/
Mike Russo, PMP, CISSP, CISA, CFE, CGEIT Mike Russo, PMP, CISSP, CISA, CFE, CGEIT

Mike Russo, PMP, CISSP, CISA, CFE, CGEIT - PowerPoint Presentation

test
test . @test
Follow
343 views
Uploaded On 2020-01-12

Mike Russo, PMP, CISSP, CISA, CFE, CGEIT - PPT Presentation

Mike Russo PMP CISSP CISA CFE CGEIT Director Information Security and Privacy Office CyberSecurity and Privacy Information Security and Privacy Office Agenda Threat Landscape Information Security and Privacy Office ID: 772639

technology information services fsu information technology fsu services cyber october cybersecurity data privacy security million 2015 universe 2014 risk

Share:

Link:

Embed:

Download Presentation from below link

Download Presentation The PPT/PDF document "Mike Russo, PMP, CISSP, CISA, CFE, CGEIT" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.


Presentation Transcript

Mike Russo, PMP, CISSP, CISA, CFE, CGEITDirector, Information Security and Privacy Office CyberSecurity and Privacy Information Security and Privacy Office

Agenda Threat Landscape Information Security and Privacy Office Cyber Risk Information Technology Services | its.fsu.edu | 2

Threat Landscape Information Technology Services | its.fsu.edu | 3

the digital universe is large Like the physical universe, the digital universe is large - by 2020 containing nearly as many digital bits as there are stars in the universe. It is doubling in size every two years , and by 2020 the digital universe – the data we create and copy annually – will reach 44 zettabytes, or 44 trillion gigabytes.                                                                                           

Cyber Incidents/Records Exposed YEAR DATA BREACHES RECORDS EXPOSED 2010 953 96 Million 2011 1,241 413 Million 2012 3,220 265 Million 2013 2,345 873 Million 2014 3,041 1.1 Billion 2014 31 1.3 Million Information Technology Services | its.fsu.edu | 5

CyberSecurity statistics Attackers had access to victims’ environments for 205 days before they were discovered.Sixty-nine percent of victims learn from a third party that they are compromised. Attribution is becoming harder as the lines blur between tactics used by cyber criminals and nation-state actors. Over the last year, threat actors have used stealthy new tactics to move laterally and maintain a presence in victim environments. Information Technology Services | its.fsu.edu | 6

CyberSecurity statistics $217 is the average cost per lost or stolen record$225 is the average cost per record in Education Ponemon Institute – Average cost of a Breach - $3.5 Million – 15% increase over 2013 The number of data breaches increased 30% in 2014 168 mobile vulnerabilities disclosed in 2014, a 32% increase from 2013Passwords are still very important but 2016, may well be the first year of multi-factor authentication by default Information Technology Services | its.fsu.edu | 7

More statistics-spam 95-97% of all email is designated as SPAM and blocked at the gateway 8% increase in targeted attacks via spear-phishing emails in 2014 91 % of spam contains some form of link. 74.5% of spam emails were no more than 1 KB in size42.59% of phishing attacks targeted global portals that integrate many services accessed from a single account. Information Technology Services | its.fsu.edu | 8

Florida State University Information Security and Privacy Office Security Policy Training Risk Management Incident Response Survivability Privacy Policy Training IT Assessment Incident Response Consultation Security Operations

Information Technology Services | its.fsu.edu | 10 Payment Card Industry project Currently nearing the end of the 2 nd of 3 iterations of meetings with the Direct Support Organizations and business units Draft Self-Assessment Questionnaires' from the DSOs and business units are due on 1 October ITS is building out the IT infrastructure for DSOs and business units that require a secure environment PCI Project to be complete - January 31st

Security Operations Information Technology Services | its.fsu.edu | 11

Information Technology Services | its.fsu.edu | 12 Month Total Alerts Response % April 2015 195 22.5 % May 2015 1648.0 %June 2015 156 11.5 % July 2015 73 16.65 % August 2015 73 19.40 % Alert Response Rate

Motivation Behind Attacks

Cybersecurity Awareness Month Information Technology Services | its.fsu.edu | 14

Information Technology Services | its.fsu.edu | 15

Cybersecurity Awareness month October is National Cybersecurity Awareness Month October 20-21 is Florida Government Technology Conference at the Turnbull Center Working with FAMU and TCC to have a unified campaign We provided our design documents to them to re-brand and use for their campaign Laptop give away sponsored by Hewlett Packard Cybersecurity is everyone’s responsibility Information Technology Services | its.fsu.edu | 16

Information Technology Services | its.fsu.edu | 17 Cyber Pledge By signing this pledge, I agree to: Take personal responsibility and use good cybersecurity practices at school, work and home. Think before clicking links in emails and on websites. Hover over links to see the real URL and never click links or open attachments that look suspicious. Be skeptical of emails that threaten I will lose something. Use strong passwords—including letters, numbers and symbols—and never share them with anyone. Never use a public Wi-Fi network for sensitive browsing, such as banking or shopping. Lock my computer whenever I walk away. Protect my mobile devices with passcodes, anti-virus software and remote wipe. Refrain from posting personal, sensitive or non-public information on social media.Report all university IT security incidents or concerns to help@fsu.edu.

Information Technology Services | its.fsu.edu | 18 Cyberhero Booths Watch for the cybersecurity booth around campus and take home some cyberhero swag. October 1 | 11-3:30 | Landis Green October 7 | 11-3:30 | Strozier October 15 | 11-3:30 | Integration Statue October 21 | 11-3:30 | Integration Statue October 22 | 11-3:30 | Landis Green October 27 | 11-3:30 | Integration Statue October 30 | 10-2:30 | Landis Green

Data protection and privacy Headlines show cyber risk continues to grow with data breaches grabbing most of the headlines.Human error Leaving a laptop at an airport, inadvertently exposed data, misconfigurations, using an unsecured Wi-Fi in the US or while traveling abroad, opening a phishing email or the use of social media. Business Disruptions On July 8th the NY Stock exchange was down for four hours on the same day United Airlines had to halt flights, all from a technical glitch. Cyber LiabilityLawsuits that stem from failing to implement a system of internal controls to protect customer data or information of value to the University. When was the last time you discussed Cyber Risk with members of your organization? Information Technology Services | its.fsu.edu | 19Cyber Risk

Data protection and privacy Without greater openness and collaboration between major online providers, privacy regulation is likely to follow.Better Software Design Much cybercrime relies on the fact software is bug-ridden or contains flaws in its design. Cyber peace Organized cyber criminals have realized that it is easier to steal $1 from a million people, than to steal $1m from one person.Rogue statesWithout a common base level of data protection and computer misuse legislation, there will always be territories that provide a safe haven for cyber criminals and hackers Information Technology Services | its.fsu.edu | 20 What keeps us up at night

Questions Information Technology Services | its.fsu.edu | 21