KEMBAR78
It’s not If but When 20160503 | PPTX
Barry Caplin, profile picture
Uploaded byBarry Caplin
PPTX, PDF327 views

It’s not If but When 20160503

The document discusses the increasing threat of ransomware attacks in healthcare, emphasizing that it is a matter of 'when' rather than 'if' such breaches will occur. It highlights the financial impact of these attacks, noting that recovery costs often exceed the ransom demands, and outlines the critical role of Chief Information Security Officers (CISOs) in managing incident responses, communication, and preparedness. Additionally, it emphasizes the importance of proactive measures, such as understanding risks and developing robust response plans.

Technology
Related topics:
Incident Management
Download to read offline
IT’S NOT IF… BUT WHEN CISO Assembly, Dallas, TX bcaplin1@fairview.org bc@bjb.org @bcaplin http://about.me/barrycaplin http://securityandcoffee.blogspot.com Barry Caplin Chief Information Security Official Fairview Health Services
@bcaplin http://about.me/barrycaplin securityandcoffee.blogspot.com
o Not-for-profit established in 1906 o Academic Health System since 1997 partnership with University of Minnesota o >22K employees o >3,300 aligned physicians o Employed, faculty, independent o 7 hospitals/medical centers (>2,500 staffed beds) o 40-plus primary care clinics o 55-plus specialty clinics o 47 senior housing locations o 30-plus retail pharmacies 2014 volumes o 6.39M outpatient encounters o 1.4M clinic visits o 71,049 inpatient admissions o 76,595 surgeries o 9,298 births o 282 blood and marrow transplants o 340 organ transplants o >$4 billion total revenue
got breach? got job?
2015 – Year of the Breach 2014 – Year of the Breach 2013 – Year of the Breach 2016 – Availability? Integrity?
BOARD REPORTING EXAMPLE • Ransomware first appeared in 1989; large growth since 2013 • 2016 Hollywood Presbyterian – first publicized healthcare org to pay • $17K ransom paid • Systems down for over 1 week – ER, OR, imaging, lab, pharmacy • MedStar, MD – 10 hospital network • $3+ days of outages – 4 ERs, all inpatient shut down • 4/7/16, all systems back up • Most attacks are through email attachment or link based • Systems must be taken down to stop spread
BOARD REPORTING EXAMPLE • Estimated >$325M paid in ransoms in 2015 • Some variants charge $100-$500 per workstation • Some are “flat fee” • Often the cost of downtime and recovery is more than the ransom • It’s not “if”, but “when” an attack will happen • There is no “prevention” – Each attack is new and unique • There are “proactive/prevent” responses, and “detect/remediate” approaches • We do pursue both
•Can we prevent? •It’s not If, but When •Is Incident Management the key part of our job? •How we respond makes a difference
•How to start: •Figure out where your “stuff” is •Figure out the risks to your “stuff” •Figure out how you will react if that risk manifests •Write it down – Playbooks •Practice •Know what’s normal - Monitor Incident Response
CISO’s Role •Leadership •Communication – Internal/External • Staff/Exec/Board • Law Enforcement • External Counsel • Media • Regulatory
CISO’s Role •Incident Response/Forensics • Outsource? • Pre-pay? • Retainer? •Cyber Insurance – What is covered? How does it pay? •Tabletop – Exec Breach exercise
Discussion Questions •Can you “defend” you architecture/tech choices? •Can you detect problems, attacks and IoC’s against your enterprise? •Do you have response plans? Have you exercised them? •Do you have communication plans? Have you exercised them? •Does your C-suite have your back? Why?

More Related Content

PPTX
Healing healthcare security
byBarry Caplin
 
PDF
#%! My CISO Says
byArgyle Executive Forum
 
PDF
It’s Not IF–It’s WHEN!
byAdvanced Organizing Systems, Inc.
 
PPT
Bullying and Cyberbullying
byBarry Caplin
 
PPTX
Online Self Defense - Passwords
byBarry Caplin
 
PPTX
Stuff my ciso says
byBarry Caplin
 
PPTX
2022 Rea & Associates' Cybersecurity Conference
byRea
 
PDF
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
byHealth IT Conference – iHT2
 
Healing healthcare security
byBarry Caplin
 
#%! My CISO Says
byArgyle Executive Forum
 
It’s Not IF–It’s WHEN!
byAdvanced Organizing Systems, Inc.
 
