1 / 13

ADAPTED FROM FORCEPOINT -

CYBERSECURITY: FROM REACTIVE TO P R O A C TIVE, F R OM TECHNI C AL RISK T O BUSINE S S RISK A FORCEPOINT PRESENTATION MATERIAL – ADAPTED. ADAPTED FROM FORCEPOINT -.

agoldsberry
Download Presentation

ADAPTED FROM FORCEPOINT -

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CYBERSECURITY: FROM REACTIVE TO PROACTIVE,FROMTECHNICALRISK TOBUSINESS RISK A FORCEPOINT PRESENTATION MATERIAL – ADAPTED.

  2. ADAPTED FROM FORCEPOINT - • An organization that is transforming cybersecurity by focusing on what matters most: understanding people’s intent as they interact with critical data. • Based in Austin, Texas, Forcepoint supports • more than 20,000 organizations worldwide. • For more about Forcepoint, visit www.forcepoint.com

  3. OUTLINE • People strategy is the new security strategy • Employees without borders: The deconstruction of perimeters • Modern security: An exercise in trust, communication, and partnership • Social contracts: Customers care too • Money well (mis)spent • Cybersecurity is everyone’s challenge

  4. PEOPLE STRATEGY IS THE NEW SECURITY STRATEGY There’s no question that cybersecurity remains a prevalent issue for business today. The internet-based economy is growing twice as fast as the rest of the global economy,1 and yet the risk of cyber-attacks continues to increasedespite growinginvestmentincountermeasuresand the implementation of ground-breaking regulation in parts of the world. The Australian Government’s Department of the Prime Minister andCabinet estimatedthat cybercrimecoststhe nation more than $1 billion each year—with international figures suggesting this number could be as high as $17billion annually.2 With such astounding costs, it’s no longer enough to think of cybersecurity as a technology issue. Instead we see a compelling case for organizations to prioritize the development of business strategies to mitigate risks and secure intellectual property (IP). Further, as new ways of working reshape the structure of modern business networks, it’s vital that today’s cyber defense strategies leverage tools suited to protecting data in a mobile, bring-your-own-device (BYOD), and cloud-enabled workforce.

  5. EMPLOYEES WITHOUT BORDERS: THE DECONSTRUCTION OF PERIMETERS 1 Lorem ipsum dolor sit amet In the modern workforce, developments in technology, the internet of things (IoT), cloud computing, and flexible work policies like BYOD, means the boundaries between personal data and professional data are blurred. Increasingly, employees work remotely, on their own laptops or phones, and use their devices for matters other than work—including taking their devices on holiday. 1 2 Security managers are expected to ‘defend the perimeter’ of their networks, yet those perimeters are being eroded, in many cases willingly, in an effort to be flexible. We are moving from the model of defending a castle to protecting an airport. Protection and security needs to apply not just to the physical building and the devices within it, but to the employees that pass in and out, moving data around with them. 2 3 An employee’s identity and behavior have become the new perimeter. Expecting a one-size-fits-all solution— typical of days past—is now unrealistic. Blanket security policies from traditional tools may be reasonably effective at slowing the movement of valuable data, but they are often incredibly restrictive and counter-productive to the various roles, responsibilities, and daily duties of workers throughout a complex organization. 3

  6. EMPLOYEES WITHOUT BORDERS: THE DECONSTRUCTION OF PERIMETERS - CONTINUED 4 Lorem ipsum dolor sit amet With a new generation of ‘digital natives’ in the workforce, employees are most likely used to sharing and collaborating with one click. If they can’t, they will look to circumvent existing structures in order to do so easily. 4 5 A research by Forcepoint into the growing millennial workforce revealed a new generation more likely to trade caution for digital productivity. Among the alarming responses collected and examined in the survey’s full results: Many millennials acknowledged they use personal devices for both work and play, with nearly a quarter downloading company files and third-party apps to personal devices to increase productivity without notifying IT. 5 6 A risk-adaptive approach to security is thus recommended. By treating each worker as unique, analysing and mapping their baseline day-to-day behaviours, risk-adaptive protection is capable of treating each worker individually based on their expected behaviour patterns. This helps manage the safe restriction of—and productive access to—sensitive files. 6

  7. MODERN SECURITY: AN EXERCISE IN TRUST, COMMUNICATION, AND PARTNERSHIP One of the challenges for security managers today is how to avoid breaches of security while at the same time maintaining an ethical social contract with their employees and customers—maintaining trust within the business. In the case of workforce monitoring, tools need to be implemented and managed transparently, so that employees don’t perceive it as an invasion of privacy. The key therefore lies in proactive and effective communication. Systems monitoring should be designed to protect the company, the customer, and the employee. It is important to be able to prove innocence as well as guilt. For example, if it appears as though an employee has been stealing IP, the use of an appropriate monitoring tool could prove that their credentials were compromised and a third party had actually used their login to access the files. It would have been easy to presume guilt if the evidence wasn’t there. Similarly, demonstrating the improved protection of an employee’s personal data— such as salary history—through monitoring tools could help build a stronger case for their implementation.

