The CEO’s plain English guide to - NMTC · PDF fileThe CEO’s plain English guide...
Transcript of The CEO’s plain English guide to - NMTC · PDF fileThe CEO’s plain English guide...
The CEO’s plain English guide to
Learn: WHAT is the risk? WHY does it exist? HOW can we efficiently & effectively respond?
Protect: act now & encourage every business to do the same
Buy Maryland Cyber! Maryland’s outstanding industry can protect us
www.buymdcyber.com
Cyber = Digital Cybersecurity is digital security That’s it!
www.buymdcyber.com
3 Factors
Cybersecurity RISK = Valuable Digital Assets + Weaknesses + Formidable Threats
www.buymdcyber.com
Risk Factor #1
Stolen sensitive data (employee, customers, operational, financial) & intellectual property
Interrupted operation of systems controlled by computers
Potential damages from compromised assets Earnings loss from lost customers & delayed sales Reputation loss Legal costs
www.buymdcyber.com
Risk Factor #2
Business Equipment 82% website, 87% desktop, 84% laptop, 74% smartphone (NSBA)
Online activity 87% purchasing, 83% banking, 72% pay bills, 59% phone/skype
www.buymdcyber.com
Proliferation of software Vulnerability Types (SANS) Insecure interaction
between components
Risky resource management
Porous defenses
www.buymdcyber.com
… full of holes 2,289 enterprise software products from 539 vendors in 2013 review (Secunia) Vulnerabilities Detected 2,130 highly critical 13,073 total
US computer & electronic manufacturing exported to Asia to lower costs
Complex networks with many components Diffused, large & complex manufacturing supply
chains Every component carries potential for security risk
www.buymdcyber.com
Lack of situational
awareness Limited knowledge of
what to do/not do Low compliance in
online/offline behavior
www.buymdcyber.com
Risk Factor #3
Criminals, terrorists, hacktivists Readily available tools
Increasingly adept
Strong economic & political incentives
Cost advantage
Darknets
www.buymdcyber.com
www.buymdcyber.com
Hacking Malware Social Physical
Ranked in order of # 2013 incidents
www.buymdcyber.com
78% “low” & “very low” difficulty tactics & <1% “high” difficulty 92% of all incidents fit 9 patterns 75% of attacks are opportunistic 76% exploited lost/stolen credentials
Verizon 2013 & 2014 Breach Reports
www.buymdcyber.com
Assets + Weaknesses + Threats We’ve inadvertently enabled a 24/7 relentless global
assault on our valuable assets $500B+/year in financial damages
Funds Intellectual property
Attack frequency, variety & sophistication are increasing. We are losing ground.
www.buymdcyber.com
Here’s what you should do
Internet Users Perception of Security (Pew Institute) 23% “very secure” 46% “somewhat secure” 69% don’t get it 31% “not too secure” or “not at all secure.”
www.buymdcyber.com
MY business is not a target
The bad guys are too effective to stop
Others will solve it
No idea what to do
No affordable solution This is your company’s problem!
www.buymdcyber.com
Cyberpoint’s CyberVaR value-at-risk calculator Make informed decisions: Evaluating security investments Creating mitigation strategies Purchasing cyber security insurance
www.buymdcyber.com
Identify
Protect (Prevent)
Detect
Respond
Recover NIST cyber framework
www.buymdcyber.com
Protect: create & execute a Plan that fits your risk profile
Buy: Maryland Cyber. Create 10,000+ jobs
www.buymdcyber.com
Help Maryland: share this presentation & introduce cyber companies to businesses
www.buymdcyber.com