How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs

•Download as PPT, PDF•

0 likes•671 views

With the board room increasingly being held accountable for data breaches, it's crucial that they know and understand the cyber risks facing their organization.Connect board room to server room

Technology

How to Connect Your Server
Room to the Board Room –
Before a Data Breach Occurs

Today’s Speakers
2
Jason Polancich
Founder & Chief Architect
SurfWatch Labs
Adam Meyer
Chief Security Strategist
SurfWatch Labs
Anne Miglarese
President & CEO
PlanetiQ

“We believed we were
doing things ahead of the
industry. We thought we
were well-positioned.”
- Frank Blake, Chairman of Home Depot
3

The Cost Cannot Be Ignored
Increase from previous year of
organizations reporting financial hits
of $20 million or more
5
$2.7
Million
Annual average financial loss
attributed to cybersecurity incidents
- up 34% from previous year
92%
- The Global State of Information Security® Survey 2015, PWC

Examining Cyber
Problems and
Connecting Security
with the Business

Security Spending on the Rise,
Yet Companies Getting Hit Hard
7
• The traditional approach
to managing cyber risks
is not working
• Too much focus on one-
off, responsive tactics
• The dots aren’t being
connected between cyber
risks and business
impact

Security Spending on the Rise,
Yet Companies Getting Hit Hard
• Security is too complex
• Too much data is trapped
• Hard to relate cyber risks to
the business
• Too much focus on tools
and not enough on process
• Lack of communication and
agility and ability to quickly
make effective decisions
8

Sound Cybersecurity Strategy
Involves Everyone
9

Cybersecurity Needs to Be
Baked Into Your Business
• What does security look
like for you?
• What does it mean for your
customers, partners,
suppliers?
• How quickly and effectively
can you respond to a
security incident?
• What’s the effect of not
being secure enough?
10

Sound Cybersecurity is a
Competitive Advantage
11
69%of US executives are
worried that cyber threats
will impact growth.
— PwC, 17th Annual Global CEO Survey

Bridge the Gap Between Security
Operations and the Business
12

Using Cyber Risk Intelligence to
Drive Better Security Decisions
13

14
Using Cyber Risk Intelligence to
Drive Better Security Decisions

You Gotta Get the Board on
Board with Cyber
• Cybersecurity
improvement includes
the involvement of
Board Directors
• Only 30% of Boards
are highly engaged
with information
security risks and
include cybersecurity
in their audit and risk
acceptance process.
15
Source: From Cybersecurity to Collaboration: Assessing
the Top Priorities for Internal Audit Functions

Where Do We Go From Here?
1. Unlock trapped cyber data and
look at cyber risks through a
business intelligence/KPI lens.
2. Build the right strategy and
foundation for a long-lasting
cyber-resilient approach.
3. Facilitate communication and
collaboration across IT teams,
business analysts, legal and
executives.
16

Q&A and Additional
SurfWatch Labs Resources
17
How to Understand Cyber Risks
and Ensure Governance:
info.surfwatchlabs.com/cyber-risk-governance
SurfWatch C-Suite Datasheet:
info.surfwatchlabs.com/SurfWatch-C-Suite-Datasheet
SurfWatch C-Suite Product Overview Video:
www.youtube.com/watch?v=9J0Ae6VTmHU
SurfWatch C-Suite Product Review:
www.scmagazine.com/surfwatch-c-suite/review/4324/
Schedule a Personal SurfWatch C-Suite Demo:
info.surfwatchlabs.com/request-demo

Thank You!
www.surfwatchlabs.com
Follow us at:

The fourth annual Ponemon report on The Cyber Resilient Organization in 2019, sponsored by IBM Security, focuses on the key trends that make an organization cyber resilient and how cyber resilience has changed since the first report launched in 2015. Hosted by Larry Ponemon of the Ponemon Institute and Maria Battaglia, IBM Security, these two industry experts answer the questions, what has improved in the cyber security space over the past 4 years? What do organizations still struggle with? And which groups are improving and how? This webinar will take you through the barriers of becoming cyber resilient and dive into report topics such as implementing automation, aligning privacy and cyber security, and what it takes to become a cyber resilient “High Performer” in 2019. Listen to the on-demand webinar at: https://event.on24.com/wcc/r/1975828/97089502D02EFD9478B85676EB67266C?partnerref=FM1

