Cyber threats and risks for companies Managing cyber risks in an interconnected world Roman Chaplygin Cyber risks: A severe and present danger every day we meet cyber security news Public company in Poland • Organized cyber attack related to electronic commerce • Ineffective procedures for attack detection and incident response PwC Cyber risks: A severe and present danger every day we meet cyber security news PwC Cyber risks: A severe and present danger everything is under attack PwC • Government agency • Media • Energy • Retail • Power & utilities • Agriculture • Metal & mining • Banking & finance • Insurance • Private equity • Oil & gas • Telecommunications • Manufacturing Cyber risks become Business risks because they directly impact on the business TOP-10 threat for business growing PwC Banking CEO Survey 2014 PwC TOP-5 unlikely issue WEF Global Risks 2014 Report Incidents and financial impacts continue to soar and this is just an iceberg tip Some companies doesn’t disclose their incidents and many others don’t know about them PwC Incidents and financial impacts continue to grow Larger companies detect more incidents and they are more interesting to attack Small companies have less resources to detect attacks large companies are more attractive PwC 5% 64% 44% Incidents and financial impacts continue to grow Incidents are more costly to large organizations The annual cost of cybercrime to the global economy ranges from $375 billion to as much as $575 billion PwC Incidents and financial impacts continue to grow large companies have to spend more for defense While big corporations may have the expertise and resources to build a sophisticated cybersecurity fusion center that enables sharing of threat intelligence and response techniques, that is not practical for smaller firms. But they can obtain the same benefits through managed security services. Another option to address risks might be purchase of cyber insurance. PwC Nation-states, hackers, and organized crime groups are the cybersecurity villains that everybody loves to hate Employees are the mostcited culprits of incidents That’s not to say that all employees exhibit malicious behavior. In many cases, they may unwittingly compromise data through loss of mobile devices or targeted phishing schemes. PwC Nation-states, hackers, and organized crime groups are the cybersecurity villains that everybody loves to hate The percentage of incidents attributed to current and former service providers, consultants, and contractors increased to 18% and 15%, respectively, in 2014. PwC Nation-states, hackers, and organized crime groups are the cybersecurity villains that everybody loves to hate … it is easier, cheaper, and quicker to steal IP and trade secrets than to develop capabilities themselves. PwC Nation-states, hackers, and organized crime groups are the cybersecurity villains that everybody loves to hate Organized crime groups are typically motivated by financial gain. A successful cyber attack can net millions of payment card records that can be quickly monetized. In addition to credit and debit card data, these criminals increasingly target patient health care data or other personally identified information that has considerable value in the underworld of information resellers. PwC Nation-states, hackers, and organized crime groups are the cybersecurity villains that everybody loves to hate 59% of respondents say their organizations’ executives are worried about government surveillance PwC As incidents rise, security spending falls many organizations struggle to understand how much to spend on security and how to determine the return on investments The average information security budget dipped to $4.1 million, down 4% over last year. Security spending remains stalled at only 3.8% of the overall IT budget. PwC As incidents rise, security spending falls at the same time, few organizations are aware about the value of their risks, and counted them PwC As incidents rise, security spending falls so how to spend the available budget PwC PwC Prevent Protect As incidents rise, security spending falls so how to spend the available budget PwC PwC Detect Respond Security practices must keep pace with constantly evolving threats and security requirements Security tools are not enough, often the proper organization of cyber security processes is also very important: Only 49% of respondents say their organization has a crossorganizational team that regularly convenes to discuss, coordinate, and communicate information security issues. It also will require that the C-suite and Board be directly involved. • correlation of business and cyber security goals and objectives • proper security management with business involvement • vendor management and thirdparty assurance Only 50% perform risk assessments on thirdparty vendors, and just 50% have conducted an inventory of all third parties that handle personal data of