SlideShare a Scribd company logo

FINAL_Cybersecurity Project (1)

Download as PPTX, PDF
L
Lulu Chang
1 of 44
Developing Egon Zehnder’s role in cybersecurity securing cyberspace Consultants: Kal Bittianda, Selena LaCroix Project Mentor: Karena Man Intern Team: Lulu Chang, Kayla Kesslen, Emmeline Kim march 2014
2© 2014 Egon Zehnder Agenda 1 Overview of Cybersecurity 2 Disturbing Trends 3 State of the CISO Role 4 The Egon Zehnder Solution
3© 2014 Egon Zehnder overview of cybersecurity
4© 2014 Egon Zehnder Increased complexity and interconnectivity Growing dependence on cyber platforms and mobile devices Incomplete understanding of the problem Lack of preparedness to respond to attacks The Cybersecurity Problem
5© 2014 Egon Zehnder Far Reaching Consequences Cybersecurity impacts everyone • All companies are vulnerable • Huge economic implications for hacked companies • Security breaches compromise customer trust and loyalty Cybersecurity Breach • Companies lose data • Customers lose trust Company Costs • Recovery costs: $136/record (2013) • Compensation costs Overall Loss • Customer loyalty • Payout *Credit.com
6© 2014 Egon Zehnder No Industry is Safe Government Retail *CNN Money and the NY Times
7© 2014 Egon Zehnder disturbing trends
8© 2014 Egon Zehnder Growth Trends of Access Points 0 40 80 120 160 200 2006 2007 2008 2009 2010 2011 CreditCardsIssued(millions) U.S. Issued Credit Cards 0 10 20 30 40 50 60 70 80 %ofMobilePhones U.S. Smartphone Penetration Feature Phones Smartphones 0 20 40 60 80 100 120 140 160 180 200 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 Billions(USD) E-Commerce Growth C2C B2C *The Economist, Nielsen, ATKearney and TMCnews
9© 2014 Egon Zehnder Trends in Tandem 40 60 80 100 120 140 2006 2007 2008 2009 2010 2011 CostinBillionsUSD Data Breach Costs for U.S. Companies 52% of smartphones used are company issued 48% of midsized companies ($50m - $1b) are on the cloud iPhone released Over 120 million credit cards issued per year 1st publically available LTE service launched *The Ponemon Institute
10© 2014 Egon Zehnder Are CIOs Desensitized or Disconnected? Today, cybersecurity ranks No. 9 on the list of CIO priorities 10 years ago, it ranked No. 1 CIOs are becoming LESS concerned with cybersecurity 67% of small & medium businesses believe they are secure Only 9% protect employees’ smart phones 88% of large businesses are confident with security But 28% don’t know or have security crisis plans 1. National Cyber Security Alliance & Symantec survey 2. BAE Systems survey 3. Gartner Inc. survey 1 3 1 2
11© 2014 Egon Zehnder state of the CISO role
12© 2014 Egon Zehnder The Modern Technology Officer Works Across Industries 33% 54% 70% of technology executives at Fortune 100 companies have transitioned in past 3 years of this turnover was in the financial services and retail sectors of recent hires were external placements of external hires entered an industry in which they had no prior experience 43% *Based on data analysis of the Fortune 100 companies
13© 2014 Egon Zehnder Global, Unrecognized Need for a Company CISO CISOs Only 16% of Fortune 100 companies currently have a CISO *Based on data analysis of the Fortune 100 companies
14© 2014 Egon Zehnder Breakdown of Fortune 100 CISOs 60% 70% 30% of CISOs were hired in the last 3 years of CISOs were external hires who entered a new industry of CISOs work in the Financial Services sector Source: Genesys *Based on data analysis of the Fortune 100 companies
15© 2014 Egon Zehnder Where the CISO Fits Today CIO VP of Infrastructure Implementation Operation CISO Infosecurity *Refer to Appendix slide 38 for more information
16© 2014 Egon Zehnder Evolution of the Best-in-Class CISO Hard technology skills Information retention Introverted Behind the scenes Dr. No Interdisciplinary approach Facilitator Yesterday (2008) Today Extroverted Influence Board and CIO Hard technology skills Auxiliary role Executive level position
17© 2014 Egon Zehnder the Egon Zehnder solution
18© 2014 Egon Zehnder An Effective Response Includes… Global Awareness • European Chip & PIN system  decreased card fraud • US has no official regulations, unlike Europe Ongoing Vigilance • Protecting points of access: • Mobile platforms • Credit cards • Cloud computing Executive Collaboration • Company-wide cooperation • An engaged board • C-suite awareness • Cybersecurity on everyone’s agenda 1 1. Refer to Appendix slides 40 – 41
19© 2014 Egon Zehnder An Offense and a Defense Responses can be… Proactive Anticipate and find weaknesses before breaches happen Maintain ongoing dialogue between technology and business Include C-Suite and the Board in company-wide culture of vigilance Reactive Reputation and brand management Offering customer kickbacks Lawsuits * Cited statistics from https://www.baesystemsdetica.com/news/bae-systems-applied-intelligence-reveals-that-60-of-us-businesses-have-incr/
20© 2014 Egon Zehnder Different Models, Different Talent Considerations High volume transactions High value transactions Highly regulated Self regulated Premium IP Mass media IP Controlled access Highly broadcast
21© 2014 Egon Zehnder Egon Zehnder CISO Placements in North America Omar Khawaja Keith Wilson Kevin McGee • Location: USA • Placed as CISO for a $15.2 billion managed healthcare company • Former Head of Product Marketing for Security Solutions at Verizon Communications • Location: Canada • Placed as CISO for an $840 million data processing and outsourced services company • Former Global CISO at TIAA-CREF, a leading retirement provider • Location: USA • Placed as CISO for the $2.5 billion holding company for CIT Band • Former CISO and VP of Information Security at Freddie Mac
22© 2014 Egon Zehnder Egon Zehnder CISO Placements Globally AJ Charbonneau Pär Gunnarsson Ben Heyes • Location: France • Placed as Global CSO for a $165 financial services company • Former Global Chief Information Security officer at Standard Bank • Location: Sweden • Placed as CSO for an $35 billion communications company • Former Director of Security at Tele2, an international telecommunications company • Location: Australia • Placed as CISO for the $33 million national broadband company • Former Head of Security Architecture & Service Planning at Australian National Bank Jaya Baloo • Location: Netherlands • Placed as CISO for an $11.6 billion telecommunication services company • Former Professional Services Manager of Secure Mobility and Consumer IDM at Verizon Business
23© 2014 Egon Zehnder appendix
24© 2014 Egon Zehnder Target 110 million affected by security breach Offered 10% discount to customers for a profit loss January 2014 Offered customers a free year of credit monitoring Estimated $1 billion in costs Earnings dropped 46% after data breach No industry is safe
25© 2014 Egon Zehnder Personal information stolen from 400,000 bank executives Hackivist collective “anonymous” claimed they were responsible February 2013 Personal information was published to a Twitter account Hackers gained access to the contact database used for emergencies Government often targeted for attack No industry is safe
