top hr cybersecurity strategies rev10 · touchid, faceidand pin login for mobile • introduction...
TRANSCRIPT
©bswiftLLC. 1
TopStrategiesforManagingHRCybersecurityRisk
WebinarJanuary23,2019
©bswiftLLC. 2
Today’sPanelEdRumzisChiefTechnologyOfficeratbswift
ImanJoshuaCISOofConsumerHealth&ServicesDivisionatAetna,aCVSHealthCompany
TimTompkinsExecutiveDirectorofSecurityInnovationandChiefSecurityAdvisoratAetna,aCVSHealthCompany
©bswiftLLC. 3
Currentrisksandtrendsindataandinformationsecurity
Bestpracticesfordefendingagainstsecuritythreats
NextGenerationSecurityandauthenticationmodels
Q&A
Whatwe’lldiscusstoday
©bswiftLLC. 4©bswiftLLC. 4
“Youaremorelikelytoexperienceadatabreachofatleast
10,000records(28%1)thancatchthefluthiswinter(5-20%2)”
1 2018IBMSecurityandPonemon InstituteCostofDataSecurityBreachStudy2 WebMDhttps://www.webmd.com/cold-and-flu/flu-statistics
©bswiftLLC. 5©bswiftLLC. 5
59%ofcompaniessurveyedin2018experiencedadatabreachwithinthelast12months
causedbyathirdpartyorvendor.1
1 2018Ponemon InstituteThirdPartyRiskintheOutsourcedEcosystem.
©bswiftLLC. 6©bswiftLLC. 6
Whatarethecybersecuritychallengeswefacetoday?
Greatersysteminterconnectivity
Evolvingsecuritythreats
Databreaches
©bswiftLLC. 7©bswiftLLC. 7
8BestPracticesFOR RA IS ING THE BAR
©bswiftLLC. 8
Changingclassificationfrom“Confidential”to“Restricteddata”
• SocialSecuritynumbers
• Creditcardinformation
• Usernameand/orpasswordcredentials
Tighterdatarestriction
©bswiftLLC. 9
• BuildingSecurityInMaturityModel(BSIMM)Framework
• Includecontrolsindevelopmentprocess
• Continuallytest
Advancedsoftwaresecurity
©bswiftLLC. 10
Domain-BasedMessageAuthentication,ReportingandConformance(DMARC)
• AtrustedprogramthathelpsInternetserviceprovidersblockfraudulentemailslikespam,phishingandspoofingemails.
Over12 million fraudulentemails
Tougheremailauthentication
attemptingtoimpersonateusandouraffiliateswererejected/quarantinedin2017.1
12018Aetna,Inc.
©bswiftLLC. 11
Moreisbetter:
• Encryption
• Anti-tamperprotection
• Authenticationandauthorization
• Mobileappsigning,andothers
Securingdevices
©bswiftLLC. 12
ThreeT’s
• Talent
• Tools
• Technique
Communicate&educate
©bswiftLLC. 13
Continuousriskanalysis
Increasethepace
• FormalAudits/Reviews
• 99%SecurityScorecard1
• BugBountyPrograms
• ModelDriven
• ArtificialIntelligence/MachineLearning
1ThirdpartyanalysisofbenefitsadministrationtechnologysecurityconductedbySecurityScorecard01/2019.Resultsaresubjecttochange.
©bswiftLLC. 14
52%ofwebtrafficcomesfrom
• Webapplicationfirewalls
• Automatedbotdefenses
• Restrictednetworkaccesstoauthorizedusersonly
• NextGenerationAuthentication
Strongerauthentication
automatedprocessestryingtogetpastcorporatenetworkdefenses.1
1 LaFrance,Adrienne.TheInternetismostlybots.TheAtlantic.January31,2017.
©bswiftLLC. 15
Cybercrimeisevolving
• Targeted,complicatedandlong-termthreats
• Establishnetworkswithotherstoidentifyemergingtrends
• ParticipateinInformationSharingandAnalysisCenters(ISAC)groups
Establishanetwork
©bswiftLLC. 16
NextGenerationAuthentication
(NGA)
©bswiftLLC. 17
Goodbyepasswords
Morethan
3 billionuserIDsandpasswordswerestolenin20162
81%ofhackingrelated
breachesleveragedstolenorweakpasswords1
1 2017Verizon DBIRReport;IdentityTheftResourceCenter(ITRC)andCyberScout.2 2017ShapeSecurityCredentialSpillReport
©bswiftLLC. 18
NEXTGENERATIONAUTHENTICATION
Transparentlyandcontinuouslyauthenticatethedeviceanduser
AttributeAuthentication
ContextualAuthentication(ex.geolocation)
Risk-basedConsumer
Authentication
FIDO(FastIdentityOnline)Standardshelpassurethatsensitiveinformationdoesn’tleaveyourdevice
BiometricIntegration
Mobile
• PrimaryLogin–TouchID,FaceID
• SecondaryLogin- PIN• Associateusers
andtheirdevices
DeviceBinding
Browserandsystemfingerprinting
Web
©bswiftLLC. 19
NEXTGENERATIONAUTHENTICATION
bswift:Anevolutionfrombinarytorisk-basedauthentication
• Usernameandpasswordlogin
Today
• TouchID,FaceID andPINloginformobile
• Introductionofrisk-basedauthenticationviaNGARiskEngine
• Enhancedsecuritycapabilitiesformobile
• Out-of-bandauthenticationforhighriskidentity&accounttransactions
• Feb2019
bswiftMobile bswiftWeb
• Browser&DeviceFingerprinting
• Introductionofrisk-basedauthenticationviaNGARiskEngine
• Out-of-bandauthentication(SMS,Email)forhighrisktransactions– ForgotPassword– Loginfromnewsystem
• AccountManager&GlobalIdentity
• Feb2019
©bswiftLLC. 20
NEXTGENERATIONAUTHENTICATION
What’snext?
De-centralizedAuthenticationFramework
(Reducesapplicationintegrationbarriers)
Password-lessWebAuthentication
Self-serviceIdentity&Registration
ManagementforConsumers
AchievedthroughtheNGAplatform&NGARiskEngine
Omni-channelrisk-basedauthentication&identificationcapabilitiesacrossallpointsofconsumerinteraction
NGAVoice
PassiveAuthentication• Voicebiometrics• Device/connectionattributes
H-ISACPortableIDIntegration
©bswiftLLC. 21©bswiftLLC. 21
Questions?
©bswiftLLC. 22
EdRumzis ImanJoshua TimTompkins
Connectwithus
©bswiftLLC. 23
ContactyourbswiftorAetnarepresentativetoday!
OrcheckouttheIndustryInsights sectionofbswift.comforadditionalresourcesandinformation.
Wanttolearnmoreabouthowbswift keepsyourdatasafe?