Secured Retirement: Securing Your Pension Administration Systems in a Digital World
•
1 j'aime•25,152 vues
Being "secure" today doesn’t necessarily mean your pensions agency is protected tomorrow.
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (15)
Similaire à Secured Retirement: Securing Your Pension Administration Systems in a Digital World
Similaire à Secured Retirement: Securing Your Pension Administration Systems in a Digital World (20)
Plus de accenture
Plus de accenture (20)
Dernier
Dernier (20)
Secured Retirement: Securing Your Pension Administration Systems in a Digital World
- 3. 0 0 0 0 0 0 0 1 1 1 0 0 0 0 1 0 0 1 0 0 1 0 0 1 0 1 1 0 0 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 1 1 0 0 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 1 1 1 0 0 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 1 0 0 0 0 1 0 1 0 0 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 1 1 1 0 0 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 1 0 0 0 0 MAY 2017 Source: http://news.softpedia.com/news/global-ransomware-attack-takes-down-british-nhs-company-networks-more-515677.shtml Copyright © 2017 Accenture All rights reserved. 3 A series of broad attacks began that spread the latest version of the WanaCrypt0r ransomware. These attacks, reportedly impacted systems of public and private organizations worldwide in more than 150 countries.
- 4. Source: http://news.softpedia.com/news/hackerputs-up-for-sale-290-000-us-driver-slicense-records-505161.shtml Copyright © 2017 Accenture All rights reserved. 4 A hacker using the name of National Security Agency takes to the dark web, offering for sale a dataset containing personal details and driver’s license information of more than 290,000 U.S. citizens. The hacker discloses that he obtained the data after breaching the networks of several Louisiana organizations. JUNE 2016
- 5. 0 1 0 0 0 1 0 0 0 0 1 0 0 0 1 0 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 1 0 0 JUNE 2015 Source: http://www.scmagazine.com/analysis-of-17-paste-sits-uncovers-login-credentialsfrom-47-govt-agencies/article/422921 Copyright © 2017 Accenture All rights reserved. 5 Leaked U.S. government log-in credentials—including data belonging to 705 government staff from 47 U.S. government agencies—are reportedly found on public paste sites. Although it is unclear how many of the credentials were active or how many passwords were current, the credentials were most likely stolen via malware-infected websites.
- 7. 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 1 0 1 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 1 0 1 0 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 1 0 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 1 0 0 Copyright © 2017 Accenture All rights reserved. 7 WHY HAVE AGENCIES THAT ARE SERVING THE PUBLIC BECOME SUCH A DESIRABLE TARGET?
- 8. 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 1 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 1 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 1 1 1 0 0 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 1 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 1 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 1 0 1 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 1 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 1 0 1 0 0 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 1 0 0 1 0 0 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 1 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 1 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 1 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 0 0 0 0 0 0 1 1 1 0 0 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 1 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 1 0 0 0 0 0 0 0 0 1 1 1 0 0 0 0 1 0 0 1 0 0 1 0 0 HACKERS LIKE: 8Copyright © 2017 Accenture All rights reserved. PERSONALLY IDENTIFIABLE INFORMATION Cyber criminals are eyeing citizen data — from social security numbers and retirement financials to health and tax information. All of which are valuable on the black market. EASY TARGETS WITH AGING INFRASTRUCTURE As governments work to digitize services, many are doing so with an aging infrastructure and funding constraints. 21 TARGETS WITH SECURITY SKILLS SHORTAGE Security skills are increasingly in demand by virtually every sector. Public agencies have to compete with private companies to attract new talent. BUDGET CONSTRAINT Under-investment in IT consolidation and security initiatives has left state and local governments vulnerable. 43
- 9. 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 1 0 1 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 1 0 1 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 0 0 0 0 1 1 1 0 0 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 1 1 1 0 0 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 0 0 0 0 1 1 1 0 0 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 0 0 0 0 1 1 1 0 0 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 1 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 1 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 1 1 1 0 0 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 1 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 1 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 1 0 1 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 1 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 1 0 1 0 0 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 1 0 0 1 0 0 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 1 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 HACKERS HAVE CHANGED THREAT SCENARIOS HAVE CHANGED DUE TO NEW CHANNELS SUCH AS E-GOVERNMENT, CLOUD AND MOBILITY 9Copyright © 2017 Accenture All rights reserved. TOP CURRENT THREATS DATA THEFT (IDENTITY, TAX) FRAUDALENT REFUNDS DENIAL OF SERVICE RANSOMWARE / MALWARE WEB DEFACEMENT PHISHING ATTACKS
- 10. 0 0 0 0 0 0 0 1 1 1 0 0 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 1 0 1 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 1 0 1 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 1 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 1 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 1 0 1 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 1 0 1 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 0 0 0 0 1 1 1 0 0 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 1 1 1 0 0 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 0 0 0 0 1 1 1 0 0 0 0 1 0 0 1 0 0 1 0 0 TOP THREATS AND WHAT AGENCIES ARE DOING TO MITIGATE RISKS 10Copyright © 2017 Accenture All rights reserved. CRITICAL THREATS TO PENSION AGENCIES DATA THEFT (IDENTITY, TAX) FRAUDALENT REFUNDS DENIAL OF SERVICE RANSOMWARE/ MALWARE WEB DEFACEMENT PHISHING ATTACKS Security awareness / training, social engineering Strong identity and access controls (e.g. single sign on), data protection and encryption Identity proofing / multi-factor authentication Infrastructure security / business continuity and disaster recovery Application security / business continuity and disaster recovery Identity and access management, application security MITIGATION TECHNIQUES /METHODS
- 11. Source: 2016 Accenture Cybersecurity report Copyright © 2017 Accenture All rights reserved. 11 “When compared to the cybersecurity performance of 17 other major industries, government organizations ranked at the bottom of all major performers, coming in below information services, financial services, transportation and healthcare.” 4
- 12. Copyright © 2017 Accenture All rights reserved. 12 WHAT IS THE IMPACT FOR YOUR BENEFICIARIES?
