Upload File

state governments at risk: the data breach reality€¦ · average cost per breached record in us:...

  • Home
  • Documents
  • State Governments at Risk: The Data Breach Reality€¦ · Average cost per breached record in US: $201 Average cost per breach: $5.8 million By the Numbers: Consequences For States
17
State Governments at Risk: The Data Breach Reality NCSL Legislative Summit August 5, 2015 Doug Robinson, Executive Director National Association of State Chief Information Officers (NASCIO)

Upload: others

Post on 21-Aug-2020

2 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: State Governments at Risk: The Data Breach Reality€¦ · Average cost per breached record in US: $201 Average cost per breach: $5.8 million By the Numbers: Consequences For States

State Governments at Risk: The Data Breach Reality

NCSL Legislative Summit August 5, 2015

Doug Robinson, Executive DirectorNational Association of State Chief Information Officers (NASCIO)

Page 2: State Governments at Risk: The Data Breach Reality€¦ · Average cost per breached record in US: $201 Average cost per breach: $5.8 million By the Numbers: Consequences For States

National association representing state chief information officers and information technology executives from the states, territories and D.C.

Founded in 1969

NASCIO's mission is to foster government excellence through quality business practices, information management, and technology policy.

About NASCIO

Page 3: State Governments at Risk: The Data Breach Reality€¦ · Average cost per breached record in US: $201 Average cost per breach: $5.8 million By the Numbers: Consequences For States

1. Security

2. Cloud Services

3. Consolidation/Optimization

4. Broadband/Wireless Connectivity

5. Budget and Cost Control

6. Human Resources/Talent Management

7. Strategic IT Planning

8. Mobile Services/Mobility/Enterprise Mobility

9. Disaster Recovery/Business Continuity

10. Customer Relationship Management

Top Ten: State CIO Priorities for 2015

Source: NASCIO State CIO Ballot, November 2014

Page 4: State Governments at Risk: The Data Breach Reality€¦ · Average cost per breached record in US: $201 Average cost per breach: $5.8 million By the Numbers: Consequences For States

State Governments at Risk!

States are attractive targets – data!

More aggressive threats – organized crime, ransomware, hacktivism

Nation state attacks

Critical infrastructure protection

Insider threats – employees, contractors

Emerging IT and data on the move

Need for continuous training, awareness

Page 5: State Governments at Risk: The Data Breach Reality€¦ · Average cost per breached record in US: $201 Average cost per breach: $5.8 million By the Numbers: Consequences For States

IT Security Risks in the States

Protecting legacy systems

Malicious software

Foreign state-sponsored espionage

Mobile devices and services

Use of social media platforms

Use of personally-owned devices (BYOD) for state

business

Adoption of cloud services; rogue

cloud users

Inadequate policy compliance

Third-party contractors and

managed services

IT Security Risks in the States

Page 6: State Governments at Risk: The Data Breach Reality€¦ · Average cost per breached record in US: $201 Average cost per breach: $5.8 million By the Numbers: Consequences For States

October 2014

State Governments

at Risk: Time to

move forward

#StatesAtRisk

Page 7: State Governments at Risk: The Data Breach Reality€¦ · Average cost per breached record in US: $201 Average cost per breach: $5.8 million By the Numbers: Consequences For States

7

Key Themes from the 2014 Study

Maturing role of the CISO

Budget-strategy disconnect

Cyber complexity challenge

Talent crisis

2014 Deloitte-NASCIO Cybersecurity Study

Page 8: State Governments at Risk: The Data Breach Reality€¦ · Average cost per breached record in US: $201 Average cost per breach: $5.8 million By the Numbers: Consequences For States

8

Cyber complexity challenge

2014 Deloitte-NASCIO Cybersecurity Study

Sophistication and

sheer range of cyber

threats continue to

evolve

Regulatory complexity

is growing

Complex and mostly

federated state

government

environment poses

governing challenges

CISOs and business

leaders are not on the

same page regarding

the states’ abilities to

protect against an

attack

Page 9: State Governments at Risk: The Data Breach Reality€¦ · Average cost per breached record in US: $201 Average cost per breach: $5.8 million By the Numbers: Consequences For States

Government agencies have lost more than 94 million records of citizens since 2009