employees and customers. Just over half (54%) of respondents say they have a formal policy requiring third parties to comply with their privacy policies. PwC Security practices must keep pace with constantly evolving threats and security requirements At most organizations, the Board of Directors does not participate in key information security activities PwC Gains in select security initiatives survey respondents are starting to see the value of working with others PwC Gains in select security initiatives evolving from security to cyber risk management PwC How PwC helps clients manage modern cyber risks wide range of services adaptable for your business Industry and sector aligned solutions Align with the business Prioritize investments, allocate resources, and align security capabilities with the strategic imperatives and initiatives of the organization. Strategy, Governance & Management Sustainable Emerging Technologies Security & Market Trends Behaviours Manage risk and regulations Efficiently and effectively identify, evaluate and manage risk to the business while addressing the evolving regulatory requirements. Secure by design Security Security Architecture & Strategy Services Adapt to the future Assess the opportunities and security related risks of new technology adoption and dynamically changing business models. We combine our industry specific experience and perspectives to address relevant trends, challenges and opportunities our clients face in their industry and the markets they serve. Cyber Risk & Compliance Crisis Management Response Create sustainable security solutions to provide foundational capabilities and operational discipline. Threat, Security Intelligence & Governance and Vulnerability Management Compliance Strategy through Execution --- + --Attest & Assure Address threats and weaknesses Anticipate changes in the risk landscape through situational awareness of the internal and external factors impacting the business ecosystem. Enable secure access Identity & Cyber Threat Access Assessment Management Provide integrated and secure processes, services, and infrastructure to enable appropriate controls over access to critical systems and assets. Incident & Anticipate and respond to security crises Technology Crisis Management Plan, detect, investigate, and react timely and thoroughly to security incidents, breaches and compromises. Business led approach – diverse capabilities We leverage and integrate our business, technical, regulatory, analytical, and investigative knowledge and know-how to deliver actionable and sustainable solutions. PwC Safeguard critical assets Information & Privacy Protection Identify, prioritize, and protect sensitive or high value business assets. How PwC helps clients manage modern cyber risks high quality and professionalism 180,000 38,000 PwC staff worldwide PwC consultants worldwide PwC applies its local and global experience and resources equally to create value for clients when carrying out diverse projects, ranging from strategy development to implementation. Leader in IT-enabled business transformation Forrester, 3Q 2012 PwC 9,600 2,000 PwC IT consultants worldwide PwC Cyber security consultants worldwide Our global network of firms includes 776 offices in 158 countries worldwide PwC has broad experience in providing consulting services to universities and higher educational institutions Leader in business consulting IDC Marketscape, 2012 PwC CEE has a highly talented pool of certified Cyber security consulting staff with a full range of skills: CISA – 39 people CISM– 7 people CRISC – 5 people CISSP – 4 peopl ISO 27001– 12 people and others Thank you for your attention! Roman Chaplygin Director, Risk Assurance, Information Security Services, PwC Tel: +7 (495) 967 6056 Mob: +7 (903) 272 1620 E-mail: [email protected] www.pwc.ru/cybersecurity This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PwC Russia, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it. © 2014 PricewaterhouseCoopers Russia B.V. All rights reserved. PwC refers to PricewaterhouseCoopers Russia B.V. or, as the context requires, other member firms of PricewaterhouseCoopers International Limited, each of which is a separate legal entity. PwC Russia (www.pwc.ru) provides industry-focused assurance, tax, legal and business consulting services. Over 2,600 professionals working in PwC offices in Moscow, St Petersburg, Ekaterinburg, Kazan, Novosibirsk, Rostov-on-Don, Krasnodar, Voronezh, Yuzhno-Sakhalinsk and Vladikavkaz share their thinking, experience and solutions to develop fresh perspectives and practical advice for our clients. The global network of PwC firms brings together more than 184,000 people in 157 countries. "PwC" is the brand under which member firms of PricewaterhouseCoopers International Limited (PwCIL) operate and provide services. "PwC Russia" refers to PwCIL member-firms operating in Russia.
© Copyright 2020