Bullying and Cyberbullying
byBarry Caplin
 
Online Self Defense - Passwords
byBarry Caplin
 
Stuff my ciso says
byBarry Caplin
 
2022 Rea & Associates' Cybersecurity Conference
byRea
 
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
byHealth IT Conference – iHT2
 

Similar to It’s not If but When 20160503

PDF
Security Program Guidance and Establishing a Culture of Security
byDoug Copley
 
PPTX
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
byDan Michaluk
 
PPTX
You Will Be Breached
byMike Saunders
 
PPTX
Cybersecurity: How Safe Is Your Organization?
byCBIZ, Inc.
 
PPT
Accidental Insider
byBarry Caplin
 
PPTX
ConnXus myCBC Webinar Series: Cybersecurity Risks to Your Business
byConnXus
 
PPT
cyber security incident exercises TTX .ppt
byZharfanHanif
 
PPTX
Enterprise security incident management
byzapp0
 
PDF
INCIDENT RESPONSE CONCEPTS
bySylvain Martinez
 
PDF
cybersecurity_alert_feb_12_2015
byPaul Ferrillo
 
PPTX
Enterprise incident response 2017
byzapp0
 
PPTX
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
byJack Shaffer
 
PPTX
IT Security and Management - Semi Finals by Mark John Lado
byMark John Lado, MIT
 
PDF
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...
byCitrin Cooperman
 
PPTX
Cyber Security and Healthcare
byJonathon Coulter
 
PPTX
Cybersecurity - Sam Maccherola
byTechBiz Forense Digital
 
PPTX
Information+security rutgers(final)
byAmy Stowers
 
PDF
File000119
byDesmond Devendran
 
PPTX
Cybersecurity Crisis Management Introduction
byNaor Penso
 
PPTX
Recover your files from Ransomware - Ransomware Incident Response by Tictac
byTicTac Data Recovery
 
Security Program Guidance and Establishing a Culture of Security
byDoug Copley
 
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
byDan Michaluk
 
You Will Be Breached
byMike Saunders
 
Cybersecurity: How Safe Is Your Organization?
byCBIZ, Inc.
 
Accidental Insider
byBarry Caplin
 
ConnXus myCBC Webinar Series: Cybersecurity Risks to Your Business
byConnXus
 
cyber security incident exercises TTX .ppt
byZharfanHanif
 
Enterprise security incident management
byzapp0
 
INCIDENT RESPONSE CONCEPTS
bySylvain Martinez
 
cybersecurity_alert_feb_12_2015
byPaul Ferrillo
 
Enterprise incident response 2017
byzapp0
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
byJack Shaffer
 
IT Security and Management - Semi Finals by Mark John Lado
byMark John Lado, MIT
 
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...
byCitrin Cooperman
 
Cyber Security and Healthcare
byJonathon Coulter
 
Cybersecurity - Sam Maccherola
byTechBiz Forense Digital
 
Information+security rutgers(final)
byAmy Stowers
 
File000119
byDesmond Devendran
 
Cybersecurity Crisis Management Introduction
byNaor Penso
 
Recover your files from Ransomware - Ransomware Incident Response by Tictac
byTicTac Data Recovery
 

More from Barry Caplin

PPTX
Dreaded Embedded sec360 5-17-16
byBarry Caplin
 
PPTX
It’s not if but when 20160503
byBarry Caplin
 
PPT
Wearing Your Heart On Your Sleeve - Literally!
byBarry Caplin
 
PPTX
CISOs are from Mars, CIOs are from Venus
byBarry Caplin
 
PPT
The CISO Guide – How Do You Spell CISO?
byBarry Caplin
 
PPT
3 factors of fail sec360 5-15-13
byBarry Caplin
 
PPT
Tech smart preschool parent 2 13
byBarry Caplin
 
PPT
Embracing the IT Consumerization Imperative NG Security
byBarry Caplin
 
PPT
Online Self Defense
byBarry Caplin
 
PPT
Embracing the IT Consumerization Imperitive
byBarry Caplin
 
PPT
Embracing the IT Consumerization Imperitive
byBarry Caplin
 
PPTX
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
byBarry Caplin
 
PPT
Toys in the office 11
byBarry Caplin
 
PPT
Teens 2.0 - Teens and Social Networks
byBarry Caplin
 
PPT
Laws of the Game For Valley United Soccer Club travel soccer refs
byBarry Caplin
 
PPT
Laws of the Game for Valley Athletic Assn (VAA) Community Soccer refs
byBarry Caplin
 
