The CEO’s plain English guide to

Learn: WHAT is the risk? WHY does it exist? HOW can we efficiently & effectively respond?

Protect: act now & encourage every business to do the same

Buy Maryland Cyber! Maryland’s outstanding industry can protect us

www.buymdcyber.com

Cyber = Digital Cybersecurity is digital security That’s it!

www.buymdcyber.com

3 Factors

Cybersecurity RISK = Valuable Digital Assets + Weaknesses + Formidable Threats

www.buymdcyber.com

Risk Factor #1

Stolen sensitive data (employee, customers, operational, financial) & intellectual property

Interrupted operation of systems controlled by computers

Potential damages from compromised assets Earnings loss from lost customers & delayed sales Reputation loss Legal costs

www.buymdcyber.com

Risk Factor #2

Business Equipment 82% website, 87% desktop, 84% laptop, 74% smartphone (NSBA)

Online activity 87% purchasing, 83% banking, 72% pay bills, 59% phone/skype

www.buymdcyber.com

Proliferation of software Vulnerability Types (SANS) Insecure interaction

between components

Risky resource management

Porous defenses

www.buymdcyber.com

… full of holes 2,289 enterprise software products from 539 vendors in 2013 review (Secunia) Vulnerabilities Detected 2,130 highly critical 13,073 total

US computer & electronic manufacturing exported to Asia to lower costs

Complex networks with many components Diffused, large & complex manufacturing supply

chains Every component carries potential for security risk

www.buymdcyber.com

Lack of situational

awareness Limited knowledge of

what to do/not do Low compliance in

online/offline behavior

www.buymdcyber.com

Risk Factor #3

Criminals, terrorists, hacktivists Readily available tools

Increasingly adept

Strong economic & political incentives

Cost advantage

Darknets

www.buymdcyber.com

www.buymdcyber.com

Hacking Malware Social Physical

Ranked in order of # 2013 incidents

www.buymdcyber.com

78% “low” & “very low” difficulty tactics & <1% “high” difficulty 92% of all incidents fit 9 patterns 75% of attacks are opportunistic 76% exploited lost/stolen credentials

Verizon 2013 & 2014 Breach Reports

www.buymdcyber.com

Assets + Weaknesses + Threats We’ve inadvertently enabled a 24/7 relentless global

assault on our valuable assets $500B+/year in financial damages

Funds Intellectual property

Attack frequency, variety & sophistication are increasing. We are losing ground.

www.buymdcyber.com

Here’s what you should do

Internet Users Perception of Security (Pew Institute) 23% “very secure” 46% “somewhat secure” 69% don’t get it 31% “not too secure” or “not at all secure.”

www.buymdcyber.com

MY business is not a target

The bad guys are too effective to stop

Others will solve it

No idea what to do

No affordable solution This is your company’s problem!

www.buymdcyber.com

Cyberpoint’s CyberVaR value-at-risk calculator Make informed decisions: Evaluating security investments Creating mitigation strategies Purchasing cyber security insurance

www.buymdcyber.com

Identify

Protect (Prevent)

Detect

Respond

Recover NIST cyber framework

www.buymdcyber.com

Protect: create & execute a Plan that fits your risk profile

Buy: Maryland Cyber. Create 10,000+ jobs

www.buymdcyber.com

Help Maryland: share this presentation & introduce cyber companies to businesses

www.buymdcyber.com