In this talk, Dr. Dave Chatterjee addresses the following questions/subject areas: - The state of cybersecurity and the threat landscape as of August, 2022 - What are the unifying themes of the largest breaches he’s cited for his case studies in his book - WhyCybersecurity Readiness quickly zeroes in on Culture and Commitment - What arethe critical elements of a transformational security culture? - What’s the right type of awareness program to secure commitment and build culture at your organization? - What does research suggest is important for building effective, holistic security programs for different shapes and sizes of organizations? ‍

2. Disclaimers
• Fair Use Notice and Disclaimer
• This presentation deck may contain copyrighted material the use of which has not been specifically authorized by the
copyright owner. The fair use doctrine allows the presenter limited use of copyrighted material without requiring
permission from the rights holders, such as commentary, criticism, news reporting, research, teaching or scholarship. It
provides for the legal, non-licensed citation or incorporation of copyrighted material in another author’s work under a
limited balancing test. The material shall be used to enhance public understanding of cybersecurity preparedness, as such,
the presenter believes this constitutes a fair use of any such copyrighted material as provided for in section 107 of the US
Copyright Law. In accordance with Title 17 U.S.C. Section 107, this presentation is distributed without profit to those who
have expressed a prior interest in receiving the included information for research and educational purposes. If you wish to
use potentially copyrighted material from this presentation for purposes of your own that go beyond fair use, you must
obtain permission from the copyright owner.
• Errors and Omissions Disclaimer
• The information contained in this presentation is for general guidance only. The author/presenter assumes no
responsibility or liability for any errors or omissions in the content of this presentation. The information contained in this
presentation is provided on an "as is" basis with no guarantees of completeness, accuracy, usefulness, or timeliness.

3. The State of
Cybersecurity and the
Threat Landscape as of
August, 2022

4. World’s
Biggest Data
Breaches and
Hacks
Source: https://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

5. Consequences
Sixty percent of small and medium-sized businesses (SMEs) are known to go out of business within six months of being hacked
LOSS OF
REPUTATION
LOSS OF REVENUE LOSS OF BUSINESS
OPPORTUNITIES
DECLARING
BANKRUPTCY
GOING OUT OF
BUSINESS

6. Expanding Attack
Surfaces
• Digitization of business processes
• Increasing dependance on cloud-based services
• A highly mobile work environment
• Infusion of IoT and other smart devices

7. Evolving Attack Vectors
Phishing Ransomware IoT Attacks
Insider
Threats
Adversarial
AI Attacks

8. The Human Vulnerability Factor
99% of the attacks are focused on exploiting human vulnerabilities

9. Attacks on Critical Infrastructure
May 7, 2021
Pipeline shutdown led to fuel shortages
100 GB of data stolen
$4.4 million paid by way of ransom

10. Attacks on Critical Infrastructure
City of Atlanta Spent
$2.6M to Recover From a
$52,000 Ransomware
Scare

11. The Grim Possibility
Nuclear attacks
Contamination of Water Supply
Bank Failure
Collapse of the Financial Market

12. Unifying Themes of the
Largest Breaches

13. Weaknesses and Shortcomings
Gross
Negligence
Lack of
Transparency
Inadequate
Preparation
Poor
Communication
§ Usernames and Passwords not encrypted
§ Weak encryption system
§ Unencrypted customer data stored in multiple
locations
§ Networks not adequately segmented
§ Multi-factor Authentication (MFA) not in place
§ Delay in notifying victims
§ The breach went undetected for several weeks.
§ The company did not pay heed to the alerts sent
by the monitoring company.
§ Misconfigured web application firewall
§ Lack of well rehearsed disaster recovery and
incident response plan

14. Why Cybersecurity
Readiness Quickly
Zeroes in on Culture
and Commitment?

15. Commitment-Preparedness-Discipline Framework
Chatterjee, D. Cybersecurity Readiness: A Holistic and High-Performance Approach, SAGE Publishing, March 2021

16. What are the critical elements of
a transformational security
culture?

17. Critical
Elements
§ Commitment
§ Hands-on top management
§ Organization-wide involvement
§ Preparedness
§ Proactive approach
§ Continuous and customized training
§ Acting promptly
§ Real time audits
§ Regular security drills
§ Transparency
§ Clear, honest, and regular communication with all stakeholders
§ Holistic Performance Assessment

18. What’s the right type of
awareness program to
secure commitment
and build culture at
your organization?

19. Awareness and Training Program
Customized Continuous Incremental
Engaging and
interactive
Immersive
Effective
measurement
Important element
of an employee’s
performance review

20. What does research suggest is
important for building effective,
holistic security programs for different
shapes and sizes of organizations?

21. Commitment-Preparedness-Discipline Framework
Chatterjee, D. Cybersecurity Readiness: A Holistic and High-Performance Approach, SAGE Publishing, March 2021

22. Multi-pronged
Approach to
Cybersecurity
Readiness
• Technology alone will not
mitigate information security
risks
• There are several pieces to the
complex puzzle of cybersecurity
management and technology is
only one of them
• Committed leadership, robust
governance procedures,
informed and motivated
personnel are other success
factors
• The battle or war against
current and future cyber threats
must be fought holistically and
comprehensively by adopting
people, process, and technology
driven measures

23. ThankYou
https://www.dchatte.com/
dchatte@gmail.com
https://www.linkedin.com/in/dchatte/