©bswiftLLC. 1

TopStrategiesforManagingHRCybersecurityRisk

WebinarJanuary23,2019

©bswiftLLC. 2

Today’sPanelEdRumzisChiefTechnologyOfficeratbswift

ImanJoshuaCISOofConsumerHealth&ServicesDivisionatAetna,aCVSHealthCompany

TimTompkinsExecutiveDirectorofSecurityInnovationandChiefSecurityAdvisoratAetna,aCVSHealthCompany

©bswiftLLC. 3

Currentrisksandtrendsindataandinformationsecurity

Bestpracticesfordefendingagainstsecuritythreats

NextGenerationSecurityandauthenticationmodels

Q&A

Whatwe’lldiscusstoday

©bswiftLLC. 4©bswiftLLC. 4

“Youaremorelikelytoexperienceadatabreachofatleast

10,000records(28%1)thancatchthefluthiswinter(5-20%2)”

1 2018IBMSecurityandPonemon InstituteCostofDataSecurityBreachStudy2 WebMDhttps://www.webmd.com/cold-and-flu/flu-statistics

©bswiftLLC. 5©bswiftLLC. 5

59%ofcompaniessurveyedin2018experiencedadatabreachwithinthelast12months

causedbyathirdpartyorvendor.1

1 2018Ponemon InstituteThirdPartyRiskintheOutsourcedEcosystem.

©bswiftLLC. 6©bswiftLLC. 6

Whatarethecybersecuritychallengeswefacetoday?

Greatersysteminterconnectivity

Evolvingsecuritythreats

Databreaches

©bswiftLLC. 7©bswiftLLC. 7

8BestPracticesFOR RA IS ING THE BAR

©bswiftLLC. 8

Changingclassificationfrom“Confidential”to“Restricteddata”

• SocialSecuritynumbers

• Creditcardinformation

• Usernameand/orpasswordcredentials

Tighterdatarestriction

©bswiftLLC. 9

• BuildingSecurityInMaturityModel(BSIMM)Framework

• Includecontrolsindevelopmentprocess

• Continuallytest

Advancedsoftwaresecurity

©bswiftLLC. 10

Domain-BasedMessageAuthentication,ReportingandConformance(DMARC)

• AtrustedprogramthathelpsInternetserviceprovidersblockfraudulentemailslikespam,phishingandspoofingemails.

Over12 million fraudulentemails

Tougheremailauthentication

attemptingtoimpersonateusandouraffiliateswererejected/quarantinedin2017.1

12018Aetna,Inc.

©bswiftLLC. 11

Moreisbetter:

• Encryption

• Anti-tamperprotection

• Authenticationandauthorization

• Mobileappsigning,andothers

Securingdevices

©bswiftLLC. 12

ThreeT’s

• Talent

• Tools

• Technique

Communicate&educate

©bswiftLLC. 13

Continuousriskanalysis

Increasethepace

• FormalAudits/Reviews

• 99%SecurityScorecard1

• BugBountyPrograms

• ModelDriven

• ArtificialIntelligence/MachineLearning

1ThirdpartyanalysisofbenefitsadministrationtechnologysecurityconductedbySecurityScorecard01/2019.Resultsaresubjecttochange.

©bswiftLLC. 14

52%ofwebtrafficcomesfrom

• Webapplicationfirewalls

• Automatedbotdefenses

• Restrictednetworkaccesstoauthorizedusersonly

• NextGenerationAuthentication

Strongerauthentication

automatedprocessestryingtogetpastcorporatenetworkdefenses.1

1 LaFrance,Adrienne.TheInternetismostlybots.TheAtlantic.January31,2017.

©bswiftLLC. 15

Cybercrimeisevolving

• Targeted,complicatedandlong-termthreats

• Establishnetworkswithotherstoidentifyemergingtrends

• ParticipateinInformationSharingandAnalysisCenters(ISAC)groups

Establishanetwork

©bswiftLLC. 16

NextGenerationAuthentication

(NGA)

©bswiftLLC. 17

Goodbyepasswords

Morethan

3 billionuserIDsandpasswordswerestolenin20162

81%ofhackingrelated

breachesleveragedstolenorweakpasswords1

1 2017Verizon DBIRReport;IdentityTheftResourceCenter(ITRC)andCyberScout.2 2017ShapeSecurityCredentialSpillReport

©bswiftLLC. 18

NEXTGENERATIONAUTHENTICATION

Transparentlyandcontinuouslyauthenticatethedeviceanduser

AttributeAuthentication

ContextualAuthentication(ex.geolocation)

Risk-basedConsumer

Authentication

FIDO(FastIdentityOnline)Standardshelpassurethatsensitiveinformationdoesn’tleaveyourdevice

BiometricIntegration

Mobile

• PrimaryLogin–TouchID,FaceID

• SecondaryLogin- PIN• Associateusers

andtheirdevices

DeviceBinding

Browserandsystemfingerprinting

Web

©bswiftLLC. 19

NEXTGENERATIONAUTHENTICATION

bswift:Anevolutionfrombinarytorisk-basedauthentication

• Usernameandpasswordlogin

Today

• TouchID,FaceID andPINloginformobile

• Introductionofrisk-basedauthenticationviaNGARiskEngine

• Enhancedsecuritycapabilitiesformobile

• Out-of-bandauthenticationforhighriskidentity&accounttransactions

• Feb2019

bswiftMobile bswiftWeb

• Browser&DeviceFingerprinting

• Introductionofrisk-basedauthenticationviaNGARiskEngine

• Out-of-bandauthentication(SMS,Email)forhighrisktransactions– ForgotPassword– Loginfromnewsystem

• AccountManager&GlobalIdentity

• Feb2019

©bswiftLLC. 20

NEXTGENERATIONAUTHENTICATION

What’snext?

De-centralizedAuthenticationFramework

(Reducesapplicationintegrationbarriers)

Password-lessWebAuthentication

Self-serviceIdentity&Registration

ManagementforConsumers

AchievedthroughtheNGAplatform&NGARiskEngine

Omni-channelrisk-basedauthentication&identificationcapabilitiesacrossallpointsofconsumerinteraction

NGAVoice

PassiveAuthentication• Voicebiometrics• Device/connectionattributes

H-ISACPortableIDIntegration

©bswiftLLC. 21©bswiftLLC. 21

Questions?

©bswiftLLC. 22

EdRumzis ImanJoshua TimTompkins

Connectwithus

©bswiftLLC. 23

ContactyourbswiftorAetnarepresentativetoday!

OrcheckouttheIndustryInsights sectionofbswift.comforadditionalresourcesandinformation.

Wanttolearnmoreabouthowbswift keepsyourdatasafe?

©bswiftLLC. 24

bswift.com info@bswift.com

thankyou