cyber security - dictdict.gov.ph › wp-content › uploads › 2017 › 08 ›...
TRANSCRIPT
![Page 1: Cyber Security - DICTdict.gov.ph › wp-content › uploads › 2017 › 08 › 02-Cyber-Security.pdf · Cyber Security Portfolio IV. Next Steps . 3 ABOUT US ALL ... IBM X-Force Threat](https://reader035.vdocuments.net/reader035/viewer/2022081404/5f03c3cc7e708231d40aa85d/html5/thumbnails/1.jpg)
1
Cyber SecurityMonette Tiongson
Head, cyber Security Business Management
![Page 2: Cyber Security - DICTdict.gov.ph › wp-content › uploads › 2017 › 08 › 02-Cyber-Security.pdf · Cyber Security Portfolio IV. Next Steps . 3 ABOUT US ALL ... IBM X-Force Threat](https://reader035.vdocuments.net/reader035/viewer/2022081404/5f03c3cc7e708231d40aa85d/html5/thumbnails/2.jpg)
2
Agenda
I. Who We Are
II. Messaging & Problems Addressed
III. Cyber Security Portfolio
IV. Next Steps
![Page 3: Cyber Security - DICTdict.gov.ph › wp-content › uploads › 2017 › 08 › 02-Cyber-Security.pdf · Cyber Security Portfolio IV. Next Steps . 3 ABOUT US ALL ... IBM X-Force Threat](https://reader035.vdocuments.net/reader035/viewer/2022081404/5f03c3cc7e708231d40aa85d/html5/thumbnails/3.jpg)
3
ABOUT US
ALLePLDT, Inc. is an industry-leading enabler ofdigital business solutions in the Philippines.Since its inception at the turn of themillennium, ePLDT has set the pace in thedevelopment of digital technologies forenterprises across the country and the AsiaPacific region. It delivers best-in-classsolutions that utilize purpose-built cloudand data center facilities. The company wasalso the first to bring Analytics services andinfrastructure to the Philippines as well asdifferentiated professional services beyondCloud, Security, Digital Engagement andManaged IT Services.
![Page 4: Cyber Security - DICTdict.gov.ph › wp-content › uploads › 2017 › 08 › 02-Cyber-Security.pdf · Cyber Security Portfolio IV. Next Steps . 3 ABOUT US ALL ... IBM X-Force Threat](https://reader035.vdocuments.net/reader035/viewer/2022081404/5f03c3cc7e708231d40aa85d/html5/thumbnails/4.jpg)
4
Ensuring Business Resilience In Experience Age
![Page 5: Cyber Security - DICTdict.gov.ph › wp-content › uploads › 2017 › 08 › 02-Cyber-Security.pdf · Cyber Security Portfolio IV. Next Steps . 3 ABOUT US ALL ... IBM X-Force Threat](https://reader035.vdocuments.net/reader035/viewer/2022081404/5f03c3cc7e708231d40aa85d/html5/thumbnails/5.jpg)
5
Threat Landscape
Source: SANS 2016 Threat Landscape Survey
![Page 6: Cyber Security - DICTdict.gov.ph › wp-content › uploads › 2017 › 08 › 02-Cyber-Security.pdf · Cyber Security Portfolio IV. Next Steps . 3 ABOUT US ALL ... IBM X-Force Threat](https://reader035.vdocuments.net/reader035/viewer/2022081404/5f03c3cc7e708231d40aa85d/html5/thumbnails/6.jpg)
6
Notable 2016 Global Leaks of Data
IBM X-Force Threat Intelligence Index 2017
![Page 7: Cyber Security - DICTdict.gov.ph › wp-content › uploads › 2017 › 08 › 02-Cyber-Security.pdf · Cyber Security Portfolio IV. Next Steps . 3 ABOUT US ALL ... IBM X-Force Threat](https://reader035.vdocuments.net/reader035/viewer/2022081404/5f03c3cc7e708231d40aa85d/html5/thumbnails/7.jpg)
7
Industries Most Frequently Breached in 2016
IBM X-Force Threat Intelligence Index 2017
![Page 8: Cyber Security - DICTdict.gov.ph › wp-content › uploads › 2017 › 08 › 02-Cyber-Security.pdf · Cyber Security Portfolio IV. Next Steps . 3 ABOUT US ALL ... IBM X-Force Threat](https://reader035.vdocuments.net/reader035/viewer/2022081404/5f03c3cc7e708231d40aa85d/html5/thumbnails/8.jpg)
8
Recent Cyber Breaches
![Page 9: Cyber Security - DICTdict.gov.ph › wp-content › uploads › 2017 › 08 › 02-Cyber-Security.pdf · Cyber Security Portfolio IV. Next Steps . 3 ABOUT US ALL ... IBM X-Force Threat](https://reader035.vdocuments.net/reader035/viewer/2022081404/5f03c3cc7e708231d40aa85d/html5/thumbnails/9.jpg)
