The document discusses the various cybersecurity threats faced by organizations, particularly in the education sector, highlighting the significant risks posed by data breaches, malware, and cybercrime. It emphasizes the need for robust leadership, preparation, and continuous improvement in cybersecurity practices, as well as the importance of adapting to technological advancements and evolving threats. The document concludes by urging organizations to prepare proactively against these threats to avoid crises.

1. Matthew Rosenquist
Cybersecurity Strategist
February 2017

2. “We manage security through
Leadership and Preparation,
otherwise we face Crisis and
Desperation”
2

3.  Data breach – administration,
student, and vendor records
 Malware/ransomware of devices
 Financial theft and fraud
 Student bullying, stalking, & safety
 Regulatory non-compliance, audit
 Denial of Service - Operational
unavailability of systems
 Reputation, smear, & social attacks
 Asset misuse, theft, unauthorized
content hosting, file sharing
 Information integrity “Ferris Bueller
attack”– grades & communications
CyberImpactingtheeducationsector
3

4. Threats&TechnologyLandscape
4

5. EvolvingLandscape,Adversaries,andimpacts
i
93%ofPhishingis
Ransomware
Upwards of $75 billion
in global impact
i
97%of Fortune
1000companies
Lost data or credentials
2014-2016
i
$16Billionin
Losses
Identity theft & fraud in
2016, up 16% from
2015
IMPACTS GO FAR BEYOND
EXPECTATIONS
Cybersecurity costs
typically measured as
part of an incident
Actual costs of long
term impacts including
lost contract revenue,
operational disruption,
devaluation of trade
name, loss of IP, rises in
insurance premiums,
increased cost to raise
debt, customer
relationship impacts
%COST
~1%*
Source: US Tech Manufacturing Company Case Study , Deloitte
~99%
5
More Users
New
Devices
Innovative
Usages
Generating
Vast Data
Sensitive
Functions
Increased
Target
Value
i
40%Increase
Data Breach
disclosures from 2015
to 2016
i
400kNew
Malware/Day
575 million unique
samples of malware
exist
i
200%increase
In cyber-crime in
the last 5 years

6. ItisaDataBreachWorld
a
Top 10 Healthcare
breaches of 2015 affected
almost 35% of the US
population
Just for California…
171 breaches involving
24m million records
(3 out of 5 Californians)
In 2015, overt 700 million
records were lost or
stolen
(that is 80k per hour)
6

7. 25+Million
Applications
Connected and creating 50x
the volume of data
50-200BillionDevices
Connected to the Internet
$6trillion
Cyber-crime impact
globally by 2021
$3–$90trillion
Aggregate innovation impact of
cyber-risks
400kNew Malware/Day
630 million unique
samples of malware exist today
$75billion
Rise of ransomware
becomes a multi-billion
dollar problem
4 BillionUsersOnline
Up from 2+ billion today
50Trillion
Gigabytes
Amount of data being
created
A World of Targets with Increased Value
7

8. Dante'sInfernoofCybersecurityImpacts
Denial of Service
(Availability)
• Access of customers
• Availability of data,
systems, & services
• DDOS network attacks,
ransom-ware data
locking attacks
Data Theft
& Exposure
(Confidentiality)
• ID Theft
• Privacy
• Data Breach
• Transaction data
• Database hacks,
skimming, lost
storage, keylogging
Monitor &
Manipulate (Integrity)
• Internal-access
surveillance for
advantage
• Tamper/Manipulation
• Long-term data
gathering campaign
Security Competency
Attacker Innovation
Attacks expand over time,
increasing in severity
based upon different
technology and usages
Own & Obliterate (C/I/A)
• Administrative ownership and control
• Capability of unrecoverable obliteration
• Strategic attack, undermining of org capability
8

9. PROCESS
People and Technology
Attackerstargetpeople,processes,andtechnology
9

10. OPERATIONAL, INDUSTRIAL,
AND VIRTUAL SYSTEMS
GOVERNANCE, TRUST,
AND OVERSIGHT SYSTEMS
DATA, INFORMATION
AND CONTROL MECHANISMS
ENDPOINTS, NETWORKS,
SERVICES, AND MACHINES
ACCES CONTROL AND
IDENTITY
SECURITY, SAFETY, AND
PRIVACY CONTROLS
The 5 most cyber-attacked
industries in 2015:
1. Healthcare
2. Manufacturing
3. Financial Services
4. Government
5. Transportation
10

