Understanding Digital Risks - Dell...Understanding Digital Risks Lurking in the Shadows of...
Transcript of Understanding Digital Risks - Dell...Understanding Digital Risks Lurking in the Shadows of...
Understanding Digital Risks Lurking in the Shadows of Transformation
Charles LimRegional Director, South East Asia
© Copyright 2019 Dell Inc.2
Agenda
• Implications of Digital Transformation = Digital Risk
• The Emergence of Digital Risk Management
• Implementing an Integrated Approach to Digital Risk Management
• Getting Started: Assess Elements of Digital Transformation & Digital Risk
• Q&A
© Copyright 2019 Dell Inc.3
DIGITAL
TRANSFORMATION
Operational
Efficiency
New Product
Development
New Customer
Experiences
Activate & Monetize
Data
© Copyright 2019 Dell Inc.4
In a 2016 study of non-IT
executives, 71% said that
concerns over cybersecurity
are impeding innovation in
their organizations.
– Gartner
2018 study of CEO’s
showed 62% have a
management initiative or
transformation program in
place to make the business
more digital.
– Gartner
73% of respondents agreed
that the relationship
between IT security and
business risk can be
difficult to coordinate.
-ESG Custom Research,
Cybersecurity and Business Risk
Survey, March 2018
62%
By 2020, 60% of digital
businesses will suffer major
service failures, due to the
inability of IT security teams
to manage digital risk.
– Gartner
73%
71%
60%
© Copyright 2019 Dell Inc.5
Digital
Business
IoT
Social
Media
Cloud
Robotics
MODERNIZATION
© Copyright 2019 Dell Inc.6
MODERNIZATION
Digital
Business
IoT
Social
Media
Cloud
Robotics
Hackers &
Malware
Vulnerabilities
Phishing
MALICE
© Copyright 2019 Dell Inc.7
MALICEMODERNIZATION
Digital
Business
IoT
Social
Media
Cloud
Robotics
Hackers &
Malware
Vulnerabilities
Phishing
Regulatory
Change
Corporate
GovernanceGDPR
Privacy
MANDATES
© Copyright 2019 Dell Inc.8
MALICEMODERNIZATION
MANDATESSPEEDOF
CHANGE
© Copyright 2019 Dell Inc.9
COMPLEXITYOF
B U SIN ESS
© Copyright 2019 Dell Inc.10
AMPLIFICATIONOF
RISK
© Copyright 2019 Dell Inc.11
Digital Riskis the greatest facet of risk that businesses face…
TRADITIONAL
BUSINESS RISK
DIGITAL
RISK
DIGITAL
ADOPTION
RIS
K
LOW
HIGH
MEDIUM
© Copyright 2019 Dell Inc.12
New Perspective
…that requires a
DIGITAL
ADOPTION
RISK
© Copyright 2019 Dell Inc.13
CEO / BOARD
MALICE MANDATESMODERNIZATION
? ? ?
R I S K
M A N A G E M E N TI T S E C U R I T Y
© Copyright 2019 Dell Inc.13
© Copyright 2019 Dell Inc.14
CEO / BOARD
? ? ?
R I S K
M A N A G E M E N TI T S E C U R I T Y
D I G I T A L R I S K
INSIGHTS
ACTIONS
VISIBILITY
© Copyright 2019 Dell Inc.14
© Copyright 2019 Dell Inc.15
? ? ?
R I S K
M A N A G E M E N TS E C U R I T YI T
IDENTIFY
RISK
ASSESS
RISK
TREAT
RISK
MANAGE RISK &
OPTIMIZE YOUR BUSINESS
D I G I T A L R I S K
INSIGHTS
ACTIONS
VISIBILITY
MANAGE DYNAMIC WORKFORCE RISK
MANAGE PROCESS AUTOMATION RISK
SECURE YOUR CLOUD
TRANSFORMATION
MITIGATE CYBER ATTACK RISK
MODERNIZE YOUR COMPLIANCE
PROGRAM
COORDINATE BUSINESS
RESILIENCY
MANAGE THIRD PARTY RISK
EVOLVE DATA GOVERNANCE &
PRIVACY
INTEGRATED RISK MANAGEMENT
EVOLVED SIEM / ADVANCED THREAT DETECTION & RESPONSE
SECURE, RISK-BASED ACCESS & AUTHENTICATION
OMNI-CHANNEL FRAUD PREVENTION
ADVANCED RISK AND CYBERSECURITY SERVICES
© Copyright 2019 Dell Inc.15
© Copyright 2019 Dell Inc.16 © Copyright 2019 Dell Inc.16
Implementing an Integrated Approach to Digital Risk
Management
© Copyright 2019 Dell Inc.17
An Integrated Approach To Digital Risk Management
MANAGE DYNAMIC
WORKFORCE RISK
MANAGE PROCESS
AUTOMATION RISK
SECURE THE JOURNEY TO THE CLOUD
MITIGATE CYBER
ATTACK RISK
MODERNIZE YOUR
COMPLIANCEPROGRAM
COORDINATE BUSINESS
RESILIENCY
MANAGE THIRD PARTY
RISK
EVOLVE DATA GOVERNANCE
& PRIVACYLeverage technology solutions to automate
and optimize processes
Utilize capabilities to improve each domain
by leveraging data and processes across
your program
Understand the strategic context of the risk
Establish teams & processes that connect
operational events to business impacts