PPTX
How to be a Tech-Smart Parent
byBarry Caplin
 
PPT
Internet Safety for Families and Children
byBarry Caplin
 
PPT
Security Lifecycle Management
byBarry Caplin
 
PPT
Elements of an Information Security Awareness Program
byBarry Caplin
 
Dreaded Embedded sec360 5-17-16
byBarry Caplin
 
It’s not if but when 20160503
byBarry Caplin
 
Wearing Your Heart On Your Sleeve - Literally!
byBarry Caplin
 
CISOs are from Mars, CIOs are from Venus
byBarry Caplin
 
The CISO Guide – How Do You Spell CISO?
byBarry Caplin
 
3 factors of fail sec360 5-15-13
byBarry Caplin
 
Tech smart preschool parent 2 13
byBarry Caplin
 
Embracing the IT Consumerization Imperative NG Security
byBarry Caplin
 
Online Self Defense
byBarry Caplin
 
Embracing the IT Consumerization Imperitive
byBarry Caplin
 
Embracing the IT Consumerization Imperitive
byBarry Caplin
 
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
byBarry Caplin
 
Toys in the office 11
byBarry Caplin
 
Teens 2.0 - Teens and Social Networks
byBarry Caplin
 
Laws of the Game For Valley United Soccer Club travel soccer refs
byBarry Caplin
 
Laws of the Game for Valley Athletic Assn (VAA) Community Soccer refs
byBarry Caplin
 
How to be a Tech-Smart Parent
byBarry Caplin
 
Internet Safety for Families and Children
byBarry Caplin
 
Security Lifecycle Management
byBarry Caplin
 
Elements of an Information Security Awareness Program
byBarry Caplin
 

Recently uploaded

PDF
Agentic AI Guide for Enterprise Use-cases
byDebmalya Biswas
 
PDF
Unlocking Full-Stack Observability for AIOps: A Precisely Ironstream for Big ...
byPrecisely
 
PDF
Using Copilot with Microsoft Office Apps
byDeb Walther
 
PDF
KV Caching Strategies for Latency-Critical LLM Applications by John Thomson
byScyllaDB
 
PDF
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
PPTX
Hybrid Active Directory Cyber Resiliency
byFrancesco Faenzi
 
PDF
From Bots to Brains: Getting Started with Agentic Automation in UiPath
byUiPathCommunity
 
PDF
What is Google Cloud Platform (GCP)? A 5-Minute Guide for Beginners (2025)
byTeleglobal International
 
PDF
NSSHOEU-J 4x35mm² Cable Specification.pdf
byAnhui Feichun Special Cable Co., Ltd.
 
PDF
Cassandra vs. ScyllaDB: Evolutionary Differences
byScyllaDB
 
PDF
AGV PROTOCOL BRAND KIT COMPLETE VIEW.pdf
byfagbolade
 
PDF
Rivian's Push Notification Sub Stream with Mega Filter by Marcus Kim & Saahil...
byScyllaDB
 
PDF
The invisible key: Securing the new attack vector of OAuth tokens
byGianluca Varisco
 
PPTX
"Towards React Server Components in Clojure", Roman Liutikov
byFwdays
 
PDF
Beyond Generative AI: Creating Demand for Compute in the 2030s
byReidar Wasenius
 
PDF
What's New? ThousandEyes Features and Highlights: October 2025
byThousandEyes
 
PDF
UnityNet Digital Sovereignty Checklist 2025-10-13
byLHelferty
 
PDF
NDP Act GAID Simplified: From Confusion to Compliance
byMuiz Adeleke
 
PDF
Meta and Apple close to settling EU cases.pdf
byLUMINATIVE MEDIA/PROJECT COUNSEL MEDIA GROUP
 
PDF
Ethical Initiatives in AI and accountability.pdf
byShiwani Gupta
 
Agentic AI Guide for Enterprise Use-cases
byDebmalya Biswas
 
Unlocking Full-Stack Observability for AIOps: A Precisely Ironstream for Big ...
byPrecisely
 
Using Copilot with Microsoft Office Apps
byDeb Walther
 
KV Caching Strategies for Latency-Critical LLM Applications by John Thomson
byScyllaDB
 
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
Hybrid Active Directory Cyber Resiliency
byFrancesco Faenzi
 
From Bots to Brains: Getting Started with Agentic Automation in UiPath
byUiPathCommunity
 
What is Google Cloud Platform (GCP)? A 5-Minute Guide for Beginners (2025)
byTeleglobal International
 
NSSHOEU-J 4x35mm² Cable Specification.pdf
byAnhui Feichun Special Cable Co., Ltd.
 
