Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Security Transformation - Building resilience against cyber threats

152 views

Published on

In an era where we continue to hear “breaches are inevitable”, it can be difficult to know when you’re doing enough of the right things while not overspending to reach the same results. This session explored some common communication challenges that occur between security leaders and C-level executives when evaluating Information Security effectiveness.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Security Transformation - Building resilience against cyber threats

  1. 1. 2018 Global Energy Conference Concurrent Session I-C: Security Transformation - Building resilience against cyber threats Brought to you by the KPMG Global Energy Institute www.kpmgglobalenergyconference.com
  2. 2. 2© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 773491 2018 Global Energy Conference #KPMGGECCPE code: 68b5 2© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 773491 2018 Global Energy Conference #KPMGGECCPE code: 68b5 Moderator and Panelists Moderator Dave Baumgartner Principal, Advisory, Cyber Security KPMG LLP (U.S.) Panelist Zeeshan Sheikh Vice President and Chief Information Officer Entergy Corporation Panelist Scott vonFischer Chief Information Security Officer Lyondell Chemical Company Panelist Jed Young Chief Information Security Officer Andeavor
  3. 3. 3© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 773491 2018 Global Energy Conference #KPMGGECCPE code: 68b5 Business vs. Information security — Tenured business leader — Deep line of business expertise — Limited experience leading technology organizations — Exposure to Cyber comes externally — Bored by the Cyber details — Technologist first — Less experience in the business — Limited exposure to business leaders — Exposure to Cyber happens daily — Energized by the details Business Executive/Board Member Information Security Leader Information Security Operations Business Operational Excellence Corporate Strategy Finding Common Ground
  4. 4. 4© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 773491 2018 Global Energy Conference #KPMGGECCPE code: 68b5 Common Information Security Practitioner Challenges — The perimeter “fence” has moved; now you cannot see it — Multiple providers delivering software, infrastructure, and services all as services — Security ownership model is becoming fluid, while accountability has not shifted — New product markets continue to sprout: - CASB/cloud proxy Cloud Acceleration — Opportunistic threat actors are now on par with nation states — Actors have become a marketplace — Common exploit of the day changes constantly, but is additive: - Account takeover - Exploit kits - Ransomware - Bitcoin mining software - IOT botnets/DDOS — Targeted attacks still persistent — Internal/Insiders are easily turned Threat — Tollgates, change control boards, and penetration test “holds” are disappearing — Separation of duties is discarded by design — Auditors and assessors are still catching up with how to handle — Modernization = heterogeneity of platforms and processes Move to Agile — Recruitment is competitive — Wage requirements grow rapidly — It’s an employee market — Budget for training and personal growth are the norm — Specialists and generalists are both required traits — Little to no business operation experience Resource Challenges — More regulation, not less — General Data Privacy Regulation (GDPR) adoption — Unification of control standards lags at most companies — Still many “breaches” go undisclosed due to regulatory gaps Regulatory Landscape — Some organizations feeling cyber fatigue — Asked to do more with less while complexity intensifies — The recent focus on “prevention” spend has not solved the problem — Static road maps are giving way to continual prioritization efforts Prioritization Challenges Top cyber risks in 2018 Heightened media coverage Evolving threat actors Changing IT delivery models Business partners and security vendors !
  5. 5. 5© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 773491 2018 Global Energy Conference #KPMGGECCPE code: 68b5 C-Suite Perspectives Source: Fox Rothschild Survey of C-Level Executives “Cyber Threats: measuring awareness, assessing preparation” 31% 24% 16% 13% 5% 4% 7% 0% 5% 10% 15% 20% 25% 30% 35% Business interruption Damage to company reputation/brand Financial loss Loss or theft of private customer data Loss of customers Loss or theft of intellectual property Other (Please specify) With what impact of the foregoing risks are you most concerned?
  6. 6. 6© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 773491 2018 Global Energy Conference #KPMGGECCPE code: 68b5 6© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 773491 2018 Global Energy Conference #KPMGGECCPE code: 68b5 Question and Answer Moderator Dave Baumgartner Principal, Advisory, Cyber Security KPMG LLP (U.S.) Panelist Zeeshan Sheikh Vice President and Chief Information Officer Entergy Corporation @Entergy Panelist Scott vonFischer Chief Information Security Officer Lyondell Chemical Company @LyondellBasell Panelist Jed Young Chief Information Security Officer Andeavor
  7. 7. 7© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 773491 2018 Global Energy Conference #KPMGGECCPE code: 68b5 7© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. © 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 773491 2018 Global Energy Conference #KPMGGECCPE code: 68b5 CPE Check In – Session PIN code: 68b5 For CPE credit, go on your app and select the “CPE Check In” icon. Type in the session PIN code above and submit.
  8. 8. 2019 Global Energy Conference Save the date: June 5-6, 2019
  9. 9. © 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 773491 The KPMG name and logo are registered trademarks or trademarks of KPMG International. The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. kpmg.com/socialmedia Thank you

×