Helping you grow your business with

scalable IT services & solutionsfor today’s challenges & tomorrow’s vision.

© 2017 Peters & Associates, Inc. All rights reserved.

Anatomy of a Cyber AttackA Reality Check for Business Decision Makers including Executives, Directors, and Owners.

Bruce Ward, Vice President of Business StrategyDr. Rachael Narel, Solution StrategistAdam Gassensmith, Manager of Client Engagement

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsAgenda

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsChanges Keep Changing

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsChanges Keep Changing

2005 2013

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsBreaches Keep Breaching

www.hhs.gov/ocr/privacy/hipaa/enforcement/index.html https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutions

“Cyber crime only happens to large companies like Chase, Target and Home Depot.”

31% - incidents of losses at organizations with <100 employees

61% - incidents of losses at organizations with <250 employeesSource: Symantec Internet Threat Report

Common Misconceptions

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsCloud Shift only Shifts

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsLooming Risk Offset

Above The Surface

Below The Surface

• Customer Breach Notification• Technical Investigation

• Loss of Client Relationships• Reputation / Brand• Cost of Raising Capital• Loss of Intellectual Property• Impact on Operations• Insurance Sources:2017 Reports:

Ponemon and Deloitte

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsInformation Security Is Complex & Dynamic

DATA“A lot of moving parts”

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsInformation Security Industry

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsCyber Security Framework

Data Protection

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutions

People

Process

Technology

NIST CSF

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsCyber Security Framework

Data Protection1

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsSignificant Data

Helping you grow your business with

scalable IT services & solutionsfor today’s challenges & tomorrow’s vision.

© 2017 Peters & Associates, Inc. All rights reserved.

Creating a Culture of Security and Effective Training Programs

Rachael NarelSolution Strategist

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutions

The security of systems is dependent on the people that use them. Effective institutional assessment of risks and implementation of secure practices rely on a shared understanding of the threats and challenges facing the institutions….

Lohrmann, 2014

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutions

• Time and budget for training

• Say one thing and do another

• Lack of buy-in

• Not organizationally mandated

• “I’m not a target” mindset

• History of failed programs

• Lack of communication or purpose

• Change is hard….

Some Challenges….

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsOrganizational Culture

Edgar Schein

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutions

• The leadership team needs to support and promote a security culture– Does the strategy support the realization of the goals? (do people

know the strategy?)

– Is the right structure in place?

– Do key business processes support the strategy?

– Are the outcomes and behaviors that are rewarded and recognized support the strategy?

– Does the current talent of the organization support the strategy?

It starts at the top…

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutions

• Security belongs to everyone

• Overall awareness

• Rewards and recognition for those who do the right thing

• Creation of a security community

• Fun and engaging

• Continual learning and improvement

• Communication

Key Elements of a Security Culture

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsEngage the entire system

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutions

• Security training ≠ cyber awareness program

• Ongoing, continuous, communication, reinforcement

• Go beyond compliance and ‘check the box’ mindset

• Keep it simple!

Cyber Security Awareness PROGRAM

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutions

• Just one piece of the program

• Not a point in time event

• Relevant to the audience and consistent with the values and goals of the organization

• Influence behavior changes that deliver measureable results

Training IS important!

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsUse a variety of approaches

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsMeasure and share results

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutions

• Is there a security policy that is enforced across the entire organization?

• Do employees know the policy?

• What are the practices and technologies in place that can detect a breach?

• Do employees know what to do if they detect a security violation?

Simple Assessment

Sugar Rush: How to select an IT Managed Services and Cybersecurity Partner in a Crowded Marketplace

Adam Gassensmith – Manager of Client Engagement

This Photo by Unknown Author is licensed under CC BY-ND

Happy (belated) Halloween!

This Photo by Unknown Author is licensed under CC BY-NC

This Photo by Unknown Author is licensed under CC BY-NC-ND

This Photo by Unknown Author is licensed under CC BY

Partnering for Security

Average Salary of an IT Security Specialist

$120,000/year

Average Direct Cost of a Cyberattack on a Small Business

$9,000

The Cost of the Slow Burn

???

Choosing your Candy

Beware of Dum Dums

Avoid Kit Kat’s Rigidity

Peanut Butter and Chocolate

– Better Together

Are you Asking the Right Questions?

• Who is your ideal customer?

• What do you see as the greatest security threat to our business?

• How can you uniquely support our business?

Table Stakes• Security Expertise• Certification

This Photo by Unknown Author is licensed under CC BY-NC

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutions

IACCE Participant Entitlements Greater Chicago Area

Lunch and Learn - on-site

Security Review in a Day - on-site

Non-Profit Pricing

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsChamber Engagement 2016 …2017

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutions

The Right Mix Culture, Program, People, Process, and Technology

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutions

Successful Community Everyone Wins With The Right Cybersecurity Mix

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutions

Peters IL Chamber Program

•Connect•Engage•Measure•Evaluate

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutions

• Participated in 100 + Events Made 2000+ New Connections

• Chamber Cyber Security - 3 events and over 500 Participants

• 160 Cyber Community Businesses Educational Activities

• Results:• Improved Awareness Inquiries For Education lots more to do…..

Peters Community Programs 2017

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutions

Contact Tim O’Hara timothy.ohara@peters.com to:

Set up your Community Awareness Program (CAP)

Learn About Microsoft Non-Profit Program

Chat about Risk

What Next – Chamber Challenge

© 2017 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsKnowledge is Power

www.peters.com/blog

www.peters.com/event

© 2015 Peters & Associates, Inc. All rights reserved.© 2016 Peters & Associates, Inc. All rights reserved.