11. TechInnovation&AdoptionDrivesRisks
New technology bridges the virtual and physical worlds,
to connect and enrich peoples lives
11

12. Government’s roles expand, more
regulations and standards
Advances in nation-state cyber-offense
affects everyone
Life safety and cybersecurity intersect in
products
Rise in digital theft, extortion, and fraud
Real-world impacts of cybersecurity
emerge
Security expectations increase by
consumers, businesses, and regulators
Attackers evolve, adapt, & accelerate faster
than security
Trust and Integrity are targeted and
undermined
Security technologies improve but remain
outpaced and outmaneuvered
Lack of security talent hinders the industry
EvolvingLandscape,Adversaries,&Battlefield
13

13. SecurityFutures:
13
1. Make no mistake, everyone is a target
2. Threats remain equitable to the growth and use
of technology
3. Society expectations increase for cyber security, privacy, and safety
4. Evolving landscape will bring new threats, attacks, and impacts
5. Pendulum swings towards more security, ultimately settles for an optimal
balance (regulatory, tech innovators/manufacturers, and best practices)
6. Threats target technology, processes, and people. Cybersecurity must
cover all aspects to be effective over time

14. IndustryBestPractices&Perspectives
14

15. “Two types of victims exist:
Those who are easy targets and
those with something of value”
- Don’t be an easy target, and
protect your valuables.
15

16. TheBestOrganizations
a
Seeks Optimal Risk
Risk management planning
Anticipates impacts
Balance Cost, Risk, & Usability
Adapts to shifting demands
Comprehensive Processes
Security as a continuous cycle
Continuous improvement process
Technology and Behaviors
Obstacles and Opposition
Leads into the Future
Clearly defines success
Plans for a sustainable future
Roles and accountability
Continuously adapting
16

17. HowCanYouBePrepared?
Cyber-Security
Capability Process
17
Sustainably effective
security requires a
continual process to
properly allocate
resources, enabling
operational flexibility
while driving cost
efficiency and risk
manageability

18. Balance:SecurityValueAspects
Optimal security is
the right balance of
cost,
user experience,
and risk tradeoffs
Optimal security is
the right balance of
cost,
user experience,
and risk tradeoffs
19

19. Layered:SecurityTechnologyIntegration
NETWORK
• Firewalls, demilitarized zones, data loss prevention, ID
management, traffic & content filters
PLATFORM
• Antivirus software, patching, minimum
security specifications for systems
APPLICATION
• Secure coding, testing,
security specifications
FILE AND DATA
• File and data
encryption,
enterprise rights
management
CLOUD
USER
Security must
persist at multiple
layers to insure
consistency and
comprehensiveness
20

20. ImportantConsiderations…
20
Smarter vs More
Collaboration across security
functions improving effectiveness
Better IT choices & enablement
Properly balancing the risk, cost,
and usability constraints
Expectations Drive Change
Society’s expectations shift with
pain, impact, and inconvenience
Trust will be valued, demanded
Security, privacy, and controls will
align with greater impacts
Controls Must Adapt
Innovation intersecting emerging
attacks to keep pace with attackers
Static defenses are easy to defeat
Intelligence, analysis, and actions
must feedback to improve systems

21. OpportunitiesandRisks
21
1. Understand the exposure and risks
of connected technology
2. Communicate and develop
capabilities aligned to risk goals
3. Seek out trusted partners, tech
providers, and security solutions
4. Follow cyber best practices, which
must adapt to new challenges
5. Lead. Before the threats gain a
significant advantage

22. Conclusions
Cyber threats pose significant risks to security,
safety, and privacy
Cyber will continue to have an ever greater impact
on educational environments
New threat vectors will emerge as advanced
technology is integrated
The rise of cyber represents risks and opportunities
Leaders with insights to the future have the best
opportunity to align resources and be prepared
22

23. “We manage security through
Leadership and Preparation,
otherwise we face Crisis and
Desperation”
…Areyouprepared?