Cyber Security and the Global Business Environment Jeremy Schaar:) 3 Questions • What is the nature of the cyber security threat? • What can companies do about it? • What are the broader implications for international business? Two Truths and a Lie • Thousands of restaurants are hacked in the U.S. each year, affecting millions of customers. • 96% of all data breaches were rated “not highly difficult” last year. • A Romanian gang stole information from 200 Subway restaurants over 3 years. A Burger, an Order of Fries, and Your Credit Card Number Two Truths and a Lie • Hundreds of restaurants are hacked in the U.S. each year, affecting hundreds of thousands of customers. • 96% of all data breaches were “not highly difficult” last year. • A Romanian gang stole information from 200 Subway restaurants over 3 years. Two Truths and a Lie • In 2011 personal information was stolen from over 100 million users of Sony’s PlayStation Network, Qirocity, and Sony Online Entertainment services. • In a 2010 study, 58% of corporate directors and executives said they now have an IT or Data Security Committee. • Identity theft topped the U.S. Federal Trade Commission's (FTC) consumer complaint list for the 11th consecutive year in 2010. Sony’s Cyberattack And How Companies Fail In Data Security Sony’s Cyberattack And How Companies Fail In Data Security Sony’s Cyberattack And How Companies Fail In Data Security Implications Recruit Data Security Experts Involvement at the Highest Levels Develop ReputationProtection Programs Two Truths and a Lie • In 2011 personal information was stolen from over 100 million users of Sony’s PlayStation Network, Qirocity, and Sony Online Entertainment services. • In a 2010 study, only 6% of corporate directors and executives said they now have an IT or Data Security Committee. • Identity theft topped the U.S. Federal Trade Commission's (FTC) consumer complaint list for the 11th consecutive year in 2010. Two Truths and a Lie When Kenneth G. Lieberthal, a China expert at the Brookings Institution, travels to China he… • Removes his cell phone’s battery in meetings. • Hides his hands under a towel before he types his password. • Only brings “loaner” devices, which he erases before and after the trip. Traveling Light in a Time of Digital Security “If a company has significant intellectual property that the Chinese and Russians are interested in, and you go over there with mobile devices, your devices will get penetrated.” -Joel F. Brenner, formerly the top counterintelligence official in the office of the director of national intelligence. “Everybody knows that if you are doing business in China, in the 21st century, you don’t bring anything with you. That’s ‘Business 101’—at least it should be.” -Jacob Olcott, a cybersecurity expert at Good Harbor Consulting “In looking at computer systems of consequence — in government, Congress, at the Department of Defense, aerospace, companies with valuable trade secrets — we’ve not examined one yet that has not been infected by an advanced persistent threat.” -Mike McConnell, a former director of national intelligence Traveling Light in a Time of Digital Security US Chamber of Commerce Attack •Alerted in 2010 •Four of its members that go to China were being attacked •Lost six weeks worth of emails with member organizations (huge companies) •Office printer and thermostat in one of their corporate offices were communicating with an IP address in China •No more taking devices to China Traveling Light in a Time of Digital Security “We’ve already lost our manufacturing base. Now we’re losing our R.& D. base. If we lose that, what do we fall back on? In most cases, companies don’t realize they’ve been burned until years later when a foreign competitor puts out their very same product — only they’re making it 30 percent cheaper.” --Scott Aken, a former F.B.I. agent who specialized in counterintelligence and computer intrusion. Two Truths and a Lie When Kenneth G. Lieberthal, a China expert at the Brookings Institution, travels to China he… • Removes his cell phone’s battery in meetings. • Never types his password. • Only brings “loaner” devices, which he erases before and after the trip. Summary • Customer data (credit cards) and proprietary secrets are stolen through broad internet searches and personal attacks. • Companies need top involvement to secure their systems and train their people. • Global Security Market to reach $80 billion by 2017.