Cyber Security Nevada BusinessesOverview

June, 2014

2

Carolyn SchraderCEO, Cyber Security Group, Inc.

Fellow, National Cybersecurity Institute Excelsior College, Washington

DC

6/1/2014

3

Agenda

Threats to Small and Midsize Businesses

Impact to Nevadans

Hacking - What and Why

Cost of Recovery

UNR Cyber Security Center

Other States’ Actions

Action Steps

6/1/2014

4

Threats to Small and Midsize Businesses

All Fortune 500 companies were hacked

Over 50% of small businesses were hacked

Cyber criminals do not discriminate – any company, government agency, entity is a target

2013 Cyber Crime:

6/1/2014

5

Threats Continued

Cyber crime is a borderless crime

Leading countries for cyber criminals

• Russia

• China

• Romania

• France

6/1/2014

6

Threats Continued

Target data breach: 40 million customers

midsized business major corporation

6/1/2014

7

Threats Continued

2014 Cyber Threats: 1. Sophisticated malware

2. Impact of Internet of Things

3. Expansion of Bring Your Own Device

4. Expansion of black market for stolen data

5. Increased website hijacking

6/1/2014

8

Threats Continued

1. Sophisticated Malware Targeted audiences

Secretive attacks

Use of a business’ network to distribute malware

6/1/2014

9

Threats Continued

2013

• Over 220,00 new malware programs identified daily

New malware = 80 mil

Total malware = 180 mil

2014

• New malware Q1 = 15 mil

6/1/2014

10

Threats Continued

2. Impact of Internet of Things Things can be full building system controls or baby

monitors

Increased number of entry points creates more RISK

Things have little security but connect to smart devices

6/1/2014

11

Threats Continued

3. Bring Your Own Device Less control of data

Personal data comingled with company data

Security measures seldom used

Easily lost or stolen

• Stolen smartphones largest street crime in many cities

6/1/2014

12

Threats Continued

4. Expanded black market BIG money from illegal hacking

Sophisticated organizations

Creative marketing

6/1/2014

13

Threats Continued

5. Increased Website Malware Reputable website taken over by malware to distribute to

visitors

Business interruption

Rapid spread of malware to unsuspecting visitors

6/1/2014

14

Hacking What and Why

Identifying the hacker’s motivations and potential targets provides intelligence as to what will be attacked, and the potential impact.

This knowledge is critical in the understanding of hacker intentions, and in establishing a preparedness and security strategy.

6/1/2014

15

What & Why Continued

Data Passwords

Trade secrets

Intellectual property

Client lists

Financial projections

Blueprints

Sales territories and goals

Bank account information

Patient information

Research

6/1/2014

16

What & Why Continued

To sell the information to a competitor

To pirate a product

To get a company’s clients

Access route into larger company or organization

6/1/2014

17

Impact to Nevadans

Stolen personal information

Economic impact 60% of small businesses go out of business after a major attack

Detraction for new businesses moving in if cyber crime is not addressed Savvy businesses want cyber security expertise, prosecution

success, cyber secure suppliers

Cost of criminal prosecution

6/1/2014

18

Cost of Recovery

$200 - $246 per stolen record

10,000 records

= $2,000,000 - $2,460,000

6/1/2014

19

Recovery Cost Continued

What a Business Must Pay: Legal representation

• Incident recovery counsel

• Customer lawsuits

• Government lawsuits

Customer notifications

• Most states have notification laws

Ongoing credit monitoring service for customers

Fix the initial problem

Assessment of other security flaws

6/1/2014

20

UNR Cyber Security Center

A collaborative initiative with the purpose of bringing together experts from different fields to jointly address the cyber security challenge.

Computer Science and Engineering

Information Systems

Political Science

Sociology/Psychology

Journalism

Criminal Justice

Military Science

- Information courtesy of UNR Cyber Security Center

6/1/2014

21

UNR – CSC Continued

Mission of CSC• Perform cutting-edge interdisciplinary research.

• Foster cyber security education in interdisciplinary settings.

• Support workforce development in order to produce high-value employees for both government and industry.

- Information courtesy of UNR Cyber Security Center

6/1/2014

22

Other States’ Actions

California Small business website resource:

https://oag.ca.gov/cybersecurity

A few AG offices offer tips and links on website

Limited visible effort in addressing the severity and frequency of the crimes

6/1/2014

23

Action Steps

1. Aggressively support local district attorneys in their prosecution of illegal hacking

2. Initiate a statewide program to assist local law enforcement in conducting cybercrime investigations

6/1/2014

24

Action Steps Continued

3. Initiate an annual cybersecurity conference to facilitate networking among law enforcement and cybersecurity professionals

4. Sponsor an awareness program for businesses to help them understand the impacts of cyber attacks and how to reduce the risk of attacks

6/1/2014

25

Action Steps Continued

5. Advocate for cyber security requirements in businesses and support incentives for businesses to adopt cyber security measures

6/1/2014

26

Cyber Security Group, Inc.

Carolyn Schradercschrader@cyber-securitygroup.com

775.881.8980

cyber-securitygroup.com

6/1/2014