31
Jarrett Kolthoff, CISSP, GCFA SpearTip Cyber Counterintelligence Risk Transfer via Insurance

Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the

  • Upload
    others

  • View
    0

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the

Jarrett Kolthoff, CISSP, GCFA

SpearTip – Cyber Counterintelligence

Risk Transfer via Insurance

Page 2: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the
Page 3: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the

Background

Page 4: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the

Strategic Threat of Cyber Economic Espionage

• Cloud Networks & IoT Infrastructure for online operational space

• Lack of industry standardization within Cloud & IoT

• Building effective incident response capabilities

Page 5: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the

Strategic Threat of Cyber Economic Espionage

Page 6: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the

Strategic Threat of Cyber Economic Espionage

• Disinformation

• Cyber

• Energy

• Money

• Violence

• Kompromat

• Espionage

• Diplomacy

Active Measures

Page 7: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the

Strategic Threat of Cyber Economic Espionage

Page 8: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the

Strategic Threat of Cyber Economic Espionage

Page 9: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the

Strategic Threat of Cyber Economic Espionage

Page 10: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the

Strategic Threat of Cyber Economic Espionage

1st Stage 2020-2025

2nd Stage 2035-2050

Page 11: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the

Strategic Threat of Cyber Economic Espionage

Steganography / Encryption

Page 12: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the

Strategic Threat of Cyber Economic Espionage

Page 13: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the

Cost of Data Breach – Ponemon 2018

Page 14: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the

Cost of Data Breach – Ponemon 2018

Page 15: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the

Cost of Data Breach – Ponemon 2018

Per Capita by Industry

Page 16: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the

Cost of Data Breach – Ponemon 2018

A data breach

involving one million

compromised records

yields an estimated

total cost of $39.49

million, with a range

from $29.62 to $49.36.

At 50 million records,

the total cost could be

as high as $350.44

million, with a range

from $262.83

to $438.06.

Page 17: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the

Tradecraft - SpearPhishing

Page 18: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the

Tradecraft – Financial Fraud

• Business E-Mail Compromise (BEC)

• Data Breach

• Denial of Service

• E-Mail Account Compromise

• Malware/Scareware

• Phishing/Spoofing

• Ransomware

Page 19: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the

Tip of the Spear

Page 20: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the

Tip of the Spear – Cyber Counterintelligence

SLIDES REMOVED

Page 21: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the

Tip of the Spear

Page 22: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the

Cost of Data Breach – Ponemon 2018

Page 23: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the

Cost of Data Breach – Ponemon 2018

Page 24: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the

Cost of Data Breach – Ponemon 2018

Page 25: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the

Approach cybersecurity as an enterprise-wide risk management issue, not just an IT issue

Understand the legal implication of cyber risks

Adequate access to cybersecurity expertise and allocate adequate time on the board meeting

agenda

Enterprise-wide cyber-risk management framework with adequate staffing and budget

Risk appetite - to avoid, accept, mitigate or transfer RISK through insurance

Risk Transfer – Cyber Insurance

Page 26: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the

• Medidata Solutions, Inc. v. Federal Insurance Company• American Tooling Center, Inc. v. Travelers Casualty and Surety Company of America • The National Bank of Blacksburg v. Everest National Insurance Company

Risk Transfer – Cyber Insurance

Page 27: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the

Security Operations Center

Threat Intelligence & Event Correlation

Page 28: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the

Security Operations Center

Page 29: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the

Gartner

Page 30: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the

Train Your Staff

Page 31: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the

Blending cutting-edge technologies, unique skill sets and proven military cyber counterintelligence strategies,

partnering with clients to protect shareholder value, shield corporate reputations and enhance long-term profits.

Outmaneuver Your Adversary