26© 2014 Egon Zehnder Iran infiltrated the Navy Marine Corps Intranet Took the Navy 4 months to purge the hackers September 2013 Network has 800,000 users and 2,500 locations Cost the government $10 million for initial repairs New protective security measures totaled at more than $100 million No industry is safe *Information obtained from the Wall Street Journal
27© 2014 Egon Zehnder 3 New York- based nursing homes exposed to cyber attack Customer info found in documents posted on 4shared.com, a free file- sharing site February 2014 Documents allow hackers to easily obtain medical records and payment info Accessed info by breaking into SigmaCare software, designed by a NY based company Emerging problem with the push to digitize medical records No industry is safe *Information obtained from the Wall Street Journal
28© 2014 Egon Zehnder Snapchat 4.6 million users data was leaked The data was published to a website called Snapchat.DB .info January 2014 Gibson Security, an internet security group, predicted the breach There was a vulnerability in the Snapchat’s friend-finder feature Hackers’ motivation was to raise awareness No industry is safe
29© 2014 Egon Zehnder Customer data was accessed by hackers User names, passwords, emails, addresses and phone numbers compromised February 2014 Unauthorized activity occurred on 2 users’ accounts Have since improved security procedures and systems Waited until breach was closed and investigated before notifying users No industry is safe *Information obtained from the Wall Street Journal
30© 2014 Egon Zehnder Points of Access – Credit Cards 0 40 80 120 160 200 2006 2007 2008 2009 2010 2011 CreditCardsIssued(millions) Credit Cards Issued in the U.S.
31© 2014 Egon Zehnder Points of Access – Mobile Platforms 71 70 70 66 64 62 63 59 58 57 57 56 56 54 52 52 50 29 30 30 35 36 38 37 40 41 42 43 44 44 46 48 48 50 0 10 20 30 40 50 60 70 80 Oct - 10 Nov - 10Dec - 10 Jan - 11 Feb - 11 Mar - 11 Apr - 11 May - 11 Jun - 11 Jul - 11 Aug - 11 Sep - 11 Oct - 11 Nov - 11 Dec - 11 Jan -12 Feb - 12 PercentageofMobilePhones U.S. Smartphone Penetration Feature Phones Smartphones By February of 2012, 50% of users were using smartphones rather than feature phones
32© 2014 Egon Zehnder Points of Access – Mobile Payments 1 5 13 26 41 57 71 17 28 42 57 72 88 105 0 20 40 60 80 100 120 140 160 180 200 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 Billions(USD) E-Commerce Growth C2C B2C
33© 2014 Egon Zehnder Points of Access – Cloud Computing
34© 2014 Egon Zehnder Growing need for Technology Officers Spike in 2004 likely due to Google’s IPO, prompting a new interest in the cyber world and its capacities Spike in 2008 likely due to stock market crash, prompting an increased concern with asset protection 0 2 4 6 8 10 12 14 16 18 20 1998 2000 2002 2004 2006 2008 2010 2012 2014 Technology Officers Hired Since 2000 *Based on data analysis of the Fortune 100 companies
35© 2014 Egon Zehnder Comparison of CISO Presence to Security Breach Rate 0.00% 10.00% 20.00% 30.00% 40.00% Financial Services Consumer Goods Retail Healthcare Security Breach by Industry (2012) CISOs as a % of Technology Officers by Industry *Based on data analysis of the Fortune 100 companies
36© 2014 Egon Zehnder Spending Alone is Insufficient *Y-axis = number of deals completed in 2012 * Periwinkle line (top) = total number of transactions in 2012
37© 2014 Egon Zehnder Global Differences U.S. Europe
38© 2014 Egon Zehnder The Price to Pay 0 50 100 150 200 250 2004 2005 2006 2007 2008 2009 2010 USD(millions) UK-Issued Credit Card Fraud Losses 0 0.02 0.04 0.06 0.08 0.1 2004 2005 2006 2007 2008 2009 2010 Percent US-Issued Credit Card Fraud Rates *Information obtained from The Federal Reserve Bank of Atlanta
39© 2014 Egon Zehnder Magnetic Stripe Technology vs. Chip & PIN U.S. Technology • Magnetic stripe used to record data • Requires signature for verification Problems • Swipe information can be compromised • Signature can be forged Europe, Australia, Canada Technology • Embedded microchip in credit/debit cards • Require PIN for verification Solutions • Relies on “tap” system • PIN cannot be forged
40© 2014 Egon Zehnder Responsibilities by role CIO Set vision & strategy • Business driver • Vision for technology needs • Relationship-building prowess • Communication • Taste of different departments VP of Infrastructure Implement operations • Reduce duplication of effort • Ensure adherence to standards • Enhance flow of information • Promote adaptability • Ensure interoperability • Maintain effective change management policies and practices CISO Safeguard security • Establish & monitor security operations • Develop & maintain security policies, procedures, and control techniques • Comply with external cybersecurity laws and audits
41© 2014 Egon Zehnder Ongoing Vigilance Protect Points of Access Cloud Computing Mobile Platforms Credit Cards
42© 2014 Egon Zehnder Executive Cooperation Board Cooperation The Board must be equally engaged in making cybersecurity a priority Security is not a one- person job Requires company wide collaboration C-Suite Awareness CEOs, CIOs and CISOs must be on the same page But needs the right person at the helm
43© 2014 Egon Zehnder Kevin McGee Location: Miami, Florida Education: BS, Management Information Systems, Drexel University Professional Experience: 2013 – present Davis + Henderson Chief Security Information Officer 2011 – 2013 TIAA – CREF Global Chief Information Security Officer 2007 – 2011 Broadridge Financial Solutions Chief Security Officer 2005 – 2007 Citigroup Private Bank Global Head, IT Risk 2001– 2005 JP Morgan Chase Information Security Officer 1996 – 2001 AstraZeneca Plc Information Security Officer 1997 – 1998 TSA, Inc. Senior Security Architect Location: New Jersey Education: MS, Computer Information Systems, Loyalist College, Canada BS, Computer Information Systems, Champlain College, Canada Professional Experience: 2011 – present CIT Group 2013 – present Chief Information Risk Officer 2010 – 2013 Senior Vice President, IT Risk and Security and Chief Information Security Officer 2009 – 2011 Freddie Mac Chief Information Security Officer and Vice President, Information Security 2002 – 2008 Lehman Brothers Holdings, Inc. 2004 – 2008 Chief Information Security Officer, Lehman Brothers Bank 2002 – 2004 Advisor, Senior Security and Consultant, Lehman Brothers Bank 2001 – 2002 The Goldman Sachs Group, Inc. Manager, Threat and Vulnerability, Investment Banking 2000 – 2000 Ernst & Young LLP Management Consultant 1997 – 2000 Credit Suisse Group Manager, Security Architecture and Engineering, Americas and Asia, Credit Suisse First Boston 1996 – 1997 AT&T Consultant, Information Technology and Manager, Security Administration 1993 – 1996 Government of Canada Analyst, Senior Security, Ontario Ministry of Health Keith Wilson Sample Profiles
44© 2014 Egon Zehnder Cybersecurity moving forward Consider hiring a company CISO Search beyond talent within company to fill CISO role Experience in the financial services sector especially relevant for cybersecurity matters

