cybersecurity - ibc...booklet redone retail payments booklet revised intrex released information...

12017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

CYBERSECURITY SAVE YOUR BOTTOM… LINE

I t ’ s n o t a l l a b o u t m o n e y - r e a l l y

22017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

24 years in IT.10 years in IS.7 years in banking.Small business.Large business.Government.Entertainment industry.Retail.Liberal artsy college.And a partridge in a pear tree.

WHO AM I?

32017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

42017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

UNDERSTANDING

COMMUNICATINGPEOPLE

52017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

WE GET IT !

Cybersecurity is a top 3 concern among CEO's

PWC 2017 CEO Survey

62017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

OR DO WE ?

MONEY ISN’T EVERYTHING

The human factor is for controls and vulnerabilities is

72017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

UNDERSTANDING IT SECURITY THREAT TO ORGANIZATION

Do non-security professionals in your organization understand the IT security threats that your organization faces today ?

33%

9%42%

13%3%

2017

Yes, and they are supportive of IT security initiatives

Yes, but they have to be dragged into the security discussion

It's a mixed bag, some of them are, some of them aren't

There are a few who get it, but most of them are clueless

What threats?

25%

10%

45%

17%3%

2016

DataUBM survey of security

professionals, June 2017

82017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

COMMUNICATINGPEOPLE

UNDERSTANDING

92017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

DEFINING:

CYBERSECURITY

102017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

FFIEC

NIST

ISACA

112017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

IS THISWHAT WE THINK OF?

122017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

FFIEC makes Cybersecurity a separate part of its

website

Cybersecurity assessment information

released

Business Continuity

Booklet updated

Cybersecurity Assessment Tool

Management Booklet Redone

Retail Payments Booklet revised

InTREx released Information Security Booklet Redone

CAT FAQ released

JUNE2014

NOV2014

FEB2015

APRIL2016

NOV2015

JUNE2015

JULY2016

SEPT2016

OCT2016

CAT 1.1 released

MAY2017

132017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

Senior Management Responsibility

Board Reports

Risk Management

Where are we?

Cybersecurity is part of:

142017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

WE MOVED TOO FAST

NEED TO WALK BEFORE WE RUN

$3.5Billion

$120Billion

012004 Cybersecurity market was

$3.5 Billion

022017 Cybersecurity market is projected

$120 Billion

Cybersecurity Ventures

152017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

8 to 10

Financial industry is likely more

Peak Resources 2016

162017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

AVOID ONE-USE TOOLSCONTROLS CAN HAVE MULTIPLE USES

172017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

WE NEED GREATER UNDERSTANDING:USE ANALOGIES

182017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

COMMON

UNDERSTANDING

192017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

UNDERSTANDING

COMMUNICATINGPEOPLE

202017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

COMMUNICATION

BUSINESS OR CYBERSECURITY?

2007 Cybersecurity did not rank in top 10

in C-suite concerns

2017 Cybersecurity was #1 (or top 3)

in C-suite concerns

212017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

SECURITY PROFESSIONALS’

GREATEST CONCERNS

01

02

03

04

05

06

Social engineeringPhishing, vishing, social network exploits

Targeted threatsAttacks that are targeted directly at the organization

Accidental data leaksPeople who fail to follow policy and leak data

MalwareMalware that evades signature-based defenses like anti-virus

RansomwareExtortion like ransomware that is perpetuated by outsiders

Data theft / sabotage

Data leaks that were done by insiders maliciously

UBM survey of security professionals, June 2017

222017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

SECURITY

GREATEST

AMOUNT OF

MONEY SPENT

01

02

03

04

05

06

Compliance

with regulation

Social Engineering

Accurately measure

organization’s

security posture or

risk

Vulnerabilities of

Applications

Internal mistakes

that cause loss of

compliance to

industry/regulators

Malware that

evades signature-

based defenses

UBM survey of security professionals, June 2017

232017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

MONEY SPENT

RANKED BY

I.S. STAFF

15Compliance

with

regulation

1Social Engineering

8Accurately measure

organization’s security

posture or risk

7Vulnerabilities of

Applications

10Internal mistakes that cause

loss of compliance to

industry/regulators

4Malware that evades

signature-based

defenses

242017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

BRIDGING THAT GAPTHE NEED FOR EDUCATION

Blackhat 2 / 70

FS-ISAC 9 / 90+

252017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

OUR DIFFERENCES

WHY DON’T THE IS/IT FOLK UNDERSTAND OUR INDUSTRY?

Most colleges only require 2 classes

concerning business or communication for a BS

in technology

262017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

DO THEY KNOW AS MUCH ABOUT BANKING AS YOU DO ABOUT TECH?

272017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

INVESTING IN YOUR TEAM

IS/IT ARE BANKERS, TOO!(BUT THEY MAY NEED A LITTLE HELP)

282017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

INVESTING IN YOUR TEAM

Understanding business = understanding budget

42%

37%

17%

4%

2017

Yes

No, we are little under budget

No, we are severely hampered by a lack of funding

Can you do spare some change?

36%

42%

14%

8%

2016

Sufficient Security Budget

Does your organization have enough security budget to defend itself

against current threats ?

UBM survey of security professionals, June 2017

292017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

TRAINING

How comfortable are your staff?

33%

61%

5% 1%

2017

Yes, I have all the skills I need to do my job

No, I can manage most tasks but I could still use some training

No, I feel ill-prepared for many of the threats or tasks I face each day

What training ?

Sufficient Training

Do you personally have enough training and skills to handle current

threats and perform all of the security job functions that are required of you

?

33%

57%

8% 2%

2016

UBM survey of security professionals, June 2017

302017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

Watching the watchmen

Keeping them up to date on

regulation and security

Measurables

UNDERSTANDING YOUR MSSP =

BETTER FOR BUSINESS

312017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

TIME, NOT MONEY

The business of community banking.Common understanding.

On the page with priorities.Strategic planning.

322017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

KNOWING WHEN

To say stop

332017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

CONCERNS

Let’s try it.

342017 IBC Annual Convention | Anne Benigsen, Bankers’ Bank of the West

CONTACT ME

303-313-8143 303-291-3700

abenigsen@bbwest.com

ANNE BENIGSENF V P – I S & I T, B A N K E R S ’ B A N K O F T H E W E S T