Michael Daly, Chief Technology Officer for Cybersecurity & Special Missions at Raytheon, described global cybersecurity trends during his presentation at the 2015 Chief Information Officer Leadership Forum in Boston on March 26. In his presentation, “Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs,” Daly pointed out that cybersecurity is becoming a major concern for C-level executives.

1. Copyright © 2015 Raytheon Company. All rights reserved.
Customer Success Is Our Mission is a registered trademark of Raytheon Company.
Global Megatrends In
Cybersecurity:
A Survey of 1000 CxOs
Michael K. Daly
Chief Technology Officer
Cybersecurity & Special Missions
March 2015

2. Megatrends in Cybersecurity
Survey
 Who we asked
 1,006 CIOs, CISOs
 Cross section of industries
 North America, Europe, ME/NA
 What we asked about
 Evolving sources of cybersecurity risks
 Intelligence enabled cybersecurity
 Importance of cybersecurity to the business
 Emerging technologies
 Next-generation of organizational practices
 Winning cybersecurity strategies
 Links:
– Report:
http://www.raytheon.com/news/rtnwcm/groups/gallery/documents/content/rtn_233811.pdf
– Infographic:
http://www.raytheon.com/news/rtnwcm/groups/gallery/documents/content/rtn_233812.pdf
Several Interesting Trends and Factors Emerged
4/20/2015 2

3. Global Megatrend #1
Cybersecurity will become a C-level priority
and a competitive advantage.
Some organizations are leading the way…
But there is a lot of room for improvement.
4/20/2015 3
Don’t overwhelm business leaders – focus on key metrics that get to the heart of
how cybersecurity impacts the business. “Dwell time” is the metric that works for us.

4. Global Megatrend #2
Cyber crime and Compliance costs will keep CISOs up at night
There will be significant increases in nation state attacks, cyber
warfare/terrorism, and breaches involving high value information.
But, risks from human factors will improve greatly.
4/20/2015 4
For these sophisticated threats, participate in threat information sharing and conduct
your own cyber analytics and intelligence, specific to your business.
Worsened State

5. Global Megatrend #3
Insider negligence risks are decreasing
With investments in technologies, training programs and visibility into what
employees are doing in the workplace.
4/20/2015 5
The decline in insider negligence should improve the signal-to-noise ratio to better
identify external threats that have gained access to internal resources.
Risk Impact to Organization in 3 Years
Lack of awareness of cybersecurity practices by 26%
Inability to control employees’ devices and apps by 28%
Employee complacency about cybersecurity by 33%
Inability to know what employees are doing in the workplace by 41%

6. Big shifts in technology towards big data analytics, forensics
and intelligence-based cyber solutions.
Global Megatrend #4
4/20/2015 6
Shifting technology priorities
Anti-virus and anti-malware by 15%
Encryption for data at rest by 27%
Big data analytics and behavioral profiling by 38%
SIEM and cybersecurity intelligence by 19%
Automated forensics tools by 21%
Top Cyber Threats by 2018
1. Zero-day attacks
2. Mobile malware/targeted attacks
3. Cloud data leakage
4. SQL injection
5. Phishing attacks
Big data analytics efforts are underway in government and in research … it is
unclear (to me) that we’ll see effective commercial products in the next three years.

7. Global Megatrend #5
The “Internet of Things” is here but organizations are slow to
address its security risks.
With consumers embracing more connected devices, information security
leaders predict that the “Internet of Things” will inspire some of the highest
impacting disruptive technologies in the near future.
4/20/2015 7
Organizations prepared for
the “Internet of Things” world
69% not
prepared
Know what devices are being brought into your enterprise, what data is being
collected, and where that data is going.
http://www.dhs.gov/sites/default/files/publications/IoT%20Final%20Draft%20Report%2011-2014.pdf

8. Global Megatrend #6
The cyber talent gap will persist.
4/20/2015 8
Mentor, coach and encourage youth to consider a career in cybersecurity by
encouraging your staff to connect with their communities.
Organizations that need more
knowledgeable and
experienced information
security employees
66%
Need
More
Source: Raytheon’s 2014 Millennial Survey

9. Global Megatrend #7
Despite alarming media headlines over the last year,
cybersecurity postures are expected to improve.
Governments are working to strengthen cyber regulations and information sharing,
coupled with investments in advanced and automated technologies. CISOs are
optimistic about their future cyber posture.
4/20/2015 9
Future state of your organization’s
security posture in 3 years
Will
improve
64%
Stay the same
26%
Will decline
10%
Engage with government to access cyber threat information and assessment services.
(http://www.dhs.gov/sites/default/files/publications/DHS%20Industry%20Resources_0.pdf)

10. A Bit More on Attack Types
Attacks expected to be less
prevalent in the next 3 years:
 Botnet attacks
 Clickjacking
 MacOS malware/targeted attacks
 Compromised trusted partners
 Attacks on industrial control
systems
4/20/2015 10
Attacks expected to be most
prevalent in the next 3 years:
 Zero day attacks
 Cloud data leakage
 Mobile malware/targeted attacks
 SQL injections
 Critical infrastructure attacks

11. A Bit More on Tool Importance
4/20/2015 11
Tool Today Future Change
Anti-virus/anti-malware 3.62 3.06 -0.56
Database scanning and monitoring 3.46 3.45 -0.01
Forensics (automated tools) 3.42 4.16 0.74
Identity & access management 3.42 3.49 0.07
ID & credentialing system 3.42 3.26 -0.16
Virtual private network (VPN) 3.39 3.24 -0.15
Threat intelligence feeds 3.38 4.01 0.63
Big data analytics 3.38 4.14 0.76
Data loss prevention (DLP) 3.37 2.99 -0.38
Endpoint and mobile device management 3.37 3.17 -0.2
Intrusion detection & prevention 3.36 3.38 0.02
URL or content filtering 3.36 3.31 -0.05
Access governance systems 3.36 3.55 0.19
Sandboxing or isolation tools 3.31 3.92 0.61
Encryption for data in motion 3.31 4.03 0.72
SIEM and cybersecurity intelligence 3.31 4.05 0.74
Perimeter or location surveillance 3.28 3.36 0.08
Next generation firewalls (NGFW) 3.28 3.93 0.65
Incident response tools 3.27 3.27 0
Configuration & log management 3.25 3.11 -0.14
Encryption for data at rest 3.25 4.13 0.88
Web application firewalls (WAF) 3.23 3.86 0.63
Device anti-theft solutions 3.22 3.14 -0.08
Automated policy generation 3.2 3.29 0.09
Tokenization tools 3.2 3.33 0.13
Tools that maybe aren’t
working as well as we
need:
 AV
 DLP
 MDM
Tools to save our futures:
 Encryption
 Big data analytics
 Intelligence (SIEM & feeds)
 Forensics

12. Recommendations to CISOs
 Engage your Leadership Team and Board of Directors in a cyber dialog focused on
risk to the business
 Communicate key cyber metrics in ways management can understand. Consider
“dwell time” as the primary metric.
 Participate in cyber threat information sharing communities.
 Leverage analytics and automation technologies by focusing on the indicators of
risk in your business.
 Know what devices (IoT and other BYOD) are being brought into your enterprise,
what data is being collected, and where that data is going.
 Mentor, coach and encourage youth to consider a career in cybersecurity by
encouraging your staff to connect with their communities.
 Engage with your government to access cyber threat information, training, and
assessment services.
(http://www.dhs.gov/sites/default/files/publications/DHS%20Industry%20Resources_0.pdf)
4/20/2015 12
Know that cyber security can be your competitive advantage or your failure.