Embed Size (px)
Citation preview
Jarrett Kolthoff, CISSP, GCFA
SpearTip – Cyber Counterintelligence
Risk Transfer via Insurance
Background
Strategic Threat of Cyber Economic Espionage
• Cloud Networks & IoT Infrastructure for online operational space
• Lack of industry standardization within Cloud & IoT
• Building effective incident response capabilities
Strategic Threat of Cyber Economic Espionage
Strategic Threat of Cyber Economic Espionage
• Disinformation
• Cyber
• Energy
• Money
• Violence
• Kompromat
• Espionage
• Diplomacy
Active Measures
Strategic Threat of Cyber Economic Espionage
Strategic Threat of Cyber Economic Espionage
Strategic Threat of Cyber Economic Espionage
Strategic Threat of Cyber Economic Espionage
1st Stage 2020-2025
2nd Stage 2035-2050
Strategic Threat of Cyber Economic Espionage
Steganography / Encryption
Strategic Threat of Cyber Economic Espionage
Cost of Data Breach – Ponemon 2018
Cost of Data Breach – Ponemon 2018
Cost of Data Breach – Ponemon 2018
Per Capita by Industry
Cost of Data Breach – Ponemon 2018
A data breach
involving one million
compromised records
yields an estimated
total cost of $39.49
million, with a range
from $29.62 to $49.36.
At 50 million records,
the total cost could be
as high as $350.44
million, with a range
from $262.83
to $438.06.
Tradecraft - SpearPhishing
Tradecraft – Financial Fraud
• Business E-Mail Compromise (BEC)
• Data Breach
• Denial of Service
• E-Mail Account Compromise
• Malware/Scareware
• Phishing/Spoofing
• Ransomware
Tip of the Spear
Tip of the Spear – Cyber Counterintelligence
SLIDES REMOVED
Tip of the Spear
Cost of Data Breach – Ponemon 2018
Cost of Data Breach – Ponemon 2018
Cost of Data Breach – Ponemon 2018
Approach cybersecurity as an enterprise-wide risk management issue, not just an IT issue
Understand the legal implication of cyber risks
Adequate access to cybersecurity expertise and allocate adequate time on the board meeting
agenda
Enterprise-wide cyber-risk management framework with adequate staffing and budget
Risk appetite - to avoid, accept, mitigate or transfer RISK through insurance
Risk Transfer – Cyber Insurance
• Medidata Solutions, Inc. v. Federal Insurance Company• American Tooling Center, Inc. v. Travelers Casualty and Surety Company of America • The National Bank of Blacksburg v. Everest National Insurance Company
Risk Transfer – Cyber Insurance
Security Operations Center
Threat Intelligence & Event Correlation
Security Operations Center
Gartner
Train Your Staff
Blending cutting-edge technologies, unique skill sets and proven military cyber counterintelligence strategies,
partnering with clients to protect shareholder value, shield corporate reputations and enhance long-term profits.
Outmaneuver Your Adversary