Recommended

Enisa report guidelines for securing the internet of things
Enisa report guidelines for securing the internet of thingsEnisa report guidelines for securing the internet of things
Enisa report guidelines for securing the internet of things
najascj
 
Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsSecurity and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of things
IRJET Journal
 
Io t business-index-2020-securing-iot
Io t business-index-2020-securing-iotIo t business-index-2020-securing-iot
Io t business-index-2020-securing-iot
ramesh209
 
IRJET- An Alert System for Home Security based on Internet of Thing
IRJET- An Alert System for Home Security based on Internet of ThingIRJET- An Alert System for Home Security based on Internet of Thing
IRJET- An Alert System for Home Security based on Internet of Thing
IRJET Journal
 
Code of practice_for_consumer_io_t_security_october_2018
Code of practice_for_consumer_io_t_security_october_2018Code of practice_for_consumer_io_t_security_october_2018
Code of practice_for_consumer_io_t_security_october_2018
Дзвенислава Карплюк
 
Research insights - state of network security
Research insights - state of network securityResearch insights - state of network security
Research insights - state of network security
Miguel Mello
 
76 s201917
76 s20191776 s201917
76 s201917
IJRAT
 
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
CableLabs
 

Recommended

Enisa report guidelines for securing the internet of things
Enisa report guidelines for securing the internet of thingsEnisa report guidelines for securing the internet of things
Enisa report guidelines for securing the internet of things
najascj
 
Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsSecurity and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of things
IRJET Journal
 
Io t business-index-2020-securing-iot
Io t business-index-2020-securing-iotIo t business-index-2020-securing-iot
Io t business-index-2020-securing-iot
ramesh209
 
IRJET- An Alert System for Home Security based on Internet of Thing
IRJET- An Alert System for Home Security based on Internet of ThingIRJET- An Alert System for Home Security based on Internet of Thing
IRJET- An Alert System for Home Security based on Internet of Thing
IRJET Journal
 
Code of practice_for_consumer_io_t_security_october_2018
Code of practice_for_consumer_io_t_security_october_2018Code of practice_for_consumer_io_t_security_october_2018
Code of practice_for_consumer_io_t_security_october_2018
Дзвенислава Карплюк
 
Research insights - state of network security
Research insights - state of network securityResearch insights - state of network security
Research insights - state of network security
Miguel Mello
 
76 s201917
76 s20191776 s201917
76 s201917
IJRAT
 
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
CableLabs
 
ΤΕΕ: Απολογιστικά στατιστικά Ν. 4178 - αυθαίρετα
ΤΕΕ: Απολογιστικά στατιστικά Ν. 4178 - αυθαίρεταΤΕΕ: Απολογιστικά στατιστικά Ν. 4178 - αυθαίρετα
ΤΕΕ: Απολογιστικά στατιστικά Ν. 4178 - αυθαίρετα
Panayotis Sofianopoulos
 
Omtrek puntenverzameling v2
Omtrek puntenverzameling v2Omtrek puntenverzameling v2
Omtrek puntenverzameling v2
Patrick ten Bruggencate
 
aan
aanaan
aan
Mary Beth Levin
 
resume2016
resume2016resume2016
resume2016
John Breyel, MBA
 
ΙΚΑ, εξαιρετικά επείγουσα Εγκύκλιος 43/16
ΙΚΑ, εξαιρετικά επείγουσα Εγκύκλιος 43/16ΙΚΑ, εξαιρετικά επείγουσα Εγκύκλιος 43/16
ΙΚΑ, εξαιρετικά επείγουσα Εγκύκλιος 43/16
Panayotis Sofianopoulos
 