- 13. Source: Accenture Public Service Citizen Survey, 2017 Copyright © 2017 Accenture All rights reserved. of US citizens are concerned about cybercrime of US citizens are confident in the ability of government to protect the privacy and security of their data of millennials feel their financial and health data used by Social Security or public retirement agency are secure 82% 61% 36% 13
- 14. Copyright © 2017 Accenture All rights reserved. 14 WHERE SHOULD YOU START?
- 15. 0 0 1 0 1 0 1 0 0 1 0 0 1 0 1 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 1 0 1 0 0 0 1 1 0 0 1 0 1 0 0 1 0 1 0 1 0 0 0 1 0 1 0 0 1 0 1 0 1 0 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 0 1 0 1 0 1 0 0 0 0 1 0 0 1 0 1 0 1 0 0 1 0 1 0 0 1 0 1 0 1 0 0 1 0 0 1 0 0 1 0 1 0 1 0 0 0 0 1 0 1 0 0 1 0 1 0 1 0 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 0 1 0 0 0 1 0 1 0 0 0 1 0 1 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 1 0 0 0 1 0 0 1 0 1 0 1 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 1 0 0 15 DEFINE CYBERSECURITY EFFECTIVENESS Improve alignment of cybersecurity strategies with business imperatives and improve ability to detect and prohibit more advanced attacks. PRESSURE-TEST SECURITY CAPABILITIES Engage “white-hat” external hackers for attack simulations to establish a realistic assessment of internal capabilities. PROTECT FROM THE INSIDE OUT Prioritize protection of the organization’s key assets and focus on the internal incursions with greatest potential impact. REBOOT YOUR APPROACH 2 31 Copyright © 2017 Accenture All rights reserved.
- 16. 0 1 0 1 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 1 0 0 1 0 0 0 0 1 0 0 0 1 0 0 0 0 1 0 1 0 1 0 0 1 0 0 1 0 1 0 0 1 0 0 0 0 1 1 0 0 1 0 1 0 0 1 0 1 0 1 0 0 0 1 1 0 0 1 0 1 0 0 1 0 1 0 1 0 0 0 1 0 1 0 0 1 0 1 0 1 0 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 0 1 0 1 0 1 0 0 0 0 1 0 0 1 0 1 0 1 0 0 1 0 1 0 0 1 0 1 0 1 0 0 1 0 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 0 1 0 0 0 1 0 1 0 0 0 1 0 1 0 1 0 0 16 MAKE SECURITY EVERYONE’S JOB 99% of breaches not detected by banks' security teams, are found by employees. Prioritize training for all employees. LEAD FROM THE TOP Chief Information Security Officers should materially engage with enterprise leadership and make the case that cybersecurity is a critical priority in protecting organization value. KEEP INNOVATING Invest in state-of-the-art programs to outmaneuver adversaries vs. investing more in existing programs. REBOOTING... 5 64 Copyright © 2017 Accenture All rights reserved.
- 17. 0 0 1 0 0 0 0 1 0 0 0 1 0 0 0 1 0 0 1 0 1 0 1 0 0 0 0 0 1 0 1 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 1 0 0 0 1 0 0 0 0 0 1 0 0 0 0 1 0 0 0 1 0 0 Copyright © 2017 Accenture All rights reserved. 17 WE CAN HELP YOU
- 18. Copyright © 2017 Accenture All rights reserved. 18 ACCENTURE OFFERS A SUITE OF SERVICES TO HELP PENSION AGENCIES TACKLE THOSE PRIORITIES STRATEGY & RISK Help boards and C-level executives develop the strategies, operating models, governance and policies needed to manage security risk while aligning with business requirements CYBER DEFENSE Build effective defenses against even the most advanced threats and reduce clients’ attack surface DIGITAL IDENTITY Connect the right users and customers to authorized data and systems for their access and needs APP SECURITY Embed security into the enterprise and custom applications that support the business MANAGED SERVICES Run a client’s key security processes seamlessly and cost-effectively as-a-service INNOVATION Combine capabilities from across Accenture to help clients understand, experiment with, adopt and quickly scale new and emerging technologies
- 19. Copyright © 2017 Accenture All rights reserved. 19 CONTACT US OWEN DAVIS Managing Director Pension Industry EYAL DARMON Management Consulting and Digital Practices Pension Industry TERI BENNET Managing Director Sales Practices Pension Industry
- 20. 20 Visit us at: Accenture.com Copyright © 2017 Accenture All rights reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions—underpinned by the world’s largest delivery network—Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With more than 411,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com. ABOUT ACCENTURE
- 21. 21 FOR MORE INFORMATION VISIT: https://www.accenture.com/us-en/insight-pensions