Building Human Intelligence – Pun Intended

EnergySec

Presented by: Rohyt Belani, Phishme Abstract: In the physical world, the human brain has evolved to avoid danger. The threat of physical pain triggers fear – and we have learned to avoid behavior that causes pain. In the electronic world of email, however, this concept doesn’t translate. Clicking on a malicious link or opening an attachment laced with malware doesn’t cause pain, and often a user won’t even notice anything is wrong after doing it. How then, can we teach fear perception in the electronic world? Is it even possible? In this presentation I’ll discuss how immersive training can key on psychological triggers to teach people to become skeptical email users who not only avoid undesired security behavior but can aid intrusion detection by reporting suspicious emails, helping to mitigate one of the most serious problems in security: slow incident detection times. According to reports from Mandiant and Verizon, average detection time for an incident is in the hundreds of days. A properly trained workforce is not only resilient to phishing attacks, but can improve detection times as well.

Security Program Guidance and Establishing a Culture of Security

Doug Copley

Synack cirtical infrasructure webinar

Synack

Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...

Citrin Cooperman

Achieving Compliance Through Security

EnergySec

Presented by Patrick Miller, The Anfield Group and Jason Ile, Tripwire Abstract: This presentation emphasis the importance of building an environment where compliance is a natural byproduct of effective security controls. The presenters discuss how to establish info security controls that reinforce a culture of controls, by being plugged into the daily operational processes of IT operations, software and service development, project management and Internal audit. Additional, the presenters explore the various benefits of continuous monitoring and how to achieve it through a step-by-step practice.

MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...

Citrin Cooperman

Sign up for our weekly MasterSnacks courses here: https://www.citrincooperman.com/infocus/mastersnacks MasterSnacks, our C-Suite Snacks spin-off, brings you a series of topic-specific courses, using our snack-sized sessions to go in depth on content important to you. Join MasterSnacks live every Wednesday at noon for live exclusive sessions. In today's world, a cyber attack happens every 39 seconds on average. For every doom and gloom story we can tell, there are also instances where another organization’s proactive defense has helped to avoid a cyber attack. During our final MasterSnacks: Cybersecurity session, we discussed strategies your company can implement to move your IT environment from reactive to proactive. We also shared examples of current clients whose proactive positions have had a real impact in thwarting hackers' attempts at infiltrating their organizations. We covered: - Case studies on companies that have successfully staved off cyber attacks - Proactive strategies for protecting your infrastructure - Automated tools to facilitate more timely evaluation and monitoring

Bill Lisse - Communicating Security Across the C-Suite

centralohioissa

In the spirit of Continuous Improvement, we must ask ourselves - Are we doing the best job we can? In this presentation Gary will present some ideas and concepts that can be used to improve the security posture within your organization. These ideas and concepts are not your typical solutions, rather they will force you to make a fundamental change in your approach to implementing security and underlying assumptions about good security practices. This presentation will challenge conventional thinking about how to build a successful security program. After all, what do you have to lose? Are we really winning the cybersecurity war?

Ri cyber-security-for-your-small-business

Meg Weber

Cyber-attacks

The Economist Media Businesses

Role of The Board In IT Governance & Cyber Security-Steve Howse

CGTI

The Cyber Security Readiness of Canadian Organizations

Scalar Decisions

Cybersecurity for Energy: Moving Beyond Compliance

EnergySec

Presented by: Gib Sorebo, SAIC Abstract: For the last few years, energy companies, particularly electric utilities, have been scrambling to meet the onslaught of cybersecurity regulations. However, hackers don’t follow regulations, so the need to rapidly address evolving threats is imperative to meet expectations of senior leadership, board members, and shareholders. This session will discuss how a mature governance structure and a cybersecurity strategy based on a comprehensive understanding of business risk can be used to address threats, comply with regulations, and obtain support from company stakeholders.

