PwC expert Roman Chaplygin present the key findings of PWC’s Global Information Security Survey 2015 and their implications in the retail and consumer sectors.
Chaplygin Roman Cybersecurity challanges in an interconnected world
1. EDAYS INTERNATIONAL E-COMMERCE CONFERENCE
M O S C O W , J U N E 4 - 5 , 2 0 1 5
Cybersecurity challenges in an
interconnected world
PwC Global State of information security survey results for Retail industry
2. Cyber risks: A severe and present danger
E D A Y S I N T E R N A T I O N A L E - C O M M E R C E C O N F E R E N C E – M O S C O W , J U N E 4 - 5 , 2 0 1 5 2
In 2014 Verizon counted 524 security incidents in
retailers industries around the world in its annual
Data Breach Investigations Report, noting that
points of sale were the primary targets in 70% of
incidents within the retail industry.
Over the past year, the phrase “data
breach” has become closely associated
with the word “retailer” as attacks
reached epic levels.
3. PwC GSISS 2015: Retail incidents statistic
E D A Y S I N T E R N A T I O N A L E - C O M M E R C E C O N F E R E N C E – M O S C O W , J U N E 4 - 5 , 2 0 1 5 3
The Global State of Information Security®
Survey (GSISS) shows that, among 836
worldwide retail and consumer goods
respondents, the number of detected
incidents in 2014 increased 19% over 2013.
Current and former
employees, third-party
service providers,
contractors, suppliers, and
business partners are most
frequently mentioned as the
cause of incidents
4. PwC GSISS 2015: Retail incidents statistic
E D A Y S I N T E R N A T I O N A L E - C O M M E R C E C O N F E R E N C E – M O S C O W , J U N E 4 - 5 , 2 0 1 5 4
Personal data including
payment and purchase
information as well as
Intellectual property
are the main targets for
thefts.
Another purpose of
cyberattack is fraud.
5. PwC GSISS 2015: Retail security issues
E D A Y S I N T E R N A T I O N A L E - C O M M E R C E C O N F E R E N C E – M O S C O W , J U N E 4 - 5 , 2 0 1 5 5
Data governance is lacking
Have
secure-
access
control
measures
Have
centralize
d user
data store
Have an
accurate
inventory
of
personal
data
Limit
access to
the
minimum
necessar
y
Have
privileged
user
access
tools
Have a
written
security
policy
Retailers, in particular, often take a
compliance-checklist approach to
information security, focusing on
Payment Card Industry Data Security
Standard (PCI DSS) requirements
while disregarding implementation of
adequate data governance to protect
valuable information assets.
Good data governance will require that
businesses develop a framework and
policies for the creation, use, storage, and
deletion of information. It will also demand
that retail and consumer companies know
where their data is stored, manage access
to sensitive information, and govern the use
and security of valuable data by third-party
partners.
6. PwC GSISS 2015: Increasing third-party threats
E D A Y S I N T E R N A T I O N A L E - C O M M E R C E C O N F E R E N C E – M O S C O W , J U N E 4 - 5 , 2 0 1 5 6
Data breaches often start with the
compromise of suppliers,
contractors, and vendors.
Only 29% say they have this type of monitoring
program in place, and 37% say they plan to add one.
But one in five say they have no plans to
implement a program to monitor third parties.
7. PwC GSISS 2015: New technologies and risks
E D A Y S I N T E R N A T I O N A L E - C O M M E R C E C O N F E R E N C E – M O S C O W , J U N E 4 - 5 , 2 0 1 5 7
Retail and consumer goods companies are
embracing new technologies to connect with
customers, build operational efficiencies, and
enable collaboration.
The trouble is, many businesses adopt these
technologies before they effectively secure
them.
Yet only 45% of respondents have a security
strategy for cloud computing—an astonishing
finding—and just 33% say they are “very prepared”
to protect sensitive data in the cloud. Given that 29%
of respondents say they use cloud services for e-
commerce, that’s certainly disquieting.