1 aspectos generales (1)
1 aspectos generales (1)1 aspectos generales (1)
1 aspectos generales (1)
Edwin Guzman Diestra
 
De-Mystifying Big Data
De-Mystifying Big DataDe-Mystifying Big Data
De-Mystifying Big Data
Prasad Mavuduri
 
Βασικά Στοιχεία Θεμελιώδους και Τεχνικής Ανάλυσης
Βασικά Στοιχεία Θεμελιώδους και Τεχνικής ΑνάλυσηςΒασικά Στοιχεία Θεμελιώδους και Τεχνικής Ανάλυσης
Βασικά Στοιχεία Θεμελιώδους και Τεχνικής Ανάλυσης
Panayotis Sofianopoulos
 
Aparato circulatorio
Aparato circulatorioAparato circulatorio
Aparato circulatorio
Andrea MA
 
ΙΝΕΜΥ - ΕΣΕΕ: Αποτελέσματα ενδιάμεσων εκπτώσεων και Κυριακών
ΙΝΕΜΥ - ΕΣΕΕ: Αποτελέσματα ενδιάμεσων εκπτώσεων και ΚυριακώνΙΝΕΜΥ - ΕΣΕΕ: Αποτελέσματα ενδιάμεσων εκπτώσεων και Κυριακών
ΙΝΕΜΥ - ΕΣΕΕ: Αποτελέσματα ενδιάμεσων εκπτώσεων και Κυριακών
Panayotis Sofianopoulos
 
5 Google Analytics Features You Should Be Using
5 Google Analytics Features You Should Be Using5 Google Analytics Features You Should Be Using
5 Google Analytics Features You Should Be Using
MatchCraft
 
Company profile pres (2)
Company profile pres (2)Company profile pres (2)
Company profile pres (2)
CreativeDesign Mena
 
Побудова діаграм в ЕТ EXCEL
Побудова діаграм в ЕТ EXCELПобудова діаграм в ЕТ EXCEL
Побудова діаграм в ЕТ EXCEL
tanya-m
 
Suchindra cv
Suchindra cvSuchindra cv
Suchindra cv
suchindra samavedam
 
2016-02-10 Agile Talks #12 - Adaptive Planning
2016-02-10 Agile Talks #12 - Adaptive Planning2016-02-10 Agile Talks #12 - Adaptive Planning
2016-02-10 Agile Talks #12 - Adaptive Planning
Mihai Olaru
 
Tim Tam 50th Anniversary Campaign Revised
Tim Tam 50th Anniversary Campaign RevisedTim Tam 50th Anniversary Campaign Revised
Tim Tam 50th Anniversary Campaign Revised
matthew164217
 
3D Media Group Clients
3D Media Group Clients3D Media Group Clients
3D Media Group Clients
ms emporda
 
Tarek Sadaka_IE application_ Express Yourself_Question J
Tarek Sadaka_IE application_ Express Yourself_Question JTarek Sadaka_IE application_ Express Yourself_Question J
Tarek Sadaka_IE application_ Express Yourself_Question J
Tarek Sadaka
 
ΣΕΒ, Δελτίο 21-12-16
ΣΕΒ, Δελτίο 21-12-16ΣΕΒ, Δελτίο 21-12-16
ΣΕΒ, Δελτίο 21-12-16
Panayotis Sofianopoulos
 
Q1 evaluation 1
Q1 evaluation 1Q1 evaluation 1
Q1 evaluation 1
Wellsy0130
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Eric Vanderburg
 
Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...
XeniT Solutions nv
 

More Related Content

Viewers also liked

Viewers also liked (20)

ΤΕΕ: Απολογιστικά στατιστικά Ν. 4178 - αυθαίρετα
ΤΕΕ: Απολογιστικά στατιστικά Ν. 4178 - αυθαίρεταΤΕΕ: Απολογιστικά στατιστικά Ν. 4178 - αυθαίρετα
ΤΕΕ: Απολογιστικά στατιστικά Ν. 4178 - αυθαίρετα
 
Omtrek puntenverzameling v2
Omtrek puntenverzameling v2Omtrek puntenverzameling v2
Omtrek puntenverzameling v2
 
aan
aanaan
aan
 
resume2016
resume2016resume2016
resume2016
 
ΙΚΑ, εξαιρετικά επείγουσα Εγκύκλιος 43/16
ΙΚΑ, εξαιρετικά επείγουσα Εγκύκλιος 43/16ΙΚΑ, εξαιρετικά επείγουσα Εγκύκλιος 43/16
ΙΚΑ, εξαιρετικά επείγουσα Εγκύκλιος 43/16
 
1 aspectos generales (1)
1 aspectos generales (1)1 aspectos generales (1)
1 aspectos generales (1)
 
De-Mystifying Big Data
De-Mystifying Big DataDe-Mystifying Big Data
De-Mystifying Big Data
 
Βασικά Στοιχεία Θεμελιώδους και Τεχνικής Ανάλυσης
Βασικά Στοιχεία Θεμελιώδους και Τεχνικής ΑνάλυσηςΒασικά Στοιχεία Θεμελιώδους και Τεχνικής Ανάλυσης
Βασικά Στοιχεία Θεμελιώδους και Τεχνικής Ανάλυσης
 
Aparato circulatorio
Aparato circulatorioAparato circulatorio
Aparato circulatorio
 
ΙΝΕΜΥ - ΕΣΕΕ: Αποτελέσματα ενδιάμεσων εκπτώσεων και Κυριακών
ΙΝΕΜΥ - ΕΣΕΕ: Αποτελέσματα ενδιάμεσων εκπτώσεων και ΚυριακώνΙΝΕΜΥ - ΕΣΕΕ: Αποτελέσματα ενδιάμεσων εκπτώσεων και Κυριακών
ΙΝΕΜΥ - ΕΣΕΕ: Αποτελέσματα ενδιάμεσων εκπτώσεων και Κυριακών
 
