.
Welcome!
Holding a Bachelor of Technology degree fromRyerson University, Chelsea leverages 5+ yearsexperience of marketing, as well as improvingcustomer loyalty and advocacy.
Marketing Specialist
SPLICE Software Inc.
The top cyber threats & the actionable ways to defend against them
Questions to ask vendors to ensure they keep your data safe
Methods for improving & securing customer experiences
You will walk away with…
House Keeping• Please submit questions through Q&A sidebar
• Time allotted for Q&A at the end of the presentation
• Winner announcement for the prize draw tomorrow
• Webinar is being recorded and will be sent to all registrants
Senior Executives
Sustainable solutions – not projects
Perpetuation of the strategy for every engagement
We look at everything through a business lens…so you can be sure that client decisions are notmade in a technology vacuum
Clear plans of action
No consultant speak
Relationships you can Trust!
What Makes MVP Different?
www.mvpadvisorygroup.com | Copyright @2015 mvp
Who Is Laszlo Gonc
. Laszlo is a recognized senior executive with over 20+ years of progressive experience in business and information technology.
He leads the IT Risk, Security and Compliance practice area for MVP Advisory Group. He is responsible for helping organizations navigate the new digital frontier, advising on cyber security issues, mitigate organizational IT risk and build cyber strategies that protect business assets.
Laszlo is an invited speaker at universities and conferences, local and national, providing thought leadership on the state of cyber security, technology risk management, digital careers of the future and project management leadership.
Partner, CISSP
MVP Advisory Group
Who Is SPLICE Software Inc.
Privately owned Canadian company founded in 2006.
Headquartered in Canada with offices located in the United
States & Germany.
Using data-driven human voiced messaging, we improve customer
experiences and engagement. SPLICE voice experiences are linguistically
optimized, easily automated, and sent to preferred channels.
Some Recent Accolades…
.
Who Is Andrew Hamill
Andrew is the Founder of PAU Audio, holds aBachelor of Applied Science in ElectricalEngineering, and is the Solutions Architect atSPLICE Software.
As a professional engineer with over 13 yearsof experience, Andrew specializes in datastorage, communication, and workflows.Having worked in the capacity of data andsystems, Andrew Hamill brings together hisunique passion for audio and solvingbusiness problems to create customerengagement and data security solutions.
Solutions Architect
SPLICE Software Inc.
Why Insurers?In addition to the banking, financial and healthcaresectors, insurers are increasingly attractive targets forcybercriminals because of:
the richness of credit card, banking, medical, underwriting andother sensitive customer information,
the large volumes of data housed in legacy systems andapplications lacking sophisticated encryption and access control,
the larger attack surface as a result of increased data sharingwith business associates, third-party carriers and vendors,
the ease of social engineering.
Portions © Copyright 2015-2016. MVP Advisory Group, LLC. All rights reserved.
23% of recipients now open
phishing messages and
11% click on attachments*
Top Cyber Threats1. Denial-of-Service, Ransomware and Malware
2. Spear Phishing and Social Engineering
3. Infrastructure Vulnerabilities
4. Laptops, Mobile Devices and Smartphones
5. Physical and Facility Security
Source: Verizon 2015 PCI Compliance Report*
More Cyber Threats6. Payment Systems
7. Attacks through Employee Systems
8. Integrity Attacks
9. Insider Threats
10. Cloud Services.
Source: 2015 Global Megatrends in Cybersecurity, Raytheon & Ponemon Institute, February 2015
78% said their boards had not been
briefed even once on their cybersecurity
strategy over the past 12 months*
Current State Existing systems
Existing partnerships and integrations
Growth of connected devices and integrations
Movement to cloud systems & computing
Highly regulated companies moving to the cloud.
Portions © Copyright 2015-2016. SPLICE Software Inc. All rights reserved.
Future State
Dramatic growth of connected devices & customer data
Increased cyber threats
Changing laws and regulatory landscape
Increased regulator and auditor scrutiny
Rise of class action and derivative suits.
Portions © Copyright 2015-2016. MVP Advisory Group, LLC. All rights reserved.
Regulatory & Real Risk Regulatory standards and real risk
Appetite for risk and understanding therefore
Access and data management
Third party vetting of security and access
Third party data management
Anecdotal examples.
Portions © Copyright 2015-2016. SPLICE Software Inc. All rights reserved.
Cyber Aggressor, circa 1990
The details?
• Small Size Company
• New Employee Hired
• Passed Background Check
• Walked Away With Thousands…
Portions © Copyright 2015-2016. SPLICE Software Inc. All rights reserved.
Where Do You Start?
Key Areas For Improvement
1. Risk Measurement
2. Business Engagement
3. Controls Assessments
4. Third Party Risk Assessments
5. Threat Detection.
Source: RSA/EMC, “Security for Business Innovation Council Report”
Security in the Boardroom1. Understand fiduciary responsibilities
2. Embrace education and awareness
3. Determine your risk profile
4. Define your risk appetite
5. Take reasonable steps to show due diligence
6. Instill a culture of monitoring, reporting & accountability
7. Confirm appropriate resource allocation
8. Know your regulator, know your industry.
Portions © Copyright 2015-2016. MVP Advisory Group, LLC. All rights reserved.
Build Your ProgramStrategic elements to build a successful InfoSec program:
Develop a ‘need to know’ culture regarding information
Establish an information security team
Understand your regulatory and compliance landscape
Assess your threats, vulnerabilities and risks
Create a risk mitigation strategy, develop a plan
Manage & secure third-party business relationships.
Portions © Copyright 2015-2016. MVP Advisory Group, LLC. All rights reserved.
Build Your ProgramOperational elements to build a successful InfoSec program:
Manage information assets and protect the crown jewels
Secure your computing technologies
Manage access and user ID life cycle
Implement security controls and audit them
Build user awareness and conduct ongoing training
Create an incident response plan and practice it.
Portions © Copyright 2015-2016. MVP Advisory Group, LLC. All rights reserved.
Customer & Vendor Experience It starts with exposure
What is asked of the client by the vendor
Up-to-date integration techniques
SFTP, SOAP, REST, API
Maturity in system, process, testing, documents & support
Antiquated vs. Current vs. Bleeding Edge.
Portions © Copyright 2015-2016. SPLICE Software Inc. All rights reserved.
Recommendations1. Shift focus from technical assets to critical business processes
2. Institute business estimates of cybersecurity risks
3. Establish a business-centric risk assessment process
4. Focus on evidence-based controls assurance
5. Develop informed data collection methods.
Source: RSA/EMC, “Security for Business Innovation Council Report”