22
Safely Enabling Business - © ZIONSECURITY www.zionsecurity.com CyberSec in the Digital Transformation Era Jan De Bondt Head of cybersecurity advisory 20/09/2019 1
Safely Enabling Business - © ZIONSECURITY www.zionsecurity.com
CyberSec in the Digital Transformation EraJan De BondtHead of cybersecurity advisory
20/09/20191
Safely Enabling Business - © ZIONSECURITY www.zionsecurity.com
Agenda
Safely Enabling Business - © ZIONSECURITY www.zionsecurity.com
Agenda
20/09/20193
• Mission & Vision• Setting the scene• Opportunities – challenges – risks• Pragmatic approach• Key take aways• Q&A
Safely Enabling Business - © ZIONSECURITY www.zionsecurity.com
Mission & Vision
20/09/20194
• Our aim is to help corporates, investors and public institutionssuccessfully address and manage their information and cybersecurityrelated risks.
• We want to protect our clients’ business reputation by securing theirdigital transformation while safeguarding valuable personal andbusiness information.
• We are the missing link between business and technology, processesand people. We are closing the gaps between traditional top-down andbottom-up approaches.
• Our clients are from all spectrums of corporate, enterprise and publicinstitutions.
• We are determined, persistent and fully committed to build Europe'sleading information Cybersecurity Advisory Firm.
Safely Enabling Business - © ZIONSECURITY www.zionsecurity.com
Setting the scene
Safely Enabling Business - © ZIONSECURITY www.zionsecurity.com20/09/20196
Cybersecurity ratings are becoming as important as credit ratings
when assessing business relations !
Safely Enabling Business - © ZIONSECURITY www.zionsecurity.com
Opportunities – challenges – risks
Safely Enabling Business - © ZIONSECURITY www.zionsecurity.com
Opportunities External• Enhances customer experience
• Data driven insights = gain more insight of your customer’sbehaviour / desires• Better and faster decision making• Speed up your go-to-market efforts = stay ahead of your
competition
Internal• Increases company’s profitability over time
• Increased cybersecurity resilience results in highercompany value
• Centralising, simplifying, automating processes increasesoverall efficiency
• Improving customer experience and engagements leads toincreased customer loyalty
20/09/20198
Safely Enabling Business - © ZIONSECURITY www.zionsecurity.com
Challenges • Digital transformation increases your attack vector:• And it’s exponentially…
• Companies have no experience in handling cybercrime incidents.• It’s like “fire drill” exercise = practice, practice, practice, ...
• There’s a worldwide infosec / cyber skilled resource challenge…• Hire and train…
• No or little investment in employee awareness or knowledge.• Start today
• Exposed to reputation risk has a • Direct impact on revenue and your market share.
• There’s an increased attention of regulators • E.g. GDPR / NIS / PCI-DSS / PSD2 / …
20/09/20199
Safely Enabling Business - © ZIONSECURITY www.zionsecurity.com
Risks • The more you digital transform…• The more this increases your attack surface
• Increased 3rd party integrations…• Create a larger attack surface• Means greater attractiveness for hackers
• Increases complexity of systems and processes…• Need for more automation !• Thus more exposure !
• Hackers…• Are increasing in numbers• Have increased knowledge• Use more advanced techniques• No more script kiddies = professional organisations
20/09/201910
Safely Enabling Business - © ZIONSECURITY www.zionsecurity.com
Increase your cybersecurity
resilience
• M&A – add value starts already here !• Note: it works in both directions (buyer/seller)• Due diligence audit
• Know what you buy• Defend a “higher” price
• Contract / Material Adverse Clause (MAC)
• Business as usual – how to protect your “perimeter” ?• Employee / contractor screening• 3rd party (vendor/supplier) assessment• …
20/09/201911
Safely Enabling Business - © ZIONSECURITY www.zionsecurity.com
Cybercrime victims
• Impact on revenue and or market share due to • non-activity• reputational risk exposure• IP theft = no more competitive advantage
• Lack of knowledge and experience• Supported by lack of business continuity planning• Results in slow business recovery
• Cybercriminals• Are skilled professionals• Are in it for the money state sponsored or personal gain)• Look for the path of least resistance• Almost always start their hacking with a phishing attack
20/09/201912
Safely Enabling Business - © ZIONSECURITY www.zionsecurity.com
A pragmatic approach
Safely Enabling Business - © ZIONSECURITY www.zionsecurity.com
Our approach • Prevent• Governance, Risk & Compliancy advisory & tooling• Cybersecurity roadmap development assistance• Data governance discovery/inventory/classification)• Industrial and IoT security governance
• Protect• 24/7/365 monitoring, detection & response services• Identity & access management IAM / PAM)• Training / coaching / recruitment• a.i. staffing ST) / CISO & DPO as -a-service LT)
• Prove• IT attestation: internal audit & conformity control• Incident management / forensic IT governance
20/09/201914
Safely Enabling Business - © ZIONSECURITY www.zionsecurity.com
Practical approach
1. Know what to protect• Asset inventory – know what you have• Risk based approach - decide on the essentials
2. Optimize your incident management capacity / capability• Do you know when you’re breached? • Do you know what steps to follow in case of breach?• How well prepared are you ?
3. Align your IT processes with InfoSec processes• Incident / change / vulnerability management• Business continuity – disaster recovery
4. Train your employees and contractors• Start with onboarding processes• Ensure you can punish the “sinners”
20/09/201915
Safely Enabling Business - © ZIONSECURITY www.zionsecurity.com
Your gains • Prevent• Know where your data resides
• Protect• Know who has access to your data• Know how to protect your data and access to
• Prove• Know how to respond in case of a cyber incident
20/09/201916
Safely Enabling Business - © ZIONSECURITY www.zionsecurity.com
Key take aways
Safely Enabling Business - © ZIONSECURITY www.zionsecurity.com
Just remember • This is NOT a big bang approach!• Company needs to evolve to a “security aware culture”…
• This is NOT a one-off exercise, continues improvement is key!• Digitalization creates a larger cyber attack surface• Cybercriminals also evolving and professionalizing
• A centralized approach is key to success!• Adapt processes accordingly to local laws and culture• CISO needs to be very visible in your organization• Easier to control and remediate your risks from a centralized
organization• And it’s faster to recover from decentralized attacks
20/09/201918
Safely Enabling Business - © ZIONSECURITY www.zionsecurity.com
Questions & Answers
Safely Enabling Business - © ZIONSECURITY www.zionsecurity.com20/09/201920
Safely Enabling Business - © ZIONSECURITY www.zionsecurity.com
SAFELY ENABLING YOUR BUSINESS
Safely Enabling Business - © ZIONSECURITY www.zionsecurity.com
More about us
FOLLOW US ON SOCIAL MEDIA
www.zionsecurity.com
