cyber security - dictdict.gov.ph › wp-content › uploads › 2017 › 08 ›...
TRANSCRIPT
1
Cyber SecurityMonette Tiongson
Head, cyber Security Business Management
2
Agenda
I. Who We Are
II. Messaging & Problems Addressed
III. Cyber Security Portfolio
IV. Next Steps
3
ABOUT US
ALLePLDT, Inc. is an industry-leading enabler ofdigital business solutions in the Philippines.Since its inception at the turn of themillennium, ePLDT has set the pace in thedevelopment of digital technologies forenterprises across the country and the AsiaPacific region. It delivers best-in-classsolutions that utilize purpose-built cloudand data center facilities. The company wasalso the first to bring Analytics services andinfrastructure to the Philippines as well asdifferentiated professional services beyondCloud, Security, Digital Engagement andManaged IT Services.
4
Ensuring Business Resilience In Experience Age
5
Threat Landscape
Source: SANS 2016 Threat Landscape Survey
6
Notable 2016 Global Leaks of Data
IBM X-Force Threat Intelligence Index 2017
7
Industries Most Frequently Breached in 2016
IBM X-Force Threat Intelligence Index 2017
8
Recent Cyber Breaches
9
Cyber Breach in the Academe
10
How Threats Get In
Source: Exploits at the Endpoint:SANS 2016 Threat Landscape Survey
11
DATA
51% of employees believe it is
acceptable to take corporate data
because their company does not
strictly enforce policies
26% is the chance of a breach
happening over 24 months
48% of breaches are malicious
attacks
$158 is the average cost per record
breached
REVENUE & REPUTATIONCost Breakdown of Attacks
DATA PRIVACY LAW 2012(RA 10173)
SEC. 26. Accessing Personal Information and Sensitive Personal
Information Due to NegligenceDamaged
Reputation29%
Lost Productivity21%
Lost Revenue
19%
Forensics12%
Technical Support 10%
Regulatory Compliance 5%
Real Life Business Problem: Enterprise Risk
Source: Gregory Strauss & Jon Williamson, “Five best practices to improve building
management systems cybersecurity.” 2015
Source: Global Symantec Study, Ponemon Cost of Data Breach Study 2016
12
• Reputational damage
• Loss of competitive advantage
• Productivity loss
• Financial loss
Business Impact
• Competitive advantage
• Financial Gain
• Revenge
• Strategic disruption
MotivesThreat Actors
• Hacktivists
• Nation Sponsored
• Competitors
• Insider Threats
• Organized Crime
Risk Factors
13
Threat Actor Sophistication
Source: ISACA CACS
14
COMPLEXITY
Evolving threats means constantly evolving to keep up in terms of people, process & technology
Large networks, BYOD, & siloed IT deployments make it difficult to implement cyber security across the organization
EXPERTISE
Applying best security practices & upgrades to ensure global-standard compliance
Getting the right security people given the global cyber security expertise shortage
Challenges in Implementing Cyber Security
15
People are both an asset and a liability
in security
Technology as an enabler for cyber
security and business resilience
Resiliency is a process, mindset, and culture, not a single solution
“Cyber Security is an integral part of business resilience….”
Building Business Resiliency
16
EXPERTISE-BASED
Cyber Security Services and Consulting through local ePLDT
expertise and processes
TECHNOLOGY AND TOOLS
Security hardware, software, and platforms through trusted
technology partners
PHYSICAL SECURITY
Experience in physical asset security by virtue of our
pioneering VITRO Data Centers
PLDT Group Cyber Security Approach
17
PLDT Group Cyber Security Approach
18
ePLDT
Cyber Security
PortfolioEnd-to end solutions to help our customers translate their cyber security goals into real business outcome, resulting to business resiliency amidst the onslaught of continuous cyber threats.
19
PLDT Group Cyber Security Portfolio
Managed Security Platforms
Network Web Endpoint
Managed security appliance• Installation
• Configuration
• 24x7 phone/e-mail/remote support
• Site visit
Risk Assessment Consulting
VAPTISMS
consultingSource
code review
• Monitoring
• Alerting
• Incident analysis and
Recommendation
• Containment and Response
• Threat intelligence
Assessment of the enterprise’s IT
assets based on its inherent risk and
criticality on operations as a basis for
establishing appropriate security
policies and techniques.
EXPERTISE FRAMEWORKS
Incident Response
Investigation Proactive IR Management
TECHNOLOGY AND TOOLS
Security Operations Monitoring
20
PREDICTIVE PREVENTIVE
DETECTIVERESPONSIVE
•Periodic VAPT
•Periodic Risk Assessment
•ISMS
•Source code review
•Hardening
•Patching
•Source code review
•Perimeter Security devices
•Endpoint security
•Isolation of compromised devices
•Prevention of lateral movements
•Incident response and handling
During Attack
Post Attack
Pre-Attack
Information Protection Lifecycle
21
Cyber security requires hiring and maintaining skilled people, managing different technologies and implementing best practices.
Skills & Best Practices
Don’t just focus on the short term - develop a contingency plan in the event of an attack.
Prepare for the Worst
Work with trusted partners to maintain business resiliency.
Capability and Credibility
As businesses become more digital, it also brings increased chances for cyber-attacks which can affect your operations, bottom line, and reputation.
Prioritize Initiatives
Cyber Security is a journey…..The Road to Follow
Forging Ahead...
22
THANK YOU