MARM State of Security v2
0 likes176 views
The document discusses cyber security challenges facing small businesses from the perspective of C-level executives in the media industry. It summarizes findings from a KPMG report that many small businesses are unprepared for cyber breaches and underestimate their impact. A breach can damage a small business's reputation, lead to loss of clients, and hurt their ability to win new business. The document also outlines predictions for emerging security threats in 2016 and recommends that businesses adopt a risk-based approach, treat cybersecurity as a business priority, and discriminate where they focus efforts and invest money.
![March 9, 2016
Mitigating Risks
Realization & making it work
“[..] companies are getting smarter about
protecting themselves against threats, and
more are recognizing the importance of
security and privacy working hand in hand to
mitigate the risk and enhance accountability,”
IAPP President and CEO J. Trevor Hughes, CIPP
“Privacy investments are adding value through
data classification and minimization.
Establishing good policy and effective
communications help to understand the value”
TRUSTe CEO Chris Babel.
Source: HelpNetSecurity, Companies are realizing that security and privacy go hand in hand, March 2016](https://image.slidesharecdn.com/290c32ac-3b0a-4f80-a043-86e49d512da7-160409174618/85/MARM-State-of-Security-v2-7-320.jpg)
MARM State of Security v2
- 1. March 9, 2016 The State of Security In the media industry from a C-level perspective
- 2. March 9, 2016 Current Print & Media Industry Landscape And some of the challenges we face IN A STATE OF EVOLUTION in an increasingly technology-driven environment • Social media giants • Time to market • Information overload • People’s behavior, expectations & perceptions
- 3. March 9, 2016 Current Threat Landscape As per KPMG Cyber security was cited as one of the top concerns by less than a quarter of small businesses 23% Small businesses surveyed who have experienced a breach said it impacted on their reputation 89% 83% of consumers surveyed are concerned about which businesses have access to their data 83% Don’t consider data they hold to be commercially sensitive. This vastly underestimates the value of their information. 22 % Source: KPMG UK Small Business & Reputation Cyber Risk Report, Feb 2016
- 4. March 9, 2016 Brand damage 31.0% Loss of clients 30.0% Ability to win new business 29.0% Interpreting the findings And assessing impact STATE OF PREPAREDNESS Many small businesses are unprepared and unconcerned when it comes to cyber breaches; but customers are increasingly concerned about the security of their personal data. Small businesses are putting themselves at huge risk by underestimating the big impact a cyber attack can have on their reputation. UNDERESTIMATION OF IMPACT The impact of breaches led to:
- 5. March 9, 2016 What’s At Stake Commercially sensitive data Intellectual Property Supplier Information Employee Details Customer Data Accounts Information 29% 25% 24% 22% 22% Source: KPMG UK Small Business & Reputation Cyber Risk Report, Feb 2016
- 6. March 9, 2016 2016 Tech Trends And predictions as per Gartner, 2016 Source: 5 cyber security predictions for 2016, Davey Winder & Gartner INTERNET OF INSECURE THINGS EVOLUTION NOT REVOLUTION MORE SOPHISTICATION ARM THE ANDROIDS SKILLS GAP OBESITY
- 7. March 9, 2016 Mitigating Risks Realization & making it work “[..] companies are getting smarter about protecting themselves against threats, and more are recognizing the importance of security and privacy working hand in hand to mitigate the risk and enhance accountability,” IAPP President and CEO J. Trevor Hughes, CIPP “Privacy investments are adding value through data classification and minimization. Establishing good policy and effective communications help to understand the value” TRUSTe CEO Chris Babel. Source: HelpNetSecurity, Companies are realizing that security and privacy go hand in hand, March 2016
- 8. March 9, 2016 Mitigating Risks As meet we our challenges Embrace a digital first strategy Embrace tech Diversify Adapt company culture Revisit work processes Respond to trends • Good processes help to mitigate attacks • Plan to detect and recover from attacks • Strike a balance between prevention, detection and recovery • Aim to initiate a response process that significantly reduces the impact of a breach • Conversations on security shouldn’t start with cost – they should start with risk • Think about legacy technology • Assign business owners to company information to understand value Source: Mitigate the risk from Cyber attacks, KPMG UK
- 9. March 9, 2016 Conclusions Final words and parting thoughts • There is no one-size-fits-all security model. • An evolving landscape brings about a degree of uncertainty. • Adopt a risk based approach in line with your company’s risk appetite. • Pre-emptive security is always better than reactive security. • Being prepared is the name of the game. It’s not a matter of if, but when. • Don’t ignore residual risk at a corporate risk oversight level. • Treat cybersecurity as a business imperative not a tech issue. DISCRIMINATE WHERE YOU PUT YOUR EFFORT AND WHERE MONEY IS SPENT !
- 10. March 9, 2016 THANK YOU! FOR YOUR ATTENTION Donald Tabone Email : dtabone@gmail.com
- 11. March 9, 2016 The State of Security In the media industry from a C-level perspective