Deral Heiland - Fail Now So I Don't Fail Later

centralohioissa

With network data breaches being reported weekly, it appears our implementation of prevention solutions is failing. With the average time to detect a breach being greater than 6 months our detection solutions also appear to be failing. Maybe these solutions and technologies are working correctly and we are just not training our teams how to manage, maintain, and leverage those solutions effectively. In this presentation I will be discussing security testing and validation methodologies that includes Internal/external pentesting, social engineering, and red team/blue team exercises. In addition I will be covering how using these methodologies we can better prepare and build a more robust security environment that will keep your organization off the front page.

Cyber Defence - Service portfolio

Kaloyan Krastev

Cyber security: Five leadership issues worthy of board and executive attention

Ramón Gómez de Olea y Bustinza

Security and PCI: 4 Things You Need to Know

The Internet of Things

Why cyber-threats could kill your business transformation

Digital Transformation EXPO Event Series

Why cyber-threats could kill your business transformation We live in a connected world, and many organisations have responded with business transformation programs encompassing cloud, remote endpoints, shared networks, and more. How long can these connected systems and processes survive in a world of next generation, increasingly stealthy and complex cyber threats? This presentation will consider the threats facing digitally-powered businesses today and in the coming years – and how the security industry can help them address these threats. Not just through multi-layered, machine-learning and intelligence-based protection, but, equally importantly, through collaboration – with each other and with the business community – to share intelligence, build skills, and ensure security is built in from the very start of every new product and service.

Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas

Tripwire

NESCO Town Hall Workforce Development Presentation

EnergySec

Moderated and Presented by Andy Bochman Discussion Topic: Workforce Development in the ICS WorkPlace Discussion Abstract: Ask anyone working in the field at an electric utility about cybersecurity and the conversation will inevitably turn to the shortage of a qualified security staff with knowledge of our industry. The need to comply with NERC CIP standards, secure the rapidly proliferating smart grid technologies, and defend against the threat of cyber attacks targeting control systems, makes the short supply of cybersecurity talent is a critical issue.

MasterSnacks: Cybersecurity - Third-Party Crashers: Avoiding Service Provider...

Citrin Cooperman

Sign up for our weekly MasterSnacks courses here: https://www.citrincooperman.com/infocus/mastersnacks MasterSnacks, our C-Suite Snacks spin-off, brings you a series of topic-specific courses, using our snack-sized sessions to go in depth on content important to you. Join MasterSnacks live every Wednesday at noon for live exclusive sessions. As your business wages war against cyber criminals, you must combat the vulnerabilities posed by your own third-party service providers. Your external providers must be held accountable in order to keep your business safe and secure. During Session 1 of our MasterSnacks:Cybersecurity series, we covered more about mitigating third-party risks by evaluating and managing your service providers. Key takeaways included: - Third-party risk evaluation and management systems - Strategies to mitigate risk - The value and difference between SOC Reports

Demonstrating Information Security Program Effectiveness

Doug Copley

Executive Summary of the 2016 Scalar Security Study

Scalar Decisions

The 10 Secret Codes of SecurityKarina Elise

Scalar security study2017_slideshare_rev[1]

Tracey Ong

Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...

Tripwire

Boards of Directors have an inescapable legal responsibility to protect their organisation’s assets and shareholder value against risks. Where does cybersecurity fit in the agenda? Many boards lack the knowledge, awareness and confidence to connect security to the business. In this webcast, moderator Paul Edon, Director of Customer Services at Tripwire, will provide a variety of perspectives from experienced professionals in the industry — including Amar Singh UK CISO for Elsevier, Ray Stanton EVP Professional Services at BT and Advisory Board Member of ISF, and Gary Cheetham, CISO at NFU Mutual.

Cyber risk tips for boards and executive teams

Wynyard Group

Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...