More than half of respondents say they use some
form of cloud computing for file storage and sharing,
and hosting of databases, applications, e-mail, and
websites.
8. PwC GSISS 2015: New technologies and risks
E D A Y S I N T E R N A T I O N A L E - C O M M E R C E C O N F E R E N C E – M O S C O W , J U N E 4 - 5 , 2 0 1 5 8
Attrition in safeguards for new technologies 69% of respondents either plan to allow or already do allow
use of employee-owned devices to access the corporate
network
One quarter (25%) of retail and consumer respondents say
they have implemented systems for digital wallets, and an
additional 36% say they plan to implement them in the
future.
9. PwC GSISS 2015: Retail need strategic approach
E D A Y S I N T E R N A T I O N A L E - C O M M E R C E C O N F E R E N C E – M O S C O W , J U N E 4 - 5 , 2 0 1 5 9
More than ever, senior executives
should proactively ensure that the
Board understands how the
organization will detect, defend against,
and respond to cyber threats.
Before resources can be allocated, however, it will be
necessary to first identify the organization’s most valuable
assets and determine who owns responsibility for them.
A senior executive
communicates
importance of security
to entire enterprise
Information security
strategy is aligned with
specific business
needs
Program to identify
sensitive assets
Collaborate with others
to improve security
Have cyber insurance Have employee
security training and
awareness program
10. PwC GSISS 2015: Linking security and risk
E D A Y S I N T E R N A T I O N A L E - C O M M E R C E C O N F E R E N C E – M O S C O W , J U N E 4 - 5 , 2 0 1 5 10
As incidents continue to
proliferate, it’s becoming
clear that cyber risks can
never be completely
eliminated.
Today’s interconnected business ecosystem requires a shift from
security that focuses on prevention and controls to a risk-based
approach that prioritizes an organization’s most valuable assets
and its most relevant threats.
It also will be critical to focus on rapid detection of security
intrusions and an effective, timely response.
11. PwC GSISS 2016
E D A Y S I N T E R N A T I O N A L E - C O M M E R C E C O N F E R E N C E – M O S C O W , J U N E 4 - 5 , 2 0 1 5 11
We invite you to participate in
our survey
www.pwc.ru/gsiss2016
End of the survey June 12, 2015
12. PwC helps clients manage modern cyberrisks
E D A Y S I N T E R N A T I O N A L E - C O M M E R C E C O N F E R E N C E – M O S C O W , J U N E 4 - 5 , 2 0 1 5 12
PwC applies its local and global experience
and resources equally to create value for
clients when carrying out diverse projects,
ranging from strategy development to
implementation.
180,000
PwC
staff worldwide
38,000
PwC
consultants worldwide
9,600
PwC
IT consultants worldwide
Our global network of firms includes
776 offices in 158 countries worldwide
Leader in IT-enabled
business transformation
Forrester, 3Q 2012
PwC has broad experience
in providing consulting
services to universities and
higher educational
institutions
Leader in
business consulting
IDC Marketscape, 2012
PwC CEE has a highly
talented pool of certified
Cyber security consulting
staff with a full range of
skills:
CISA – 39 people
CISM– 7 people
CRISC – 5 people
CISSP – 4 peopl
ISO 27001– 12 people
and others
2,000
PwC
Cyber security
consultants worldwide
13. Let’s keep in touch!
E D A Y S I N T E R N A T I O N A L E - C O M M E R C E C O N F E R E N C E – M O S C O W , J U N E 4 - 5 , 2 0 1 5 13
Thank you for your attention!
Roman Chaplygin
Director,
Cybersecurity leader, PwC Russia
Tel: +7 (495) 967 6056
Mob: +7 (903) 272 1620
E-mail: roman.chaplygin@ru.pwc.com
PwC CyberSecurity Club
on Facebook