IDENTIFY
RISK
ASSESS
RISK
TREAT
RISK
© Copyright 2019 Dell Inc.17
© Copyright 2019 Dell Inc.18
An Integrated Approach To Digital Risk Management
INSIGHTS
ACTIONS
VISIBILITY
MANAGE DYNAMIC
WORKFORCE RISK
MANAGE PROCESS
AUTOMATION RISK
SECURE THE JOURNEY TO THE CLOUD
MITIGATE CYBER
ATTACK RISK
MODERNIZE YOUR
COMPLIANCEPROGRAM
COORDINATE BUSINESS
RESILIENCY
MANAGE THIRD PARTY
RISK
EVOLVE DATA GOVERNANCE
& PRIVACY
• Understand the business impact of the
attacks
• Leverage technical and business context
to prioritize
• Establish a security operations center
(SOC) with defined procedures
• Leverage automation during responses
to attacks
• Create visibility across the infrastructure
to identify and escalate potential security
alerts
IDENTIFY
RISK
ASSESS
RISK
TREAT
RISK
© Copyright 2019 Dell Inc.18
© Copyright 2019 Dell Inc.19
An Integrated Approach To Digital Risk Management
INSIGHTS
ACTIONS
VISIBILITY
MANAGE DYNAMIC
WORKFORCE RISK
MANAGE PROCESS
AUTOMATION RISK
SECURE THE JOURNEY TO THE CLOUD
MITIGATE CYBER
ATTACK RISK
MODERNIZE YOUR
COMPLIANCEPROGRAM
COORDINATE BUSINESS
RESILIENCY
EVOLVE DATA GOVERNANCE
& PRIVACY
MANAGE THIRD PARTY
RISK
MANAGE THIRD PARTY
RISK
SECURITY OPERATIONS
IDENTIFY
RISK
ASSESS
RISK
TREAT
RISK
© Copyright 2019 Dell Inc.19
© Copyright 2019 Dell Inc.20 © Copyright 2019 Dell Inc.20
Getting Started: Assessing Elements of Digital
Transformation & Digital Risk
© Copyright 2019 Dell Inc.21
Digital Risk MaturityM
AT
UR
IT
Y
INFORMATION
TECHNOLOGY
SECURITY
OFFICE
RISK MGT /
COMPLIANCE
OFFICE
BOD /
EXECS
SILOED
▪Ad Hoc, Reactive
▪Trigger Events
▪Tactical POV
MANAGED
▪Platform Approach
▪Pervasive Visibility
▪ Leverage Technology
▪ Integrate Silos
OPTIMIZED
▪Sharing and Collaborating Across Silos
▪ Integrated business/risk context
▪Priorities and resources aligned with risk and business objectives
© Copyright 2019 Dell Inc.22
RSA Risk FrameworksAssessing Digital Risk Maturity: Financial Services Company
Compliance Requirements:
19 US State PII Laws, GDPR, PCI, and FINRA Member
Lowest Common Denominator Capabilities
(partial list):
• Security Plan, updated annually
• Annual Audit (PCI, Risk)
• Logging of event logs for 7 years
• Real-time Security Event Monitoring
• Vulnerability Scanning
• 72 hour Breach Notification
Maturity Quantification:
• Overall Sore: 50.4 out of 100
• Focus Breakdown:
• Pre-breach Planning: 5.7 out of 20
• Operational Security: 11.4 out of 20
• Dwell Time Reduction: 8.5 out of 20
• Remediation: 19.1 out of 20
• Post-incident Handling: 5.7 out of 20
Overall Breach Readiness:
Average 10.8 per category, Average range with 3 areas
below average
© Copyright 2019 Dell Inc.23
RSA Risk Frameworks
LEFT OF BREACH (PRE-
BREACH) PREPAREDNESS
BREACH RISK
REDUCTION (BREACH
DEFLECTION)
BREACH AND INITIAL
INCIDENT RESPONSE
BREACH REMEDIATION RIGHT OF BREACH (POST
BREACH) ADAPTATION
Adapt and optimize operational IT and Security Awareness Remediate and Prevention Lessons Learned and adapt to Reduce RiskRisk and Dwell Time Reduction Actions Dwell Time
POST-INCIDENT HANDLINGPREPARE DETECT ANALYZE CONTAIN ERADICATE RECOVER
Minimal cybersecurity awareness and
poor preparation to respond to breach
Limited testing of enterprise breach
risk tolerance (system specific) and
limited follow-through to adapt to
threats, process, IT and security
operational issues to reduce risk of a
breach and optimize Incident
Response (IR) to reduce impact
Minimal ability to identify breaches with
no ability to measure impact. Ad hoc
response capabilities.
Operational effectiveness to
understand impact and impacted
systems and effectively remediate
breaches with automated assistance
from technology
No follow-up post breach to improve
capabilities on pre-breach based on
GAP and learnings from breach.
Impact AnalysisPrepare for Breach to Reduce Risk of Breach and Breach Impact
MATURITY
QUALIFICATION
Overall Score:
50.4out of 100
19.1out of 20
8.5out of 20
5.7out of 20
11.4out of 20
5.7out of 20
MA
TU
RIT
Y