Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Working Together to Build a Cyber Security Program


Published on

Working Together to Build a Cyber Security Program

Published in: Retail
  • Be the first to comment

  • Be the first to like this

Working Together to Build a Cyber Security Program

  1. 1. 6/28/2017 1 Working Together to Build a Cyber Security Program David Johnston, Sr. Director, Loss Prevention & Corporate Security, Dunkin' Brands, Inc. Working Together to Build a Cyber Security Program David Johnston Dunkin’ Brands, Inc.
  2. 2. 6/28/2017 2 Working Together to Build a Cyber Security Program • Understanding the Cyber Threat Landscape • Building stronger LP / IT Security Relationships • The Value of LP in a Cyber World • Malware • Ransomware • DDoS Attacks • Botnets • Phishing / Social Engineering • Insider Threats • 3rd Party Threat • Data Breaches – Data Loss • Business Disruption • Online / Mobile Fraud • Business Email Compromise • Loyalty Abuse And more… “Cybercrimes costs the global economy more than $450B” – “ Average cost to a US retailer for a successful cyber attack $15.4M” – Forbes “33% of customers will delay shopping at a retailer post data breach; 19% will stop shopping there altogether” - KPMG
  3. 3. 6/28/2017 3 • 20,000+ restaurants in 62+ countries • 100% franchised environment • Highly visible brand recognition • Strong digital landscape – Mobile Application (with SVC payment) – Loyalty Program – Points/Coupons – Mobile and Online Ordering • Loyal customer base • Everything touches IT • IT Departments more role-specific • Help Desk • Data and Systems • IT Security • Applications (by Department) • IT Security engaged at higher level • Accreditations / Credentials • Gatekeepers of Control • “Protectors of the Brand” The Evolution of Information Technology Security
  4. 4. 6/28/2017 4 Physical Security Loss Prevention Information Technology THEN NOW Physical Security Information Security With increased use of technology and data in regards to protecting assets, people and property, Physical Security and Information Security now have similar responsibilities How do we play well together to best protect a company? What role can we play as loss prevention? How does LP become part of the core team?
  5. 5. 6/28/2017 5 Getting into the Discussions • Education & knowledge • Understand your environment • Build strong relationships • Engage IT in your world • Educate on your value • Educate ourselves • Cyber Security • Attack Methods • Prevention Techniques • Applications (by Department) • Understand Your/The Environment • What is happening now? • How does it affect your company? • How could your team help? Education is a must!
  6. 6. 6/28/2017 6 • Include IT in your world • Investigative Support • Corporate Security Support • Planning Sessions • Tabletop Exercises • Explain how LP can assist IT • Systems and Technologies • Resources & Process • Connections Build Partnerships with IT March / April 2017 LP’s Role in a Cyber Security Program Physical Security System Management Investigative Process / Deductive Reasoning Interviewing Skills Auditing / Evidence Collection Law Enforcement Engagement
  7. 7. 6/28/2017 7 LP’s Role in a Cyber Security Program • Security System Review • Access & CCTV Systems • Lead Physical Loss Events • Evidence Collection • Interviewing Suspects • Insider Threat Assessment • Auditing / System Checks • Store Incidents & Events • Provide Contacts • Assistance for/by LE Law Enforcement Engagement Field Support Investigative SupportPhysical Security Assistance Interviewing Skills What role do you play? • Do you have a copy of your company’s cybersecurity program? • Is your function listed as a role within the program? • Are you engaged in tabletop exercises related to cyber/data security? • Are you called upon when an incident or event occurs?
  8. 8. 6/28/2017 8 Working Together to Build a Cyber Security Program • Cyber Threats will continue to increase and cause retail business loss • LP/Security professionals need to educate ourselves and talk more frequently about these threats/loss • LP/Security has a role and should be a core member of the program Resources Groups • Infragard (FBI/DHS public-private community) • HSIN (Homeland Security Information Network) • DSAC (FBI public-private CSO group) • Search Cybersecurity Associations THANK YOU FOR YOUR TIME Send Email with Subject Line: Cyber Resources To Resources • • CSO Online • ASIS (store – books and publications) • SANS Institute • Online Training (search cybersecurity classes)