5 Google Analytics Features You Should Be Using
5 Google Analytics Features You Should Be Using5 Google Analytics Features You Should Be Using
5 Google Analytics Features You Should Be Using
 
Company profile pres (2)
Company profile pres (2)Company profile pres (2)
Company profile pres (2)
 
Побудова діаграм в ЕТ EXCEL
Побудова діаграм в ЕТ EXCELПобудова діаграм в ЕТ EXCEL
Побудова діаграм в ЕТ EXCEL
 
Suchindra cv
Suchindra cvSuchindra cv
Suchindra cv
 
2016-02-10 Agile Talks #12 - Adaptive Planning
2016-02-10 Agile Talks #12 - Adaptive Planning2016-02-10 Agile Talks #12 - Adaptive Planning
2016-02-10 Agile Talks #12 - Adaptive Planning
 
Tim Tam 50th Anniversary Campaign Revised
Tim Tam 50th Anniversary Campaign RevisedTim Tam 50th Anniversary Campaign Revised
Tim Tam 50th Anniversary Campaign Revised
 
3D Media Group Clients
3D Media Group Clients3D Media Group Clients
3D Media Group Clients
 
Tarek Sadaka_IE application_ Express Yourself_Question J
Tarek Sadaka_IE application_ Express Yourself_Question JTarek Sadaka_IE application_ Express Yourself_Question J
Tarek Sadaka_IE application_ Express Yourself_Question J
 
ΣΕΒ, Δελτίο 21-12-16
ΣΕΒ, Δελτίο 21-12-16ΣΕΒ, Δελτίο 21-12-16
ΣΕΒ, Δελτίο 21-12-16
 
Q1 evaluation 1
Q1 evaluation 1Q1 evaluation 1
Q1 evaluation 1
 

Similar to FINAL_Cybersecurity Project (1)

Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...
XeniT Solutions nv
 
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainWhy You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
EC-Council
 
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
SolarWinds
 
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
James Fisher
 
Gartner Information Security Summit Brochure
Gartner Information Security Summit BrochureGartner Information Security Summit Brochure
Gartner Information Security Summit Brochure
trunko
 
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesPete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
AugmentedWorldExpo
 

Similar to FINAL_Cybersecurity Project (1) (20)

Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
 
Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...
 
netwealth and Sense Of Security webinar: What you need to know about cyber se...
netwealth and Sense Of Security webinar: What you need to know about cyber se...netwealth and Sense Of Security webinar: What you need to know about cyber se...
netwealth and Sense Of Security webinar: What you need to know about cyber se...
 
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainWhy You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
 
Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020
 
Pervasive Analytics Gets Real
Pervasive Analytics Gets RealPervasive Analytics Gets Real
Pervasive Analytics Gets Real
 
The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016
 
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
 
Ravi i ot-security
Ravi i ot-securityRavi i ot-security
Ravi i ot-security
 
Etude PwC sécurité de l’information et protection des données (2014)
Etude PwC sécurité de l’information et protection des données (2014)Etude PwC sécurité de l’information et protection des données (2014)
Etude PwC sécurité de l’information et protection des données (2014)
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 
Trustable Tech Mark / Magic Monday at Casa Jasmina Torino
Trustable Tech Mark / Magic Monday at Casa Jasmina TorinoTrustable Tech Mark / Magic Monday at Casa Jasmina Torino
Trustable Tech Mark / Magic Monday at Casa Jasmina Torino
 
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
 
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the Outside
 
Gartner Information Security Summit Brochure
Gartner Information Security Summit BrochureGartner Information Security Summit Brochure
Gartner Information Security Summit Brochure
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021
 
An Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT ProductAn Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT Product
 
Securing the New Digital Enterprise: Trackable, Controlled, and Authorized
Securing the New Digital Enterprise: Trackable, Controlled, and AuthorizedSecuring the New Digital Enterprise: Trackable, Controlled, and Authorized
Securing the New Digital Enterprise: Trackable, Controlled, and Authorized
 
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesPete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
 
Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise
 

FINAL_Cybersecurity Project (1)