Average number of days between discovery and disclosure: 58

Average cost per breached record in US: $201

Average cost per breach: $5.8 million

By the Numbers: Consequences For States

Sources: "Rapid7 Report: Data Breaches in the Government Sector." Rapid7. September 6, 2012.2014 Cost of Data Breach Study, Ponemon Institute, Navigant Breach report, March 2014

Page 10: State Governments at Risk: The Data Breach Reality€¦ · Average cost per breached record in US: $201 Average cost per breach: $5.8 million By the Numbers: Consequences For States

U.S. Benchmark Data: Root Causes of a Data Breach

Source: 2014 Cost of Data Breach Study, Ponemon Institute

44%

25%

31%

Malicious or criminal attacks System Glitch Human Error

Page 11: State Governments at Risk: The Data Breach Reality€¦ · Average cost per breached record in US: $201 Average cost per breach: $5.8 million By the Numbers: Consequences For States

Who’s Responsible for Protecting State Data?

Chief Information Officers

Information Security Officers

Agency Leaders

Data Owners

Employees

Human Resources

Legal Departments

Third Party Contractors

Elected officials

Page 12: State Governments at Risk: The Data Breach Reality€¦ · Average cost per breached record in US: $201 Average cost per breach: $5.8 million By the Numbers: Consequences For States

Unfortunately state officials are often looking at their data breach in a rear

view mirror. After the incident…

Page 13: State Governments at Risk: The Data Breach Reality€¦ · Average cost per breached record in US: $201 Average cost per breach: $5.8 million By the Numbers: Consequences For States

Does your state government support a “culture of information security” with a governance structure of state leadership and all key stakeholders?

Has your state conducted a risk assessment? Is data classified by risk? Are security metrics available?

Has your state implemented an enterprise cybersecurity framework that includes policies, control objectives, practices, standards, and compliance? Is the NIST Cybersecurity Framework a foundation?

Has your state invested in enterprise solutions that provide continuous cyber threat detection, mitigation and vulnerability management? Has the state deployed advanced cyber threat analytics?

Have state employees and contractors been trained for their roles and responsibilities in protecting the state’s assets?

Does your state have a cyber disruption response plan? A crisis communication plan focused on cybersecurity incident?

NASCIO’s Cybersecurity Call to ActionKey Questions for State Leaders

Page 14: State Governments at Risk: The Data Breach Reality€¦ · Average cost per breached record in US: $201 Average cost per breach: $5.8 million By the Numbers: Consequences For States

1. Inventory data and conduct risk assessments. Deploy tiered security measures as appropriate.

2. Review contractor and vendor agreements.

3. Review privacy policies and disclosure requirements. Legal counsel must be engaged.

4. Develop a actionable incident response plan with a crisis communications annex. Test the plan.

5. Train employees on their roles and responsibilities. Ensure policies align with incident response.

Before the Breach

Page 15: State Governments at Risk: The Data Breach Reality€¦ · Average cost per breached record in US: $201 Average cost per breach: $5.8 million By the Numbers: Consequences For States

Data Breach Guidance in Seven Steps

1. Is contact information current on your data breach response team list?

2. Is your data breach response plan comprehensive?

3. Are your vendor contracts in order?

4. Are notification guidelines clear?

5. Are third parties with access to your data as secure as possible?

6. Is your IT security effectively protecting data?

7. Is your staff security-aware?

Source: Experian Data Breach Response Guide 2014-15

Page 16: State Governments at Risk: The Data Breach Reality€¦ · Average cost per breached record in US: $201 Average cost per breach: $5.8 million By the Numbers: Consequences For States

Data Breaches: Not If But When…

Page 17: State Governments at Risk: The Data Breach Reality€¦ · Average cost per breached record in US: $201 Average cost per breach: $5.8 million By the Numbers: Consequences For States

[email protected]#StatesAtRisk

mailto:[email protected]

2016 cost of data breach study kor

What Does a Data Breach Cost?