Cassandra vs. ScyllaDB: Evolutionary Differences
byScyllaDB
 
AGV PROTOCOL BRAND KIT COMPLETE VIEW.pdf
byfagbolade
 
Rivian's Push Notification Sub Stream with Mega Filter by Marcus Kim & Saahil...
byScyllaDB
 
The invisible key: Securing the new attack vector of OAuth tokens
byGianluca Varisco
 
"Towards React Server Components in Clojure", Roman Liutikov
byFwdays
 
Beyond Generative AI: Creating Demand for Compute in the 2030s
byReidar Wasenius
 
What's New? ThousandEyes Features and Highlights: October 2025
byThousandEyes
 
UnityNet Digital Sovereignty Checklist 2025-10-13
byLHelferty
 
NDP Act GAID Simplified: From Confusion to Compliance
byMuiz Adeleke
 
Meta and Apple close to settling EU cases.pdf
byLUMINATIVE MEDIA/PROJECT COUNSEL MEDIA GROUP
 
Ethical Initiatives in AI and accountability.pdf
byShiwani Gupta
 

It’s not If but When 20160503

  • 1.
    IT’S NOT IF…BUT WHEN CISO Assembly, Dallas, TX bcaplin1@fairview.org bc@bjb.org @bcaplin http://about.me/barrycaplin http://securityandcoffee.blogspot.com Barry Caplin Chief Information Security Official Fairview Health Services
  • 2.
  • 3.
    o Not-for-profit establishedin 1906 o Academic Health System since 1997 partnership with University of Minnesota o >22K employees o >3,300 aligned physicians o Employed, faculty, independent o 7 hospitals/medical centers (>2,500 staffed beds) o 40-plus primary care clinics o 55-plus specialty clinics o 47 senior housing locations o 30-plus retail pharmacies 2014 volumes o 6.39M outpatient encounters o 1.4M clinic visits o 71,049 inpatient admissions o 76,595 surgeries o 9,298 births o 282 blood and marrow transplants o 340 organ transplants o >$4 billion total revenue
  • 4.
  • 5.
    2015 – Yearof the Breach 2014 – Year of the Breach 2013 – Year of the Breach 2016 – Availability? Integrity?
  • 6.
    BOARD REPORTING EXAMPLE •Ransomware first appeared in 1989; large growth since 2013 • 2016 Hollywood Presbyterian – first publicized healthcare org to pay • $17K ransom paid • Systems down for over 1 week – ER, OR, imaging, lab, pharmacy • MedStar, MD – 10 hospital network • $3+ days of outages – 4 ERs, all inpatient shut down • 4/7/16, all systems back up • Most attacks are through email attachment or link based • Systems must be taken down to stop spread
  • 7.
    BOARD REPORTING EXAMPLE •Estimated >$325M paid in ransoms in 2015 • Some variants charge $100-$500 per workstation • Some are “flat fee” • Often the cost of downtime and recovery is more than the ransom • It’s not “if”, but “when” an attack will happen • There is no “prevention” – Each attack is new and unique • There are “proactive/prevent” responses, and “detect/remediate” approaches • We do pursue both
  • 8.
    •Can we prevent? •It’snot If, but When •Is Incident Management the key part of our job? •How we respond makes a difference
  • 9.
    •How to start: •Figureout where your “stuff” is •Figure out the risks to your “stuff” •Figure out how you will react if that risk manifests •Write it down – Playbooks •Practice •Know what’s normal - Monitor Incident Response
  • 10.
    CISO’s Role •Leadership •Communication –Internal/External • Staff/Exec/Board • Law Enforcement • External Counsel • Media • Regulatory
  • 11.
    CISO’s Role •Incident Response/Forensics •Outsource? • Pre-pay? • Retainer? •Cyber Insurance – What is covered? How does it pay? •Tabletop – Exec Breach exercise
  • 12.
    Discussion Questions •Can you“defend” you architecture/tech choices? •Can you detect problems, attacks and IoC’s against your enterprise? •Do you have response plans? Have you exercised them? •Do you have communication plans? Have you exercised them? •Does your C-suite have your back? Why?

Editor's Notes

  • #3 Check out my about.me, with links to twitter feed and Security and Coffee blog.