cybersecurity - ibc...booklet redone retail payments booklet revised intrex released information...
Post on 08-Jul-2020
3 Views
Preview:
TRANSCRIPT
12017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
CYBERSECURITY SAVE YOUR BOTTOM… LINE
I t ’ s n o t a l l a b o u t m o n e y - r e a l l y
22017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
24 years in IT.10 years in IS.7 years in banking.Small business.Large business.Government.Entertainment industry.Retail.Liberal artsy college.And a partridge in a pear tree.
WHO AM I?
32017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
42017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
UNDERSTANDING
COMMUNICATINGPEOPLE
52017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
WE GET IT !
Cybersecurity is a top 3 concern among CEO's
PWC 2017 CEO Survey
62017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
OR DO WE ?
MONEY ISN’T EVERYTHING
The human factor is for controls and vulnerabilities is
72017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
UNDERSTANDING IT SECURITY THREAT TO ORGANIZATION
Do non-security professionals in your organization understand the IT security threats that your organization faces today ?
33%
9%42%
13%3%
2017
Yes, and they are supportive of IT security initiatives
Yes, but they have to be dragged into the security discussion
It's a mixed bag, some of them are, some of them aren't
There are a few who get it, but most of them are clueless
What threats?
25%
10%
45%
17%3%
2016
DataUBM survey of security
professionals, June 2017
82017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
COMMUNICATINGPEOPLE
UNDERSTANDING
92017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
DEFINING:
CYBERSECURITY
102017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
FFIEC
NIST
ISACA
112017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
IS THISWHAT WE THINK OF?
122017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
FFIEC makes Cybersecurity a separate part of its
website
Cybersecurity assessment information
released
Business Continuity
Booklet updated
Cybersecurity Assessment Tool
Management Booklet Redone
Retail Payments Booklet revised
InTREx released Information Security Booklet Redone
CAT FAQ released
JUNE2014
NOV2014
FEB2015
APRIL2016
NOV2015
JUNE2015
JULY2016
SEPT2016
OCT2016
CAT 1.1 released
MAY2017
132017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
Senior Management Responsibility
Board Reports
Risk Management
Where are we?
Cybersecurity is part of:
142017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
WE MOVED TOO FAST
NEED TO WALK BEFORE WE RUN
$3.5Billion
$120Billion
012004 Cybersecurity market was
$3.5 Billion
022017 Cybersecurity market is projected
$120 Billion
Cybersecurity Ventures
152017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
8 to 10
Financial industry is likely more
Peak Resources 2016
162017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
AVOID ONE-USE TOOLSCONTROLS CAN HAVE MULTIPLE USES
172017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
WE NEED GREATER UNDERSTANDING:USE ANALOGIES
182017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
COMMON
UNDERSTANDING
192017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
UNDERSTANDING
COMMUNICATINGPEOPLE
202017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
COMMUNICATION
BUSINESS OR CYBERSECURITY?
2007 Cybersecurity did not rank in top 10
in C-suite concerns
2017 Cybersecurity was #1 (or top 3)
in C-suite concerns
212017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
SECURITY PROFESSIONALS’
GREATEST CONCERNS
01
02
03
04
05
06
Social engineeringPhishing, vishing, social network exploits
Targeted threatsAttacks that are targeted directly at the organization
Accidental data leaksPeople who fail to follow policy and leak data
MalwareMalware that evades signature-based defenses like anti-virus
RansomwareExtortion like ransomware that is perpetuated by outsiders
Data theft / sabotage
Data leaks that were done by insiders maliciously
UBM survey of security professionals, June 2017
222017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
SECURITY
GREATEST
AMOUNT OF
MONEY SPENT
01
02
03
04
05
06
Compliance
with regulation
Social Engineering
Accurately measure
organization’s
security posture or
risk
Vulnerabilities of
Applications
Internal mistakes
that cause loss of
compliance to
industry/regulators
Malware that
evades signature-
based defenses
UBM survey of security professionals, June 2017
232017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
MONEY SPENT
RANKED BY
I.S. STAFF
15Compliance
with
regulation
1Social Engineering
8Accurately measure
organization’s security
posture or risk
7Vulnerabilities of
Applications
10Internal mistakes that cause
loss of compliance to
industry/regulators
4Malware that evades
signature-based
defenses
242017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
BRIDGING THAT GAPTHE NEED FOR EDUCATION
Blackhat 2 / 70
FS-ISAC 9 / 90+
252017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
OUR DIFFERENCES
WHY DON’T THE IS/IT FOLK UNDERSTAND OUR INDUSTRY?
Most colleges only require 2 classes
concerning business or communication for a BS
in technology
262017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
DO THEY KNOW AS MUCH ABOUT BANKING AS YOU DO ABOUT TECH?
272017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
INVESTING IN YOUR TEAM
IS/IT ARE BANKERS, TOO!(BUT THEY MAY NEED A LITTLE HELP)
282017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
INVESTING IN YOUR TEAM
Understanding business = understanding budget
42%
37%
17%
4%
2017
Yes
No, we are little under budget
No, we are severely hampered by a lack of funding
Can you do spare some change?
36%
42%
14%
8%
2016
Sufficient Security Budget
Does your organization have enough security budget to defend itself
against current threats ?
UBM survey of security professionals, June 2017
292017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
TRAINING
How comfortable are your staff?
33%
61%
5% 1%
2017
Yes, I have all the skills I need to do my job
No, I can manage most tasks but I could still use some training
No, I feel ill-prepared for many of the threats or tasks I face each day
What training ?
Sufficient Training
Do you personally have enough training and skills to handle current
threats and perform all of the security job functions that are required of you
?
33%
57%
8% 2%
2016
UBM survey of security professionals, June 2017
302017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
Watching the watchmen
Keeping them up to date on
regulation and security
Measurables
UNDERSTANDING YOUR MSSP =
BETTER FOR BUSINESS
312017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
TIME, NOT MONEY
The business of community banking.Common understanding.
On the page with priorities.Strategic planning.
322017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
KNOWING WHEN
To say stop
332017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
CONCERNS
Let’s try it.
342017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West
CONTACT ME
303-313-8143 303-291-3700
abenigsen@bbwest.com
ANNE BENIGSENF V P – I S & I T, B A N K E R S ’ B A N K O F T H E W E S T
top related