International Federation of Accountants

Digital trust and cyber challenge now extends beyond the Enterprise

Mourad Khalil

What's hot

Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War

centralohioissa

Ri cyber-security-for-your-small-business

Meg Weber

Cyber-attacks

The Economist Media Businesses

Role of The Board In IT Governance & Cyber Security-Steve Howse

CGTI

The Cyber Security Readiness of Canadian Organizations

Scalar Decisions

Cybersecurity for Energy: Moving Beyond Compliance

EnergySec

Deral Heiland - Fail Now So I Don't Fail Later

centralohioissa

Cyber Defence - Service portfolio

Kaloyan Krastev

Cyber security: Five leadership issues worthy of board and executive attention

Ramón Gómez de Olea y Bustinza

Security and PCI: 4 Things You Need to Know

The Internet of Things

Why cyber-threats could kill your business transformation

Digital Transformation EXPO Event Series

Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas

Tripwire

NESCO Town Hall Workforce Development Presentation

EnergySec

MasterSnacks: Cybersecurity - Third-Party Crashers: Avoiding Service Provider...

Citrin Cooperman

Sign up for our weekly MasterSnacks courses here: https://www.citrincooperman.com/infocus/mastersnacks MasterSnacks, our C-Suite Snacks spin-off, brings you a series of topic-specific courses, using our snack-sized sessions to go in depth on content important to you. Join MasterSnacks live every Wednesday at noon for live exclusive sessions. As your business wages war against cyber criminals, you must combat the vulnerabilities posed by your own third-party service providers. Your external providers must be held accountable in order to keep your business safe and secure. During Session 1 of our MasterSnacks:Cybersecurity series, we covered more about mitigating third-party risks by evaluating and managing your service providers. Key takeaways included: - Third-party risk evaluation and management systems - Strategies to mitigate risk - The value and difference between SOC Reports

Demonstrating Information Security Program Effectiveness

Doug Copley

Executive Summary of the 2016 Scalar Security Study

Scalar Decisions

The 10 Secret Codes of SecurityKarina Elise

Scalar security study2017_slideshare_rev[1]

Tracey Ong

Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...

Tripwire

Cyber risk tips for boards and executive teams

Wynyard Group

What's hot (20)

Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War

Ri cyber-security-for-your-small-business

Cyber-attacks

Role of The Board In IT Governance & Cyber Security-Steve Howse

The Cyber Security Readiness of Canadian Organizations

Cybersecurity for Energy: Moving Beyond Compliance

Deral Heiland - Fail Now So I Don't Fail Later

Cyber Defence - Service portfolio

Cyber security: Five leadership issues worthy of board and executive attention

Security and PCI: 4 Things You Need to Know

Why cyber-threats could kill your business transformation

Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas

NESCO Town Hall Workforce Development Presentation

MasterSnacks: Cybersecurity - Third-Party Crashers: Avoiding Service Provider...

Demonstrating Information Security Program Effectiveness

Executive Summary of the 2016 Scalar Security Study

The 10 Secret Codes of Security

Scalar security study2017_slideshare_rev[1]

Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...

Cyber risk tips for boards and executive teams

Similar to How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs

Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...

International Federation of Accountants

Digital trust and cyber challenge now extends beyond the Enterprise

Mourad Khalil

A CIRO's-eye view of Digital Risk ManagementDaren Dunkel

Strategic Cybersecurity

ScottMadden, Inc.

By leveraging more than 30 years of energy expertise, ScottMadden has developed an approach to help clients implement cybersecurity programs that target enterprise risks and demonstrate tangible evidence of improving cybersecurity capabilities. This approach engages business stakeholders to answer the following strategic questions: 1. What are our biggest enterprise cybersecurity risks? 2. What is the appropriate response to these risks? 3. How will success be measured? 4. How will we get there? We align with energy sector guidance to meet industry expectations, and we integrate with enterprise governance to direct and monitor implementation progress, ongoing performance, and assurance. This report highlights ScottMadden’s approach to strategic cybersecurity. For more information, please visit www.scottmadden.com.

How to Raise Cyber Risk Awareness and Management to the C-Suite

How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs

Similar to How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs (20)

More from SurfWatch Labs

More from SurfWatch Labs (20)

Recently uploaded

Recently uploaded (20)

How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs

Editor's Notes