  8. SOCIAL CONTRACTS: CUSTOMERS CARE TOO Social contracts around data exist not only betweenemployee and employer, but between an organizationand its customers and partners. An example is the recent Cambridge Analytica issue, which impacted Facebook user data. Many users were already aware that Facebook keeps track of vast amounts of user data—as well as data collected by third-party app developers. However, whentheuserprofilesofnearly 90millionpeoplewere sold to a third-party corporation, even though it was stated in the terms of service, it was ultimately seen as a breach of social contract between Facebook and its customers—causing widespread outrage. Facebook founder and CEO Mark Zuckerberg, under questioning, admitted that these terms of service were “in conflict with the rules of the platform”, and the breach of trust would go on to cost Facebook a reported $35 billion in market value. While Facebook has since recovered much of this value, many organizations may not be as resilient.

  9. MONEY WELL (MIS)SPENT 1 Australia’s recently implemented Notifiable Data Breaches scheme and subsequent quarterly statistics reports have illuminated many of the causes behind some of the country’s major data breaches. The June 2018 report found that more than one in three breaches—a staggering 36%3—were caused by human error. Similar data from overseas markets4 has shown that roughly 70% of cyber breaches come from an internal source: misdirected emails, phishing scams, disgruntled employees stealing what they believe are their own ideas, and other accidental acts or lapses in human judgement. 4 Lorem Ipsum Gartner research6 suggests that enterprise security budgets are shifting towards technologies like endpoint detection and response and user entity and behaviour analytics (UEBA). These modern technologies will be disruptive to traditional endpoint protection and security information and event management (SIEM) markets. 5 Given that many threats originate from inside a business and occur at the point of interaction between humans and data, a predictive approach can be used to detect and defend against human error, malicious actions, and compromised users. This predictive approach takes a human-centric focus to identify and flag abnormal user behaviour. To use an analogy, it’s not enough to drive your car safely; you need to anticipate and react to the movements of other drivers on the road, noticing deviations from normal patterns—as well as what’s going on in your back seat. 2 In essence, a large priority in cybersecurity is protecting the organisation from itself. Yet the majority of cybersecurity technology investment goes towards protecting the organisation against external threats. 3 It’s estimated that worldwide security spending will reach $91billionin2018—up8%from2017.5 Yet solittlehas been accomplished, primarily because cybersecurity has traditionally lagged behind technology. There’s a saying that if you’re waiting for the next technological development, you’re already too late.

  10. CYBERSECURITY IS EVERYONE’S CHALLENGE Cybersecurity is no longer simply a technology issue, it’s a business issue. Getting everyone on the same page with data security is essential, from executive leadership and board members to new employees and contracting third- party organisations. At the rate of change in today’s world, the only constant is people. People run businesses and people produce data. New levels of securing access to data are driving forward a new frontier, from fingerprint logins to retina scans and even palm-vein authentication. In response, many hackers and malicious actors now replace scanning for network vulnerabilities with scanning and targeting people—proving an easier compromise, in many cases, than a brute-force entry.

  11. CYBERSECURITY IS EVERYONE’S CHALLENGE We need to understand how people use data and how data flows through and outside of the organization in order to prevent—not just detect— breaches moving forward. Through openly communicated security programs that include workforce monitoring, IT and security teams can safely provide access to the information employees need to productively go about their jobs. Rather than locking down productivity with excessive firewalls and one-size-fits-all security policies, IT should become the department of ‘yes’, working in partnership with employees to avoid being circumvented with shadow IT— particularly in the age of digital-native employees. In an age of growing and evolving threats, only a universal understanding of data security, and the scale and breadth of the challenge it represents, across business functions as well as IT and security teams can truly make inroads into the protection of data.

  12. REFERENCES • Department of the Prime Minister and Cabinet, Cyber Landscape: Cyber space is a world of opportunities, 2017 • Department of the Prime Minister and Cabinet, Cyber Landscape: Cyber space is a world of opportunities, 2017 • OAIC, Notifiable Data Breaches Quarterly Statistics Report: 1 April – 30 June 2018, 2018 • Forcepoint, Negligence is the #1 cause of insider threats, 2016 • Gartner, Gartner Forecasts Worldwide Security Spending will reach $96 Billion in 2018, Up 8 Percent from 2017, 2017 • Gartner, Gartner Forecasts Worldwide Security Spending will reach $96 Billion in 2018, Up 8 Percent from 2017, 2017

More Related