9
Cyber Breach in the Academe
![Page 10: Cyber Security - DICTdict.gov.ph › wp-content › uploads › 2017 › 08 › 02-Cyber-Security.pdf · Cyber Security Portfolio IV. Next Steps . 3 ABOUT US ALL ... IBM X-Force Threat](https://reader035.vdocuments.net/reader035/viewer/2022081404/5f03c3cc7e708231d40aa85d/html5/thumbnails/10.jpg)
10
How Threats Get In
Source: Exploits at the Endpoint:SANS 2016 Threat Landscape Survey
![Page 11: Cyber Security - DICTdict.gov.ph › wp-content › uploads › 2017 › 08 › 02-Cyber-Security.pdf · Cyber Security Portfolio IV. Next Steps . 3 ABOUT US ALL ... IBM X-Force Threat](https://reader035.vdocuments.net/reader035/viewer/2022081404/5f03c3cc7e708231d40aa85d/html5/thumbnails/11.jpg)
11
DATA
51% of employees believe it is
acceptable to take corporate data
because their company does not
strictly enforce policies
26% is the chance of a breach
happening over 24 months
48% of breaches are malicious
attacks
$158 is the average cost per record
breached
REVENUE & REPUTATIONCost Breakdown of Attacks
DATA PRIVACY LAW 2012(RA 10173)
SEC. 26. Accessing Personal Information and Sensitive Personal
Information Due to NegligenceDamaged
Reputation29%
Lost Productivity21%
Lost Revenue
19%
Forensics12%
Technical Support 10%
Regulatory Compliance 5%
Real Life Business Problem: Enterprise Risk
Source: Gregory Strauss & Jon Williamson, “Five best practices to improve building
management systems cybersecurity.” 2015
Source: Global Symantec Study, Ponemon Cost of Data Breach Study 2016
![Page 12: Cyber Security - DICTdict.gov.ph › wp-content › uploads › 2017 › 08 › 02-Cyber-Security.pdf · Cyber Security Portfolio IV. Next Steps . 3 ABOUT US ALL ... IBM X-Force Threat](https://reader035.vdocuments.net/reader035/viewer/2022081404/5f03c3cc7e708231d40aa85d/html5/thumbnails/12.jpg)
12
• Reputational damage
• Loss of competitive advantage
• Productivity loss
• Financial loss
Business Impact
• Competitive advantage
• Financial Gain
• Revenge
• Strategic disruption
MotivesThreat Actors
• Hacktivists
• Nation Sponsored
• Competitors
• Insider Threats
• Organized Crime
Risk Factors
![Page 13: Cyber Security - DICTdict.gov.ph › wp-content › uploads › 2017 › 08 › 02-Cyber-Security.pdf · Cyber Security Portfolio IV. Next Steps . 3 ABOUT US ALL ... IBM X-Force Threat](https://reader035.vdocuments.net/reader035/viewer/2022081404/5f03c3cc7e708231d40aa85d/html5/thumbnails/13.jpg)
13
Threat Actor Sophistication
Source: ISACA CACS
![Page 14: Cyber Security - DICTdict.gov.ph › wp-content › uploads › 2017 › 08 › 02-Cyber-Security.pdf · Cyber Security Portfolio IV. Next Steps . 3 ABOUT US ALL ... IBM X-Force Threat](https://reader035.vdocuments.net/reader035/viewer/2022081404/5f03c3cc7e708231d40aa85d/html5/thumbnails/14.jpg)
14
COMPLEXITY
Evolving threats means constantly evolving to keep up in terms of people, process & technology
Large networks, BYOD, & siloed IT deployments make it difficult to implement cyber security across the organization
EXPERTISE
Applying best security practices & upgrades to ensure global-standard compliance
Getting the right security people given the global cyber security expertise shortage
Challenges in Implementing Cyber Security
![Page 15: Cyber Security - DICTdict.gov.ph › wp-content › uploads › 2017 › 08 › 02-Cyber-Security.pdf · Cyber Security Portfolio IV. Next Steps . 3 ABOUT US ALL ... IBM X-Force Threat](https://reader035.vdocuments.net/reader035/viewer/2022081404/5f03c3cc7e708231d40aa85d/html5/thumbnails/15.jpg)
15
People are both an asset and a liability
in security
Technology as an enabler for cyber
security and business resilience
Resiliency is a process, mindset, and culture, not a single solution
“Cyber Security is an integral part of business resilience….”
