Linking Enterprise and Small Business Security:

How to Shore up Cyber Risks in the Supply Chain

Today’s Speakers

Jason PolancichFounder & Chief Architect

SurfWatch Labs

2

Carrie KerskieData Privacy Expert

Kerskie Group

Agenda

• Insecurity in the supply chain

• Lessons learned from real-life data breaches

• Understanding the business impact and using cyber data to reduce risk

• Tips to work with your partners, vendors and customers

• Next Steps and Q&A

POLLING QUESTION

How do you collect and analyze data to monitor risks from insiders, suppliers, partners and customers?

A. Purchased Threat Intelligence Data Feed

B. In-House Solution

C. Open Source Data Analysis

D. Other Software Solution   

E. We have no solution in place

Enterprise Cybersecurity is Linked to Small Business

• Big business is inter-connected with the outside world at many levels

– Customers

– Partners

– Suppliers

5

Small Business is a Weak Link in the Supply Chain

• 1 out of 4 small firms have “little to no understanding of cybersecurity issues”Source: 2013 survey by the National Small Business Association

• Almost half of all SMBs have been the victim of a cyber-attack!Source: SurfWatch Labs data

6

Real-Life Data Breaches (and Lessons Learned)

Know Your Suppliers•Target – Compromised through a HVAC vendor’s access

•Advanced Care Hospitalists – Breached through billing company

•AutoNation – Compromised by e-commerce and data services provider

•CNN, Wash Post, Time – Breached through syndication service

7

Cyber Events Trickle Up

8

• Small/individual cyber incidents can lead to much more damage

• C-Suite and BoDs are being held responsible

Rising Costs of Insecurity

• Cost/compromised record increased from $188 to $201

• Customer turnover rate increased by 15%

9

Source: 2014 Cost of Data Breach Study: Global Analysis, Ponemon Institute

$5.9M is the Average Cost of a Data Breach

What’s the Impact?

10

Using Cyber Data to Reduce Risk

11

How is cyber risk information shared with business decision-makers ways they can understand and use?

A. PowerPoint Presentations

B. In-House Status Reports

C. Business Intelligence Tools

D. Excel Spreadsheets

E. We don't have a good way to share this information

POLLING QUESTION

5 Tips to Close Backdoors in the Supply Chain

Tip 1: Cyber Business Intelligence

Gain high level understanding of your risks from the “outside-in”

14

• Who are your current suppliers?

• Who’s been hit and how?

• How do they interact with your business?

• Who are their suppliers’ customers?

• What software/systems do your partners/customers use?

• What software in use is/was vulnerable today or yesterday?

• Which partners and suppliers were affected by an attack?

Tip 2: Multi-Factor Authentication

• Remove Low-Hanging Fruit– Two-factor (or more) authentication and authorization is essential

15

Tip 3: Anti-Malware & Phishing

• Ensure Your Security by Investing in Your Partners’ Security

– Provide anti-malware solutions for your trusted (and untrusted) partners

– Anti-phishing solutions and education can help reduce the majority of exploits against enterprises

16

Tip 4: VPN & Private B2B Systems

• Secure Remote Access to the Network – Salespeople

– All employees

– All partners

17

Tip 5: Educate and Communicate

• Train Employees and Partners

– Ensure understanding of core cybersecurity concepts and cyber defense operations

– Use active software platforms and video game-like systems

• Share Information Safely with Vendors in Your Supply Chain

18

Next Steps and Q&A

19

SurfWatch Labs Resources

•Overview of SurfWatch Analyticswww.surfwatchlabs.com/surfwatch-analytics

•Free SurfWatch Analytics Trialswww.surfwatchlabs.com/trial

Kerskie Group Resources

•Sign up for free newsletter at www.Kerskie.com

•Email Carrie at Ck@Kerskie.com

Thank You!

www.surfwatchlabs.comFollow us at: