Join Paul Caiazzo, co-founder and CEO of TruShield Security Solutions, as he discusses the present state of cybersecurity, and how changing your thinking will change your business.
Over the past several years, a multitude of organizations, regardless of their size or investment in cybersecurity, have suffered massive data breaches. Why does this keep happening? Because the traditional way of approaching cybersecurity is fundamentally flawed. The majority of businesses view cybersecurity as a project – something to be completed and then forgotten. Many organizations are heavily focused on compliance, but only fulfilling compliance requirements doesn’t translate to a comprehensive cybersecurity program. Just look at all the big name organizations who were compliant but suffered breaches in 2016, such as CVS, Wal-Mart, AFLAC, and Wells Fargo.
As businesses become more reliant on the Internet of Things (IoT) devices and services, cybersecurity will need to become a contributing element to your organization in order to remain successful and connected.
3. Connect with me:
Meet Paul Caiazzo
Co-Founder, CEO, Chief Security Architect
CISSP, CISA, CEH
M.S. in Information Security and Assurance
15+ years of experience in Information Security
@Paul_Caiazzo linkedin.com/in/pcaiazzo pcaiazzo@trushieldinc.com
4. AboutTruShield
A global cyber security company based in the
Washington D.C. metro area.
Provider of the following high-quality, concierge
services:
• Continuous Security Monitoring,
Alerting and Incident Response
• Managed Security Services
• Risk Assessment Services
• PenetrationTesting
• Vulnerability Assessments
• Compromise Assessments
• Threat Protection
• Security Consulting
• Security Architecture
• Security Awareness Training
• …and much more
6. You’re Right to beWorried
You’re Right to be Worried
It’s a scary cyber world out there
Ransomware, crimeware, and botnets, oh my
In 2016, ITRC reported 1,093 breaches
This is just the tip of the iceberg
7. 9%
201
Days
4 out
of 5
$4
MM
The average cost of a
single data breach.
The average amount of time
it takes a company to realize
they’ve been breached.
The number of companies
unaware of a breach until
notified by law enforcement.
The percentage of companies
satisfied with their current
Incident Response capabilities.
http://www.sans.org/reading-room/whitepapers/analyst/incident-response-fight-35342
Nobody’s Perfect
8. Start
29JULY
Breach occurs
30JULY
Hours
60% of data
stolen from law
firm breach
occurs in hours
Months
JULY-
SEPT
54% of breaches
remain undiscovered
for months
2017-
2020
Years
Information of up to
750 million individuals
on the black market
over last three years
Life of a Breach
12. I’m Not aTarget Misconception
• Put simply – it doesn’t matter!
• You are at risk!
• Whether you are being targeted or just
unlucky is immaterial
• Would you make headline news if your
organization was breached?
13. Reactionary Approach
• Waiting until horse has left the barn to
shut barn door
• Something like 10 times as costly as
getting it right to begin with
• Most of the time you don’t know it has
happened for many months, remember?
14. Lack of Strategic Focus
• Tactical, technical approach to security
• Usually manifested through buying
latest/greatest next generation firewall
• Then, failing to fully configure it
• Or building process around it to support
the holistic program
15. Focus on Compliance vs. Security
• Compliance should be thought
as a product of good security
• A secure environment is likely
to be a compliant one
• A compliant environment might
not be secure
• Remember the Wall of Shame!
16. Over-Reliance on Prevention
• Try to stop attacks at the network edge
• Install a firewall
• Configure rules
• Cross your fingers
• Try to stop attacks at the endpoint
• Install anti-virus
• Update your signatures
• Cross your fingers
17. Security as a Project
• Point-in-time snapshot of
security posture
• Only reveals how well you
were doing at that second
• Threat landscape changes
constantly!
23. Shift Focus to Detection and Response
• Allocate budget towards detective
controls
• Monitor for intrusions
• Draft an incident response plan
and test it regularly
26. Recap: Security as a Lifecycle
• Continuous process of self-
evaluation and incremental
improvements
• Stay a step ahead of the bad guys by
learning from their (and your)
mistakes
27. Thanks for your time!
Don’t forget to share this presentation.
Want to watch the webcast? Click here!