Building Business Resiliency
![Page 16: Cyber Security - DICTdict.gov.ph › wp-content › uploads › 2017 › 08 › 02-Cyber-Security.pdf · Cyber Security Portfolio IV. Next Steps . 3 ABOUT US ALL ... IBM X-Force Threat](https://reader035.vdocuments.net/reader035/viewer/2022081404/5f03c3cc7e708231d40aa85d/html5/thumbnails/16.jpg)
16
EXPERTISE-BASED
Cyber Security Services and Consulting through local ePLDT
expertise and processes
TECHNOLOGY AND TOOLS
Security hardware, software, and platforms through trusted
technology partners
PHYSICAL SECURITY
Experience in physical asset security by virtue of our
pioneering VITRO Data Centers
PLDT Group Cyber Security Approach
![Page 17: Cyber Security - DICTdict.gov.ph › wp-content › uploads › 2017 › 08 › 02-Cyber-Security.pdf · Cyber Security Portfolio IV. Next Steps . 3 ABOUT US ALL ... IBM X-Force Threat](https://reader035.vdocuments.net/reader035/viewer/2022081404/5f03c3cc7e708231d40aa85d/html5/thumbnails/17.jpg)
17
PLDT Group Cyber Security Approach
![Page 18: Cyber Security - DICTdict.gov.ph › wp-content › uploads › 2017 › 08 › 02-Cyber-Security.pdf · Cyber Security Portfolio IV. Next Steps . 3 ABOUT US ALL ... IBM X-Force Threat](https://reader035.vdocuments.net/reader035/viewer/2022081404/5f03c3cc7e708231d40aa85d/html5/thumbnails/18.jpg)
18
ePLDT
Cyber Security
PortfolioEnd-to end solutions to help our customers translate their cyber security goals into real business outcome, resulting to business resiliency amidst the onslaught of continuous cyber threats.
![Page 19: Cyber Security - DICTdict.gov.ph › wp-content › uploads › 2017 › 08 › 02-Cyber-Security.pdf · Cyber Security Portfolio IV. Next Steps . 3 ABOUT US ALL ... IBM X-Force Threat](https://reader035.vdocuments.net/reader035/viewer/2022081404/5f03c3cc7e708231d40aa85d/html5/thumbnails/19.jpg)
19
PLDT Group Cyber Security Portfolio
Managed Security Platforms
Network Web Endpoint
Managed security appliance• Installation
• Configuration
• 24x7 phone/e-mail/remote support
• Site visit
Risk Assessment Consulting
VAPTISMS
consultingSource
code review
• Monitoring
• Alerting
• Incident analysis and
Recommendation
• Containment and Response
• Threat intelligence
Assessment of the enterprise’s IT
assets based on its inherent risk and
criticality on operations as a basis for
establishing appropriate security
policies and techniques.
EXPERTISE FRAMEWORKS
Incident Response
Investigation Proactive IR Management
TECHNOLOGY AND TOOLS
Security Operations Monitoring
![Page 20: Cyber Security - DICTdict.gov.ph › wp-content › uploads › 2017 › 08 › 02-Cyber-Security.pdf · Cyber Security Portfolio IV. Next Steps . 3 ABOUT US ALL ... IBM X-Force Threat](https://reader035.vdocuments.net/reader035/viewer/2022081404/5f03c3cc7e708231d40aa85d/html5/thumbnails/20.jpg)
20
PREDICTIVE PREVENTIVE
DETECTIVERESPONSIVE
•Periodic VAPT
•Periodic Risk Assessment
•ISMS
•Source code review
•Hardening
•Patching
•Source code review
•Perimeter Security devices
•Endpoint security
•Isolation of compromised devices
•Prevention of lateral movements
•Incident response and handling
During Attack
Post Attack
Pre-Attack
Information Protection Lifecycle
![Page 21: Cyber Security - DICTdict.gov.ph › wp-content › uploads › 2017 › 08 › 02-Cyber-Security.pdf · Cyber Security Portfolio IV. Next Steps . 3 ABOUT US ALL ... IBM X-Force Threat](https://reader035.vdocuments.net/reader035/viewer/2022081404/5f03c3cc7e708231d40aa85d/html5/thumbnails/21.jpg)
21
Cyber security requires hiring and maintaining skilled people, managing different technologies and implementing best practices.
Skills & Best Practices
Don’t just focus on the short term - develop a contingency plan in the event of an attack.
Prepare for the Worst
Work with trusted partners to maintain business resiliency.
Capability and Credibility
As businesses become more digital, it also brings increased chances for cyber-attacks which can affect your operations, bottom line, and reputation.
Prioritize Initiatives
Cyber Security is a journey…..The Road to Follow
Forging Ahead...
![Page 22: Cyber Security - DICTdict.gov.ph › wp-content › uploads › 2017 › 08 › 02-Cyber-Security.pdf · Cyber Security Portfolio IV. Next Steps . 3 ABOUT US ALL ... IBM X-Force Threat](https://reader035.vdocuments.net/reader035/viewer/2022081404/5f03c3cc7e708231d40aa85d/html5/thumbnails/22.jpg)
22
THANK YOU