  • 1. Developing Egon Zehnder’s role in cybersecurity securing cyberspace Consultants: Kal Bittianda, Selena LaCroix Project Mentor: Karena Man Intern Team: Lulu Chang, Kayla Kesslen, Emmeline Kim march 2014
  • 2. 2© 2014 Egon Zehnder Agenda 1 Overview of Cybersecurity 2 Disturbing Trends 3 State of the CISO Role 4 The Egon Zehnder Solution
  • 3. 3© 2014 Egon Zehnder overview of cybersecurity
  • 4. 4© 2014 Egon Zehnder Increased complexity and interconnectivity Growing dependence on cyber platforms and mobile devices Incomplete understanding of the problem Lack of preparedness to respond to attacks The Cybersecurity Problem
  • 5. 5© 2014 Egon Zehnder Far Reaching Consequences Cybersecurity impacts everyone • All companies are vulnerable • Huge economic implications for hacked companies • Security breaches compromise customer trust and loyalty Cybersecurity Breach • Companies lose data • Customers lose trust Company Costs • Recovery costs: $136/record (2013) • Compensation costs Overall Loss • Customer loyalty • Payout *Credit.com
  • 6. 6© 2014 Egon Zehnder No Industry is Safe Government Retail *CNN Money and the NY Times
  • 7. 7© 2014 Egon Zehnder disturbing trends
  • 8. 8© 2014 Egon Zehnder Growth Trends of Access Points 0 40 80 120 160 200 2006 2007 2008 2009 2010 2011 CreditCardsIssued(millions) U.S. Issued Credit Cards 0 10 20 30 40 50 60 70 80 %ofMobilePhones U.S. Smartphone Penetration Feature Phones Smartphones 0 20 40 60 80 100 120 140 160 180 200 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 Billions(USD) E-Commerce Growth C2C B2C *The Economist, Nielsen, ATKearney and TMCnews
  • 9. 9© 2014 Egon Zehnder Trends in Tandem 40 60 80 100 120 140 2006 2007 2008 2009 2010 2011 CostinBillionsUSD Data Breach Costs for U.S. Companies 52% of smartphones used are company issued 48% of midsized companies ($50m - $1b) are on the cloud iPhone released Over 120 million credit cards issued per year 1st publically available LTE service launched *The Ponemon Institute
  • 10. 10© 2014 Egon Zehnder Are CIOs Desensitized or Disconnected? Today, cybersecurity ranks No. 9 on the list of CIO priorities 10 years ago, it ranked No. 1 CIOs are becoming LESS concerned with cybersecurity 67% of small & medium businesses believe they are secure Only 9% protect employees’ smart phones 88% of large businesses are confident with security But 28% don’t know or have security crisis plans 1. National Cyber Security Alliance & Symantec survey 2. BAE Systems survey 3. Gartner Inc. survey 1 3 1 2
  • 11. 11© 2014 Egon Zehnder state of the CISO role
  • 12. 12© 2014 Egon Zehnder The Modern Technology Officer Works Across Industries 33% 54% 70% of technology executives at Fortune 100 companies have transitioned in past 3 years of this turnover was in the financial services and retail sectors of recent hires were external placements of external hires entered an industry in which they had no prior experience 43% *Based on data analysis of the Fortune 100 companies
  • 13. 13© 2014 Egon Zehnder Global, Unrecognized Need for a Company CISO CISOs Only 16% of Fortune 100 companies currently have a CISO *Based on data analysis of the Fortune 100 companies
  • 14. 14© 2014 Egon Zehnder Breakdown of Fortune 100 CISOs 60% 70% 30% of CISOs were hired in the last 3 years of CISOs were external hires who entered a new industry of CISOs work in the Financial Services sector Source: Genesys *Based on data analysis of the Fortune 100 companies
  • 15. 15© 2014 Egon Zehnder Where the CISO Fits Today CIO VP of Infrastructure Implementation Operation CISO Infosecurity *Refer to Appendix slide 38 for more information
  • 16. 16© 2014 Egon Zehnder Evolution of the Best-in-Class CISO Hard technology skills Information retention Introverted Behind the scenes Dr. No Interdisciplinary approach Facilitator Yesterday (2008) Today Extroverted Influence Board and CIO Hard technology skills Auxiliary role Executive level position
  • 17. 17© 2014 Egon Zehnder the Egon Zehnder solution
  • 18. 18© 2014 Egon Zehnder An Effective Response Includes… Global Awareness • European Chip & PIN system  decreased card fraud • US has no official regulations, unlike Europe Ongoing Vigilance • Protecting points of access: • Mobile platforms • Credit cards • Cloud computing Executive Collaboration • Company-wide cooperation • An engaged board • C-suite awareness • Cybersecurity on everyone’s agenda 1 1. Refer to Appendix slides 40 – 41
  • 19. 19© 2014 Egon Zehnder An Offense and a Defense Responses can be… Proactive Anticipate and find weaknesses before breaches happen Maintain ongoing dialogue between technology and business Include C-Suite and the Board in company-wide culture of vigilance Reactive Reputation and brand management Offering customer kickbacks Lawsuits * Cited statistics from https://www.baesystemsdetica.com/news/bae-systems-applied-intelligence-reveals-that-60-of-us-businesses-have-incr/
  • 20. 20© 2014 Egon Zehnder Different Models, Different Talent Considerations High volume transactions High value transactions Highly regulated Self regulated Premium IP Mass media IP Controlled access Highly broadcast
  • 21. 21© 2014 Egon Zehnder Egon Zehnder CISO Placements in North America Omar Khawaja Keith Wilson Kevin McGee • Location: USA • Placed as CISO for a $15.2 billion managed healthcare company • Former Head of Product Marketing for Security Solutions at Verizon Communications • Location: Canada • Placed as CISO for an $840 million data processing and outsourced services company • Former Global CISO at TIAA-CREF, a leading retirement provider • Location: USA • Placed as CISO for the $2.5 billion holding company for CIT Band • Former CISO and VP of Information Security at Freddie Mac
  • 22. 22© 2014 Egon Zehnder Egon Zehnder CISO Placements Globally AJ Charbonneau Pär Gunnarsson Ben Heyes • Location: France • Placed as Global CSO for a $165 financial services company • Former Global Chief Information Security officer at Standard Bank • Location: Sweden • Placed as CSO for an $35 billion communications company • Former Director of Security at Tele2, an international telecommunications company • Location: Australia • Placed as CISO for the $33 million national broadband company • Former Head of Security Architecture & Service Planning at Australian National Bank Jaya Baloo • Location: Netherlands • Placed as CISO for an $11.6 billion telecommunication services company • Former Professional Services Manager of Secure Mobility and Consumer IDM at Verizon Business
  • 23. 23© 2014 Egon Zehnder appendix
  • 24. 24© 2014 Egon Zehnder Target 110 million affected by security breach Offered 10% discount to customers for a profit loss January 2014 Offered customers a free year of credit monitoring Estimated $1 billion in costs Earnings dropped 46% after data breach No industry is safe
  • 25. 25© 2014 Egon Zehnder Personal information stolen from 400,000 bank executives Hackivist collective “anonymous” claimed they were responsible February 2013 Personal information was published to a Twitter account Hackers gained access to the contact database used for emergencies Government often targeted for attack No industry is safe