2017 Cost of Data Breach Study - IBMThe average total cost of data breach for 27 companies increased from 17.30 million SAR in 2016 to 18.54 million SAR in this year’s study. All

PREVENTING TOMORROW'S CYBERSECURITY RISKS AND … · • Average cost of a data breach is $3.86m (IBM, 2018) • US is highest cost, at $7.91m ... • Data loss (laptop in an Uber/airport,

PROTECT AGAINST A DATA BREACH & ADDRESS PCI DSS …€¦ · According to the 2016 Cost of Data Breach Study: Global Analysis, the average cost of a breach to a company was $4 million

$3.5M The average cost of a data breach to a company 243 The average number of days that attackers reside within a victim’s network before detection 76%

Preparing for a Data Breach - Systems Engineering · 2020. 4. 10. · data breach. $148 average cost per lost or stolen record. 27.9% likelihood of a reoccuring material breach over

DATA BREACH RESPONSE GUIDE - Experian · The average cost of a data breach is also on the rise. According to its annual Cost of a Data Breach Study, the Ponemon Institute found that

2013 cost of data breach study - France

2015 Cost of Data Breach Study: Global Analysis Global CODB FINAL … · The cost of data breach varies by industry. The average global cost of data breach per lost or stolen record

Keeping Data in Motion: The high cost of HIPAA non-compliancevertassets.blob.core.windows.net/download/866f9c4d/866f9c4d-792… · The average cost of a data breach is $5.5 million,

Cost of a Data Breach

2011 Cost of Data Breach Study: Japan

GOV UK · REPORTING BREACH £1.15m AVERAGE COST OF SECURITY BREACH Source: 2014 Information Security Breaches Suwey sponsored by the Department for Business, Innovation and Skills

2011 Cost of Data Breach Study: Germany · The total average cost of data breach over four years is shown in Figure 2. The total cost of data breach increased very slightly from €3.38

Cost of Information Systems Security Breaches · 2016. 4. 4. · Average Cost of a Security Breach Average Total Cost of a data breach 2014: $3.52 Million 2014: $3.52 Million Average

Global Data Breach Notification Laws: Meeting Requirements ... · According to the latest Cost of a Data Breach Study: Global Analysis, the average total cost of a data breach for

Is Your Company Ready for a Big Data Breach? · overall cost of an incident. The 2014 Cost of Data Breach Study: United States reported that the average cost for each lost or stolen

Security matters. · According to an IBM 2016 Ponemon Cost of Data Breach Study, the average . consolidated cost of a data breach is around $3.8 million—that’s an increase of

2009 Cost Of Data Breach

2016 Cost of Data Breach Study: Canada

Respond, Recover, Thrive to a Cyber Breach Channel Islands ...€¦ · Data Breach Figures 2020 projection * Average total cost of a data breach $3.92M Cost per lost record $150 By

Deconstructing Data Breach Cost

prismic.io · 2020-03-17 · Average total cost of a data breach $3.92M Average size of a data breach Cost per lost record $150 25, 575 records Time to identify and contain a breach

The Cost of Data Breach - France

2016 Cost of Data Breach Study: Global Analysis · § $4 million is the average total cost of data breach § 29% increase in total cost of data breach since 2013 § $158 is the average

security - s24551.pcdn.co€¦ · Average total cost of data breach 383 Increase in total cost of data breach since 2013 Average cost per lost or stolen record Increase in per capita

Cost of a Data Breach Global Report

Stealthwatch - Cisco · Network threats are getting smarter Industry average detection time for a breach Industry average time to contain a breach Average cost of a data breach Motivatedand

More Connected, More at Risk - BKD · 2019-04-02 · Breaches Are Costing More & More Average total cost of a data breach $3.86 million Average cost per lost or stolen record $148

preventing the next data breach - MicroAge · data breach resolution; loss of goodwill and customer churn. Recent research cites the average total cost of a data breach as $4 million

Introducing The Vanguardian In this edition...The global cost of data breach decreases. The average cost of data breach decreased 10 percent and the per capita cost decreased 2.9 percent

What is the Cost of One More Test? · Cost of Data Breach Study, The Ponemon Institute, 2015 Cost of Data Breach Study, The Ponemon Institute, 2014 Cleaning up after a Breach, SANS

how to calculate the cost of a data breach · how to calculate the cost of a data breach When calculating the cost of a data breach, there are two main categories: short-term and

Data Breach Response Guide - International Association of ... · The cost of a data breach can average $214 per compromised record1. Multiply that by the hundreds or thousands –