.

6. Maintain awareness of vulnerabilities and implement necessary patches and updates.

7. Develop and enforce policies on mobile devices.



8. Implement an employee cybersecurity training program

9. Involve executives in cybersecurity.

10. Implement measures for detecting compromises and develop a cybersecurity incident response plan.


Next Steps • Valuable resources

– The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)

• https://ics-cert.us-cert.gov/ – NIST - Computer Security Resource Center

(CSRC) • http://csrc.nist.gov/

https://ics-cert.us-cert.gov/

http://csrc.nist.gov/


Questions?

Michael Hannan, CISA Manager – CBIZ MHM, LLC 700 W. 47th Street, Suite 1100 Kansas City, MO 64112 Direct: (816) 945-5668 Email: [email protected]

Security, Data Breach & The Bottome Line: A Forecast For Manufacturers & Distributors

Business

Transcript of Security, Data Breach & The Bottome Line: A Forecast For Manufacturers & Distributors