  • 26. 26© 2014 Egon Zehnder Iran infiltrated the Navy Marine Corps Intranet Took the Navy 4 months to purge the hackers September 2013 Network has 800,000 users and 2,500 locations Cost the government $10 million for initial repairs New protective security measures totaled at more than $100 million No industry is safe *Information obtained from the Wall Street Journal
  • 27. 27© 2014 Egon Zehnder 3 New York- based nursing homes exposed to cyber attack Customer info found in documents posted on 4shared.com, a free file- sharing site February 2014 Documents allow hackers to easily obtain medical records and payment info Accessed info by breaking into SigmaCare software, designed by a NY based company Emerging problem with the push to digitize medical records No industry is safe *Information obtained from the Wall Street Journal
  • 28. 28© 2014 Egon Zehnder Snapchat 4.6 million users data was leaked The data was published to a website called Snapchat.DB .info January 2014 Gibson Security, an internet security group, predicted the breach There was a vulnerability in the Snapchat’s friend-finder feature Hackers’ motivation was to raise awareness No industry is safe
  • 29. 29© 2014 Egon Zehnder Customer data was accessed by hackers User names, passwords, emails, addresses and phone numbers compromised February 2014 Unauthorized activity occurred on 2 users’ accounts Have since improved security procedures and systems Waited until breach was closed and investigated before notifying users No industry is safe *Information obtained from the Wall Street Journal
  • 30. 30© 2014 Egon Zehnder Points of Access – Credit Cards 0 40 80 120 160 200 2006 2007 2008 2009 2010 2011 CreditCardsIssued(millions) Credit Cards Issued in the U.S.
  • 31. 31© 2014 Egon Zehnder Points of Access – Mobile Platforms 71 70 70 66 64 62 63 59 58 57 57 56 56 54 52 52 50 29 30 30 35 36 38 37 40 41 42 43 44 44 46 48 48 50 0 10 20 30 40 50 60 70 80 Oct - 10 Nov - 10Dec - 10 Jan - 11 Feb - 11 Mar - 11 Apr - 11 May - 11 Jun - 11 Jul - 11 Aug - 11 Sep - 11 Oct - 11 Nov - 11 Dec - 11 Jan -12 Feb - 12 PercentageofMobilePhones U.S. Smartphone Penetration Feature Phones Smartphones By February of 2012, 50% of users were using smartphones rather than feature phones
  • 32. 32© 2014 Egon Zehnder Points of Access – Mobile Payments 1 5 13 26 41 57 71 17 28 42 57 72 88 105 0 20 40 60 80 100 120 140 160 180 200 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 Billions(USD) E-Commerce Growth C2C B2C
  • 33. 33© 2014 Egon Zehnder Points of Access – Cloud Computing
  • 34. 34© 2014 Egon Zehnder Growing need for Technology Officers Spike in 2004 likely due to Google’s IPO, prompting a new interest in the cyber world and its capacities Spike in 2008 likely due to stock market crash, prompting an increased concern with asset protection 0 2 4 6 8 10 12 14 16 18 20 1998 2000 2002 2004 2006 2008 2010 2012 2014 Technology Officers Hired Since 2000 *Based on data analysis of the Fortune 100 companies
  • 35. 35© 2014 Egon Zehnder Comparison of CISO Presence to Security Breach Rate 0.00% 10.00% 20.00% 30.00% 40.00% Financial Services Consumer Goods Retail Healthcare Security Breach by Industry (2012) CISOs as a % of Technology Officers by Industry *Based on data analysis of the Fortune 100 companies
  • 36. 36© 2014 Egon Zehnder Spending Alone is Insufficient *Y-axis = number of deals completed in 2012 * Periwinkle line (top) = total number of transactions in 2012
  • 37. 37© 2014 Egon Zehnder Global Differences U.S. Europe
  • 38. 38© 2014 Egon Zehnder The Price to Pay 0 50 100 150 200 250 2004 2005 2006 2007 2008 2009 2010 USD(millions) UK-Issued Credit Card Fraud Losses 0 0.02 0.04 0.06 0.08 0.1 2004 2005 2006 2007 2008 2009 2010 Percent US-Issued Credit Card Fraud Rates *Information obtained from The Federal Reserve Bank of Atlanta
  • 39. 39© 2014 Egon Zehnder Magnetic Stripe Technology vs. Chip & PIN U.S. Technology • Magnetic stripe used to record data • Requires signature for verification Problems • Swipe information can be compromised • Signature can be forged Europe, Australia, Canada Technology • Embedded microchip in credit/debit cards • Require PIN for verification Solutions • Relies on “tap” system • PIN cannot be forged
  • 40. 40© 2014 Egon Zehnder Responsibilities by role CIO Set vision & strategy • Business driver • Vision for technology needs • Relationship-building prowess • Communication • Taste of different departments VP of Infrastructure Implement operations • Reduce duplication of effort • Ensure adherence to standards • Enhance flow of information • Promote adaptability • Ensure interoperability • Maintain effective change management policies and practices CISO Safeguard security • Establish & monitor security operations • Develop & maintain security policies, procedures, and control techniques • Comply with external cybersecurity laws and audits
  • 41. 41© 2014 Egon Zehnder Ongoing Vigilance Protect Points of Access Cloud Computing Mobile Platforms Credit Cards
  • 42. 42© 2014 Egon Zehnder Executive Cooperation Board Cooperation The Board must be equally engaged in making cybersecurity a priority Security is not a one- person job Requires company wide collaboration C-Suite Awareness CEOs, CIOs and CISOs must be on the same page But needs the right person at the helm
  • 43. 43© 2014 Egon Zehnder Kevin McGee Location: Miami, Florida Education: BS, Management Information Systems, Drexel University Professional Experience: 2013 – present Davis + Henderson Chief Security Information Officer 2011 – 2013 TIAA – CREF Global Chief Information Security Officer 2007 – 2011 Broadridge Financial Solutions Chief Security Officer 2005 – 2007 Citigroup Private Bank Global Head, IT Risk 2001– 2005 JP Morgan Chase Information Security Officer 1996 – 2001 AstraZeneca Plc Information Security Officer 1997 – 1998 TSA, Inc. Senior Security Architect Location: New Jersey Education: MS, Computer Information Systems, Loyalist College, Canada BS, Computer Information Systems, Champlain College, Canada Professional Experience: 2011 – present CIT Group 2013 – present Chief Information Risk Officer 2010 – 2013 Senior Vice President, IT Risk and Security and Chief Information Security Officer 2009 – 2011 Freddie Mac Chief Information Security Officer and Vice President, Information Security 2002 – 2008 Lehman Brothers Holdings, Inc. 2004 – 2008 Chief Information Security Officer, Lehman Brothers Bank 2002 – 2004 Advisor, Senior Security and Consultant, Lehman Brothers Bank 2001 – 2002 The Goldman Sachs Group, Inc. Manager, Threat and Vulnerability, Investment Banking 2000 – 2000 Ernst & Young LLP Management Consultant 1997 – 2000 Credit Suisse Group Manager, Security Architecture and Engineering, Americas and Asia, Credit Suisse First Boston 1996 – 1997 AT&T Consultant, Information Technology and Manager, Security Administration 1993 – 1996 Government of Canada Analyst, Senior Security, Ontario Ministry of Health Keith Wilson Sample Profiles
  • 44. 44© 2014 Egon Zehnder Cybersecurity moving forward Consider hiring a company CISO Search beyond talent within company to fill CISO role Experience in the financial services sector especially relevant for cybersecurity matters

