how to raise cyber risk awareness and management to the c-suite
TRANSCRIPT
How to Raise Cyber Risk Awareness and Management to the C-Suite
Today’s Speakers
2
Jason Polancich
Founder & Chief Architect
SurfWatch Labs
Today’s Speakers
Company Confidential 3
Chris Broderick
President & CEO
TerraGo Technologies
Cybersecurity Accountability Has Shifted to the C-Suite
4
“… boards that choose to ignore, or minimize, the importance of cybersecurity oversight responsibility, do so at their own peril.”
- Luis A. Aguilar, SEC Commissioner
5
Cybersecurity Needs to be Part of the Overall Business Strategy
• What cyber events are occurring in our industry?
• What Cyber Risk KPI’s should we track?
• Are we spending in the right areas?
• Have any suppliers been breached recently?
Cyber Risks Lost in Translation
6
What does this all mean to the business?
AntivirusFirewalls
Zeus
IDS/IPS
Citadel Trojan
Backoff POS
Netflow Analysis
Man-in-the-Middle
Packet Reflection
Packet Inspection
Malware Detection
Cybersecurity Management is Being Elevated in Organizations
7
From Facilities…
to Server Rooms…
to Board Rooms
Rising Costs of Insecurity
• Cost/compromised record increased from $188 to $201
• Customer turnover rate increased by 15%
8
Source: 2014 Cost of Data Breach Study: Global Analysis, Ponemon Institute
$5.9M is the Average Cost of a Data Breach
Aligning Cybersecurity Spend with Your Cyber Risk Reality
9
Sound Cybersecurity is a Competitive Advantage
10
69%of US executives are worried that cyber threats will impact growth.
— PwC, 17th Annual Global CEO Survey
11
Address Cyber Risks Now, Instead of Responding to Threats
12
Tracking Cyber Risks as Part of Overall Risk Management
• Elevate cybersecurity to higher level discussion and strategy through business intelligence approach
• Measure cyber risks through Key Performance Indicators (KPI’s)
13
Cybersecurity Requirements Being Specified in RFPs
14
Request for ProposalACME Corp
Cybersecurity Practices1.Describe the safeguards in place to protect customer information.
2.Who has access (physical and/or remote) to systems that house sensitive information?
3.Describe your network segmentation architecture.
4.What policies and controls are in place with regards to laptops and mobile devices?
5.How do you monitor and assess cyber risks?
• Customers are concerned about how their sensitive information is safeguarded
• Cybersecurity is now an important requirement for winning a contract
Get Instant Visibility of Your Cyber Risk KPI’s•Real-time and trending views of cyber risks and business impacts
•Provides easy-to-understand insights for Executives and Boards to make faster, more informed risk management decisions
•SaaS-based app ─ easy to access and use in Web Browser and Mobile
15
C-Suite Dashboard App
Cybersecurity Tips
1. Take a business intelligence approach to understanding and analyzing cybersecurity data
2. Common language among C-Suite and cybersecurity professionals
3. Proactively mitigate cyber risks as opposed to responding to threats
16
SurfWatch Labs Resources
17
• Download the Whitepaper: How Executives Can Understand Cyber Risks and Ensure Governance http://info.surfwatchlabs.com/cyber-risk-governance
• Read an Overview of SurfWatch C-Suitehttps://www.surfwatchlabs.com/apps/c-suite
• Try SurfWatch C-Suite for Freehttps://www.surfwatchlabs.com/apps/c-suite/new
Thank You!
www.surfwatchlabs.comFollow us at: