Full slide deck from 2015-02-24 Webinar

1. “Expand Your Horizons” Webinar Series
Cyber Security: Threat and Prevention
February 24, 2015 1:00 – 1:45pm
The Webinar will begin shortly. You can ask
a question in the box on the right hand
side. We will answer them during our Q&A
at the end of the webinar.

2. 2
Cyber Threats and the
Government of Canada

3. CSE Mandate: National Defence Act
3
Provide advice, guidance
and services to help
ensure the protection of
information and
information systems of
importance to the GC
PART B
PART A
Provide foreign
intelligence in
accordance with
government priorities
PART C
Provide technical
assistance to law
enforcement and
national security

4. What is the GC Protecting ?
4
Banking & Finance
Border Services & Immigration
Government Administration
Health
Industry & Business Development
International Affairs, Trade & Development
Legal
Natural Resources,
Energy & Environment
Security, Intelligence &
Defence
Social & Cultural
Development
Transportation
GC Cyber Activity in 2014 by Sector
Canadian Personal Information
Trade Secrets
New Technologies
Negotiating Strategies
Natural resources information
Access to everything
What are Threat Actors after?

5. What are the Threats?
5
State-sponsored threat actors
Foreign intelligence services tasked to collect
intelligence and/or disrupt Canadian services.
Cybercriminals
Criminals that use malware and other programs to
either steal information or coerce others to pay
them for illegitimate reasons (ransomware).
Hacktivists
Political and/or social activists that use computers
or computer networks to channel their message or
prove a point.
Script kiddies
Individuals or groups that target GC and other
organizations for the fun of it, or compete to see
who can cause the most damage.

6. What are the risks
6
Reputational/Trust
Business Continuity
Financial Impact
Information Loss/Damage

7. No quick fix for cyber security.
There are a number of mitigation measures you can undertake to significantly hinder
threat actors.
• Patching:
• Operating system;
• Applications;
• Till you can patch no more!
Patching Challenges:
• Timeliness/Costs
• Various versions : operating systems & Internet browsers.
Current malicious activity that could be prevented with
patching:
• 2010 & 2012 Common Vulnerabilities and Exposures (CVEs)
• Every compromise in 2013!
Preventing a Compromise - Patching
7

8. Cyber security does not stop with patching.
Proactively prepare.
Cyber threat actors will gain access.
Harden your networks:
• design your network and system efficiently;
• know where certain applications are in use;
• apply network segmentation in security zones to protect
sensitive information;
• consolidate Internet access points; and,
• other best practices.
Anticipating a Compromise
8

9. Shared Services Canada
A Team Sport
9
IT security teams across
the Government of Canada
Public Safety
Canadian
private sector
Canadian industry
IT vendors
Working together is key!

10. Understand your network and information is
constantly targeted;
Be aware of cyber threat actors and their
methods;
Top 10 Mitigation Measures
IN CONCLUSION:
Cyber threat activity is here to stay;
Compromises and vulnerabilities will increasingly be publicized –
Don’t make the headlines for the wrong reasons; and,
Anticipating compromises is just as important as preventing them.
Where from Here?
10

11. Ewan Willars
Tuesday 24 February
Cybersecurity:
The challenge for
finance

12. ©ACCA
Cybersecurity: a frontline issue for finance
All organizations need to:
1. understand the nature and
likelihood of cyber-threats
2. identify, assess and mitigate
existing and emerging risks
3. implement and maintain strong
controls and policies to govern
data privacy and security
4. educate users on emerging
risks, such as those associated
with mobile technology
5. plan for increasing complexity,
and
6. make technological risk an
executive-level concern.

13. ©ACCA
Global drivers of change for the profession:
short term (2013)
4.2
4.4
4.6
4.8
5
5.2
5.4
5.6
Public sector Corporates (large) Corporates
(small/medium)
Fuel and Energy
Prices
Cybersecurity
Challenges
Corporate
Governance
Regulation
Meanscore

14. ©ACCA
Percentage of accountants concerned with risks
associated with cybercrime

15. ©ACCA
The changing role of finance:
increasing cyber-risks?
Supporting
strategic direction
and creating value
Traditional control &
stewardship
responsibilities
Emergence of big data
and the data-driven
organization
Extracting insights
and value from data
Data management,
security and
assurance

16. ©ACCA
The future: data-driven finance function
A data-driven finance department has the following
objectives:
• provide data leadership across the organization
• improve decision making across finance and other
functional areas
• manage the ever-increasing regulatory reporting
requirements
• enhance control and risk management capabilities
• improving cost efficiency and lowering the cost-to-serve.

17. ©ACCA
The current state of play
Data challenges
Internal data
Supply
chain data
Customer
data
Poor data
integration
Reporting
funnels

18. ©ACCA
The data-driven organization
New risks or greater resilience?
ERP
General
ledger
Unified Data
Ecosystem
• Create a unified approach
to data across the
organization
• Develop data strategy and
architecture in tandem
• Create a consistent view of
data across departments
• Improve transparency
between reported financial
results, big data analytics
and supporting transaction
detail

19. ©ACCA
What does this mean for public sector
organisations?
• Organised attacks vs low level threats? Get the fundamentals
right!
• Big data is increasing risks and presenting new challenges –
but the opportunities for public organisations are enormous
• Centralised solutions should offer efficiency and greater
protection – but the impact of risks become more severe
• Not just an IT and technology issue. It is a board-level issue
and finance should be at the forefront
• Understand the implications of social tech, mobile and cloud
• Awareness of the issues needs to be turned into action and
leadership

20. ©ACCA
Future challenges
• The internet of things and the growing volume and complexity
of data
• Regulation and public concerns – blurring between public and
private data
• More sophisticated attacks are innevitable
• Need for international collaboration

21. ©ACCA
Find out more…?

22. DIGITAL
DARWINISM:
Thriving in the face of
technology change

23. 100 DRIVERS OF
CHANGE for the
global accountancy
profession

24. BIG DATA:
Its power and perils

25. Enhancing competitive
advantage through
analytical insights
Are you unlocking the
value of your data?

26. Questions and Answers
Be sure to tune in to our next webinar!
• “A Conversation with the New Auditor General of Nova Scotia”
• Presenter: Michael Pickup – Auditor General of Nova Scotia
• Thursday, March 12 from 12:00 – 1:00pm EDT
• Register at www.fmi.ca/events/webinars
26