Editor's Notes

  1. Charged with understanding the increasing prominence/importance of cybersecurity for clients and developing a distinct point of view on cybersecurity talent
  2. Hot button issue following Target, Yahoo etc Root of problem seems to be interconnectivity without a complete understanding  unprepared
  3. Result of this problem is ultimately overall loss, payout, customer loss Target = $1B loss, 46% drop in revenue: $136 recovery cost/record
  4. Highlight a few points from each example (namely government) Not JUST Target/retail: Kickstarter, snapchat, navy (iran infiltrated their intranet), signa software (broke into software and published health insurance info for individuals from 3 NY based nursing homes) 78% of businesses surveyed by BAE systems increased cyber budget as a result of these attacks
  5. What is contributing to this problem?
  6. Growth in access points means an increase in vulnerable areas of attack Credit card more than doubled 06 – 11 Exponential ecommerce growth (today about $180B) Cloud increasing, particularly platform as a service (FB/Google)
  7. Previous trends mirror those of data breach costs More than doubled from 60 billion to 130 billion in 5 years: 82% of BAE surveyed companies think attacks will increase Increased costincreased opportunities Access points written on top
  8. Despite these trends, it seems that CIOs are caring less: Today, #1 CIO business priority=increasing enterprise growth & #1 technology priority=analytics & business intelligence Disconnect – majority of companies think cybersecurity is a top 3 business risk Other issue is false sense of security: Target was hacked by way of a small company they hired to do their heating/refrigeration
  9. Underutilized potential asset is the CISO role
  10. A lot of transition in technology officers Most turnover in financial services/retail Majority of companies not hiring from within companies Vast majority of new external hires are coming from different industries experiences
  11. Role first emerged in 2001 after Patriot Act mandated IT official for companies, but not all of these officials took the “CISO” name
  12. Of Fortune 100 CISOs: 60% hired in last 3 years 70% of CISOs were external hires who entered new industries 30% of CISOs in financial services sector http://www.mediapost.com/publications/article/122502/#axzz2h9oH0BUP http://enterprise.alcatel-lucent.com/private/active_docs/Genesys_US_Survey09_screen.pdf
  13. CIO set vision & strategy VP of infrastructure is too techy Need someone more specialized for cybersecurity Chef analogy: CIO (exec chef), VP of Infrastructure (Sous chef), CISO (pastry chef-desserts are the best part)
  14. Tech skills remain the same, but now more forward and outward facing – needs to coordinate: ANTICIPATE AND FACILITATE not just say no Transition happened around 2008 (incidentally, also the biggest spike in tech officers hired)
  15. EXPLAIN Chip/PIN (tap system cannot be copied unlike swipe and relies on PIN which cannot be forged unlike signature) 61% decrease in UK credit fraud, 70% increase Executive collaboration E.g. of unengaged board: energy/utilities sector—one of the most regulated industry sectors 79% of their boards rarely or never review roles and responsibilities 71% of their boards rarely or never review privacy and security budget 64% of their boards rarely or never review top-level policies 57% of their boards rarely or never review security program assessments.
  16. Best offense is a good defense: need to prepare before they happen by fostering a culture of security conscientiousness BAE survey – companies believe that having a clear understanding and intelligence about threats are the top methods of prevention Today, 31% of companies don’t believe their boards understand risks – they are right: only 24% of boards report engagement with cybersecurity and 22% report engagement with emerging technologies Otherwise, reactive approach is rep/brand management and payments
  17. EZ recognizes that even though tech officers must be interdisciplinary, there’s still a scale: exploring different dimensions
  18. Finally, just want to close with success stories SAY THEIR NAMES/COMPANIES
  19. Deliverable: pitch deck that provides a storyline to be used by consultants in the space
  20. The US has no official legislation, whereas Europe has outlined directives In Europe, chip & pin cards have replaced face-to-face debit cards, decreasing the incidence of card fraud Note: The EU-US Working Group of Cybersecurity and Cybercrime was established to address global issues, but no concrete actions have been taken
  21. http://www.bankinfosecurity.com/7-duties-for-cisos-under-fisma-reform-a-5620 (CISO role info) http://www.cio.com/topic/3174/CIO_Role (CIO role info) http://www.terremark.com/blog/role-cios-ever-evolving-cio-responsibilities/ (CIO role info) http://www.informationweek.com/it-leadership/6-must-have-skills-for-aspiring-cios/d/d-id/1103925? (CIO role info) http://searchcio.techtarget.com/definition/infrastructure-management (infrastructure role info)